Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

denyhosts

  • Author: voroskoi
  • Vulnerable: 2.5-2
  • Unaffected: 2.6-1siwenna1

Tavis Ormandy has discovered a vulnerability in DenyHosts, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the parsing of log files before adding an entry in /etc/hosts.deny. This can be exploited to add arbitrary IP addresses to /etc/hosts.deny resulting in a DoS for that IP.

CVEs:

gnupg

  • Author: voroskoi
  • Vulnerable: 1.4.5-2siwenna1
  • Unaffected: 1.4.5-3siwenna1

Tavis Ormandy has reported a vulnerability in GnuPG, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the decryption of malformed OpenPGP messages. This can be exploited to corrupt memory when decrypting a specially crafted OpenPGP message. Successful exploitation allows execution of arbitrary code.

CVEs:

madwifi-ng

  • Author: voroskoi
  • Vulnerable: r1491_20060404-9
  • Unaffected: 0.9.2.1-1

Laurent Butti, Jerome Raznieski, and Julien Tinnes have reported a vulnerability in MadWifi, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error and can be exploited to cause a buffer overflow, which allows execution of arbitrary code with kernel privileges.

CVEs:

xine-lib

  • Author: voroskoi
  • Vulnerable: 1.1.2-1
  • Unaffected: 1.1.3-1siwenna1

Some vulnerabilities have been reported in xine-lib, which potentially can be exploited by malicious people to compromise a user’s system.

  1. A vulnerability is caused due to a boundary error within the “real_parse_sdp()” function in src/input/libreal/real.c. This can be exploited to cause a buffer overflow by e.g. tricking a user into connecting to a malicious server.
  2. A buffer overflow exists in the libmms library: Anon Sricharoenchai has discovered some vulnerabilities in MiMMS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user’s system. The vulnerabilities are caused due to boundary errors within the “get_header()” and “get_media_packet” functions when read data from the server. This can be exploited to cause stack-based buffer overflows and may allow arbitrary code execution.

CVEs:

evince

  • Author: voroskoi
  • Vulnerable: 0.6.0-1
  • Unaffected: 0.6.0-2siwenna1

A vulnerability has been discovered in Evince, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the “get_next_text()” function in ps/ps.c. This can be exploited to cause a buffer overflow by e.g. tricking a user into opening a specially crafted PostScript file.

CVEs:

squirrelmail

  • Author: voroskoi
  • Vulnerable: 1.4.8-1
  • Unaffected: 1.4.9-1siwenna1

Some vulnerabilities have been reported in SquirrelMail, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.

  1. Input passed to certain parameters in webmail.php and compose.php in the “draft”, “compose”, and “mailto” functionality is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
  2. Input validation errors exist in the magicHTML filter when sanitising HTML mails. This can be exploited to insert arbitrary HTML and script code, which is executed in a user’s browser session in context of an affected site when the malicious data is viewed. Successful exploitation of some of these errors require that the target user runs Microsoft Internet Explorer.

CVEs:

gnupg

  • Author: voroskoi
  • Vulnerable: 1.4.5-1
  • Unaffected: 1.4.5-2siwenna1

Hugh Warrington has reported a vulnerability in GnuPG, which potentially can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error in the “ask_outfile_name()” function in openfile.c, because the “make_printable_string()” function can return a string longer than the expected “NAMELEN”. This can be exploited to cause a buffer overflow by e.g. tricking a user into processing a specially crafted file using the interactive mode. Successful exploitation may allow the execution of arbitrary code, but requires that the interactive mode is used. Applications using the batch mode (e.g. most e-mail clients) are not affected.

kdegraphics

  • Author: voroskoi
  • Vulnerable: 3.5.4-3
  • Unaffected: 3.5.4-4siwenna1

A weakness has been reported in KDE, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to an error within the JPEG kfile-info plugin when parsing EXIF information. This can be exploited to cause an endless recursion by e.g. tricking a user into opening a specially crafted file with an application using the kfile-info plugin.

lha

  • Author: voroskoi
  • Vulnerable: 114i-1
  • Unaffected: 1.14i_ac20050924p1-1siwenna1

Some vulnerabilities have been reported in LHa, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  1. An infinite loop within the “read_pt_len()”, “read_c_len()”, “decode_c_st1()”, and “decode_p_st1()” function in huf.c can be exploited to cause a DoS due to CPU consumption by e.g. tricking a user or automated system into unpacking a specially crafted archive.
  2. A buffer overflow and a boundary error within the “make_table()” function in maketbl.c can be exploited to modify certain stack data and cause a buffer overflow by e.g. tricking a user or automated system into unpacking a specially crafted archive.

CVEs: