Frugalware Security Announcements (FSAs)

• Author: voroskoi
• Vulnerable: 0.99.4-2
• Unaffected: 0.99.4-3siwenna1

A vulnerability has been reported in xine-ui, which potentially can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a format string error within the “errors_create_window()” function in errors.c. This may be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted playlist file.

• Bug Tracker URL: http://bugs.frugalware.org/task/1617

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0254

• Author: voroskoi
• Vulnerable: 7.0r68-1siwenna1
• Unaffected: 9.0.31.0-1siwenna1

Rapid7 has reported some vulnerabilities in Adobe Flash Player, which can be exploited by malicious people to bypass certain restrictions. Input passed to the “XML.addRequestHeader()” ActionScript function and the “XML.contentType” attribute is not properly sanitised before being used. This can be exploited to bypass certain restrictions via CRLF character sequences and inject arbitrary HTTP headers in a request. Successful exploitation may e.g. make it easier to perform CSRF (Cross-Site Request Forgery) attacks.

• Author: voroskoi
• Vulnerable: 3.0.23-5
• Unaffected: 3.0.24-1siwenna1

Some vulnerabilities have been reported in Samba, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

1. Under certain conditions, smbd fails to remove requests from the deferred file open queue. This can be exploited to cause a DoS due to heavy resource usage by triggering an infinite loop when renaming a file under special circumstances.
2. Samba uses filenames as format string parameter in a call to “sprintf()” when setting Windows NT Access Control Lists using the afsacl.so VFS plugin. This can potentially be exploited to execute arbitrary code. Successful exploitation requires that an AFS file system is shared to CIFS clients using the afsacl.so VFS module and that the attacker has write access to the share.

• Bug Tracker URL: http://bugs.frugalware.org/task/1690

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454

• Author: voroskoi
• Vulnerable: 0.99.4-1siwenna1
• Unaffected: 0.99.5-1siwenna1

Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Errors within the TCP, HTTP, IEEE 802.11, and LLT parsers can be exploited to cause a crash or consume large amounts of memory when parsing a specially crafted packet that is either captured off the wire or loaded via a capture file.

• Bug Tracker URL: http://bugs.frugalware.org/task/1684

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0456
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0457
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0458
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0459

• Author: voroskoi
• Vulnerable: 8.1.5-1siwenna1
• Unaffected: 8.1.7-1siwenna1

Some vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious users to gain knowledge of potentially sensitive information and cause a DoS (Denial of Service).

1. An unspecified error can be used to suppress certain checks, which ensure that SQL functions return the correct data type. This can be exploited to crash the database backend or disclose potentially sensitive information.
2. An unspecified error when changing the data type of a table column can be exploited to crash the database backend or disclose potentially sensitive information.

• Bug Tracker URL: http://bugs.frugalware.org/task/1687

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556

• Author: voroskoi
• Vulnerable: 2.10.3-1
• Unaffected: 2.10.3-2siwenna1

A vulnerability has been reported in GTK+, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the “GdkPixbufLoader()” when handling certain malformed input. This can be exploited to crash an application using the library by tricking it into processing specially crafted image files.

• Bug Tracker URL: http://bugs.frugalware.org/task/1663

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0010

• Author: voroskoi
• Vulnerable: 9.3.2_P2-1siwenna1
• Unaffected: 9.3.4-1siwenna1

A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error, which may cause the named daemon to dereference a freed fetch context. Successful exploitation crashes the named daemon.

• Bug Tracker URL: http://bugs.frugalware.org/task/1664

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494

• Author: voroskoi
• Vulnerable: 2.9.1.1-1siwenna1
• Unaffected: 2.9.2-1siwenna1

Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks and HTTP response splitting attacks.

1. Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
2. Input passed in the “phpMyAdmin” cookie is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user, allowing for execution of arbitrary HTML and script code in a user’s browser session in context of an affected site. Successful exploitation of this vulnerability requires a version of PHP 4 before 4.4.2 or a version of PHP 5 before 5.1.2.

• Bug Tracker URL: http://bugs.frugalware.org/task/1611

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0203
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0204

• Author: voroskoi
• Vulnerable: 0.5.3-1
• Unaffected: 0.5.3-2siwenna1

A vulnerability has been reported in Poppler, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of catalog dictionaries or page attributes that reference an invalid page tree node. This can be exploited to cause an infinite loop by e.g. tricking a user into opening a specially crafted PDF document.

• Author: voroskoi
• Vulnerable: 2.6.STABLE3-1
• Unaffected: 2.6.STABLE7-1siwenna1

Two vulnerabilities have been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).

1. An error in the handling of certain FTP URL requests can be exploited to crash Squid by visiting a specially crafted FTP URL via the proxy.
2. An error in the external_acl queue can cause Squid to crash when it is under high load conditions.

• Bug Tracker URL: http://bugs.frugalware.org/task/1634

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0247
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0248