Kiadások

frugalware-0.8 (Kalgan)
Mar 11, 2008

frugalware-0.7 (Sayshell)
Oct 13, 2007

frugalware-0.6 (Terminus)
Mar 22, 2007

frugalware-0.5 (Siwenna)
Sep 14, 2006

frugalware-0.4 (Wanda)
Mar 30, 2006

frugalware-0.3 (Trantor)
Oct 13, 2005

frugalware-0.2 (Aurora)
Apr 28, 2005

frugalware-0.1 (Genesis)
Nov 02, 2004

RSS

Adományok

Adományozzon, hogy segítse fejlesztési erőfeszítéseinket.

Legfrissebb csomagok
base/pacman-g2
3.7.2-2solaria1-x86_64
base/pacman-g2
3.7.2-2solaria1-i686
devel-extra/fwsetup
0.9.5-2solaria1-x86_64
devel-extra/fwsetup
0.9.5-2solaria1-i686
devel-extra/fwsetup
0.9.5-1-x86_64
devel-extra/fwsetup
0.9.5-1-i686
xapps/splashy
0.3.11-4-i686
xapps/splashy
0.3.11-4-i686
xapps/splashy
0.3.11-4-x86_64
xapps/splashy
0.3.11-4-x86_64

RSS
Nyelvek
Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet
Információ
Go Frugalware, Go
Valid XHTML 1.0!
Valid CSS!
Valid RSS!
Szerver információk
Uptime:
9 nap 20 ó 20 p 54 mp
Frugalware Biztonsági Bejelentések (FSAk)
Ez a biztonsági bejelentések egy listája a Frugalware jelenlegi stabil verziójához
FSA525 - pidgin
Csomag:pidgin
Dátum:2008-08-31
Sebezhető verzió:2.4.3-1kalgan1
Nem érintett verzió:2.4.3-1kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3308
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3532
Leírás:A security issue has been reported in Pidgin, which can be exploited by malicious people to conduct spoofing attacks. The problem is that the certificate presented by e.g. a Jabber server at the beginning of an SSL session is not verified. This can be exploited to spoof valid servers via a man-in-the-middle attack. Successful exploitation requires that Pidgin is configured to use the NSS plugin.
FSA524 - graphicsmagick
Csomag:graphicsmagick
Dátum:2008-08-31
Sebezhető verzió:1.1.14-1kalgan1
Nem érintett verzió:1.2.4-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3204
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3134
Leírás:Some vulnerabilities have been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) Multiple errors exist in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoders. These can be exploited to trigger crashes, overly large memory allocations, or the execution of infinite loops. 2) An error within the "GetImageCharacteristics()" function in magick/image.c can be exploited to crash an affected application via specially crafted e.g. PNG, JPEG, BMP, or TIFF files.
FSA523 - poppler
Csomag:poppler
Dátum:2008-08-31
Sebezhető verzió:0.6.4-1
Nem érintett verzió:0.6.4-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3311
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2950
Leírás:A vulnerability has been reported in Poppler, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to the "Page" constructor leaving the "pageWidgets" object uninitialized under specific circumstances. This can be exploited to potentially trigger the "free()" of an arbitrary address when the object is deleted. Successful exploitation may allow execution of arbitrary code via a specially crafted PDF file.
FSA522 - mono
Csomag:mono
Dátum:2008-08-31
Sebezhető verzió:1.2.6-3
Nem érintett verzió:1.2.6-4kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3306
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3422
Leírás:Dean Brettle has reported some security issues in Mono, which can be exploited by malicious people to conduct cross-site scripting attacks. The security issues are caused due to Mono's ASP.net implementation not properly sanitising certain attributes (e.g. "HtmlSelect.Value", "HtmlSelect.Text", and the "action" attribute of the "form" element). This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA521 - openttd
Csomag:openttd
Dátum:2008-08-31
Sebezhető verzió:0.5.3-1
Nem érintett verzió:0.6.2-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3303
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3577
Leírás:A vulnerability has been reported in OpenTTD, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "TruncateString()" function in src/gfx.cpp. This can be exploited to potentially cause a buffer overflow via a specially crafted string. Successful exploitation may allow execution of arbitrary code.
FSA520 - freetype2
Csomag:freetype2
Dátum:2008-08-31
Sebezhető verzió:2.3.5-2
Nem érintett verzió:2.3.7-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3178
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808
Leírás:Some vulnerabilities have been reported in FreeType, which potentially can be exploited by malicious people to compromise an application using the library. 1) An integer overflow error exists in the processing of PFB font files. This can be exploited to cause a heap-based buffer overflow via a PFB file containing a specially crafted "Private" dictionary table. 2) An error in the processing of PFB font files can be exploited to trigger the "free()" of memory areas that are not allocated on the heap. 3) An off-by-one error exists in the processing of PFB font files. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted PFB file. 4) An off-by-one error exists in the implementation of the "SHC" instruction while processing TTF files. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted TTF file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
FSA519 - httrack
Csomag:httrack
Dátum:2008-08-31
Sebezhető verzió:3.42-1
Nem érintett verzió:3.42_3-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3304
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3429
Leírás:A security issue has been reported in HTTrack, which potentially can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to a boundary error when processing command line arguments. This can be exploited to cause a buffer overflow by passing overly long URLs to the application.
FSA518 - python
Csomag:python
Dátum:2008-08-29
Sebezhető verzió:2.5.2-2kalgan1
Nem érintett verzió:2.5.2-2kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3286
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
Leírás:Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule. 2) An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results. 3) Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems. 4) An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a "vsnprintf()" function. 5) An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption. Successful exploitation of some of these vulnerabilities may allow to crash an application or to execute arbitrary code, but depends on the implementation of an Python application.
