Stabilní verze

frugalware-0.8 (Kalgan)
Mar 11, 2008

frugalware-0.7 (Sayshell)
Oct 13, 2007

frugalware-0.6 (Terminus)
Mar 22, 2007

frugalware-0.5 (Siwenna)
Sep 14, 2006

frugalware-0.4 (Wanda)
Mar 30, 2006

frugalware-0.3 (Trantor)
Oct 13, 2005

frugalware-0.2 (Aurora)
Apr 28, 2005

frugalware-0.1 (Genesis)
Nov 02, 2004

RSS

Přispějte na vývoj

Můžete ocenit naše úsilí jakýmkoli příspěvkem.

Nejnovější aktualizace
xlib/poppler
0.6.4-2kalgan1-x86_64
gnome/poppler-glib
0.6.4-2kalgan1-x86_64
xlib/poppler-qt
0.6.4-2kalgan1-x86_64
xapps/
 poppler-pdftools
0.6.4-2kalgan1-x86_64
xlib-extra/
 poppler-qt4
0.6.4-2kalgan1-x86_64
xlib/poppler
0.6.4-2kalgan1-i686
gnome/poppler-glib
0.6.4-2kalgan1-i686
xlib/poppler-qt
0.6.4-2kalgan1-i686
xapps/
 poppler-pdftools
0.6.4-2kalgan1-i686
xlib-extra/
 poppler-qt4
0.6.4-2kalgan1-i686

RSS
Vybrat jazyk
Změnit jazyk | Změnit jazyk | Změnit jazyk | Změnit jazyk | Změnit jazyk | Změnit jazyk | Změnit jazyk
Informace
Go Frugalware, Go
Valid XHTML 1.0!
Valid CSS!
Valid RSS!
Informace o serveru
V provozu:
1 dní 15 h 1 m 7 s
Bezpečnostní oznámení Frugalware (FSA)
V tomto přehledu si můžete prohlédnout různá bezpečnostní oznámení nahlášená do stable a current verze Frugalware
FSA518 - python
Balíček:python
Datum:2008-08-29
Zranitelná verze:2.5.2-2kalgan1
Opravená verze:2.5.2-2kalgan2
Server pro hlášení chyb:http://bugs.frugalware.org/task/3286
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
Popis chyby:Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule. 2) An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results. 3) Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems. 4) An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a "vsnprintf()" function. 5) An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption. Successful exploitation of some of these vulnerabilities may allow to crash an application or to execute arbitrary code, but depends on the implementation of an Python application.
FSA517 - apache
Balíček:apache
Datum:2008-08-29
Zranitelná verze:2.2.8-2kalgan1
Opravená verze:2.2.8-2kalgan2
Server pro hlášení chyb:http://bugs.frugalware.org/task/3307
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
Popis chyby:A vulnerability has been reported in Apache, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to mod_proxy_ftp via an URL containing a FTP wildcard character (e.g. "*"), is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA516 - links
Balíček:links
Datum:2008-08-29
Zranitelná verze:2.1pre33-1
Opravená verze:2.1-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3272
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
Popis chyby:Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."
FSA515 - ruby
Balíček:ruby
Datum:2008-08-29
Zranitelná verze:1.8.6-4
Opravená verze:1.8.6-5kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3300
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443
Popis chyby:Some vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. 1) Multiple errors in the implementation of safe level restrictions can be exploited to call "untrace_var()", perform syslog operations, and modify "$PROGRAM_NAME" at safe level 4, or call insecure methods at safe levels 1 through 3. 2) An error exists in the usage of regular expressions in "WEBrick::HTTPUtils.split_header_value()". This can be exploited to consume large amounts of CPU via a specially crafted HTTP request. 3) An error in "DL" can be exploited to bypass security restrictions and call potentially dangerous functions. 4) The vulnerability is caused due to resolv.rb not sufficiently randomising the DNS query port number, which can be exploited to poison the DNS cache.
FSA514 - libxslt
Balíček:libxslt
Datum:2008-08-29
Zranitelná verze:1.1.22-2kalgan1
Opravená verze:1.1.22-2kalgan2
Server pro hlášení chyb:http://bugs.frugalware.org/task/3285
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2935
Popis chyby:Chris Evans has reported some vulnerabilities in libxslt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to boundary errors within crypto.c when handling the XSLT "crypto:rc4_encrypt" and "crypto:rc4_decrypt" functions. This can be exploited to cause a heap-based buffer overflow via a specially crafted stylesheet.
FSA513 - git
Balíček:git
Datum:2008-08-26
Zranitelná verze:1.5.4.3-1
Opravená verze:1.5.6.4-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3305
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546
Popis chyby:Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.
FSA512 - amarok
Balíček:amarok
Datum:2008-08-26
Zranitelná verze:1.4.8-2
Opravená verze:1.4.10-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3312
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699
Popis chyby:A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "MagnatuneBrowser::listDownloadComplete()" function handling temporary files in an insecure manner. This can be exploited via symlink attacks in combination with a race condition to overwrite arbitrary files with the privileges of the user running the application.
FSA511 - pdns
Balíček:pdns
Datum:2008-08-26
Zranitelná verze:2.9.21-3
Opravená verze:2.9.21.1-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3309
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3337
Popis chyby:A weakness has been reported in PowerDNS, which can be exploited by malicious people to conduct spoofing attacks. The weakness is caused due to the server dropping DNS queries for invalid DNS records within a valid domain. This can be exploited to facilitate the spoofing of the valid domain on third-party DNS servers.
