This is a list of security announcments that have been released for the current stable version of Frugalware
A vulnerability has been reported in Sudo, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to improper error handling within the Kerberos 5 authentication mechanism. This can be exploited to execute commands allowed by the Sudo configuration without proper authentication.
A vulnerability has been reported in GNU tar, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an input validation error when extracting tar archives. This can be exploited to extract files to arbitrary locations outside the specified directory with the permissions of the user running GNU tar by using the “//..” directory traversal sequence in a specially crafted tar archive.
Lasse Karkkainen has reported a security issue in Xfce Terminal, which can be exploited by malicious people to inject shell commands. The “terminal_helper_execute()” function in terminal/terminal.c uses “/bin/sh -c” to spawn the browser process. This can be used to disclose sensitive information or execute shell commands by e.g. tricking a user into opening a malicious link using the “Open Link” functionality.
Some vulnerabilities have been reported in Mozilla Thunderbird, which can potentially be exploited to compromise a user’s system. An error when registering a URI handler potentially allows to execute arbitrary code. Various errors in the Javascript engine can be exploited to cause memory corruption and potentially to execute arbitrary code. A vulnerability is caused due to an error within the handling of “about:blank” pages loaded by chrome in an addon. This can be exploited to execute script code under chrome privileges by e.g. clicking on a link opened in an “about:blank” window created and populated in a certain ways by an addon.
A vulnerability has been reported in Tor, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the ControlPort (localhost:9051) handling commands without authentication when the first command was not a successful “authenticate” command. This can be exploited to e.g. modify the “torrc” file, when a user views a malicious web page containing a specially crafted POST request or via a malicious tor exit node. Successful exploitation may compromise a user’s anonymity, but requires that the ControlPort is enabled.
BCC has reported a vulnerability in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the “to_json” function is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
BCC has reported a vulnerability in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the “to_json” function is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Some vulnerabilities have been reported in SeaMonkey, which can potentially be exploited by malicious people to compromise a vulnerable system.
Various errors in the browser engine can be exploited to cause memory corruption and potentially to execute arbitrary code.
Various errors in the Javascript engine can be exploited to cause memory corruption and potentially to execute arbitrary code.
The vulnerability is caused due to an error within the handling of “about:blank” pages loaded by chrome in an addon. This can be exploited to execute script code under chrome privileges by e.g. clicking on a link opened in an “about:blank” window created and populated in a certain ways by an addon. Successful exploitation requires that certain addons are installed.
A vulnerability has been reported in Streamripper, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error within the “httplib_parse_sc_header()” function. This can be exploited to cause a buffer overflow by e.g. tricking the user into connecting to a malicious server.
