Frugalware Linux - Let's make things Frugal!

Releases

frugalware-0.8 (Kalgan)
Mar 11, 2008

frugalware-0.7 (Sayshell)
Oct 13, 2007

frugalware-0.6 (Terminus)
Mar 22, 2007

frugalware-0.5 (Siwenna)
Sep 14, 2006

frugalware-0.4 (Wanda)
Mar 30, 2006

frugalware-0.3 (Trantor)
Oct 13, 2005

frugalware-0.2 (Aurora)
Apr 28, 2005

frugalware-0.1 (Genesis)
Nov 02, 2004

RSS

Donations

Donate to support our development efforts.

Recent updates

devel-core/
pacman-tools
1.0.8-1-i686
devel-core/
pacman-tools
1.0.8-1-x86_64
games-extra/
visualboyadvance
1.7.2-3-x86_64
games-extra/
visualboyadvance
1.7.2-3-i686
gnome-extra/
screenlets
0.1.1-1-x86_64
xapps-extra/
playonlinux
2.7.2-2-i686
gnome-extra/
screenlets
0.1.1-1-i686
xfce4-goodies/
ristretto
0.0.19-1-x86_64
xfce4-goodies/
ristretto
0.0.19-1-i686
apps-extra/
obex-data-server
0.3.1-1-x86_64

RSS

Languages

Information

Server information

Uptime:
14 day(s) 19 h 30 m 40 s

Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

FSA441 - kernel

Package:	kernel
Date:	2008-05-05
Vulnerable version:	2.6.24-3
Unaffected version:	2.6.24-4kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3050
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
Description:	A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges. A race condition error exists in the dnotify subsystem between calls to "fcntl()" and "close()". This can be exploited to cause a system crash or potentially gain root privileges.

FSA440 - frugalwareutils

Package:	frugalwareutils
Date:	2008-05-05
Vulnerable version:	0.7.9-1
Unaffected version:	0.7.9-2kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3052
CVEs:	There is no CVE for this issue.
Description:	A vulnerability has been reported in frugalwareutils, which can potentially be exploited by malicious people to cause a DoS on a vulnerable system. The vulnerability is caused due to creating new files as root without checking the current value of umask. Successful exploitation may allow execution of arbitrary code.

FSA439 - vorbis-tools

Package:	vorbis-tools
Date:	2008-05-05
Vulnerable version:	1.1.1-3
Unaffected version:	1.1.1-4kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3032
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Description:	A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header. Successful exploitation may allow execution of arbitrary code.

FSA438 - xine-lib

Package:	xine-lib
Date:	2008-05-05
Vulnerable version:	1.1.11-1kalgan2
Unaffected version:	1.1.11-1kalgan3
Bug tracker entry:	http://bugs.frugalware.org/task/3027
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
Description:	Guido Landi has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "demux_nsf_send_chunk()" function in src/demuxers/demux_nsf.c. This can be exploited to cause a stack-based buffer overflow via an overly long NSF title.

FSA437 - xine-lib

Package:	xine-lib
Date:	2008-05-05
Vulnerable version:	1.1.11-1kalgan2
Unaffected version:	1.1.11-1kalgan3
Bug tracker entry:	http://bugs.frugalware.org/task/3010
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Description:	A vulnerability has been reported in xine-lib, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header. Successful exploitation may allow execution of arbitrary code.

FSA436 - phpmyadmin

Package:	phpmyadmin
Date:	2008-04-25
Vulnerable version:	2.11.5.1-1kalgan1
Unaffected version:	2.11.5.2-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3035
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1924
Description:	A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to an unspecified error and can be exploited to disclose arbitrary files via a specially crafted HTTP POST request. Successful exploitation requires a certain level of access e.g. on a shared host.

FSA435 - openssh

Package:	openssh
Date:	2008-04-25
Vulnerable version:	4.7p1-4kalgan1
Unaffected version:	4.7p1-4kalgan2
Bug tracker entry:	http://bugs.frugalware.org/task/2961
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
Description:	A weakness has been reported in OpenSSH, which can be exploited by malicious, local users to bypass certain security restrictions. The weakness is caused due to the improper implementation of the "ForceCommand" directive. This can be exploited to execute arbitrary commands via the ~/.ssh/rc file even if a "ForceCommand" directive is in effect.