FSA510 - thunderbird
Balíček:thunderbird
Datum:2008-08-26
Zranitelná verze:2.0.0.14-1kalgan1
Opravená verze:2.0.0.16-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3206
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811
Popis chyby:Some vulnerabilities have been reported in Mozilla Thunderbird, which potentially can be exploited by malicious people to compromise a user's system. For more information, see FSA509
FSA509 - firefox
Balíček:firefox
Datum:2008-08-26
Zranitelná verze:2.0.0.14-1kalgan1
Opravená verze:2.0.0.15-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3202
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811
Popis chyby:Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. 1) Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory. 2) An error in the handling of unprivileged XUL documents can be exploited to load Chrome scripts from a "fastload" file via "script" elements. 3) An error in the "mozIJSSubScriptLoader.LoadScript()" function can be exploited to bypass XPCNativeWrappers and run arbitrary code with Chrome privileges. Successful exploitation requires that an add-on using the affected function is installed. 4) An error in the block reflow process can be exploited to cause a crash or potentially execute arbitrary code. 5) An error in the processing of file URLs contained within local directory listings can potentially be exploited to execute malicious JavaScript content. 6) Multiple errors in the implementation of the JavaScript same origin policy can be exploited to execute arbitrary script code in the context of a different domain. 7) Multiple errors in the verification of signed JAR files can be exploited to execute arbitrary JavaScript code with the privileges of the JAR's signer. 8) An error in the implementation of file upload forms can be exploited to upload arbitrary local files to a remote webserver via specially crafted "DOM Range" and "originalTarget" elements. 9) An error in the Java LiveConnect implementation on Mac OS X can be exploited to establish arbitrary socket connections. 10) An uninitialized memory access in the processing of improperly encoded ".properties" files can potentially be exploited to disclose sensitive memory via an add-on using the malformed file. 11) An error in the processing of "Alt Names" provided by "peer" trusted certificates can be exploited to conduct spoofing attacks. 12) An error in the processing of Windows URL shortcuts can be exploited to run a remote site as a local file.
FSA507 - postfix
Balíček:postfix
Datum:2008-08-16
Zranitelná verze:2.4.6-1
Opravená verze:2.4.7-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3296
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937
Popis chyby:Sebastian Krahmer has reported some security issues in Postfix, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges. 1) A security issue is caused due to Postfix incorrectly handling symlink files. This can be exploited to e.g. append mail messages to arbitrary files by creating a hardlink to a symlink owned by the root user. Successful exploitation requires write permission to the mail spool directory, that there is no "root" mailbox, and users can create a hardlink to a symlink (e.g. Linux 2.x, Solaris, Irix 6.5). 2) A security issue is caused due to Postfix not correctly checking the ownership of the destination when delivering email. This can be exploited to e.g. disclose emails by creating an insecure mailbox file for other users. Successful exploitation requires permission to create files within the mail spool directory.
FSA506 - drupal
Balíček:drupal
Datum:2008-08-16
Zranitelná verze:5.9-1kalgan1
Opravená verze:5.10-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3299
CVE:There is no CVE for this issue yet, see http://drupal.org/node/295053
Popis chyby:Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) A vulnerability is caused by the fact that the private filesystem uses the MIME media type it receives from the web browser when handling uploads. This can be exploited for script insertion attacks. Successful exploitation of this vulnerability requires valid user credentials with the right to upload files. 3) A vulnerability is caused due to missing restrictions on what file types that users are allowed to upload in the BlogAPI module. This can be exploited to e.g. execute arbitrary PHP code. Successful exploitation of this vulnerability requires valid user credentials with the "administer content with blog api" permission. 4) A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to add or delete user access rules, by enticing a logged-in user to visit a malicious web page.
FSA505 - phpmyadmin
Balíček:phpmyadmin
Datum:2008-08-16
Zranitelná verze:2.11.7.1-1kalgan1
Opravená verze:2.11.8.1-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3271
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3457
Popis chyby:Aung Khant has reported two vulnerabilities in phpMyAdmin, which can be exploited by malicious local users to conduct cross-site scripting attacks, and by malicious people to conduct spoofing attacks. 1) Many scripts except for index.php do not check if they are linked into another site's frames. This can potentially be used for spoofing and phishing attacks. 2) Input from the config/config.inc.php configuration file to scripts/setup.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA504 - mantis
Balíček:mantis
Datum:2008-08-15
Zranitelná verze:1.1.1-1
Opravená verze:1.1.2-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3249
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3333
Popis chyby:Some vulnerabilities have been reported in Mantis, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and request forgery attacks. 1) Input passed to the "filter_target" parameter in return_dynamic_filters.php is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. add a new user with administrative privileges by enticing a logged-in administrator to visit a malicious site. 3) Input passed to the "value" parameter in adm_config_set.php is not properly sanitised before being used in an "eval()" statement. This can be exploited to e.g. execute arbitrary PHP commands via a specially crafted request. Successful exploitation requires administrator access, but see vulnerability #2. 4) Input passed to the "language" parameter in account_prefs_update.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.
FSA503 - openldap
Balíček:openldap
Datum:2008-07-27
Zranitelná verze:2.3.41-1
Opravená verze:2.3.43-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3207
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2952
Popis chyby:A vulnerability has been reported in OpenLDAP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ber_get_next()" function in libraries/liblber/io.c. This can be exploited to trigger an "assert()" and terminate the "slapd" process via a specially crafted ASN.1 BER encoded packet.
FSA502 - afuse
Balíček:afuse
Datum:2008-07-27
Zranitelná verze:0.2-1
Opravená verze:0.2-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3243
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2232
Popis chyby:Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths. This allowed a local attacker with read access to the filesystem to execute commands as the owner of the filesystem.
FSA501 - phpbb
Balíček:phpbb
Datum:2008-07-27
Zranitelná verze:2.0.22-1
Opravená verze:3.0.2-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3244
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3224
Popis chyby:Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."
FSA500 - pidgin
Balíček:pidgin
Datum:2008-07-27
Zranitelná verze:2.3.1-2
Opravená verze:2.4.3-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3217
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927
Popis chyby:Some vulnerabilities have been reported in Pidgin, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to integer overflow errors in the "msn_slplink_process_msg" function in libpurple/protocols/msnp9/slplink.c and libpurple/protocols/msn/slplink.c, and can potentially be exploited to execute arbitrary code via a specially crafted SLP message. Successful exploitation requires that the attacker is allowed to send messages to a victim (by default only users in the buddy list).
FSA499 - ffmpeg
Balíček:ffmpeg
Datum:2008-07-27
Zranitelná verze:20070422-3
Opravená verze:20070422-4kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3252
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3162
Popis chyby:A vulnerability has been reported in FFmpeg, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "str_read_packet()" function in libavformat/psxstr.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted STR file.
FSA498 - checkinstall
Balíček:checkinstall
Datum:2008-07-27
Zranitelná verze:1.6.1-1
Opravená verze:1.6.1-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3209
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958
Popis chyby:Two security issues have been reported in CheckInstall, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issues are caused due to the "checkinstall" and "installwatch" scripts creating directories in an insecure manner. This can potentially be exploited via symlink attacks to delete or modify arbitrary files with the privileges of the user running the affected scripts.
FSA497 - byacc
Balíček:byacc
Datum:2008-07-27
Zranitelná verze:1.9-1
Opravená verze:1.9-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3251
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3196
Popis chyby:Otto Moerbeck has reported the following potential out of bounds of the allocated stack access in the yacc binary: Fix an venerable bug: if we're reducing a rule that has an empty right hand side and the yacc stackpointer is pointing at the very end of the allocated stack, we end up accessing the stack out of bounds by the implicit $$ = $1 action. Detected by my new malloc.
FSA496 - perl
Balíček:perl
Datum:2008-07-27
Zranitelná verze:5.10.0-3
Opravená verze:5.10.0-4kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3210
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2827
Popis chyby:Description: A vulnerability has been reported in Perl, which can be exploited by malicious, local user to perform actions with escalated privileges. The vulnerability is caused due to the insecure use of chmod on symbolic links and can be exploited to change permissions of arbitrary files to 0777 via symlink attacks.
FSA495 - bind
Balíček:bind
Datum:2008-07-26
Zranitelná verze:9.4.2-2
Opravená verze:9.4.2-3kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3219
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
Popis chyby:A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to the DNS servers not sufficiently randomising the DNS query port number, which can be exploited to poison the DNS cache.
FSA494 - wireshark
Balíček:wireshark
Datum:2008-07-26
Zranitelná verze:1.0.1-1kalgan1
Opravená verze:1.0.2-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3224
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3145
Popis chyby:A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when reassembling packets and can be exploited to cause the application to crash when processing a series of malformed packets that are either captured off the wire or loaded via a capture file.
FSA493 - drupal
Balíček:drupal
Datum:2008-07-26
Zranitelná verze:5.7-1
Opravená verze:5.9-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3256
CVE:There is no CVE for this issue, see http://drupal.org/node/286417
Popis chyby:A vulnerability has been reported in Drupal, which can be exploited by malicious people to conduct session fixation attacks. An error in the handling of certain sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.
FSA492 - drupal
Balíček:drupal
Datum:2008-07-26
Zranitelná verze:5.7-1
Opravená verze:5.9-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3222
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3219 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3220 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3222 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3223
Popis chyby:Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct SQL injection and script insertion attacks. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. delete OpenID identities or translation strings by enticing a logged-in user to visit a malicious site. 2) Certain input passed to numeric fields in the Schema API is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
FSA491 - phpmyadmin
Balíček:phpmyadmin
Datum:2008-07-26
Zranitelná verze:2.11.7-1kalgan1
Opravená verze:2.11.7.1-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3247
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3197
Popis chyby:Aung Khant has discovered some vulnerabilities in phpMyAdmin, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to create databases and change the connection character set for an authenticated user, who is tricked into visiting a malicious website.
FSA490 - clamav
Balíček:clamav
Datum:2008-07-26
Zranitelná verze:0.93.1-1kalgan1
Opravená verze:0.93.3-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3250
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
Popis chyby:A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error in libclamav/petite.c. This can be exploited to trigger an out-of-bounds read via a specially crafted Petite packed executable.
FSA489 - kernel
Balíček:kernel
Datum:2008-07-11
Zranitelná verze:2.6.24-4kalgan3
Opravená verze:2.6.24-4kalgan4
Server pro hlášení chyb:http://bugs.frugalware.org/task/3173
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2750
Popis chyby:A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error in the "pppol2tp_recvmsg()" function and can potentially be exploited to corrupt kernel memory via a specially crafted PPP over L2TP packet.
FSA488 - wireshark
Balíček:wireshark
Datum:2008-07-11
Zranitelná verze:1.0.0-1kalgan1
Opravená verze:1.0.1-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3203
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3141
Popis chyby:Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). 1) An error in the GSM SMS dissector can be exploited to crash the application. 2) An error in the PANA and KISMET dissectors can be exploited to trigger an application exit. 3) An use-after-free error in the RTMPT dissector can be exploited to crash the application. 4) An unspecified error in the RMI dissector can be exploited to disclose system memory. 5) An error in the syslog dissector can be exploited to crash the application via an incomplete SS7 MSU syslog encapsulated packet.
FSA487 - phpmyadmin
Balíček:phpmyadmin
Datum:2008-07-11
Zranitelná verze:2.11.5.2-1kalgan1
Opravená verze:2.11.7-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3205
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2960
Popis chyby:Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that "register_globals" is enabled and support for ".htaccess" files is disabled.
FSA486 - opera
Balíček:opera
Datum:2008-07-11
Zranitelná verze:9.27-1kalgan1
Opravená verze:9.50-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3176
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2714 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2715 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2716
Popis chyby:Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to disclose potentially sensitive information or to conduct spoofing attacks. 1) An error in the handling of certain characters in a page address can be exploited to e.g. make a site's address look like another site's address. 2) An error in the checking of the source of images when used by HTML CANVAS elements can be exploited to retrieve the image data. 3) Pages in frames are able to change the location of pages in other frames on the parent page.
FSA485 - courier-authlib
Balíček:courier-authlib
Datum:2008-07-02
Zranitelná verze:0.60.2-1
Opravená verze:0.60.6-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3180
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2667
Popis chyby:A vulnerability has been reported in the Courier Authentication Library, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via e.g. the username to the library is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and e.g. potentially bypass authentication. Successful exploitation requires that a MySQL database is used for authentication and that a Non-Latin character set is selected.
FSA484 - xorg-server
Balíček:xorg-server
Datum:2008-07-02
Zranitelná verze:1.4.0.90-5
Opravená verze:1.4.0.90-6kalgan2
Server pro hlášení chyb:http://bugs.frugalware.org/task/3175
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362
Popis chyby:Some vulnerabilities have been reported in X.org X11, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. 1) An integer overflow error when calculating the size of the glyph exists in the "AllocateGlyph()" function within the Render extension. This can be exploited to cause a heap-based buffer overflow via a specially crafted request. 2) An integer overflow error when calculating the size of the glyph in the "ProcRenderCreateCursor()" function within the Render extension can be exploited to crash the X server via a specially crafted request. 3) An integer overflow error exists in the Render extension when parsing client requests for the "SProcRenderCreateLinearGradient", "SProcRenderCreateRadialGradient", or "SProcRenderCreateConicalGradient" functions and can be exploited to corrupt heap memory. 4) Multiple input validation errors in the "SProcSecurityGenerateAuthorization()", "SProcRecordCreateContext()", and "SProcRecordRegisterClients()" functions within the Record and Security extensions can be exploited to corrupt heap memory via specially crafted requests. Successful exploitation of vulnerabilities #1, #3, and #4 may allow execution of arbitrary code with privileges of the X server (typically root). 5) An integer overflow error when processing parameters to the "ShmPutImage()" request can be exploited to disclose arbitrary memory of the X server process.
FSA483 - apache
Balíček:apache
Datum:2008-07-02
Zranitelná verze:2.2.8-1
Opravená verze:2.2.8-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3177
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
Popis chyby:A vulnerability has been reported in the Apache mod_proxy module, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "ap_proxy_http_process_response()" function when forwarding interim responses. This can be exploited to consume large amounts of memory by tricking mod_proxy into sending an overly large number of interim responses to the client.
FSA482 - net-snmp
Balíček:net-snmp
Datum:2008-06-26
Zranitelná verze:5.4.1-4kalgan1
Opravená verze:5.4.1-4kalgan2
Server pro hlášení chyb:http://bugs.frugalware.org/task/3142
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
Popis chyby:A vulnerability has been reported in Net-SNMP, which can be exploited by malicious people to spoof authenticated SNMPv3 packets. The vulnerability is caused due to an error within the verification of the HMAC digest. This can be exploited to increase the chance of successfully spoofing a packet to 1 in 256 by sending a specially crafted SNMPv3 packet with an incomplete 1 byte HMAC digest. Successful exploitation requires a valid username.
FSA481 - horde-webmail
Balíček:horde-webmail
Datum:2008-06-26
Zranitelná verze:1.1-1kalgan1
Opravená verze:1.1.1-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3167
CVE:There is no CVE for this issue, see http://lists.horde.org/archives/announce/2008/000420.html.
Popis chyby:Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed to item names is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires valid user credentials. 2) Input passed to contact views is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires valid user credentials. 3) Input passed to unspecified input is not properly sanitised before being returned to the user in the add event screen. This can be exploited to execute arbitrary HTML and script code in a user's browser session in contact of an affected site.
FSA480 - exiv2
Balíček:exiv2
Datum:2008-06-26
Zranitelná verze:0.16-1
Opravená verze:0.16-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3135
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2696
Popis chyby:A vulnerability has been reported in Exiv2, which potentially can be exploited by malicious people to crash an application using the library. The vulnerability is caused due to a floating point exception within the pretty printing functionality when processing certain Nicon camera lens information. This can be exploited to crash an application linked against the Exiv2 library when a image containing specially-crafted metadata is processed.
FSA479 - kernel
Balíček:kernel
Datum:2008-06-24
Zranitelná verze:2.6.24-4kalgan2
Opravená verze:2.6.24-4kalgan3
Server pro hlášení chyb:http://bugs.frugalware.org/task/3140
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1673
Popis chyby:A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an error within the ASN.1 BER decoder of the cifs and ip_nat_snmp_basic modules when calculating the buffer size. This can be exploited to cause a crash or potentially execute arbitrary code by sending specially crafted BER encoded data to a vulnerable system.
FSA478 - xdvik
Balíček:xdvik
Datum:2008-06-13
Zranitelná verze:22.84.12-1
Opravená verze:22.84.14-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3127
CVE:There is no CVE for this issue, see http://xdvi.sourceforge.net/releases.html#22.84.14
Popis chyby:A security issue has been reported in xdvik, which can be exploited by malicious, local users. The vulnerability is caused by creating predictably named temporary files by using mktemp.
FSA477 - graphicsmagick
Balíček:graphicsmagick
Datum:2008-06-13
Zranitelná verze:1.1.12-1kalgan1
Opravená verze:1.1.14-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3137
CVE:There is no CVE for this issue, see: http://sourceforge.net/project/shownotes.php?release_id=604785 http://sourceforge.net/project/shownotes.php?release_id=604837
Popis chyby:Some vulnerabilities have been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) Two boundary errors exist within the "ReadPALMImage()" function in coders/palm.c. These can be exploited to cause a heap-based buffer underflow via a specially crafted PALM image. 2) A boundary error exists within the "DecodeImage()" function in coders/pict.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted PICT image. 3) Multiple unspecified errors within the processing of XCF, DPX, and CINEON images can be exploited to crash the application. Successful exploitation may allow execution of arbitrary code.
