Frugalware Security Announcements (FSAs)

• Author: voroskoi
• Vulnerable: 1.5.0-2
• Unaffected: 1.5.1-1siwenna1

A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the verification of certain signatures.

• Bug Tracker URL: http://bugs.frugalware.org/1196

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4790

• Author: voroskoi
• Vulnerable: 1.5.0.5-2
• Unaffected: 1.5.0.7-1siwenna1

Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct man-in-the-middle attacks, bypass certain security restrictions, and potentially compromise a user’s system.

• Bug Tracker URL: http://bugs.frugalware.org/1145

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4253
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4566
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4567
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4570
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4571

• Author: voroskoi
• Vulnerable: 1.2.4b-1
• Unaffected: 1.2.4b-2siwenna1

Tavis Ormandy from the Google Security Team discovered several vulnerabilities in gzip, the GNU compression utility.

• Bug Tracker URL: http://bugs.frugalware.org/1189

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338

• Author: voroskoi
• Vulnerable: 3.11.2-1
• Unaffected: 3.11.3-2siwenna1

nss is Mozilla’s Network Security Services library.

• Bug Tracker URL: http://bugs.frugalware.org/1148

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340

• Author: voroskoi
• Vulnerable: 1.2.0-2
• Unaffected: 1.2.2-1siwenna1

libxfont is the X.Org Xfont library

• Bug Tracker URL: http://bugs.frugalware.org/1137

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739,
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740

• Author: voroskoi
• Vulnerable: 3.11.3-2siwenna1
• Unaffected: 3.11.3-3siwenna1

Two vulnerabilities have been reported in Network Security Services (NSS), which potentially can be exploited by malicious people to compromise a vulnerable system.

1. An integer underflow error when processing SSLv2 server messages can be exploited to cause a heap-based buffer overflow via a certificate with a public key too small to encrypt the “Master Secret”.
2. An integer underflow error when processing SSLv2 client master keys can be exploited to cause a stack-based buffer overflow via specially crafted parameters during an SSLv2 handshake. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/1756

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009