FSA434 - libpng

Package:	libpng
Date:	2008-04-25
Vulnerable version:	1.2.24-1
Unaffected version:	1.2.24-2kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3013
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
Description:	Tavis Ormandy has reported a vulnerability in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library. The vulnerability is caused due to the improper handling of PNG chunks unknown to the library. This can be exploited to trigger the use of uninitialized memory in e.g. a "free()" call via unknown PNG chunks having a length of zero. Successful exploitation may allow execution of arbitrary code, but requires that the application calls the "png_set_read_user_chunk_fn()" function or the "png_set_keep_unknown_chunks()" function under specific conditions.

FSA433 - cups

Package:	cups
Date:	2008-04-25
Vulnerable version:	1.3.6-2kalgan1
Unaffected version:	1.3.6-2kalgan2
Bug tracker entry:	http://bugs.frugalware.org/task/3012
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1722
Description:	Thomas Pollet has reported a vulnerability in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to two integer overflow errors in filter/image-png.c when processing PNG files. These can be exploited to cause a heap-based buffer overflow via overly large width and height PNG fields. Successful exploitation may allow execution of arbitrary code.

FSA432 - clamav

Package:	clamav
Date:	2008-04-25
Vulnerable version:	0.92.1-1
Unaffected version:	0.93-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3014
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1837
Description:	Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to bypass certain security restrictions, to cause a DoS (Denial of Service), or to compromise a vulnerable system. 1) A boundary error exists within the "cli_scanpe()" function in libclamav/pe.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Upack" executable. Successful exploitation allows execution of arbitrary code. 2) A boundary error within the processing of PeSpin packed executables in libclamav/spin.c can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. 3) An unspecified error in the processing of ARJ files can be exploited to hang ClamAV. 4) A boundary error within the processing of WWPack packed PE files in libclamav/pe.c can be exploited to cause a heap corruption. Successful exploitation may allow execution of arbitrary code. 5) An error in the processing of RAR files can be exploited to bypass the scanning mechanism via a RAR file containing an invalid version number. 6) An error exists within the "rfc2231()" function in message.c. This can be exploited to trigger the return of strings that are not NULL terminated and cause a crash. 7) An error in libclamunrar can be exploited to crash the application via specially crafted RAR files.

FSA431 - firefox

Package:	firefox
Date:	2008-04-25
Vulnerable version:	2.0.0.13-1kalgan1
Unaffected version:	2.0.0.14-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3022
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
Description:	A vulnerability has been reported in Mozilla Firefox, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the Javascript Garbage Collector and can be exploited to cause a memory corruption via specially crafted Javascript code. Successful exploitation may allow execution of arbitrary code.

FSA430 - sweep

Package:	sweep
Date:	2008-04-25
Vulnerable version:	0.9.2-2
Unaffected version:	0.9.2-3kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3025
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Description:	A vulnerability has been reported in sweep, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.

FSA429 - vlc

Package:	vlc
Date:	2008-04-25
Vulnerable version:	0.8.6-12kalgan1
Unaffected version:	0.8.6-12kalgan2
Bug tracker entry:	http://bugs.frugalware.org/task/3024
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Description:	A vulnerability has been reported in vlc, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.

FSA428 - sdl_sound

Package:	sdl_sound
Date:	2008-04-25
Vulnerable version:	1.0.1-4
Unaffected version:	1.0.1-5kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3026
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Description:	A vulnerability has been reported in sdl_sound, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.

FSA427 - gst-plugins-good

Package:	gst-plugins-good
Date:	2008-04-25
Vulnerable version:	0.10.7-1
Unaffected version:	0.10.7-2kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3031
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Description:	A vulnerability has been reported in gst-plugins-good, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.