FSA476 - asterisk-addons
Balíček:asterisk-addons
Datum:2008-06-13
Zranitelná verze:1.4.4-1
Opravená verze:1.4.7-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3136
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2543
Popis chyby:A vulnerability has been reported in Asterisk Addons, which can be exploited by malicious people to cause a DoS (Denial of Service). The problem is that the "ooh323" channel driver extracts memory addresses from incoming TCP packets and uses them in memory operations. This can be exploited to crash an affected application by sending a TCP packet containing invalid memory references.
FSA475 - samba
Balíček:samba
Datum:2008-06-13
Zranitelná verze:3.0.28-1
Opravená verze:3.0.30-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3115
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
Popis chyby:Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "receive_smb_raw()" function in lib/util_sock.c when parsing SMB packets. This can be exploited to cause a heap-based buffer overflow via an overly large SMB packet received in a client context. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an "smb://" link) or by sending specially crafted packets to an "nmbd" server configured as a local or domain master browser.
FSA474 - blender
Balíček:blender
Datum:2008-06-13
Zranitelná verze:2.45-1
Opravená verze:2.45-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3039
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1102
Popis chyby:Secunia Research has discovered a vulnerability in Blender, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "imb_loadhdr()" function in source/blender/imbuf/intern/radiance_hdr.c, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted Blender (*.blend) file containing a malicious Radiance RGBE image. Successful exploitation allows execution of arbitrary code.
FSA473 - libvorbis
Balíček:libvorbis
Datum:2008-06-13
Zranitelná verze:1.2.0-1
Opravená verze:1.2.0-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3093
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1423
Popis chyby:Some vulnerabilities have been reported in libvorbis, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise an application using the library. 1) An input validation error can be exploited to crash an application, cause an infinite loop, or to cause a heap overflow via a specially crafted OGG file containing a codebook dimension of "0". 2) An integer overflow error in the processing of residue partition values can be exploited to cause a heap-based buffer overflow via a specially crafted OGG file. 3) An integer overflow error exists in the computation of "quantvals" and of required space for "quantlist". This can be exploited to cause a heap-based buffer overflow via a specially crafted OGG file. Successful exploitation may allow execution of arbitrary code.
FSA472 - emacs
Balíček:emacs
Datum:2008-06-13
Zranitelná verze:22.1-3kalgan1
Opravená verze:22.1-3kalgan2
Server pro hlášení chyb:http://bugs.frugalware.org/task/3086
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2142
Popis chyby:Morten Welinder has reported a vulnerability in GNU Emacs, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of fast-lock files (.flc) for corresponding source files. This can be exploited to execute arbitrary Emacs Lisp code when e.g. a source file is opened and a specially crafted fast-lock file exists in the same directory. Successful exploitation requires that "font-lock-support-mode" is set to "fast-lock-mode".
FSA471 - stunnel
Balíček:stunnel
Datum:2008-06-13
Zranitelná verze:4.21-1
Opravená verze:4.24-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3122
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2420
Popis chyby:A security issue has been reported in Stunnel, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an unspecified error in the OCSP functionality and can lead to a revoked certificate being successfully authenticated.
FSA470 - imlib2
Balíček:imlib2
Datum:2008-06-13
Zranitelná verze:1.4.0-1
Opravená verze:1.4.0-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3124
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2426
Popis chyby:Secunia Research has discovered two vulnerabilities in imlib2, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. 1) A boundary error exists within the "load()" function in src/modules/loaders/loader_pnm.c when processing the header of a PNM image file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted PNM image in an application using the imlib2 library. Successful exploitation allows execution of arbitrary code. 2) A boundary error exists within the "load()" function in src/modules/loader_xpm.c when processing an XPM image file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM image in an application using the imlib2 library. Successful exploitation may allow execution of arbitrary code.
FSA469 - mrxvt
Balíček:mrxvt
Datum:2008-06-13
Zranitelná verze:0.5.3-1
Opravená verze:0.5.3-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3090
CVE:There is no CVE for this issue.
Popis chyby:A security issue has been reported in mrxvt, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.
FSA468 - rxvt-unicode
Balíček:rxvt-unicode
Datum:2008-06-13
Zranitelná verze:9.02-1
Opravená verze:9.02-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3089
CVE:There is no CVE for this issue.
Popis chyby:A security issue has been reported in rxvt-unicode, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.
FSA467 - aterm
Balíček:aterm
Datum:2008-06-13
Zranitelná verze:1.0.1-1
Opravená verze:1.0.1-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3088
CVE:There is no CVE for this issue.
Popis chyby:A security issue has been reported in aterm, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.
FSA466 - rxvt
Balíček:rxvt
Datum:2008-06-13
Zranitelná verze:2.6.4-2
Opravená verze:2.7.10-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/2925
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142
Popis chyby:Bernhard R. Link has reported a security issue in rxvt, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the program using ":0" as it's X11 display if the DISPLAY environment variable is missing. This can be exploited to execute arbitrary commands with the privileges of the user running rxvt via a malicious X server.
FSA465 - net-snmp
Balíček:net-snmp
Datum:2008-06-10
Zranitelná verze:5.4.1-3
Opravená verze:5.4.1-4kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3092
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
Popis chyby:A vulnerability has been reported in Net-snmp, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "__snprint_value()" function in perl/SNMP/SNMP.xs. This can be exploited to cause a buffer overflow in an application using the Net-snmp Perl module by tricking the user into connecting to a malicious SNMP agent.
