Frugalware Linux - Let's make things Frugal!

Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

Package:	drupal-cck
Date:	2008-11-16
Posted by:	Miklos Vajna
Vulnerable version:	5.x_1.10-1solaria1
Unaffected version:	5.x_1.9-1
Bug tracker entry:	http://bugs.frugalware.org/task/3444
CVEs:	No CVE for this issue, see http://drupal.org/node/330546.
Description:	Some vulnerabilities have been reported in the Drupal Content Construction Kit (CCK), which can be exploited by malicious users to conduct script insertion attacks. Input passed to unspecified field labels and "content-type" names is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires "administer content" privileges.

FSA551 - phpmyadmin

Package:	phpmyadmin
Date:	2008-11-16
Posted by:	Miklos Vajna
Vulnerable version:	2.11.9.2-1solaria1
Unaffected version:	2.11.9.3-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3436
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4775
Description:	Hadi Kiamarsi has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "db" parameter in pmd_pdf.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation may require that the victim has valid user credentials.

FSA550 - wordpress

Package:	wordpress
Date:	2008-11-16
Posted by:	Miklos Vajna
Vulnerable version:	2.6.2-1solaria1
Unaffected version:	2.6.3-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3424
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796
Description:	A vulnerability in the Snoopy library was announced. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, they wanted to get an update out.

FSA549 - drupal6

Package:	drupal6
Date:	2008-11-16
Posted by:	Miklos Vajna
Vulnerable version:	6.5-1solaria1
Unaffected version:	6.6-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3420
CVEs:	No CVE for this issue, see http://drupal.org/node/324832
Description:	Two vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks. An input passed as book page titles is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed. For more info about the other issue, see FSA548. Successful exploitation requires valid user credentials with the "create book content" permission or the permission to edit book nodes.

FSA548 - drupal

Package:	drupal
Date:	2008-11-16
Posted by:	Miklos Vajna
Vulnerable version:	5.11-1solaria1
Unaffected version:	5.12-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3419
CVEs:	No CVE for this issue, see http://drupal.org/node/324833
Description:	A vulnerability has been reported in Drupal, which can potentially be exploited by malicious, local users to gain escalated privileges. Input passed to unspecified parameters is not properly verified before being used to include files. This can be exploited to include specially named files from local resources and potentially escalate privileges. Successful exploitation requires that the web server is configured to use virtual hosts.

FSA547 - openoffice.org

Package:	openoffice.org
Date:	2008-11-03
Posted by:	Miklos Vajna
Vulnerable version:	2.4.1-1
Unaffected version:	2.4.1-2solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3429
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2238
Description:	Some vulnerabilities have been reported in OpenOffice, which potentially can be exploited by malicious people to compromise a user's system. 1) An error in the processing of WMF files can be exploited to cause a heap-based buffer overflow via a specially crafted StarOffice/StarSuite document. 2) Multiple integer overflows when parsing certain EMR records of EMF files can be exploited to cause heap-based buffer overflows via a specially crafted StarOffice/StarSuite document. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

FSA546 - vlc

Package:	vlc
Date:	2008-10-22
Posted by:	Miklos Vajna
Vulnerable version:	0.9.1-1
Unaffected version:	0.9.4-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3408
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4558
Description:	A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a signedness error within the "parse_track_node()" function in modules/demux/playlist/xspf.c. This can be exploited to corrupt memory via a specially crafted XSPF file containing a negative "identifier" attribute. Successful exploitation may allow execution of arbitrary code.

FSA545 - proftpd

Package:	proftpd
Date:	2008-10-22
Posted by:	Miklos Vajna
Vulnerable version:	1.3.1-4
Unaffected version:	1.3.1-5solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3370
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4242
Description:	A vulnerability has been reported in ProFTPD, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g. tricking the user into following a malicious link.

FSA544 - libxml2

Package:	libxml2
Date:	2008-10-22
Posted by:	Miklos Vajna
Vulnerable version:	2.6.32-2
Unaffected version:	2.7.2-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3402
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4422
Description:	Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. 1) A recursion error exists when processing certain XML content. This can be exploited to e.g. exhaust all available memory and CPU resources by tricking an application using Libxml2 into processing specially crafted XML documents. 2) A boundary error in the processing of long XML entity names in parser.c can be exploited to cause a heap-based buffer overflow when specially crafted XML content is parsed. 3) A vulnerability is caused due to an error in the processing of XML files and can be exploited to exhaust all available memory via a specially crafted XML file containing a predefined entity inside an entity definition. Successful exploitation may allow execution of arbitrary code.