FSA517 - apache
Csomag:apache
Dátum:2008-08-29
Sebezhető verzió:2.2.8-2kalgan1
Nem érintett verzió:2.2.8-2kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3307
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
Leírás:A vulnerability has been reported in Apache, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to mod_proxy_ftp via an URL containing a FTP wildcard character (e.g. "*"), is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA516 - links
Csomag:links
Dátum:2008-08-29
Sebezhető verzió:2.1pre33-1
Nem érintett verzió:2.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3272
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
Leírás:Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."
FSA515 - ruby
Csomag:ruby
Dátum:2008-08-29
Sebezhető verzió:1.8.6-4
Nem érintett verzió:1.8.6-5kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3300
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443
Leírás:Some vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. 1) Multiple errors in the implementation of safe level restrictions can be exploited to call "untrace_var()", perform syslog operations, and modify "$PROGRAM_NAME" at safe level 4, or call insecure methods at safe levels 1 through 3. 2) An error exists in the usage of regular expressions in "WEBrick::HTTPUtils.split_header_value()". This can be exploited to consume large amounts of CPU via a specially crafted HTTP request. 3) An error in "DL" can be exploited to bypass security restrictions and call potentially dangerous functions. 4) The vulnerability is caused due to resolv.rb not sufficiently randomising the DNS query port number, which can be exploited to poison the DNS cache.
FSA514 - libxslt
Csomag:libxslt
Dátum:2008-08-29
Sebezhető verzió:1.1.22-2kalgan1
Nem érintett verzió:1.1.22-2kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3285
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2935
Leírás:Chris Evans has reported some vulnerabilities in libxslt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to boundary errors within crypto.c when handling the XSLT "crypto:rc4_encrypt" and "crypto:rc4_decrypt" functions. This can be exploited to cause a heap-based buffer overflow via a specially crafted stylesheet.
FSA513 - git
Csomag:git
Dátum:2008-08-26
Sebezhető verzió:1.5.4.3-1
Nem érintett verzió:1.5.6.4-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3305
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546
Leírás:Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.
FSA512 - amarok
Csomag:amarok
Dátum:2008-08-26
Sebezhető verzió:1.4.8-2
Nem érintett verzió:1.4.10-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3312
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699
Leírás:A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "MagnatuneBrowser::listDownloadComplete()" function handling temporary files in an insecure manner. This can be exploited via symlink attacks in combination with a race condition to overwrite arbitrary files with the privileges of the user running the application.
FSA511 - pdns
Csomag:pdns
Dátum:2008-08-26
Sebezhető verzió:2.9.21-3
Nem érintett verzió:2.9.21.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3309
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3337
Leírás:A weakness has been reported in PowerDNS, which can be exploited by malicious people to conduct spoofing attacks. The weakness is caused due to the server dropping DNS queries for invalid DNS records within a valid domain. This can be exploited to facilitate the spoofing of the valid domain on third-party DNS servers.
FSA510 - thunderbird
Csomag:thunderbird
Dátum:2008-08-26
Sebezhető verzió:2.0.0.14-1kalgan1
Nem érintett verzió:2.0.0.16-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3206
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811
Leírás:Some vulnerabilities have been reported in Mozilla Thunderbird, which potentially can be exploited by malicious people to compromise a user's system. For more information, see FSA509
FSA509 - firefox
Csomag:firefox
Dátum:2008-08-26
Sebezhető verzió:2.0.0.14-1kalgan1
Nem érintett verzió:2.0.0.15-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3202
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811
Leírás:Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. 1) Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory. 2) An error in the handling of unprivileged XUL documents can be exploited to load Chrome scripts from a "fastload" file via "script" elements. 3) An error in the "mozIJSSubScriptLoader.LoadScript()" function can be exploited to bypass XPCNativeWrappers and run arbitrary code with Chrome privileges. Successful exploitation requires that an add-on using the affected function is installed. 4) An error in the block reflow process can be exploited to cause a crash or potentially execute arbitrary code. 5) An error in the processing of file URLs contained within local directory listings can potentially be exploited to execute malicious JavaScript content. 6) Multiple errors in the implementation of the JavaScript same origin policy can be exploited to execute arbitrary script code in the context of a different domain. 7) Multiple errors in the verification of signed JAR files can be exploited to execute arbitrary JavaScript code with the privileges of the JAR's signer. 8) An error in the implementation of file upload forms can be exploited to upload arbitrary local files to a remote webserver via specially crafted "DOM Range" and "originalTarget" elements. 9) An error in the Java LiveConnect implementation on Mac OS X can be exploited to establish arbitrary socket connections. 10) An uninitialized memory access in the processing of improperly encoded ".properties" files can potentially be exploited to disclose sensitive memory via an add-on using the malformed file. 11) An error in the processing of "Alt Names" provided by "peer" trusted certificates can be exploited to conduct spoofing attacks. 12) An error in the processing of Windows URL shortcuts can be exploited to run a remote site as a local file.
FSA507 - postfix
Csomag:postfix
Dátum:2008-08-16
Sebezhető verzió:2.4.6-1
Nem érintett verzió:2.4.7-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3296
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937
Leírás:Sebastian Krahmer has reported some security issues in Postfix, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges. 1) A security issue is caused due to Postfix incorrectly handling symlink files. This can be exploited to e.g. append mail messages to arbitrary files by creating a hardlink to a symlink owned by the root user. Successful exploitation requires write permission to the mail spool directory, that there is no "root" mailbox, and users can create a hardlink to a symlink (e.g. Linux 2.x, Solaris, Irix 6.5). 2) A security issue is caused due to Postfix not correctly checking the ownership of the destination when delivering email. This can be exploited to e.g. disclose emails by creating an insecure mailbox file for other users. Successful exploitation requires permission to create files within the mail spool directory.
