Some vulnerabilities and security issues have been reported in the Views Module for Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious users and malicious people to bypass certain security restrictions. 1) Input passed e.g. when configuring exposed filters is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. 2) Input passed in view names when adding views is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires "administer views" permissions. 3) A security issue exists due to unpublished content owned by the anonymous user being accessible by anonymous users. 4) An error in the generation of queries can result in users being able to access private content.Vulnerable version: 6.x_2.3-1, Unaffected version: 6.x_2.6-1anacreon1, CVEs: No CVE references, see http://drupal.org/node/488068.

The newsletter's aim is to keep you up to date with what's happened recently in the world of Frugalware.
Features of this issue include:

• X.org 7.4 and kernel 2.6.30 upgrades
• Xfce 4.6.1 is available in current
• Priyank's got a new baby!
• Frugalware's developers are people too - Cedynamix
• Getting To Know You - pacman-g2's "--ask" parameter

You can read it here. We hope you like it!

A vulnerability has been reported in the Webform module for Drupal, which can be exploited by malicious people to conduct script insertion attacks. Input passed via unspecified parameters to e.g. questionnaires, contact, request, or registration forms, surveys, or polls is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed.Vulnerable version: 5.x_2.6-1, Unaffected version: 5.x_2.7-1anacreon1, CVEs: No CVE references, see http://drupal.org/node/481268.

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.Vulnerable version: 1.4.17-2anacreon1, Unaffected version: 1.4.17-3anacreon1, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1579 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1381

The newsletter's aim is to keep you up to date with what's happened recently in the world of Frugalware.
Features of this issue include:

• New Frugalware user bars
• We have a new developer!
• Frugalware's developers are people too - TranzeManiaC
• Tips and tricks - Picture your diff

You can read it here. We hope you like it!

A vulnerability has been reported in NTP, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "crypto_recv()" function in ntpd/ntp_crypto.c. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to the "ntpd". Successful exploitation allows execution of arbitrary code, but requires that Autokey Authentication is configured via "crypto pw [password]" in ntp.conf.Vulnerable version: 4.2.4p6-1, Unaffected version: 4.2.4p7-1anacreon1, CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252

A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the PCNFSD dissector and can be exploited to cause a crash via a specially crafted PCNFSD packet.Vulnerable version: 1.0.7-1anacreon1, Unaffected version: 1.0.8-1anacreon1, CVEs: No CVE reference, see http://www.wireshark.org/security/wnpa-sec-2009-03.html.