Frugalware Security Announcements (FSAs)

• Author: voroskoi
• Vulnerable: 0.99.3a-1
• Unaffected: 0.99.4-1siwenna1

Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Errors within the HTTP, LDAP, XOT, WBXML, and MIME parsers can be exploited to cause a crash or consume large amounts of memory when parsing a specially crafted packet that is either captured off the wire or loaded via a capture file.

• Bug Tracker URL: http://bugs.frugalware.org/task/1376

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5468
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5740
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4805
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5469
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4574
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5595

• Author: voroskoi
• Vulnerable: 1.2.1-1
• Unaffected: 1.2.4-1siwenna1

Some vulnerabilities have been reported in wvWare, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to integer overflows within the “wvGetLFO_records()” and “wvGetLFO_PLF()” functions. These can be exploited to cause heap-based buffer overflows by e.g. tricking a user to open a specially crafted Microsoft Word document with an application using the library.

• Author: voroskoi
• Vulnerable: 8.1.4-2
• Unaffected: 8.1.5-1siwenna1

Some vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious users to cause a DoS (Denial of Service).

1. An incorrect type check before coercing unknown literals into the ANYARRAY type can be exploited to cause a crash when converting certain literals into ANYARRAY.
2. An error exists within the handling of aggregate functions in UPDATE statements, which can be exploited to crash the server backend.
3. An error within the logging of V3-protocol execute messages of ROLLBACK or COMMIT statements can be exploited to cause a crash.

• Bug Tracker URL: http://bugs.frugalware.org/task/1367

CVEs:

• There is no CVE for this issue, see: http://secunia.com/advisories/22562

• Author: voroskoi
• Vulnerable: 15.5-1
• Unaffected: 15.6-1siwenna1

Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system.

1. Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted “cscope.lists” files or directories.
2. A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long “reffile” argument.

• Bug Tracker URL: http://bugs.frugalware.org/task/1340

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4262

• Author: voroskoi
• Vulnerable: 4.0.2-2
• Unaffected: 4.0.3-1siwenna1

Some vulnerabilities have been reported in GNU Screen, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to errors within the handling of certain UTF-8 characters. This can be exploited to crash GNU Screen or potentially execute arbitrary code by printing a specially crafted string to the window.

• Author: voroskoi
• Vulnerable: 4.7.3-1
• Unaffected: 4.7.3-2siwenna1

Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

1. Some unspecified input is not properly sanitised in the XML parser before being used. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site via a specially crafted RSS feed. Successful exploitation requires that the PHP “mbstring” extension is disabled.
2. Some unspecified input is not properly sanitised before being used in the “aggregator”, “profile”, and “forum” module. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site.
3. An error exists due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the user’s request. This can e.g. be exploited to change passwords, post PHP code, or create new users.
4. Some input to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to redirect a user’s form submission to an attackers site when the user is tricked to use a specially crafted link.

• Bug Tracker URL: http://bugs.frugalware.org/task/1338

CVEs:

• There is no CVE for this issue, see: http://secunia.com/advisories/22486

• Author: voroskoi
• Vulnerable: asterisk-1.2.11-1
• Unaffected: asterisk-1.2.13-1siwenna1

Adam Boileau has reported a vulnerability in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the “get_input()” function in chan_skinny.c. This can be exploited to cause a heap-based buffer overflow by sending specially crafted packets to the Asterisk Skinny channel driver. Successful exploitation may allow the execution of arbitrary code, but requires that “chan_skinny” is loaded.

• Author: voroskoi
• Vulnerable: 1.0_8774-4siwenna1
• Unaffected: 1.0_8776-1siwenna1

Rapid7 has reported a vulnerability in NVIDIA Binary Graphics Driver for Linux, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a user’s system. A boundary error when performing accelerated rendering of glyphs can be exploited to cause a buffer overflow via a specially crafted short sequence of user-supplied glyphs. Successful exploitation allows execution of arbitrary code with “root” privileges.

• Author: voroskoi
• Vulnerable: 3.3.6-4
• Unaffected: 3.3.6-5

A vulnerability has been reported in Qt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an integer overflow within the way Qt handles certain pixmap images. This can potentially be exploited to execute arbitrary code by e.g. causing an application linked against Qt to process a specially crafted pixmap image.

• Author: voroskoi
• Vulnerable: 4.1.4-5
• Unaffected: 4.1.4-6

A vulnerability has been reported in Qt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an integer overflow within the way Qt handles certain pixmap images. This can potentially be exploited to execute arbitrary code by e.g. causing an application linked against Qt to process a specially crafted pixmap image.