FSA426 - speex

Package:	speex
Date:	2008-04-25
Vulnerable version:	1.2beta3-1
Unaffected version:	1.2beta3-2kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3023
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Description:	The reference speex decoder from the Speex library is performing insufficient boundary checks on a header structure read from user input. A user controlled field in the header structure is used to build a function pointer. The reference speex decoder does not check for negative values for the field, allowing the function pointer to be pointed at an arbitary position in memory. This allows remote code execution.

FSA425 - mailman

Package:	mailman
Date:	2008-04-25
Vulnerable version:	2.1.9-2
Unaffected version:	2.1.9-3kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3020
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
Description:	A vulnerability has been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input when editing the list templates and the list info attribute is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious website is accessed. Successful exploitation requires list administrator privileges.

FSA424 - comix

Package:	comix
Date:	2008-04-14
Vulnerable version:	3.6.4-1
Unaffected version:	3.6.4-2kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2923
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1568
Description:	A vulnerability has been reported in Comix, which can be exploited by malicious people to compromise a user's sytem. The vulnerability is caused due to the improper verification of received filenames when executing the rar, unrar, or jpegtran programs. This can be exploited to execute arbitrary commands via a file containing shell metacharacters within the filename.

FSA423 - emacs

Package:	emacs
Date:	2008-04-14
Vulnerable version:	22.1-2
Unaffected version:	22.1-3kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/3006
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1694
Description:	Steve Grubb discovered that vcdiff script as shipped with Emacs uses temporary files insecurely, which makes it possible for local attacker to conduct a symlink attack and make the victim overwrite arbitrary file.

FSA422 - vlc

Package:	vlc
Date:	2008-04-14
Vulnerable version:	0.8.6-11
Unaffected version:	0.8.6-12kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2904
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1489
Description:	Some vulnerabilities have been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. 1) An integer overflow error within the "MP4_ReadBox_rdrf()" function in modules/demux/mp4/libmp4.c can be exploited to cause a heap-based buffer overflow via e.g. a MP4 file with a specially crafted RDRF atom. 2) A boundary error within the "sdpplin_parse()" function in modules/access/rtsp/real_sdpplin.c can be exploited to overwrite arbitrary memory regions. 3) Two integer overflow errors within the "cinepak_decode_frame()" function in modules/codec/cinepak.c can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

FSA421 - sdlimage

Package:	sdlimage
Date:	2008-04-14
Vulnerable version:	1.2.6-1
Unaffected version:	1.2.6-2kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2916
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6697 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0544
Description:	Two vulnerabilities have been reported in SDL_image, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. 1) A boundary error within the "LWZReadByte()" function in IMG_gif.c can be exploited to trigger the overflow of a static buffer via a specially crafted GIF file. 2) A boundary error within the "IMG_LoadLBM_RW()" function in IMG_lbm.c can be exploited to cause a heap-based buffer overflow via a specially crafted IFF ILBM file.

FSA420 - flashplugin

Package:	flashplugin
Date:	2008-04-14
Vulnerable version:	9.0.115.0-1
Unaffected version:	9.0.124.0-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2959
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
Description:	Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system. 1) A boundary error exists in the processing of "Declare Function (V7)" tags. This can be exploited to cause a heap-based buffer overflow via specially crafted flags. 2) An integer overflow in the processing of multimedia files can be exploited to cause a buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. 3) Errors when pinning a hostname to an IP address can be exploited to conduct DNS rebinding attacks. 4) An error when sending HTTP headers can be exploited to bypass cross-domain policy files. 5) An error exists in the enforcing of cross-domain policy files. This can be exploited to bypass certain security restrictions on web servers hosting cross-domain policy files. 6) Input passed to unspecified parameters when handling e.g. the "asfunction:" protocol is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site.

FSA419 - gnome-screensaver

Package:	gnome-screensaver
Date:	2008-04-14
Vulnerable version:	2.20.0-1
Unaffected version:	2.20.0-2kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2931
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0887
Description:	A weakness and a security issue have been reported in gnome-screensaver, which can be exploited by malicious people with physical access to disclose potentially sensitive information or bypass certain security restrictions. 1) A weakness is caused due to the "Leave message" feature allowing attackers to e.g. paste the contents of the clipboard of the user who's screen is currently locked, which can be exploited to disclose potentially sensitive information. 2) A security issue is caused due to an error if the NIS authentication method is used. This can be exploited to bypass the authentication check and unlock the screen if the NIS server is not reachable.

