Frugalware Security Announcements (FSAs)

• Author: voroskoi
• Vulnerable: 1.8.5-1
• Unaffected: 1.8.5-2siwenna1

A vulnerability has been reported in Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an input validation error in “cgi.rb”. This can be exploited to consume a large amount of CPU resources by sending a specially crafted HTTP POST request.

• Bug Tracker URL: http://bugs.frugalware.org/task/1418

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467

• Author: voroskoi
• Vulnerable: 1.0.5-1siwenna1
• Unaffected: 1.0.6-1siwenna1

Some vulnerabilities have been reported in Mozilla Firefox and Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a vulnerable system.

1. The bundled Network Security Services (NSS) library contains an incomplete fix for the RSA signature verification vulnerability reported in MFSA 2006-60.
2. An error exists within the handling of Script objects. This can potentially be exploited to execute arbitrary JavaScript bytecode by modifying already running Script objects.
3. Some unspecified errors in the layout engine and memory corruption errors in the JavaScript engine can be exploited to crash the application and may allow execution of arbitrary code.
4. An unspecified error within XML.prototype.hasOwnProperty can potentially be exploited to execute arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/1436

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748

• Author: voroskoi
• Vulnerable: 1.5.0.7-1siwenna1
• Unaffected: 1.5.0.8-1siwenna1

Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a vulnerable system.

1. The bundled Network Security Services (NSS) library contains an incomplete fix for the RSA signature verification vulnerability reported in MFSA 2006-60.
2. An error exists within the handling of Script objects. This can be potentially be exploited to execute arbitrary JavaScript bytecode by modifying already running Script objects. Successful exploitation requires that JavaScript is enabled.
3. Some unspecified errors in the layout engine and memory corruption errors in the JavaScript engine can be exploited to crash the application and may allow the execution of arbitrary code. Successful exploitation of some of these vulnerabilities requires that JavaScript is enabled.
4. An unspecified error within XML.prototype.hasOwnProperty can potentially be exploited to execute arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/1435

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463

• Author: voroskoi
• Vulnerable: 6.2.9_3-1
• Unaffected: 6.2.9_3-2siwenna1

Some vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

1. A boundary error within the “ReadDCMImage()” function in coders/dcm.c can be exploited to cause a buffer overflow when processing specially crafted DCM images.
2. Several boundary errors within the “ReadPALMImage()” function in coders/palm.c can be exploited to cause heap-based buffer overflows when processing specially crafted PALM images. Successful exploitation may allow the execution of arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/1364

CVEs:

• There is no CVE for this issue, see: http://secunia.com/advisories/22572

• Author: voroskoi
• Vulnerable: 2.6.17-6siwenna1
• Unaffected: 2.6.17-6siwenna2

A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of seqfiles for “/proc/net/ip6_flowlabel”, which can be exploited to cause kernel lockups and crashes via specially crafted flow labels.

• Bug Tracker URL: http://bugs.frugalware.org/task/1423

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5619

• Author: voroskoi
• Vulnerable: 9.3.2_P1-1siwenna1
• Unaffected: 9.3.2_P2-1siwenna1

Some vulnerabilities have been reported in BIND, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). The vulnerabilities are caused due to the potential use of vulnerable OpenSSL libraries.

• Bug Tracker URL: http://bugs.frugalware.org/task/1420

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940

• Author: voroskoi
• Vulnerable: 1.0.3-1
• Unaffected: 1.0.3-2siwenna1

Kees Cook has reported a vulnerability in libX11, which can be exploited by malicious, local users to disclose potentially sensitive information. The vulnerability is caused due to a file descriptor leak in the Xinput module, which can be exploited to disclose the content of certain files.

• Bug Tracker URL: http://bugs.frugalware.org/task/1416

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5397

• Author: voroskoi
• Vulnerable: 1.4.2.2-1
• Unaffected: 1.4.2.2-2siwenna1

Some weaknesses have been reported in mutt, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.

1. The “safe_open()” function insecurely creates temporary files on NFS directories, because the O_EXEC flag is not always correctly honored. This may be exploited to overwrite arbitrary files.
2. A race condition exists within the “mutt_adv_mktemp()” function between calling “mktemp()” and “safe_fopen()”. This may be exploited to create files with weak permissions.

• Bug Tracker URL: http://bugs.frugalware.org/task/1399

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5297
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5298

• Author: voroskoi
• Vulnerable: 1.5.12-1
• Unaffected: 1.5.12-2siwenna1

Some weaknesses have been reported in mutt, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.

1. The “safe_open()” function insecurely creates temporary files on NFS directories, because the O_EXEC flag is not always correctly honored. This may be exploited to overwrite arbitrary files.
2. A race condition exists within the “mutt_adv_mktemp()” function between calling “mktemp()” and “safe_fopen()”. This may be exploited to create files with weak permissions.

• Bug Tracker URL: http://bugs.frugalware.org/task/1399

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5297
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5298

• Author: voroskoi
• Vulnerable: 5.1.6-2siwenna1
• Unaffected: 5.1.6-3siwenna1

Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to boundary errors within the “htmlentities()” and “htmlspecialchars()” functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause a heap-based buffer overflow by passing specially crafted data to the affected application. Successful exploitation may allow execution of arbitrary code, but requires that the UTF-8 character set is selected.