Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

ed

  • Author: voroskoi
  • Vulnerable: 0.2-2
  • Unaffected: 0.4-1siwenna1

A vulnerability has been reported in GNU ed, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to temporary files being created insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running ed.

CVEs:

kdegraphics

  • Author: voroskoi
  • Vulnerable: 3.5.4-4siwenna1
  • Unaffected: 3.5.4-5siwenna1

A weakness has been reported in KDE and KOffice, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to an error within the handling of catalog dictionaries or page attributes that reference an invalid page treenode. This can be exploited to cause an infinite loop by e.g. tricking a user into opening a specially crafted PDF document.

koffice

  • Author: voroskoi
  • Vulnerable: 1.5.2-2
  • Unaffected: 1.5.2-3siwenna1

A weakness has been reported in KDE and KOffice, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to an error within the handling of catalog dictionaries or page attributes that reference an invalid page treenode. This can be exploited to cause an infinite loop by e.g. tricking a user into opening a specially crafted PDF document.

smb4k

  • Author: voroskoi
  • Vulnerable: 0.7.2-1
  • Unaffected: 0.7.5-1siwenna1
  1. A grave bug was discovered that could cause a corrupted /etc/sudoers file if debug or error output was received via stderr while reading the file for subsequent processing.
  2. Kees Cook conducted a security audit of Smb4K 0.7.5. He found several security weaknesses in the utility programs (stack overflows / the use of strcpy instead of strncpy / a design error in smb4k_kill) and in the Smb4KFileIO class (use of mktemp instead of mkstemp for creation of the temporary files which could lead to both a race and an information leak / a race in the code that handles the lock file).

CVEs:

openoffice.org

  • Author: voroskoi
  • Vulnerable: 2.0.3-1
  • Unaffected: 2.0.3-2siwenna1

John Heasman has reported some vulnerabilities in OpenOffice, which can be exploited by malicious people to compromise a user’s system.

  1. A truncation error within the handling of the META_ESCAPE record can be exploited to cause a heap-based buffer overflow via a specially crafted WMF/EMF file.
  2. An integer overflow within the handling of EMR_POLYPOLYGON and EMR_POLYPOLYGON16 records can be exploited to cause a heap-based buffer overflow via a specially crafted WMF/EMF file. Successful exploitation of the vulnerabilities allows execution of arbitrary code and requires that a user is tricked into opening a specially crafted WMF/EMF file or a specially crafted document.

CVEs:

fetchmail

  • Author: voroskoi
  • Vulnerable: 6.3.4-1
  • Unaffected: 6.3.6-1siwenna1

A vulnerability and a security issue have been reported in Fetchmail, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to gain knowledge of sensitive information.

  1. A NULL pointer dereference error in Fetchmail, when refusing a message that was bound for delivery by a message delivery agent (MDA) via the “mda” option, can be exploited to crash the service.
  2. Several errors could lead to the authentication in plain text despite the configured settings, resulting in the possibility of passwords being eavesdropped.

CVEs:

libgtop

  • Author: voroskoi
  • Vulnerable: 2.14.3-1
  • Unaffected: 2.14.3-2siwenna1

Liu Qishuai has reported a vulnerability in libgtop2, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error within the “glibtop_get_proc_map_s()” function in sysdeps/linux/procmap.c. This can be exploited to cause a stack-based buffer overflow by running a process with a specially crafted long path and tricking a victim into running an application using the library (e.g. gnome-system-monitor).

libsoup

  • Author: voroskoi
  • Vulnerable: 2.2.96-2
  • Unaffected: 2.2.96-3siwenna1

Roland Lezuo and Josselin Mouette have reported a vulnerability in libsoup, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the “soup_headers_parse()” function in soup-headers.c. This can be exploited to crash an application using the library by sending specially crafted HTTP requests.

CVEs:

mediawiki

  • Author: voroskoi
  • Vulnerable: 1.7.1-1
  • Unaffected: 1.7.2-1siwenna1

A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Successful exploitation requires that $wgUseAjax is set to true, which is not its default setting.

proftpd

  • Author: voroskoi
  • Vulnerable: 1.3.0-4siwenna1
  • Unaffected: 1.3.0-5siwenna1

Alfredo Ortega has reported a vulnerability in the mod_ctrls module for ProFTPD, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error within the “pr_ctrls_recv_request()” function in src/ctrls.c and can be exploited to cause a buffer overflow by sending specially crafted control messages to the module. Successful exploitation may allow to execute arbitrary code with escalated privileges, but requires that the mod_ctrl module is used and that ACLs allow the attacker to access the module.