FSA418 - mtr

Package:	mtr
Date:	2008-04-14
Vulnerable version:	0.72-1
Unaffected version:	0.73-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2956
CVEs:	There is no CVE for this issue.
Description:	David Leadbeater has reported a vulnerability in mtr, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to mtr not properly limiting the length of some buffers.

FSA417 - xine-lib

Package:	xine-lib
Date:	2008-04-14
Posted by:	vmiklos
Vulnerable version:	1.1.11-1kalgan1
Unaffected version:	1.1.11-1kalgan2
Bug tracker entry:	http://bugs.frugalware.org/task/2892
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
Description:	Luigi Auriemma has reported some vulnerabilities in xine-lib, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to integer overflow errors when allocating memory in src/demuxers/demux_flv.c, src/demuxers/demux_qt.c, src/demuxers/demux_real.c, src/demuxers/demux_wc3movie.c, src/demuxers/ebml.c, and src/demuxers/demux_film.c. These can be exploited to cause heap-based buffer overflows via overly large fields included in e.g. FLV, MOV, RM, MVE, MKV, and CAK files.

FSA416 - pdns-recursor

Package:	pdns-recursor
Date:	2008-04-14
Posted by:	vmiklos
Vulnerable version:	3.1.4-3
Unaffected version:	3.1.5-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2924
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1637
Description:	Amit Klein has reported a vulnerability in PowerDNS Recursor, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to the application using predictable standard C library functions to generate random numbers (e.g. "rand()" and "srand()"), which are then used to create the transaction ID (TRXID) and UDP source port. This can be exploited to poison the DNS cache by guessing the transaction TRXID and the UDP source port.

FSA415 - m4

Package:	m4
Date:	2008-04-14
Posted by:	vmiklos
Vulnerable version:	1.4.10-1
Unaffected version:	1.4.10-2kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2963
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
Description:	A vulnerability and a security issue have been reported in GNU M4, which can be exploited by malicious people to manipulate certain data or to potentially compromise a user's system. 1) A format string error exists within the "produce_frozen_state()" function in src/freeze.c. This can be exploited via a specially crafted filename passed as a parameter to "m4 -F". Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into processing a filename containing malicious format specifiers. 2) An error within the implementation of the "maketemp" and "mkstemp" macros can potentially be exploited to trigger the processing of improper files via special characters contained in the output string.

FSA414 - lighttpd

Package:	lighttpd
Date:	2008-04-14
Posted by:	vmiklos
Vulnerable version:	1.4.19-1kalgan1
Unaffected version:	1.4.19-1kalgan2
Bug tracker entry:	http://bugs.frugalware.org/task/2922
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531
Description:	A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to lighttpd not properly clearing the OpenSSL error queue. This can be exploited to close concurrent SSL connections of lighttpd by terminating one SSL connection.

FSA413 - python

Package:	python
Date:	2008-04-12
Posted by:	vmiklos
Vulnerable version:	2.5.2-1
Unaffected version:	2.5.2-2kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2954
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
Description:	David Remahl has discovered a security issue in the imageop module for Python, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The security issue is caused due to an incomplete fix (see FSA295) and can be exploited to cause a heap-based buffer overflow when specially crafted parameters are passed to the function. Successful exploitation may allow execution of arbitrary code.

FSA412 - cups

Package:	cups
Date:	2008-04-12
Posted by:	vmiklos
Vulnerable version:	1.3.6-1
Unaffected version:	1.3.6-2kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2962
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373
Description:	Some vulnerabilities have been reported in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. 1) A boundary error exists within the "cgiCompileSearch()" function in cgi-bin/search.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted IPP request. Successful exploitation may allow execution of arbitrary code, but requires that the vulnerable system is sharing printers on the network. NOTE: If printer sharing is disabled, the vulnerability can only be exploited by malicious, local users. 2) A boundary error exists within the "gif_read_image()" function in filter/image-gif.c. This can be exploited to cause a buffer overflow via overly large "code_size" values in GIF image files. Successful exploitation may allow execution of arbitrary code.

