Frugalware Security Announcements (FSAs)

• Author: voroskoi
• Vulnerable: 2.6.17-5
• Unaffected: 2.6.17-6siwenna1

Ang Way Chuang has reported a vulnerability in Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the ULE (Unidirectional Lightweight Encapsulation) decapsulation code when processing ULE packets. This can be exploited to crash the system by sending a malicious ULE packet with an SNDU (Sub Network Data Unit) size of 0

• Author: voroskoi
• Vulnerable: 0.88.4-1
• Unaffected: 0.88.5-1siwenna1

Two vulnerabilities have been reported in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

• Bug Tracker URL: http://bugs.frugalware.org/task/1316

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5295

• Author: voroskoi
• Vulnerable: 2.4.3-3
• Unaffected: 2.4.3-4siwenna1

A vulnerability has been reported in Python, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

• Bug Tracker URL: http://bugs.frugalware.org/task/1284

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

• Author: voroskoi
• Vulnerable: 5.1.6-1
• Unaffected: 5.1.6-2siwenna1

A vulnerability has been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Maksymilian Arciemowicz has reported a vulnerability in PHP, which can be exploited by malicious, local users to bypass certain security restrictions.

• Bug Tracker URL: http://bugs.frugalware.org/task/1266 http://bugs.frugalware.org/task/1291

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4625
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4812

• Author: voroskoi
• Vulnerable: 1.1.17.1-2
• Unaffected: 1.1.17.2-1siwenna1

A vulnerability has been reported in Mono, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

• Bug Tracker URL: http://bugs.frugalware.org/task/1261

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5072

• Author: voroskoi
• Vulnerable: 5.0_08-1
• Unaffected: 5.0_09-1siwenna1

Sun has acknowledged a vulnerability in Sun JDK / SDK, which potentially can be exploited by malicious people to bypass certain security restrictions.

• Bug Tracker URL: http://bugs.frugalware.org/task/1251

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

• Author: voroskoi
• Vulnerable: 5.0_08-1
• Unaffected: 5.0_09-1siwenna1

Sun has acknowledged a vulnerability in Sun JDK / SDK, which potentially can be exploited by malicious people to bypass certain security restrictions.

• Bug Tracker URL: http://bugs.frugalware.org/task/1251

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

• Author: voroskoi
• Vulnerable: 0.10.1-2
• Unaffected: 0.10.1-3siwenna1

Some vulnerabilities have been reported in GStreamer FFmpeg Plug-in, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

• Bug Tracker URL: http://bugs.frugalware.org/task/1239

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800

• Author: voroskoi
• Vulnerable: 1.3.5-1
• Unaffected: 1.3.5-2siwenna1

Tavis Ormandy has reported some vulnerabilities in gzip, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

• Bug Tracker URL: http://bugs.frugalware.org/task/1210

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338

• Author: voroskoi
• Vulnerable: 2.0.8-1siwenna1
• Unaffected: 2.0.9-1siwenna1

Some vulnerabilities have been reported in OpenVPN, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

• Bug Tracker URL: http://bugs.frugalware.org/task/1246

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343