Red Hat Enterprise Linux: Updated initscripts packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
Monthly Archives: November 2014
RHBA-2014:1798-1: xfsdump bug fix update
Red Hat Enterprise Linux: Updated xfsdump packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
RHBA-2014:1797-1: java-1.8.0-openjdk bug fix update
Red Hat Enterprise Linux: Updated java-1.8.0-openjdk packages that fix two bugs are now available for Red
Hat Enterprise Linux 6.
CVE-2014-2718
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.
Fedora EPEL 7 Security Update: polarssl-1.3.9-1.el7
Fedora EPEL 5 Security Update: mantis-1.2.17-3.el5
Resolved Bugs
1141310 – CVE-2014-6387 mantis: null byte poisoning in LDAP authentication
1141314 – mantis: null byte poisoning in LDAP authentication [epel-5]<br
Fix for CVE-2014-6387
Please note: this update is from the 1.2 series, so existing installations (on 1.1) will need manual upgrade steps to apply the DB schema migration.
Please check the file
/usr/share/doc/mantis/README.Fedora
for the installation/upgrade steps.
Fedora EPEL 6 Security Update: facter-1.6.18-7.el6
Resolved Bugs
1101346 – CVE-2014-3248 puppet: Ruby modules could be loaded from the current working directory
1107891 – CVE-2014-3248 facter: puppet: Ruby modules could be loaded from the current working directory [fedora-19]
1107892 – CVE-2014-3248 facter: puppet: Ruby modules could be loaded from the current working directory [epel-all]<br
1101346 – CVE-2014-3248: puppet: Ruby modules could be loaded from the current working directory
1107891 – CVE-2014-3248: facter: puppet: Ruby modules could be loaded from the current working directory [fedora-19]
Also picks up latests minor tweaks from F19 branch.
Patch facter 1.6 series for Bug 1107891 – CVE-2014-3248
See http://puppetlabs.com/security/cve/cve-2014-3248 for more
information from upstream.
CVE-2013-4537
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.
CVE-2013-4527
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.
CVE-2013-4541
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.