FSA464 - horde-webmail
Balíček:horde-webmail
Datum:2008-06-06
Zranitelná verze:1.0.6-1kalgan1
Opravená verze:1.1-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3120
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6018
Popis chyby:Secunia Research has discovered a vulnerability in IMP Webmail Client and Horde Groupware Webmail Edition, which can be exploited by malicious people to bypass certain security restrictions and manipulate data. The HTML filter does not filter out frame and frameset HTML elements. Additionally, the application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to (a) delete an arbitrary number of e-mail messages by referencing their numeric IDs and (b) purge deleted mails, when the victim opens a malicious HTML mail. Successful exploitation requires that the victim opens the HTML part of a malicious message.
FSA463 - openssl
Balíček:openssl
Datum:2008-06-06
Zranitelná verze:0.9.8-11
Opravená verze:0.9.8-12kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3114
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672
Popis chyby:Two vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A double-free error in the handling of server name extension data if "server_name" set to 0x00 can be exploited to crash a server application using OpenSSL by sending a specially crafted TLS 1.0 Client Hello packet. Successful exploitation requires that OpenSSL is compiled using the TLS server name extensions. 2) A NULL pointer dereference error can be exploited by a malicious server to crash a client application when the "Server Key exchange message" is omitted from a TLS handshake and anonymous Diffie-Hellman key exchange is used.
FSA462 - libxslt
Balíček:libxslt
Datum:2008-05-26
Zranitelná verze:1.1.22-2kalgan1
Opravená verze:1.1.22-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3104
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767
Popis chyby:A vulnerability has been reported in libxslt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of XSL style-sheet files. This can potentially be exploited to trigger the use of uninitialized memory in e.g. a call to "free()" when a specially crafted XSL file is being processed by an application using the library. Successful exploitation may allow execution of arbitrary code.
FSA461 - mysql
Balíček:mysql
Datum:2008-05-26
Zranitelná verze:5.0.51-2
Opravená verze:5.0.51-3kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3075
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
Popis chyby:A security issue has been reported in MySQL, which can be exploited by malicious, local users to bypass certain security restrictions. The problem is that it is possible to bypass certain privilege checks by creating a MyISAM table with certain DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the MySQL data directory.
FSA460 - seamonkey
Balíček:seamonkey
Datum:2008-05-26
Zranitelná verze:1.1.9-1kalgan1
Opravená verze:1.1.9-1kalgan2
Server pro hlášení chyb:http://bugs.frugalware.org/task/3021
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
Popis chyby:A vulnerability has been reported in Mozilla SeaMonkey, which can potentially be exploited by malicious people to compromise a user's system. For more information, see FSA431.
FSA459 - django
Balíček:django
Datum:2008-05-26
Zranitelná verze:0.96.1-1
Opravená verze:0.96.2-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3084
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2302
Popis chyby:A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL is not properly sanitised before being returned to the user through the login form. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA458 - asterisk
Balíček:asterisk
Datum:2008-05-26
Zranitelná verze:1.4.17-1
Opravená verze:1.4.19.2-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3077
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923
Popis chyby:A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to improper verification of ACK responses during IAX2 handshakes, which can be exploited to spoof an IAX2 handshake and cause a DoS via high bandwidth usage.
FSA457 - kvm
Balíček:kvm
Datum:2008-05-25
Zranitelná verze:61-2
Opravená verze:61-3kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3044
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004
Popis chyby:A vulnerability has been reported in KVM, which can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of Service). The error can be exploited by a guest to read arbitrary files on the host via a specially crafted disk header. For more information, see FSA455.
FSA456 - xemacs
Balíček:xemacs
Datum:2008-05-25
Zranitelná verze:21.4.21-1
Opravená verze:21.4.21-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3041
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1694
Popis chyby:Some security issues have been reported in XEmacs, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issues are caused due to the use of vulnerable GNU Emacs code. For more information, see FSA423.
FSA455 - qemu
Balíček:qemu
Datum:2008-05-25
Zranitelná verze:0.9.1-2
Opravená verze:0.9.1-3kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3043
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004
Popis chyby:A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to the "drive_init()" function in vl.c determining the format of a disk from data contained in the disk's header. This can be exploited by a malicious user in a guest system to e.g. read arbitrary files on the host by writing a fake header to a raw formatted disk image.
FSA454 - chicken
Balíček:chicken
Datum:2008-05-25
Zranitelná verze:2.732-1
Opravená verze:3.1.10-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3091
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674
Popis chyby:A vulnerability been reported in Chicken, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to the use of a vulnerable version of the PCRE library.
FSA453 - gnutls
Balíček:gnutls
Datum:2008-05-25
Zranitelná verze:2.2.0-1
Opravená verze:2.2.5-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3100
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950
Popis chyby:Some vulnerabilities have been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. 1) A boundary error exists in the processing "Client Hello" messages containing a "Server Name" extension. This can be exploited to cause a heap-based buffer overflow via a specially crafted TLS packet. Successful exploitation may allow execution of arbitrary code. 2) A NULL-pointer dereference error in the processing of TLS packets containing multiple "Client Hello" messages can be exploited to crash an affected application. 3) A signedness error exists within the "_gnutls_ciphertext2compressed()" function in lib/gnutls_cipher.c. This can be exploited to cause an out of bounds read and crash an affected application via specially crafted, encrypted TLS data.
FSA452 - graphicsmagick
Balíček:graphicsmagick
Datum:2008-05-20
Zranitelná verze:1.1.11-1
Opravená verze:1.1.12-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3076
CVE:There is no CVE for this issue, see http://sourceforge.net/project/shownotes.php?release_id=595544
Popis chyby:A security issue has been reported in GraphicsMagick, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the improper processing of file extensions and can be exploited to e.g. access X11 or to invoke certain delegate programs. Successful exploitation requires that a user is tricked into processing a malicious file with a specific file extension.