FSA506 - drupal
Csomag:drupal
Dátum:2008-08-16
Sebezhető verzió:5.9-1kalgan1
Nem érintett verzió:5.10-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3299
CVEk:There is no CVE for this issue yet, see http://drupal.org/node/295053
Leírás:Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) A vulnerability is caused by the fact that the private filesystem uses the MIME media type it receives from the web browser when handling uploads. This can be exploited for script insertion attacks. Successful exploitation of this vulnerability requires valid user credentials with the right to upload files. 3) A vulnerability is caused due to missing restrictions on what file types that users are allowed to upload in the BlogAPI module. This can be exploited to e.g. execute arbitrary PHP code. Successful exploitation of this vulnerability requires valid user credentials with the "administer content with blog api" permission. 4) A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to add or delete user access rules, by enticing a logged-in user to visit a malicious web page.
FSA505 - phpmyadmin
Csomag:phpmyadmin
Dátum:2008-08-16
Sebezhető verzió:2.11.7.1-1kalgan1
Nem érintett verzió:2.11.8.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3271
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3457
Leírás:Aung Khant has reported two vulnerabilities in phpMyAdmin, which can be exploited by malicious local users to conduct cross-site scripting attacks, and by malicious people to conduct spoofing attacks. 1) Many scripts except for index.php do not check if they are linked into another site's frames. This can potentially be used for spoofing and phishing attacks. 2) Input from the config/config.inc.php configuration file to scripts/setup.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA504 - mantis
Csomag:mantis
Dátum:2008-08-15
Sebezhető verzió:1.1.1-1
Nem érintett verzió:1.1.2-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3249
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3333
Leírás:Some vulnerabilities have been reported in Mantis, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and request forgery attacks. 1) Input passed to the "filter_target" parameter in return_dynamic_filters.php is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. add a new user with administrative privileges by enticing a logged-in administrator to visit a malicious site. 3) Input passed to the "value" parameter in adm_config_set.php is not properly sanitised before being used in an "eval()" statement. This can be exploited to e.g. execute arbitrary PHP commands via a specially crafted request. Successful exploitation requires administrator access, but see vulnerability #2. 4) Input passed to the "language" parameter in account_prefs_update.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.
FSA503 - openldap
Csomag:openldap
Dátum:2008-07-27
Sebezhető verzió:2.3.41-1
Nem érintett verzió:2.3.43-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3207
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2952
Leírás:A vulnerability has been reported in OpenLDAP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ber_get_next()" function in libraries/liblber/io.c. This can be exploited to trigger an "assert()" and terminate the "slapd" process via a specially crafted ASN.1 BER encoded packet.
FSA502 - afuse
Csomag:afuse
Dátum:2008-07-27
Sebezhető verzió:0.2-1
Nem érintett verzió:0.2-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3243
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2232
Leírás:Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths. This allowed a local attacker with read access to the filesystem to execute commands as the owner of the filesystem.
FSA501 - phpbb
Csomag:phpbb
Dátum:2008-07-27
Sebezhető verzió:2.0.22-1
Nem érintett verzió:3.0.2-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3244
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3224
Leírás:Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."
FSA500 - pidgin
Csomag:pidgin
Dátum:2008-07-27
Sebezhető verzió:2.3.1-2
Nem érintett verzió:2.4.3-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3217
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927
Leírás:Some vulnerabilities have been reported in Pidgin, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to integer overflow errors in the "msn_slplink_process_msg" function in libpurple/protocols/msnp9/slplink.c and libpurple/protocols/msn/slplink.c, and can potentially be exploited to execute arbitrary code via a specially crafted SLP message. Successful exploitation requires that the attacker is allowed to send messages to a victim (by default only users in the buddy list).
FSA499 - ffmpeg
Csomag:ffmpeg
Dátum:2008-07-27
Sebezhető verzió:20070422-3
Nem érintett verzió:20070422-4kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3252
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3162
Leírás:A vulnerability has been reported in FFmpeg, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "str_read_packet()" function in libavformat/psxstr.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted STR file.
FSA498 - checkinstall
Csomag:checkinstall
Dátum:2008-07-27
Sebezhető verzió:1.6.1-1
Nem érintett verzió:1.6.1-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3209
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958
Leírás:Two security issues have been reported in CheckInstall, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issues are caused due to the "checkinstall" and "installwatch" scripts creating directories in an insecure manner. This can potentially be exploited via symlink attacks to delete or modify arbitrary files with the privileges of the user running the affected scripts.
FSA497 - byacc
Csomag:byacc
Dátum:2008-07-27
Sebezhető verzió:1.9-1
Nem érintett verzió:1.9-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3251
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3196
Leírás:Otto Moerbeck has reported the following potential out of bounds of the allocated stack access in the yacc binary: Fix an venerable bug: if we're reducing a rule that has an empty right hand side and the yacc stackpointer is pointing at the very end of the allocated stack, we end up accessing the stack out of bounds by the implicit $$ = $1 action. Detected by my new malloc.
FSA496 - perl
Csomag:perl
Dátum:2008-07-27
Sebezhető verzió:5.10.0-3
Nem érintett verzió:5.10.0-4kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3210
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2827
Leírás:Description: A vulnerability has been reported in Perl, which can be exploited by malicious, local user to perform actions with escalated privileges. The vulnerability is caused due to the insecure use of chmod on symbolic links and can be exploited to change permissions of arbitrary files to 0777 via symlink attacks.
