Category:Security:SSA: Difference between revisions
(make more CVEs into links) |
(added freetype2 details) |
||
Line 45: | Line 45: | ||
=== freetype2 === | === freetype2 === | ||
[http://cvedetails.com/cve/CVE-2011-0226 CVE-2011-0226] | ==== [http://cvedetails.com/cve/CVE-2011-0226 CVE-2011-0226] (Denial Of Service, Execute Code, Memory corruption) affected : current, 13.37 and all before ==== | ||
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. | |||
=== libxml2 === | === libxml2 === |
Revision as of 18:04, 30 January 2012
Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).
The CVEs are typically listed as follow: ${SUMMARY}
- Fix:
- Fixed upstream on: ${DATE}
- Available in version: ${UPSTREAM_VERSION_WITH_FIX} (-current ${VERSION_IN_CURRENT}; -stable: ${VERSION_IN_13_37})
- Upstream commit: ${URL_TO_THE_SPECIFIC_FIX_COMMIT}
a
linux
ap
cups
d
perl
CVE-2011-2939 (DDoS, affected: current and stable)
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow (on cve.mitre.org).
- Fix:
- Fixed upstream on: Tue, 9 Aug 2011
- Available in version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)
- Commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5
ruby
CVE-2011-2705 CVE-2011-1004 CVE-2011-0188
e
emacs
l
t1lib
CVE-2011-1554 CVE-2011-1553 CVE-2011-1552 CVE-2011-0764
freetype2
CVE-2011-0226 (Denial Of Service, Execute Code, Memory corruption) affected : current, 13.37 and all before
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
libxml2
n
httpd
CVE-2011-4415 (DoS, affected : current, 13.37 and all before)
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
CVE-2011-3607 (Overflow, Gain privileges, affected : current, 13.37 and all before)
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
CVE-2011-3368 (affected : current, 13.37 and all before)
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
dhcp
CVE-2011-4868 CVE-2011-4539 CVE-2011-2749 CVE-2011-2748
openssl
CVE-2012-0027 CVE-2011-4619 CVE-2011-4576 CVE-2011-4109 CVE-2011-4108 CVE-2011-3210
proftpd
CVE-2011-4130 (Execute Code, affected : current, 13.37, and all before)
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
php
CVE-2011-4885 (Denial Of Service) affected : current, 13.37 and all before
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-3379 (Execute Code) affected : current
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
x
libXfont
CVE-2011-2895 (Execute Code, Overflow, current, 13.37 and all before)
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
xap
pidgin
CVE-2011-4603 (Denial Of Service) affected : current, 13.37 and all before
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.
CVE-2011-4602 (Denial Of Service) affected : current, 13.37 and all before
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.
CVE-2011-4601 (Denial Of Service) affected : current, 13.37 and all before
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.
CVE-2011-3594 (Denial Of Service, Overflow) affected : current, 13.37 and all before
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
CVE-2011-3184 (Denial Of Service) affected : current, 13.37 and all before
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.
CVE-2011-2943 (Denial Of Service) affected : current, 13.37 and all before
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.
This category currently contains no pages or media.