FSA451 - audacity
Balíček:audacity
Datum:2008-05-20
Zranitelná verze:1.3.3-2
Opravená verze:1.3.5-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3080
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6061
Popis chyby:Viktor Griph has reported a security issue in Audacity, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to delete arbitrary files and directories. The security issue is caused due to the "AudacityApp::OnInit()" method in src/AudacityApp.cpp handling temporary files in an insecure manner. This can be exploited to delete arbitrary files and directories via symlink attacks, or to cause a deadlock.
FSA450 - pngcrush
Balíček:pngcrush
Datum:2008-05-20
Zranitelná verze:1.6.4-1
Opravená verze:1.6.5-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3079
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
Popis chyby:A vulnerability has been reported in Pngcrush, which can be exploited by malicious people to disclose potentially sensitive information or potentially compromise a user's system. The vulnerability is caused due to the use of vulnerable libpng code. For more information, see FSA434.
FSA449 - rdesktop
Balíček:rdesktop
Datum:2008-05-20
Zranitelná verze:1.5.0-2
Opravená verze:1.6.0-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3078
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1803
Popis chyby:Some vulnerabilities have been reported in rdesktop, which can be exploited by malicious people to compromise a user's system. 1) An integer underflow error in iso.c when processing RDP requests can be exploited to cause a heap-based buffer overflow. 2) An input validation error in rdp.c when processing RDP redirect requests can be exploited to cause a BSS-based buffer overflow. 3) A signedness error within "xrealloc()" in rdesktop.c can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code but requires that a user is tricked into connecting to a malicious RDP server.
FSA448 - php
Balíček:php
Datum:2008-05-20
Zranitelná verze:5.2.5-2
Opravená verze:5.2.6-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3074
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
Popis chyby:Some vulnerabilities have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) An unspecified error in the FastCGI SAPI can be exploited to cause a stack-based buffer overflow. 2) An error in the processing of multibyte characters within the "escapeshellcmd()" and "escapeshellarg()" functions can be exploited to escape the inserted backslash or quote characters via certain multibyte characters. Successful exploitation allows to bypass the "safe_mode_exec_dir" and "disable_functions" directives, and potentially to inject arbitrary shell commands via user controlled input, but requires that the shell uses a locale with a variable width character (e.g. GBK, EUC-KR, SJIS). 3) A vulnerability is caused due to an error during path translation in cgi_main.c. This can potentially be exploited to execute arbitrary code, but depends on how a targeted application is using PHP. 4) An error in cURL can be exploited to bypass the "safe_mode" directive. 5) A boundary error in PCRE can potentially be exploited by malicious people to cause a DoS or compromise a vulnerable system.
FSA447 - eterm
Balíček:eterm
Datum:2008-05-15
Zranitelná verze:0.9.4-2
Opravená verze:0.9.4-3kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/2918
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692
Popis chyby:A security issue has been reported in Eterm, which can be exploited by malicious, local users to gain escalated privileges. Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
FSA446 - kdelibs
Balíček:kdelibs
Datum:2008-05-15
Zranitelná verze:3.5.9-1
Opravená verze:3.5.9-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3047
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671
Popis chyby:A vulnerability has been reported in KDE, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges. The vulnerability is caused due to an error in the start_kdeinit script (installed setuid root by default). This can be exploited to send signals to privileged processes, cause a DoS, or potentially execute arbitrary code in the context of the target process.
FSA445 - kernel
Balíček:kernel
Datum:2008-05-15
Zranitelná verze:2.6.24-4kalgan1
Opravená verze:2.6.24-4kalgan2
Server pro hlášení chyb:http://bugs.frugalware.org/task/3060
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669
Popis chyby:A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when preventing race conditions between "fcntl_setlk()" and "close()" calls on SMP systems. This can be exploited to trigger the improper, reordered access to the file descriptor table and the "file_lock" structure of an inode, between threads running on different CPUs.
FSA444 - thunderbird
Balíček:thunderbird
Datum:2008-05-15
Zranitelná verze:2.0.0.12-1
Opravená verze:2.0.0.14-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/2906
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237
Popis chyby:Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system. For more information, see FSA407.
FSA443 - util-linux-ng
Balíček:util-linux-ng
Datum:2008-05-15
Zranitelná verze:2.13.1-1
Opravená verze:2.13.1-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3046
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1926
Popis chyby:A weakness has been reported in util-linux-ng, which can be exploited by malicious people to manipulate certain data. The security issue is caused due to an error in login.c while logging login attempts. This can be exploited to inject e.g. an arbitrary address in the audit logs via a specially crafted username.
FSA442 - wordpress
Balíček:wordpress
Datum:2008-05-15
Zranitelná verze:2.3.3-2kalgan1
Opravená verze:2.5.1-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3048
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1930 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2068
Popis chyby:Two vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and to compromise a vulnerable system. 1) A vulnerability is caused due to improper access restriction of the administration section. This can be exploited to bypass the authentication mechanism and gain administrative access by setting a specially crafted cookie. This can further be exploited to execute arbitrary PHP code. Successful exploitation of this vulnerability requires that registering new accounts is enabled. The vulnerability is reported in version 2.5. 2) Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA441 - kernel
Balíček:kernel
Datum:2008-05-05
Zranitelná verze:2.6.24-3
Opravená verze:2.6.24-4kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3050
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
Popis chyby:A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges. A race condition error exists in the dnotify subsystem between calls to "fcntl()" and "close()". This can be exploited to cause a system crash or potentially gain root privileges.
FSA440 - frugalwareutils
Balíček:frugalwareutils
Datum:2008-05-05
Zranitelná verze:0.7.9-1
Opravená verze:0.7.9-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3052
CVE:There is no CVE for this issue.