FSA495 - bind
Csomag:bind
Dátum:2008-07-26
Sebezhető verzió:9.4.2-2
Nem érintett verzió:9.4.2-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3219
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
Leírás:A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to the DNS servers not sufficiently randomising the DNS query port number, which can be exploited to poison the DNS cache.
FSA494 - wireshark
Csomag:wireshark
Dátum:2008-07-26
Sebezhető verzió:1.0.1-1kalgan1
Nem érintett verzió:1.0.2-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3224
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3145
Leírás:A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when reassembling packets and can be exploited to cause the application to crash when processing a series of malformed packets that are either captured off the wire or loaded via a capture file.
FSA493 - drupal
Csomag:drupal
Dátum:2008-07-26
Sebezhető verzió:5.7-1
Nem érintett verzió:5.9-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3256
CVEk:There is no CVE for this issue, see http://drupal.org/node/286417
Leírás:A vulnerability has been reported in Drupal, which can be exploited by malicious people to conduct session fixation attacks. An error in the handling of certain sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.
FSA492 - drupal
Csomag:drupal
Dátum:2008-07-26
Sebezhető verzió:5.7-1
Nem érintett verzió:5.9-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3222
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3219 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3220 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3222 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3223
Leírás:Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct SQL injection and script insertion attacks. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. delete OpenID identities or translation strings by enticing a logged-in user to visit a malicious site. 2) Certain input passed to numeric fields in the Schema API is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
FSA491 - phpmyadmin
Csomag:phpmyadmin
Dátum:2008-07-26
Sebezhető verzió:2.11.7-1kalgan1
Nem érintett verzió:2.11.7.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3247
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3197
Leírás:Aung Khant has discovered some vulnerabilities in phpMyAdmin, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to create databases and change the connection character set for an authenticated user, who is tricked into visiting a malicious website.
FSA490 - clamav
Csomag:clamav
Dátum:2008-07-26
Sebezhető verzió:0.93.1-1kalgan1
Nem érintett verzió:0.93.3-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3250
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
Leírás:A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error in libclamav/petite.c. This can be exploited to trigger an out-of-bounds read via a specially crafted Petite packed executable.
FSA489 - kernel
Csomag:kernel
Dátum:2008-07-11
Sebezhető verzió:2.6.24-4kalgan3
Nem érintett verzió:2.6.24-4kalgan4
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3173
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2750
Leírás:A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error in the "pppol2tp_recvmsg()" function and can potentially be exploited to corrupt kernel memory via a specially crafted PPP over L2TP packet.
FSA488 - wireshark
Csomag:wireshark
Dátum:2008-07-11
Sebezhető verzió:1.0.0-1kalgan1
Nem érintett verzió:1.0.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3203
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3141
Leírás:Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). 1) An error in the GSM SMS dissector can be exploited to crash the application. 2) An error in the PANA and KISMET dissectors can be exploited to trigger an application exit. 3) An use-after-free error in the RTMPT dissector can be exploited to crash the application. 4) An unspecified error in the RMI dissector can be exploited to disclose system memory. 5) An error in the syslog dissector can be exploited to crash the application via an incomplete SS7 MSU syslog encapsulated packet.
FSA487 - phpmyadmin
Csomag:phpmyadmin
Dátum:2008-07-11
Sebezhető verzió:2.11.5.2-1kalgan1
Nem érintett verzió:2.11.7-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3205
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2960
Leírás:Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that "register_globals" is enabled and support for ".htaccess" files is disabled.
FSA486 - opera
Csomag:opera
Dátum:2008-07-11
Sebezhető verzió:9.27-1kalgan1
Nem érintett verzió:9.50-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3176
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2714 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2715 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2716
Leírás:Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to disclose potentially sensitive information or to conduct spoofing attacks. 1) An error in the handling of certain characters in a page address can be exploited to e.g. make a site's address look like another site's address. 2) An error in the checking of the source of images when used by HTML CANVAS elements can be exploited to retrieve the image data. 3) Pages in frames are able to change the location of pages in other frames on the parent page.
FSA485 - courier-authlib
Csomag:courier-authlib
Dátum:2008-07-02
Sebezhető verzió:0.60.2-1
Nem érintett verzió:0.60.6-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3180
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2667
Leírás:A vulnerability has been reported in the Courier Authentication Library, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via e.g. the username to the library is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and e.g. potentially bypass authentication. Successful exploitation requires that a MySQL database is used for authentication and that a Non-Latin character set is selected.
FSA484 - xorg-server
Csomag:xorg-server
Dátum:2008-07-02
Sebezhető verzió:1.4.0.90-5
Nem érintett verzió:1.4.0.90-6kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3175
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362
Leírás:Some vulnerabilities have been reported in X.org X11, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. 1) An integer overflow error when calculating the size of the glyph exists in the "AllocateGlyph()" function within the Render extension. This can be exploited to cause a heap-based buffer overflow via a specially crafted request. 2) An integer overflow error when calculating the size of the glyph in the "ProcRenderCreateCursor()" function within the Render extension can be exploited to crash the X server via a specially crafted request. 3) An integer overflow error exists in the Render extension when parsing client requests for the "SProcRenderCreateLinearGradient", "SProcRenderCreateRadialGradient", or "SProcRenderCreateConicalGradient" functions and can be exploited to corrupt heap memory. 4) Multiple input validation errors in the "SProcSecurityGenerateAuthorization()", "SProcRecordCreateContext()", and "SProcRecordRegisterClients()" functions within the Record and Security extensions can be exploited to corrupt heap memory via specially crafted requests. Successful exploitation of vulnerabilities #1, #3, and #4 may allow execution of arbitrary code with privileges of the X server (typically root). 5) An integer overflow error when processing parameters to the "ShmPutImage()" request can be exploited to disclose arbitrary memory of the X server process.