FSA411 - opera

Package:	opera
Date:	2008-04-12
Posted by:	vmiklos
Vulnerable version:	9.26-1
Unaffected version:	9.27-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2930
CVEs:	There is no CVE for this issue, see: http://www.opera.com/support/search/view/881/ http://www.opera.com/support/search/view/882/
Description:	Some vulnerabilities have been reported in Opera, which potentially can be exploited by malicious people to compromise a user's system. 1) An error when prompting the user to add a newsfeed can be exploited to cause an invalid memory access via a specially crafted newsfeed source. 2) An error exists in the processing of HTML CANVAS elements. This can be exploited to cause a memory corruption via specially crafted scaled pattern images. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

FSA410 - gnupg2

Package:	gnupg2
Date:	2008-04-10
Posted by:	voroskoi
Vulnerable version:	2.0.8-1
Unaffected version:	2.0.9-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2905
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1530
Description:	A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system. The vulnerability is caused due to an error when importing keys with duplicated IDs. This can be exploited to cause a memory corruption when importing keys via --refresh-keys or --import. Successful exploitation potentially allows execution of arbitrary code, but has not been proven yet.

FSA409 - gnupg

Package:	gnupg
Date:	2008-04-10
Posted by:	voroskoi
Vulnerable version:	1.4.8-1
Unaffected version:	1.4.9-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2905
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1530
Description:	A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system. The vulnerability is caused due to an error when importing keys with duplicated IDs. This can be exploited to cause a memory corruption when importing keys via --refresh-keys or --import. Successful exploitation potentially allows execution of arbitrary code, but has not been proven yet.

FSA408 - wireshark

Package:	wireshark
Date:	2008-04-04
Posted by:	vmiklos
Vulnerable version:	0.99.8-1
Unaffected version:	1.0.0-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2915
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1563
Description:	Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to errors in the X.509sat, Roofnet, LDAP, and SCCP dissectors. These can be exploited to cause the application to crash when processing specially crafted packets that are either captured off the wire or loaded via a capture file.

FSA407 - seamonkey

Package:	seamonkey
Date:	2008-04-04
Posted by:	vmiklos
Vulnerable version:	1.1.8-1
Unaffected version:	1.1.9-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2908
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241
Description:	Some vulnerabilities and weaknesses have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system. For more information, please see FSA406.

FSA406 - firefox

Package:	firefox
Date:	2008-04-04
Posted by:	vmiklos
Vulnerable version:	2.0.0.12-1
Unaffected version:	2.0.0.13-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2907
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241
Description:	Some vulnerabilities and weaknesses have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system. 1) An unspecified error in the handling of "XPCNativeWrappers" can lead to the execution of arbitrary Javascript code with the user's privileges via "setTimeout()" calls. 2) Various errors in the handling of Javascript code can be exploited to conduct cross-site scripting attacks or execute arbitrary code. 3) Various errors in the layout engine can be exploited to cause a memory corruption. 4) Various errors in the Javascript engine can be exploited to cause a memory corruption. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. 5) An error within the handling of HTTP "Referer:" headers sent with requests to URLs containing "Basic Authentication" credentials having an empty username can be exploited to bypass cross-site request forgery protections. 6) The problem is that Firefox offers a previously configured private SSL certificate when establishing connections to webservers requesting SSL Client Authentication. This can potentially be exploited to disclose sensitive information via a malicious webserver. 7) An error in the handling of the "jar:" protocol can be exploited to establish connections to arbitrary ports on the local machine. 8) An error when displaying XUL pop-up windows can be exploited to hide the window's borders and facilitate phishing attacks.

