Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

php

  • Author: voroskoi
  • Vulnerable: 5.2.2-1terminus1
  • Unaffected: 5.2.2-1terminus2

Xavier Roche has reported a vulnerability in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the incorrect use of libpng within the function “gdPngReadData()” in ext/gd/libgd/gd_png.c of the GD extension when processing truncated data. This can be exploited to cause an infinite loop by e.g. tricking an application to process a specially crafted file.

libpng

  • Author: voroskoi
  • Vulnerable: 1.2.16-1
  • Unaffected: 1.2.16-2terminus1

A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the “png_handle_tRNS” function in pngrutil.c. This can be exploited by tricking an application using the library to process a specially crafted PNG file containing a malformed tRNS chunk.

CVEs:

samba samba-client

  • Author: voroskoi
  • Vulnerable: 3.0.24-1
  • Unaffected: 3.0.24-2terminus1

Some vulnerabilities have been reported in Samba, which can be exploited by malicious users to perform certain actions with escalated privileges and to compromise a vulnerable system, and by malicious people to compromise a vulnerable system.

  1. An error in smbd when translating SIDs to and from names can be exploited to issue SMB/CIFS protocol operations as the root user. Successful exploitation requires a valid user session.
  2. An input validation error when updating a user’s password can be exploited to inject and execute arbitrary shell commands via a specially crafted MS-RPC call. Successful exploitation of this vulnerability requires that the “username map script” option is set in smb.conf, which is not the default setting. In addition, to successfully exploit this vulnerability via remote printer and file share management, an attacker requires a valid user session.
  3. Input validation errors exist in the parsing of RPC requests to the LSA RPC interface. This can be exploited to cause heap based buffer overflows via specially crafted requests to “LsarAddPrivilegesToAccount”, “LsarLookupSids”, or “LsarLookupSids2”.
  4. An input validation error exists in the parsing of RPC requests to the DFS RPC interface. This can be exploited to cause a heap based buffer overflow via a specially crafted request to “DFSEnum”.
  5. An input validation error exists in the parsing of RPC requests to the SPOOLSS RPC interface. This can be exploited to cause a heap based buffer overflow via a specially crafted request to “RFNPCNEX”.
  6. An input validation error exists in the parsing of RPC requests to the SRVSVC RPC interface. This can be exploited to cause a heap based buffer overflow via a specially crafted request to “NetSetFileSecurity”. Successful exploitation of vulnerabilities #3 through #6 allows execution of arbitrary code, but requires a valid user session.

CVEs:

asterisk

  • Author: voroskoi
  • Vulnerable: 1.4.2-2terminus1
  • Unaffected: 1.4.2-2terminus2

Some vulnerabilities have been reported in Asterisk, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

  1. Two boundary errors exist in the T.38 SDP parser of the SIP channel when processing the “T38FaxRateManagement” or “T38FaxUdpEC” SDP parameters within the “process_sdp()” function in chan_sip.c. This can be exploited to cause stack-based buffer overflows by sending a specially crafted SIP packet with overly long SDP parameters. Successful exploitation requires that the “t38_udptl” configuration option is set to “yes”.
  2. A NULL pointer dereference error exists within the authentication mechanism of the Asterisk Remote Management Interface, which can be exploited to crash the service. Successful exploitation requires that the Management Interface is enabled and a user without a password is configured in the manager.conf file. A vulnerability has been reported in Asterisk, which can be exploited by malicious users to disclose potential sensitive information. The vulnerability is caused due to an error within the IAX2 channel driver (chan_iax2) in the processing of text frames. This can be exploited to disclose potentially sensitive heap memory by sending a text frame with content that is not NULL terminated.

CVEs:

bind

  • Author: voroskoi
  • Vulnerable: 9.4.0-1
  • Unaffected: 9.4.1-1terminus1

A vulnerability has been reported in BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when invoking the “query_addsoa()” function. This can be exploited to cause the nameserver to exit by sending a specially crafted sequence of queries. Successful exploitation requires that “recursion” is enabled.

CVEs:

elinks

  • Author: voroskoi
  • Vulnerable: 0.11.2-1
  • Unaffected: 0.11.2-2terminus1

Arnaud Giersch has reported a weakness in ELinks, which potentially can be exploited by malicious, local users to gain escalated privileges. The weakness is caused due to the “add_filename_to_string()” function in src/intl/gettext/loadmsgcat.c reading gettext catalogs from potentially untrusted paths. This can be exploited to execute arbitrary code with escalated privileges by enticing another user to run ELinks in a specially prepared directory environment.

CVEs:

gimp

  • Author: voroskoi
  • Vulnerable: 2.2.13-1
  • Unaffected: 2.2.13-2terminus1

Marsu has discovered a vulnerability in Gimp, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error within the “set_color_table()” function in plug-ins/common/sunras.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted .RAS file. Successful exploitation may allow the execution of arbitrary code.

kernel

  • Author: voroskoi
  • Vulnerable: 2.6.20-5terminus2
  • Unaffected: 2.6.20-5terminus3

Two vulnerabilities and a security issue have been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

  1. An error exists within the processing of packets with IPv6 type 0 route headers. This can be exploited to cause a DoS due to high network traffic by sending specially crafted IPv6 packets to vulnerable systems.
  2. A boundary error due to the use of RTA_MAX instead of RTN_MAX in dn_fib_props[] within dn_fib.c and in fib_props[] within fib_semantics.c can potentially be exploited to cause a DoS.
  3. The vulnerability is caused due to an error within the handling of NETLINK_FIB_LOOKUP reply messages. This can be exploited to cause an infinite recursion, which could result in a stack overflow.

CVEs:

libexif

  • Author: voroskoi
  • Vulnerable: 0.6.13-1
  • Unaffected: 0.6.13-2terminus1

Victor Stinner has reported a vulnerability in libexif, which can be exploited by malicious people to cause a DoS and potentially compromise an application using the library. The vulnerability is caused due to an error within the handling of malformed EXIF information. This can be exploited to crash an application using the library and may allow execution of arbitrary code.

CVEs:

  • There is no CVE for this issue.