Security announcements for Frugalware stable releases http://frugalware.org/security http://frugalware.org/security/750 http://frugalware.org/security/750#top Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs.Vulnerable version: 3.4.7.1-1mores1, Unaffected version: 3.4.8-1mores1, CVEs: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4634 Fri, 23 Dec 2011 00:00:00 +0100 http://frugalware.org/security/749 http://frugalware.org/security/749#top Beside fixing bugs the developers added some security improvements which will protect the Roundcube users from XSS and clickjacking attacks.Vulnerable version: 0.5.4-1mores1, Unaffected version: 0.7-1mores1, CVEs: No CVE, see http://sourceforge.net/news/?group_id=139281&id=305129. Fri, 23 Dec 2011 00:00:00 +0100 http://frugalware.org/security/748 http://frugalware.org/security/748#top Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error related to an uninitialised variable within the CSN.1 dissector can be exploited to cause a crash. 2) A NULL pointer dereference error within the Infiniband dissector can be exploited to cause a crash. 3) An error within the ERF file parser can be exploited to cause a heap-based buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code.Vulnerable version: 1.6.2-1mores1, Unaffected version: 1.6.3-1mores1, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4102 Fri, 23 Dec 2011 00:00:00 +0100 http://frugalware.org/security/747 http://frugalware.org/security/747#top A vulnerability has been reported in the Views module for Drupal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via certain filters or arguments on certain types of views is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.Vulnerable version: 6.x_2.12-2, Unaffected version: 6.x_2.14-1mores1, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4113 Fri, 23 Dec 2011 00:00:00 +0100 http://frugalware.org/security/746 http://frugalware.org/security/746#top Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word (doc) file format importer where custom crafted documents trigger out of bounds behaviour. Thanks to Huzaifa Sidhpurwala of Red Hat Security Team for reporting this vulnerability.Vulnerable version: 3.4.2.3-1, Unaffected version: 3.4.3.2-1mores1, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713 Thu, 06 Oct 2011 00:00:00 +0200 http://frugalware.org/security/745 http://frugalware.org/security/745#top Some vulnerabilities have been reported in Django, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service). 1) An error within the handling of sessions within django.contrib.sessions when using the caching backend can be exploited to manipulate session information. Successful exploitation requires that the session key is known and the application allows attackers to store dictionary-like objects with a valid session key in the cache. 2) An error when verifying if URLs provided to the "URLField" field type correctly resolve can be exploited to exhaust all of the server's processes and memory by providing an URL to a malicious server. 3) An error within the handling of redirect responses when verifying URLs provided to the "URLField" field type can be exploited to e.g. determine the existence of local files on the server by returning a redirect response to a "file://" URL. 4) An error within the handling of the "X-Forwarded-Host" HTTP header when e.g. generating full URLs for redirect responses can be exploited to conduct cache poisoning attacks.Vulnerable version: 1.3-2, Unaffected version: 1.3.1-1mores1, CVEs: No CVE, see https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ Sat, 17 Sep 2011 00:00:00 +0200 http://frugalware.org/security/744 http://frugalware.org/security/744#top A vulnerability has been reported in librsvg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an error within the handling of node types, which can be exploited to dereference invalid memory via specially crafted SVG images.Vulnerable version: 2.34.0-1, Unaffected version: 2.34.1-1mores1, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3146 Tue, 13 Sep 2011 00:00:00 +0200 http://frugalware.org/security/743 http://frugalware.org/security/743#top Some vulnerabilities have been reported in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information and by malicious users to compromise a vulnerable system. 1) Certain input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "action" parameter in bug_actiongroup_ext_page.php and bug_actiongroup_page.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Note: In combination with MantisBT's file upload functionality, this can be exploited to execute arbitrary PHP code. 3) Input passed to the "os", "os_build", and "platform" parameters in bug_report_page.php and bug_update_advanced_page.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.Vulnerable version: 1.2.7-1mores1, Unaffected version: 1.2.8-1mores1, CVEs: No CVE, see https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html Fri, 09 Sep 2011 00:00:00 +0200 http://frugalware.org/security/742 http://frugalware.org/security/742#top Kingcope has discovered a vulnerability in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the ByteRange filter when processing requests containing a large amount of ranges, which can be exploited to exhaust memory via specially crafted HTTP requests sent to the server.Vulnerable version: 2.2.19-2mores1, Unaffected version: 2.2.20-1mores1, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 Wed, 07 Sep 2011 00:00:00 +0200 http://frugalware.org/security/741 http://frugalware.org/security/741#top It was found that foomatic-rip filter used insecurely created temporary file for storage of PostScript data by rendering the data, intended to be sent to the PostScript filter, when the debug mode was enabled. A local attacker could use this flaw to conduct symlink attacks (overwrite arbitrary file accessible with the privileges of the user running the foomatic-rip universal print filter).Vulnerable version: 4.0.1-5, Unaffected version: 4.0.1-6mores1, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2924 Sat, 03 Sep 2011 00:00:00 +0200