Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

j2re

  • Author: vmiklos
  • Vulnerable: 6-2
  • Unaffected: 6-3terminus1

A vulnerability has been reported in Sun Java Web Start, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the Java Web Start component (javaws.exe) when processing JNLP files. This can be exploited to cause a stack-based buffer overflow via a specially crafted JNLP file with an overly long codebase attribute. Successful exploitation allows execution of arbitrary code e.g. when a user visits a malicious website.

j2sdk

  • Author: vmiklos
  • Vulnerable: 6-1
  • Unaffected: 6-2terminus1

Brad Hill has reported a vulnerability in Sun JDK and JRE, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error when processing XSLT stylesheets contained in XSLT Transforms in XML signatures. This can be exploited to execute arbitrary code when an application processes a specially crafted XML signature.

CVEs:

kernel

  • Author: vmiklos
  • Vulnerable: 2.6.20-5terminus7
  • Unaffected: 2.6.20-5terminus8

Security issues have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

  1. The USBLCD driver does not limit the memory consumption during writes to the device. This can be exploited to cause an out-of-memory condition by writing a large amount of data to an affected device. Successful exploitation requires write access to a device using the driver.
  2. A vulnerability is caused due to an error within the “decode_choice()” function in net/netfilter/bf_conntrack_h323_asn1.c when handling choices that are still encoded in the fixed-size bitfield. This can be exploited to cause access to undefined types, resulting in a crash.

CVEs:

joomla

  • Author: vmiklos
  • Vulnerable: 1.0.12-1
  • Unaffected: 1.0.12-2terminus1

Cindy Chee has discovered a vulnerability in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the “Title” and “Section Name” form fields when creating new sections in Section Manager is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user’s browser session in context of an affected site when the data is viewed. Successful exploitation requires that the target user has valid administrator credentials.

avahi

  • Author: vmiklos
  • Vulnerable: 0.6.17-2
  • Unaffected: 0.6.17-3terminus1

Emanuele Aina has reported a security issue in Avahi, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The security issue is caused due to an “assert()” error when receiving empty TXT data over D-Bus for registration. This can be exploited to terminate the Avahi daemon by sending empty TXT data.

CVEs:

flashplugin

  • Author: vmiklos
  • Vulnerable: 9.0.31.0-1
  • Unaffected: 9.0.48.0-1terminus1

Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities.

CVEs:

qemu

  • Author: vmiklos
  • Vulnerable: 0.9.0-1
  • Unaffected: 0.9.0-2terminus1

Tavis Ormandy has reported some vulnerabilities in QEMU, which can be exploited by malicious uses to bypass certain security restrictions or cause a DoS (Denial of Service).

  1. A boundary error exists within the “cirrus_invalidate_region()” function of the Cirrus video driver, which can be exploited to cause a heap-based buffer overflow.
  2. The size of ethernet frames is not correctly checked against the “MTU” before being copied into the registers of the NE2000 network driver. This can be exploited to cause a heap-based buffer overflow.
  3. An integer signedness error when processing data in the NE2000 device registers can be exploited to cause a heap-based buffer overflow. Successful exploitation of 1) through 3) may allow the execution of arbitrary code.
  4. Errors when handling the “icebp” instruction can be exploited to cause a DoS by terminating the emulation session.
  5. An error within the handling of the “aam” instruction can result in a division by zero, which can be exploited to cause a DoS.

CVEs:

wireshark

  • Author: vmiklos
  • Vulnerable: 0.99.5-1
  • Unaffected: 0.99.6-1terminus1

Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Errors exist within the DHCP/BOOTP dissector or when processing HTTP chunked responses, iSeries capture files, or DCP ETSI, SSL, or MMS packets. These can be exploited to cause a crash, excessive loops, or consume large amounts of memory when parsing a specially crafted packet that is either captured off the wire or loaded via a capture file.

kernel

  • Author: voroskoi
  • Vulnerable: 2.6.20-5terminus6
  • Unaffected: 2.6.20-5terminus7

A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a Denial of Service (DoS). The vulnerability is caused due to a NULL pointer dereference within the function “sysfs_readdir()” when handling pointers to inodes. This can be exploited to crash a vulnerable system.

CVEs:

xvidcore

  • Author: voroskoi
  • Vulnerable: 1.1.2-1
  • Unaffected: 1.1.3-1terminus1

Trixter Jack has reported a vulnerability in the Xvid library, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an array indexing error in the “get_intra_block()” function within src/bitstream/mbcoding.c while processing Xvid Avi files. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code.