FSA405 - openssh

Package:	openssh
Date:	2008-04-01
Posted by:	vmiklos
Vulnerable version:	4.7p1-3
Unaffected version:	4.7p1-4kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2911
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
Description:	A vulnerability has been discovered in OpenSSH, which can be exploited by malicious, local users to disclose sensitive information. The vulnerability is caused due to sshd improperly binding TCP ports on the local IPV6 interface if required ports on the IPV4 interface are in use. This can be exploited by a malicious, local user to intercept an X11 forwarding session by listening to a port used by sshd to forward the local X11 display (e.g. port 6010/TCP).

FSA404 - phpmyadmin

Package:	phpmyadmin
Date:	2008-04-01
Posted by:	vmiklos
Vulnerable version:	2.11.5-1
Unaffected version:	2.11.5.1-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2917
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1567
Description:	im Hermann has discovered a vulnerability in phpMyAdmin, which can potentially be exploited by malicious users to disclose sensitive information. The MySQL username, password, and the Blowfish secret key are stored as plain text in session files. This can potentially be exploited e.g. by users on shared hosts to access that information.

FSA403 - horde-webmail

Package:	horde-webmail
Date:	2008-04-01
Posted by:	vmiklos
Vulnerable version:	1.0.5-1
Unaffected version:	1.0.6-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2910
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284
Description:	A vulnerability has been reported in various Horde products, which can be exploited by malicious users to disclose sensitive information and potentially compromise a vulnerable system. Input passed to the "theme" parameter is not properly sanitised before being used. This can be exploited to include arbitrary files from local resources, using directory traversal attacks and URL-encoded NULL bytes ("%00"). NOTE: Other attack vectors are also reported to exist. Successful exploitation may allow execution of arbitrary code, but requires valid user credentials.

FSA402 - mplayer

Package:	mplayer
Date:	2008-04-01
Posted by:	vmiklos
Vulnerable version:	1.0rc2-3
Unaffected version:	1.0rc2-4kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2913
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1558
Description:	k`sOSe has discovered a vulnerability in MPlayer, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in the "sdpplin_parse()" function in stream/realrtsp/sdpplin.c. This can be exploited to overwrite arbitrary memory regions via an overly large "StreamCount" SDP parameter. Successful exploitation may allow execution of arbitrary code.

FSA401 - j2sdk

Package:	j2sdk
Date:	2008-04-01
Posted by:	vmiklos
Vulnerable version:	6-7
Unaffected version:	6-8kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2845
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1196
Description:	Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, or to compromise a vulnerable system. 1) Two unspecified errors in the Java Runtime Environment Virtual Machine can be exploited by a malicious, untrusted applet to read and write local files and execute local applications. 2) An unspecified error in the Java Runtime Environment (JRE) when processing XSLT transformations can be exploited by untrusted applets or applications to e.g. read certain URL resources or potentially execute arbitrary code. 3) A boundary error exists in the "useEncodingDecl()" function when parsing the xml header character encoding attribute. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code via a specially crafted JNLP file containing an overly long charset name in the xml header. 4) A boundary error exists in the "useEncodingDecl()" function when processing xml-based JNLP files for UTF8 characters. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code via a specially crafted JNLP file containing overly long key name in the xml header. 5) A boundary error exist in Java Web Start, which can be exploited e.g. by an untrusted Java Web Start application to read and write local files and execute local applications. 6) An unspecified error in Java Web Start can be exploited by a malicious, untrusted applet to read and write local files or execute local applications. 7) An unspecified error in Java Web Start can be exploited by an untrusted Java Web Start application to create files on the system and run local applications with the privileges of the user running the untrusted Java Web Start application. 8) An unspecified error in the Java Plug-in can be exploited by an applet to bypass the same origin policy and to execute local applications. 9) Some errors in the Java Runtime Environment image parsing library within the processing of ICC profiles can be exploited to crash the JVM or to write local files and execute local applications. 10) An error in the Java Runtime Environment may allow java script code within a browser to make connections through Java APIs to network services on the local system. 11) A boundary error exists in Java Web Start in the processing of JNLP files, which can be exploited to cause a stack-based buffer overflow when a user visits a malicious web site.