FSA483 - apache
Csomag:apache
Dátum:2008-07-02
Sebezhető verzió:2.2.8-1
Nem érintett verzió:2.2.8-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3177
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
Leírás:A vulnerability has been reported in the Apache mod_proxy module, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "ap_proxy_http_process_response()" function when forwarding interim responses. This can be exploited to consume large amounts of memory by tricking mod_proxy into sending an overly large number of interim responses to the client.
FSA482 - net-snmp
Csomag:net-snmp
Dátum:2008-06-26
Sebezhető verzió:5.4.1-4kalgan1
Nem érintett verzió:5.4.1-4kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3142
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
Leírás:A vulnerability has been reported in Net-SNMP, which can be exploited by malicious people to spoof authenticated SNMPv3 packets. The vulnerability is caused due to an error within the verification of the HMAC digest. This can be exploited to increase the chance of successfully spoofing a packet to 1 in 256 by sending a specially crafted SNMPv3 packet with an incomplete 1 byte HMAC digest. Successful exploitation requires a valid username.
FSA481 - horde-webmail
Csomag:horde-webmail
Dátum:2008-06-26
Sebezhető verzió:1.1-1kalgan1
Nem érintett verzió:1.1.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3167
CVEk:There is no CVE for this issue, see http://lists.horde.org/archives/announce/2008/000420.html.
Leírás:Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed to item names is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires valid user credentials. 2) Input passed to contact views is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires valid user credentials. 3) Input passed to unspecified input is not properly sanitised before being returned to the user in the add event screen. This can be exploited to execute arbitrary HTML and script code in a user's browser session in contact of an affected site.
FSA480 - exiv2
Csomag:exiv2
Dátum:2008-06-26
Sebezhető verzió:0.16-1
Nem érintett verzió:0.16-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3135
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2696
Leírás:A vulnerability has been reported in Exiv2, which potentially can be exploited by malicious people to crash an application using the library. The vulnerability is caused due to a floating point exception within the pretty printing functionality when processing certain Nicon camera lens information. This can be exploited to crash an application linked against the Exiv2 library when a image containing specially-crafted metadata is processed.
FSA479 - kernel
Csomag:kernel
Dátum:2008-06-24
Sebezhető verzió:2.6.24-4kalgan2
Nem érintett verzió:2.6.24-4kalgan3
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3140
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1673
Leírás:A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an error within the ASN.1 BER decoder of the cifs and ip_nat_snmp_basic modules when calculating the buffer size. This can be exploited to cause a crash or potentially execute arbitrary code by sending specially crafted BER encoded data to a vulnerable system.
FSA478 - xdvik
Csomag:xdvik
Dátum:2008-06-13
Sebezhető verzió:22.84.12-1
Nem érintett verzió:22.84.14-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3127
CVEk:There is no CVE for this issue, see http://xdvi.sourceforge.net/releases.html#22.84.14
Leírás:A security issue has been reported in xdvik, which can be exploited by malicious, local users. The vulnerability is caused by creating predictably named temporary files by using mktemp.
FSA477 - graphicsmagick
Csomag:graphicsmagick
Dátum:2008-06-13
Sebezhető verzió:1.1.12-1kalgan1
Nem érintett verzió:1.1.14-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3137
CVEk:There is no CVE for this issue, see: http://sourceforge.net/project/shownotes.php?release_id=604785 http://sourceforge.net/project/shownotes.php?release_id=604837
Leírás:Some vulnerabilities have been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) Two boundary errors exist within the "ReadPALMImage()" function in coders/palm.c. These can be exploited to cause a heap-based buffer underflow via a specially crafted PALM image. 2) A boundary error exists within the "DecodeImage()" function in coders/pict.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted PICT image. 3) Multiple unspecified errors within the processing of XCF, DPX, and CINEON images can be exploited to crash the application. Successful exploitation may allow execution of arbitrary code.
FSA476 - asterisk-addons
Csomag:asterisk-addons
Dátum:2008-06-13
Sebezhető verzió:1.4.4-1
Nem érintett verzió:1.4.7-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3136
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2543
Leírás:A vulnerability has been reported in Asterisk Addons, which can be exploited by malicious people to cause a DoS (Denial of Service). The problem is that the "ooh323" channel driver extracts memory addresses from incoming TCP packets and uses them in memory operations. This can be exploited to crash an affected application by sending a TCP packet containing invalid memory references.
FSA475 - samba
Csomag:samba
Dátum:2008-06-13
Sebezhető verzió:3.0.28-1
Nem érintett verzió:3.0.30-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3115
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
Leírás:Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "receive_smb_raw()" function in lib/util_sock.c when parsing SMB packets. This can be exploited to cause a heap-based buffer overflow via an overly large SMB packet received in a client context. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an "smb://" link) or by sending specially crafted packets to an "nmbd" server configured as a local or domain master browser.
FSA474 - blender
Csomag:blender
Dátum:2008-06-13
Sebezhető verzió:2.45-1
Nem érintett verzió:2.45-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3039
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1102
Leírás:Secunia Research has discovered a vulnerability in Blender, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "imb_loadhdr()" function in source/blender/imbuf/intern/radiance_hdr.c, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted Blender (*.blend) file containing a malicious Radiance RGBE image. Successful exploitation allows execution of arbitrary code.