FSA543 - wireshark

Package:	wireshark
Date:	2008-10-22
Posted by:	Miklos Vajna
Vulnerable version:	1.0.3-1solaria1
Unaffected version:	1.0.4-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3417
CVEs:	No CVE, see http://www.wireshark.org/security/wnpa-sec-2008-06.html
Description:	Some vulnerabilities and a weakness have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error within the Bluetooth ACL dissector can be exploited to cause a crash via specially crafted packets. 2) An error within the Q.931 dissector can be exploited to cause a crash via specially crafted packets. 3) Uninitialised data structures within the Bluetooth RFCOMM and USB dissector can be exploited to cause a crash via specially crafted packets.

FSA542 - mantis

Package:	mantis
Date:	2008-10-19
Posted by:	Miklos Vajna
Vulnerable version:	1.1.2-1
Unaffected version:	1.1.4-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3411
CVEs:	No CVE, see http://milw0rm.com/exploits/6768
Description:	EgiX has discovered a vulnerability in Mantis, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "sort" parameter in manage_proj_page.php is not properly sanitised before being used in a "create_function()" call. This can be exploited to execute arbitrary PHP code. Successful exploitation requires valid user credentials.

FSA541 - dovecot

Package:	dovecot
Date:	2008-10-19
Posted by:	Miklos Vajna
Vulnerable version:	1.1.2-1
Unaffected version:	1.1.4-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3387
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4578
Description:	Two security issues have been reported in Dovecot, which can be exploited by malicious users to bypass certain security restrictions. 1) The problem is that the ACL plugin interprets negative access rights as positive access rights, potentially giving an unprivileged user access to restricted resources. 2) An error in the ACL plugin when imposing mailbox creation restrictions can be exploited to create "parent/child/child" mailboxes.

FSA540 - mplayer

Package:	mplayer
Date:	2008-10-19
Posted by:	Miklos Vajna
Vulnerable version:	1.0rc2-6
Unaffected version:	1.0rc2-7solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3371
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3827
Description:	Some vulnerabilities have been reported in MPlayer, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to multiple boundary errors within the "demux_real_fill_buffer()" function in libmpdemux/demux_real.c. These can be exploited to cause heap-based buffer overflows via specially crafted Real Media files. Successful exploitation may allow execution of arbitrary code.

FSA539 - mediawiki

Package:	mediawiki
Date:	2008-10-19
Posted by:	Miklos Vajna
Vulnerable version:	1.12.0-1
Unaffected version:	1.13.2-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3382
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4408
Description:	A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "useskin" parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that $wgUseSiteCss is enabled, which is the default.

FSA538 - django

Package:	django
Date:	2008-10-19
Posted by:	Miklos Vajna
Vulnerable version:	0.96.2-1
Unaffected version:	1.0-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3372
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3909
Description:	A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the Django administration application not performing any validity checks to verify requests when re-authenticating the user. This can be exploited to delete and edit data when a not logged-in user e.g. visits a malicious web site and is then enticed to log in to the application.

FSA537 - libpng

Package:	libpng
Date:	2008-10-19
Posted by:	Miklos Vajna
Vulnerable version:	1.2.29-1
Unaffected version:	1.2.32-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3367
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3964
Description:	A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-one error within the "png_push_read_zTXt()" function in pngread.c when processing malicious PNG images with specially crafted zTXt chunks, which can be exploited to crash an application using the library.

FSA536 - jasper

Package:	jasper
Date:	2008-10-19
Posted by:	Miklos Vajna
Vulnerable version:	1.900.1-2
Unaffected version:	1.900.1-3solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3396
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
Description:	Multiple integer overflows in JasPer might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.

FSA535 - lighttpd

Package:	lighttpd
Date:	2008-10-19
Posted by:	Miklos Vajna
Vulnerable version:	1.4.19-2
Unaffected version:	1.4.20-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3375
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360
Description:	A weakness and two vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service). 1) A vulnerability is caused due to a memory leak within the "http_request_parse()" function when processing duplicate request headers and can be exploited to exhaust all available memory. 2) A vulnerability is caused due to the "mod_userdir" module not correctly handling filenames on case insensitive file systems. This can be exploited to e.g. disclose potentially sensitive information by sending requests with mixed upper and lowercase characters. 3) A weakness is caused due to lighttpd not decoding requests before matching them with rewrite and redirect rules. This can be exploited to e.g. bypass the rewrite and redirect rules.