Popis chyby:A vulnerability has been reported in frugalwareutils, which can potentially be exploited by malicious people to cause a DoS on a vulnerable system. The vulnerability is caused due to creating new files as root without checking the current value of umask. Successful exploitation may allow execution of arbitrary code.
FSA439 - vorbis-tools
Balíček:vorbis-tools
Datum:2008-05-05
Zranitelná verze:1.1.1-3
Opravená verze:1.1.1-4kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3032
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Popis chyby:A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header. Successful exploitation may allow execution of arbitrary code.
FSA438 - xine-lib
Balíček:xine-lib
Datum:2008-05-05
Zranitelná verze:1.1.11-1kalgan2
Opravená verze:1.1.11-1kalgan3
Server pro hlášení chyb:http://bugs.frugalware.org/task/3027
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
Popis chyby:Guido Landi has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "demux_nsf_send_chunk()" function in src/demuxers/demux_nsf.c. This can be exploited to cause a stack-based buffer overflow via an overly long NSF title.
FSA437 - xine-lib
Balíček:xine-lib
Datum:2008-05-05
Zranitelná verze:1.1.11-1kalgan2
Opravená verze:1.1.11-1kalgan3
Server pro hlášení chyb:http://bugs.frugalware.org/task/3010
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Popis chyby:A vulnerability has been reported in xine-lib, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header. Successful exploitation may allow execution of arbitrary code.
FSA436 - phpmyadmin
Balíček:phpmyadmin
Datum:2008-04-25
Zranitelná verze:2.11.5.1-1kalgan1
Opravená verze:2.11.5.2-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3035
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1924
Popis chyby:A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to an unspecified error and can be exploited to disclose arbitrary files via a specially crafted HTTP POST request. Successful exploitation requires a certain level of access e.g. on a shared host.
FSA435 - openssh
Balíček:openssh
Datum:2008-04-25
Zranitelná verze:4.7p1-4kalgan1
Opravená verze:4.7p1-4kalgan2
Server pro hlášení chyb:http://bugs.frugalware.org/task/2961
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
Popis chyby:A weakness has been reported in OpenSSH, which can be exploited by malicious, local users to bypass certain security restrictions. The weakness is caused due to the improper implementation of the "ForceCommand" directive. This can be exploited to execute arbitrary commands via the ~/.ssh/rc file even if a "ForceCommand" directive is in effect.
FSA434 - libpng
Balíček:libpng
Datum:2008-04-25
Zranitelná verze:1.2.24-1
Opravená verze:1.2.24-2kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3013
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
Popis chyby:Tavis Ormandy has reported a vulnerability in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library. The vulnerability is caused due to the improper handling of PNG chunks unknown to the library. This can be exploited to trigger the use of uninitialized memory in e.g. a "free()" call via unknown PNG chunks having a length of zero. Successful exploitation may allow execution of arbitrary code, but requires that the application calls the "png_set_read_user_chunk_fn()" function or the "png_set_keep_unknown_chunks()" function under specific conditions.
FSA433 - cups
Balíček:cups
Datum:2008-04-25
Zranitelná verze:1.3.6-2kalgan1
Opravená verze:1.3.6-2kalgan2
Server pro hlášení chyb:http://bugs.frugalware.org/task/3012
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1722
Popis chyby:Thomas Pollet has reported a vulnerability in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to two integer overflow errors in filter/image-png.c when processing PNG files. These can be exploited to cause a heap-based buffer overflow via overly large width and height PNG fields. Successful exploitation may allow execution of arbitrary code.
FSA432 - clamav
Balíček:clamav
Datum:2008-04-25
Zranitelná verze:0.92.1-1
Opravená verze:0.93-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3014
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1837
Popis chyby:Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to bypass certain security restrictions, to cause a DoS (Denial of Service), or to compromise a vulnerable system. 1) A boundary error exists within the "cli_scanpe()" function in libclamav/pe.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Upack" executable. Successful exploitation allows execution of arbitrary code. 2) A boundary error within the processing of PeSpin packed executables in libclamav/spin.c can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. 3) An unspecified error in the processing of ARJ files can be exploited to hang ClamAV. 4) A boundary error within the processing of WWPack packed PE files in libclamav/pe.c can be exploited to cause a heap corruption. Successful exploitation may allow execution of arbitrary code. 5) An error in the processing of RAR files can be exploited to bypass the scanning mechanism via a RAR file containing an invalid version number. 6) An error exists within the "rfc2231()" function in message.c. This can be exploited to trigger the return of strings that are not NULL terminated and cause a crash. 7) An error in libclamunrar can be exploited to crash the application via specially crafted RAR files.
FSA431 - firefox
Balíček:firefox
Datum:2008-04-25
Zranitelná verze:2.0.0.13-1kalgan1
Opravená verze:2.0.0.14-1kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3022
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
Popis chyby:A vulnerability has been reported in Mozilla Firefox, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the Javascript Garbage Collector and can be exploited to cause a memory corruption via specially crafted Javascript code. Successful exploitation may allow execution of arbitrary code.
FSA430 - sweep
Balíček:sweep
Datum:2008-04-25
Zranitelná verze:0.9.2-2
Opravená verze:0.9.2-3kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3025
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Popis chyby:A vulnerability has been reported in sweep, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.
FSA429 - vlc
Balíček:vlc
Datum:2008-04-25
Zranitelná verze:0.8.6-12kalgan1
Opravená verze:0.8.6-12kalgan2
Server pro hlášení chyb:http://bugs.frugalware.org/task/3024
CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Popis chyby:A vulnerability has been reported in vlc, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.
FSA428 - sdl_sound
Balíček:sdl_sound
Datum:2008-04-25
Zranitelná verze:1.0.1-4
Opravená verze:1.0.1-5kalgan1
Server pro hlášení chyb:http://bugs.frugalware.org/task/3026