FSA400 - bzip2

Package:	bzip2
Date:	2008-03-27
Posted by:	voroskoi
Vulnerable version:	1.0.4-1
Unaffected version:	1.0.5-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2903
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
Description:	A vulnerability has been reported in bzip2, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the handling of malformed archives and can potentially be exploited to cause a DoS.

FSA399 - xine-lib

Package:	xine-lib
Date:	2008-03-24
Posted by:	vmiklos
Vulnerable version:	1.1.10.1-1
Unaffected version:	1.1.11-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2887
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
Description:	Secunia Research has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "sdpplin_parse()" function in input/libreal/sdpplin.c. This can be exploited to overwrite arbitrary memory regions via an overly large "streamid" SDP parameter included in a malicious RTSP stream. Successful exploitation allows execution of arbitrary code.

FSA398 - tetex

Package:	tetex
Date:	2008-03-24
Posted by:	vmiklos
Vulnerable version:	3.0-12
Unaffected version:	3.0-13kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2592
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5937
Description:	Some vulnerabilities have been reported in teTeX, which can be exploited by malicious, local users to disclose and manipulate sensitive information and by malicious people to potentially compromise a vulnerable system. 1) A boundary error in dvips can be exploited to cause a stack-based buffer overflow when a user is tricked into opening a specially crafted DVI file containing an overly long hypertext reference. Successful exploitation requires that dvips is invoked with the "-z" option. 2) Some boundary errors in dviljk can be exploited to cause buffer overflows when a user is enticed to print a specially crafted DVI file. Successful exploitation of vulnerabilities #1 and #2 may allow execution of arbitrary code. 3) An error due to dvips using the insecure "tmpnam()" function when converting DVI files can potentially be exploited to disclose and modify sensitive information.

FSA397 - unzip

Package:	unzip
Date:	2008-03-24
Posted by:	vmiklos
Vulnerable version:	5.52-4
Unaffected version:	5.52-5kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2886
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
Description:	A vulnerability has been reported in UnZip, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the use of uninitialized pointers in the "inflate_dynamic()" function in inflate.c. This can potentially be exploited to free an attacker-controlled memory region and execute arbitrary code via a specially crafted ZIP compressed file. Successful exploitation may allow execution of arbitrary code.

FSA396 - rails

Package:	rails
Date:	2008-03-24
Posted by:	vmiklos
Vulnerable version:	1.1.6-1
Unaffected version:	1.2.6-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2591
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077
Description:	Some vulnerabilities have been reported in Ruby on Rails, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting attacks. 1) Input passed to the "to_json" function is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An error in ActiveResource when processing responses using the "Hash.from_xml" function can be exploited to determine the existence of files and to read the contents of arbitrary XML files. 3) A security issue is caused due to lib/action_controller/cgi_process.rb removing the ":cookie_only" attribute from "DEFAULT_SESSION_OPTIONS" and can be exploited to conduct session fixation attacks against applications using the affected component.

FSA395 - ghostscript

Package:	ghostscript
Date:	2008-03-24
Posted by:	vmiklos
Vulnerable version:	8.61-1
Unaffected version:	8.62-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2823
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411
Description:	Chris Evans has reported a vulnerability in Ghostscript, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "zseticcspace()" function in zicc.c. This can be exploited to cause a stack-based buffer overflow via an overly large "Range" array. Successful exploitation allows execution of arbitrary code.

FSA394 - lighttpd

Package:	lighttpd
Date:	2008-03-18
Posted by:	vmiklos
Vulnerable version:	1.4.18-2
Unaffected version:	1.4.19-1kalgan1
Bug tracker entry:	http://bugs.frugalware.org/task/2844
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1270
Description:	Some security issues have been reported in lighttpd, which can be exploited by malicious people to disclose potentially sensitive information. 1) A security issue is caused due to an error in mod_cgi, which can lead to the disclosure of source code when lighttpd is unable to fork. 2) A security issue is caused due to the mod_userdir module using "$HOME" by default if no userdir.path is set. This can be exploited to disclose the content of arbitrary files on certain systems via e.g. the "nobody" user.