FSA473 - libvorbis
Csomag:libvorbis
Dátum:2008-06-13
Sebezhető verzió:1.2.0-1
Nem érintett verzió:1.2.0-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3093
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1423
Leírás:Some vulnerabilities have been reported in libvorbis, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise an application using the library. 1) An input validation error can be exploited to crash an application, cause an infinite loop, or to cause a heap overflow via a specially crafted OGG file containing a codebook dimension of "0". 2) An integer overflow error in the processing of residue partition values can be exploited to cause a heap-based buffer overflow via a specially crafted OGG file. 3) An integer overflow error exists in the computation of "quantvals" and of required space for "quantlist". This can be exploited to cause a heap-based buffer overflow via a specially crafted OGG file. Successful exploitation may allow execution of arbitrary code.
FSA472 - emacs
Csomag:emacs
Dátum:2008-06-13
Sebezhető verzió:22.1-3kalgan1
Nem érintett verzió:22.1-3kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3086
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2142
Leírás:Morten Welinder has reported a vulnerability in GNU Emacs, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of fast-lock files (.flc) for corresponding source files. This can be exploited to execute arbitrary Emacs Lisp code when e.g. a source file is opened and a specially crafted fast-lock file exists in the same directory. Successful exploitation requires that "font-lock-support-mode" is set to "fast-lock-mode".
FSA471 - stunnel
Csomag:stunnel
Dátum:2008-06-13
Sebezhető verzió:4.21-1
Nem érintett verzió:4.24-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3122
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2420
Leírás:A security issue has been reported in Stunnel, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an unspecified error in the OCSP functionality and can lead to a revoked certificate being successfully authenticated.
FSA470 - imlib2
Csomag:imlib2
Dátum:2008-06-13
Sebezhető verzió:1.4.0-1
Nem érintett verzió:1.4.0-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3124
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2426
Leírás:Secunia Research has discovered two vulnerabilities in imlib2, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. 1) A boundary error exists within the "load()" function in src/modules/loaders/loader_pnm.c when processing the header of a PNM image file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted PNM image in an application using the imlib2 library. Successful exploitation allows execution of arbitrary code. 2) A boundary error exists within the "load()" function in src/modules/loader_xpm.c when processing an XPM image file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM image in an application using the imlib2 library. Successful exploitation may allow execution of arbitrary code.
FSA469 - mrxvt
Csomag:mrxvt
Dátum:2008-06-13
Sebezhető verzió:0.5.3-1
Nem érintett verzió:0.5.3-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3090
CVEk:There is no CVE for this issue.
Leírás:A security issue has been reported in mrxvt, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.
FSA468 - rxvt-unicode
Csomag:rxvt-unicode
Dátum:2008-06-13
Sebezhető verzió:9.02-1
Nem érintett verzió:9.02-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3089
CVEk:There is no CVE for this issue.
Leírás:A security issue has been reported in rxvt-unicode, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.
FSA467 - aterm
Csomag:aterm
Dátum:2008-06-13
Sebezhető verzió:1.0.1-1
Nem érintett verzió:1.0.1-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3088
CVEk:There is no CVE for this issue.
Leírás:A security issue has been reported in aterm, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.
FSA466 - rxvt
Csomag:rxvt
Dátum:2008-06-13
Sebezhető verzió:2.6.4-2
Nem érintett verzió:2.7.10-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2925
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142
Leírás:Bernhard R. Link has reported a security issue in rxvt, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the program using ":0" as it's X11 display if the DISPLAY environment variable is missing. This can be exploited to execute arbitrary commands with the privileges of the user running rxvt via a malicious X server.
FSA465 - net-snmp
Csomag:net-snmp
Dátum:2008-06-10
Sebezhető verzió:5.4.1-3
Nem érintett verzió:5.4.1-4kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3092
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
Leírás:A vulnerability has been reported in Net-snmp, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "__snprint_value()" function in perl/SNMP/SNMP.xs. This can be exploited to cause a buffer overflow in an application using the Net-snmp Perl module by tricking the user into connecting to a malicious SNMP agent.
FSA464 - horde-webmail
Csomag:horde-webmail
Dátum:2008-06-06
Sebezhető verzió:1.0.6-1kalgan1
Nem érintett verzió:1.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3120
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6018
Leírás:Secunia Research has discovered a vulnerability in IMP Webmail Client and Horde Groupware Webmail Edition, which can be exploited by malicious people to bypass certain security restrictions and manipulate data. The HTML filter does not filter out frame and frameset HTML elements. Additionally, the application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to (a) delete an arbitrary number of e-mail messages by referencing their numeric IDs and (b) purge deleted mails, when the victim opens a malicious HTML mail. Successful exploitation requires that the victim opens the HTML part of a malicious message.
FSA463 - openssl
Csomag:openssl
Dátum:2008-06-06
Sebezhető verzió:0.9.8-11
Nem érintett verzió:0.9.8-12kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3114
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672
Leírás:Two vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A double-free error in the handling of server name extension data if "server_name" set to 0x00 can be exploited to crash a server application using OpenSSL by sending a specially crafted TLS 1.0 Client Hello packet. Successful exploitation requires that OpenSSL is compiled using the TLS server name extensions. 2) A NULL pointer dereference error can be exploited by a malicious server to crash a client application when the "Server Key exchange message" is omitted from a TLS handshake and anonymous Diffie-Hellman key exchange is used.
FSA462 - libxslt
Csomag:libxslt
Dátum:2008-05-26
Sebezhető verzió:1.1.22-2kalgan1
Nem érintett verzió:1.1.22-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3104
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767
Leírás:A vulnerability has been reported in libxslt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of XSL style-sheet files. This can potentially be exploited to trigger the use of uninitialized memory in e.g. a call to "free()" when a specially crafted XSL file is being processed by an application using the library. Successful exploitation may allow execution of arbitrary code.