FSA534 - drupal-cck

Package:	drupal-cck
Date:	2008-10-19
Posted by:	Miklos Vajna
Vulnerable version:	5.x_1.7-1
Unaffected version:	5.x_1.9-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3347
CVEs:	No CVE, see http://drupal.org/node/304093
Description:	Some vulnerabilities have been reported in the Drupal Content Construction Kit (CCK), which can be exploited by malicious users to conduct script insertion attacks. Input passed to some fields settings forms (e.g. "field label", "help text", "allowed values") is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires "administer content" privileges.

FSA533 - wordpress

Package:	wordpress
Date:	2008-10-19
Posted by:	Miklos Vajna
Vulnerable version:	2.6.1-1
Unaffected version:	2.6.2-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3346
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4107
Description:	Stefan Esser has reported a vulnerability in WordPress, which can be exploited by malicious people to guess automatically generated passwords. The vulnerability is caused due to WordPress using a weak pseudo random number generator to generate passwords while leaking it's state information to an attacker. In combination with other attacks this can e.g. be exploited to recover the administrator's automatically generated password.

FSA532 - drupal6

Package:	drupal6
Date:	2008-10-10
Posted by:	Miklos Vajna
Vulnerable version:	6.4-1
Unaffected version:	6.5-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3393
CVEs:	No CVE, see http://drupal.org/node/318706
Description:	A vulnerability has been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to improper access restriction in the core upload module. This can be exploited to attach arbitrary files to content, without valid credentials. Successful exploitation requires that the core upload module is enabled.

FSA531 - drupal

Package:	drupal
Date:	2008-10-10
Posted by:	Miklos Vajna
Vulnerable version:	5.10-1
Unaffected version:	5.11-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3392
CVEs:	No CVE, see http://drupal.org/node/318706
Description:	Two vulnerabilities have been reported in Drupal, which can be exploited by malicious people and users to bypass certain security restrictions. 1) A vulnerability is caused due to improper access restriction in the core upload module. This can be exploited to retrieve files attached to content, without valid credentials for accessing the content itself. Successful exploitation of this vulnerability requires valid user credentials and that the core upload module is enabled. 2) A vulnerability is caused due to improper access restriction in the node module API. This can be exploited to bypass node validation under some unspecified circumstances. No further information is currently available.

FSA530 - wireshark

Package:	wireshark
Date:	2008-10-08
Posted by:	Miklos Vajna
Vulnerable version:	1.0.2-2
Unaffected version:	1.0.3-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3345
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3932 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3933
Description:	Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) Various errors within epan/dissectors/packet-ncp2222.inc can be exploited to cause e.g. a crash or an infinite loop via specially crafted NCP packets. 2) An error while uncompressing zlib-compressed packet data can be exploited to cause a crash via specially crafted packets.

FSA529 - drupal-simplenews

Package:	drupal-simplenews
Date:	2008-09-26
Posted by:	Miklos Vajna
Vulnerable version:	5.x_1.4-1
Unaffected version:	5.x_1.5-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3362
CVEs:	There is no CVE for this issue yet, see http://drupal.org/node/312944.
Description:	A vulnerability has been reported in the Simplenews module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed as Newsletter categories is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires valid user credentials with the "administer taxonomy" permission.

FSA528 - phpmyadmin

Package:	phpmyadmin
Date:	2008-09-26
Posted by:	Miklos Vajna
Vulnerable version:	2.11.9.1-1solaria1
Unaffected version:	2.11.9.2-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3361
CVEs:	There is no CVE for this issue yet, see http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-8.
Description:	A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. An error exists in the "PMA_escapeJsString()" function in libraries/js_escape.lib.php, which can be exploited to bypass certain filters and execute arbitrary HTML and script code in a user's browser session in context of an affected site when e.g. Microsoft Internet Explorer is used.

FSA527 - bitlbee

Package:	bitlbee
Date:	2008-09-24
Posted by:	Miklos Vajna
Vulnerable version:	1.2.2-1
Unaffected version:	1.2.3-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3344
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3969
Description:	A security issue has been reported in BitlBee, which can be exploited by malicious people to bypass certain security restrictions and hijack accounts. The security issue is caused due to an unspecified error, which can be exploited to overwrite existing accounts.

FSA526 - phpmyadmin

Package:	phpmyadmin
Date:	2008-09-21
Vulnerable version:	2.11.8.1-1
Unaffected version:	2.11.9.1-1solaria1
Bug tracker entry:	http://bugs.frugalware.org/task/3352
CVEs:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096
Description:	Norman Hippert has reported a vulnerability in phpMyAdmin, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "sort_by" parameter in server_databases.php is not properly sanitised before being used. This can be exploited to execute arbitrary PHP code. Successful exploitation requires valid user credentials.