FSA461 - mysql
Csomag:mysql
Dátum:2008-05-26
Sebezhető verzió:5.0.51-2
Nem érintett verzió:5.0.51-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3075
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
Leírás:A security issue has been reported in MySQL, which can be exploited by malicious, local users to bypass certain security restrictions. The problem is that it is possible to bypass certain privilege checks by creating a MyISAM table with certain DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the MySQL data directory.
FSA460 - seamonkey
Csomag:seamonkey
Dátum:2008-05-26
Sebezhető verzió:1.1.9-1kalgan1
Nem érintett verzió:1.1.9-1kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3021
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
Leírás:A vulnerability has been reported in Mozilla SeaMonkey, which can potentially be exploited by malicious people to compromise a user's system. For more information, see FSA431.
FSA459 - django
Csomag:django
Dátum:2008-05-26
Sebezhető verzió:0.96.1-1
Nem érintett verzió:0.96.2-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3084
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2302
Leírás:A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL is not properly sanitised before being returned to the user through the login form. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA458 - asterisk
Csomag:asterisk
Dátum:2008-05-26
Sebezhető verzió:1.4.17-1
Nem érintett verzió:1.4.19.2-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3077
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923
Leírás:A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to improper verification of ACK responses during IAX2 handshakes, which can be exploited to spoof an IAX2 handshake and cause a DoS via high bandwidth usage.
FSA457 - kvm
Csomag:kvm
Dátum:2008-05-25
Sebezhető verzió:61-2
Nem érintett verzió:61-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3044
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004
Leírás:A vulnerability has been reported in KVM, which can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of Service). The error can be exploited by a guest to read arbitrary files on the host via a specially crafted disk header. For more information, see FSA455.
FSA456 - xemacs
Csomag:xemacs
Dátum:2008-05-25
Sebezhető verzió:21.4.21-1
Nem érintett verzió:21.4.21-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3041
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1694
Leírás:Some security issues have been reported in XEmacs, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issues are caused due to the use of vulnerable GNU Emacs code. For more information, see FSA423.
FSA455 - qemu
Csomag:qemu
Dátum:2008-05-25
Sebezhető verzió:0.9.1-2
Nem érintett verzió:0.9.1-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3043
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004
Leírás:A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to the "drive_init()" function in vl.c determining the format of a disk from data contained in the disk's header. This can be exploited by a malicious user in a guest system to e.g. read arbitrary files on the host by writing a fake header to a raw formatted disk image.
FSA454 - chicken
Csomag:chicken
Dátum:2008-05-25
Sebezhető verzió:2.732-1
Nem érintett verzió:3.1.10-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3091
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674
Leírás:A vulnerability been reported in Chicken, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to the use of a vulnerable version of the PCRE library.
FSA453 - gnutls
Csomag:gnutls
Dátum:2008-05-25
Sebezhető verzió:2.2.0-1
Nem érintett verzió:2.2.5-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3100
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950
Leírás:Some vulnerabilities have been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. 1) A boundary error exists in the processing "Client Hello" messages containing a "Server Name" extension. This can be exploited to cause a heap-based buffer overflow via a specially crafted TLS packet. Successful exploitation may allow execution of arbitrary code. 2) A NULL-pointer dereference error in the processing of TLS packets containing multiple "Client Hello" messages can be exploited to crash an affected application. 3) A signedness error exists within the "_gnutls_ciphertext2compressed()" function in lib/gnutls_cipher.c. This can be exploited to cause an out of bounds read and crash an affected application via specially crafted, encrypted TLS data.
FSA452 - graphicsmagick
Csomag:graphicsmagick
Dátum:2008-05-20
Sebezhető verzió:1.1.11-1
Nem érintett verzió:1.1.12-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3076
CVEk:There is no CVE for this issue, see http://sourceforge.net/project/shownotes.php?release_id=595544
Leírás:A security issue has been reported in GraphicsMagick, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the improper processing of file extensions and can be exploited to e.g. access X11 or to invoke certain delegate programs. Successful exploitation requires that a user is tricked into processing a malicious file with a specific file extension.
FSA451 - audacity
Csomag:audacity
Dátum:2008-05-20
Sebezhető verzió:1.3.3-2
Nem érintett verzió:1.3.5-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3080
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6061
Leírás:Viktor Griph has reported a security issue in Audacity, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to delete arbitrary files and directories. The security issue is caused due to the "AudacityApp::OnInit()" method in src/AudacityApp.cpp handling temporary files in an insecure manner. This can be exploited to delete arbitrary files and directories via symlink attacks, or to cause a deadlock.
FSA450 - pngcrush
Csomag:pngcrush
Dátum:2008-05-20
Sebezhető verzió:1.6.4-1
Nem érintett verzió:1.6.5-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3079
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
Leírás:A vulnerability has been reported in Pngcrush, which can be exploited by malicious people to disclose potentially sensitive information or potentially compromise a user's system. The vulnerability is caused due to the use of vulnerable libpng code. For more information, see FSA434.
FSA449 - rdesktop
Csomag:rdesktop
Dátum:2008-05-20
Sebezhető verzió:1.5.0-2
Nem érintett verzió:1.6.0-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3078
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1803
Leírás:Some vulnerabilities have been reported in rdesktop, which can be exploited by malicious people to compromise a user's system. 1) An integer underflow error in iso.c when processing RDP requests can be exploited to cause a heap-based buffer overflow. 2) An input validation error in rdp.c when processing RDP redirect requests can be exploited to cause a BSS-based buffer overflow. 3) A signedness error within "xrealloc()" in rdesktop.c can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code but requires that a user is tricked into connecting to a malicious RDP server.
FSA448 - php
Csomag:php
Dátum:2008-05-20
Sebezhető verzió:5.2.5-2
Nem érintett verzió:5.2.6-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3074
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
Leírás:Some vulnerabilities have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) An unspecified error in the FastCGI SAPI can be exploited to cause a stack-based buffer overflow. 2) An error in the processing of multibyte characters within the "escapeshellcmd()" and "escapeshellarg()" functions can be exploited to escape the inserted backslash or quote characters via certain multibyte characters. Successful exploitation allows to bypass the "safe_mode_exec_dir" and "disable_functions" directives, and potentially to inject arbitrary shell commands via user controlled input, but requires that the shell uses a locale with a variable width character (e.g. GBK, EUC-KR, SJIS). 3) A vulnerability is caused due to an error during path translation in cgi_main.c. This can potentially be exploited to execute arbitrary code, but depends on how a targeted application is using PHP. 4) An error in cURL can be exploited to bypass the "safe_mode" directive. 5) A boundary error in PCRE can potentially be exploited by malicious people to cause a DoS or compromise a vulnerable system.
FSA447 - eterm
Csomag:eterm
Dátum:2008-05-15
Sebezhető verzió:0.9.4-2
Nem érintett verzió:0.9.4-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2918
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692
Leírás:A security issue has been reported in Eterm, which can be exploited by malicious, local users to gain escalated privileges. Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
FSA446 - kdelibs
Csomag:kdelibs
Dátum:2008-05-15
Sebezhető verzió:3.5.9-1
Nem érintett verzió:3.5.9-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3047
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671
Leírás:A vulnerability has been reported in KDE, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges. The vulnerability is caused due to an error in the start_kdeinit script (installed setuid root by default). This can be exploited to send signals to privileged processes, cause a DoS, or potentially execute arbitrary code in the context of the target process.
FSA445 - kernel
Csomag:kernel
Dátum:2008-05-15
Sebezhető verzió:2.6.24-4kalgan1
Nem érintett verzió:2.6.24-4kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3060
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669
Leírás:A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when preventing race conditions between "fcntl_setlk()" and "close()" calls on SMP systems. This can be exploited to trigger the improper, reordered access to the file descriptor table and the "file_lock" structure of an inode, between threads running on different CPUs.
FSA444 - thunderbird
Csomag:thunderbird
Dátum:2008-05-15
Sebezhető verzió:2.0.0.12-1
Nem érintett verzió:2.0.0.14-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2906
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237
Leírás:Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system. For more information, see FSA407.
FSA443 - util-linux-ng
Csomag:util-linux-ng
Dátum:2008-05-15
Sebezhető verzió:2.13.1-1
Nem érintett verzió:2.13.1-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3046
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1926
Leírás:A weakness has been reported in util-linux-ng, which can be exploited by malicious people to manipulate certain data. The security issue is caused due to an error in login.c while logging login attempts. This can be exploited to inject e.g. an arbitrary address in the audit logs via a specially crafted username.
FSA442 - wordpress
Csomag:wordpress
Dátum:2008-05-15
Sebezhető verzió:2.3.3-2kalgan1
Nem érintett verzió:2.5.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3048
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1930 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2068
Leírás:Two vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and to compromise a vulnerable system. 1) A vulnerability is caused due to improper access restriction of the administration section. This can be exploited to bypass the authentication mechanism and gain administrative access by setting a specially crafted cookie. This can further be exploited to execute arbitrary PHP code. Successful exploitation of this vulnerability requires that registering new accounts is enabled. The vulnerability is reported in version 2.5. 2) Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA441 - kernel
Csomag:kernel
Dátum:2008-05-05
Sebezhető verzió:2.6.24-3
Nem érintett verzió:2.6.24-4kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3050
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
Leírás:A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges. A race condition error exists in the dnotify subsystem between calls to "fcntl()" and "close()". This can be exploited to cause a system crash or potentially gain root privileges.
FSA440 - frugalwareutils
Csomag:frugalwareutils
Dátum:2008-05-05
Sebezhető verzió:0.7.9-1
Nem érintett verzió:0.7.9-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3052
CVEk:There is no CVE for this issue.
Leírás:A vulnerability has been reported in frugalwareutils, which can potentially be exploited by malicious people to cause a DoS on a vulnerable system. The vulnerability is caused due to creating new files as root without checking the current value of umask. Successful exploitation may allow execution of arbitrary code.
FSA439 - vorbis-tools
Csomag:vorbis-tools
Dátum:2008-05-05
Sebezhető verzió:1.1.1-3
Nem érintett verzió:1.1.1-4kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3032
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Leírás:A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header. Successful exploitation may allow execution of arbitrary code.
FSA438 - xine-lib
Csomag:xine-lib
Dátum:2008-05-05
Sebezhető verzió:1.1.11-1kalgan2
Nem érintett verzió:1.1.11-1kalgan3
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3027
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
Leírás:Guido Landi has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "demux_nsf_send_chunk()" function in src/demuxers/demux_nsf.c. This can be exploited to cause a stack-based buffer overflow via an overly long NSF title.
FSA437 - xine-lib
Csomag:xine-lib
Dátum:2008-05-05
Sebezhető verzió:1.1.11-1kalgan2
Nem érintett verzió:1.1.11-1kalgan3
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3010
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Leírás:A vulnerability has been reported in xine-lib, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header. Successful exploitation may allow execution of arbitrary code.
FSA436 - phpmyadmin
Csomag:phpmyadmin
Dátum:2008-04-25
Sebezhető verzió:2.11.5.1-1kalgan1
Nem érintett verzió:2.11.5.2-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3035
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1924
Leírás:A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to an unspecified error and can be exploited to disclose arbitrary files via a specially crafted HTTP POST request. Successful exploitation requires a certain level of access e.g. on a shared h