Fedora 21 Security Update: kernel-3.17.2-300.fc21

Resolved Bugs
1157327 – quirk for Lenovo Yoga 3: no rfkill switch
1144883 – CVE-2014-3610 kernel: kvm: noncanonical MSR writes
1156543 – CVE-2014-3610 kernel: kvm: noncanonical MSR writes [fedora-all]
1111138 – TouchPad not recognized on fujitsu A544
1156615 – CVE-2014-8480 CVE-2014-8481 kernel: kvm: NULL pointer dereference during rip relative instruction emulation
1156616 – CVE-2014-8480 CVE-2014-8481 kernel: kvm: NULL pointer dereference during rip relative instruction emulation [fedora-all]
1156518 – CVE-2014-8369 kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path
1156522 – CVE-2014-8369 kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path [fedora-all]
1144825 – CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled
1156534 – CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled [fedora-all]
1144878 – CVE-2014-3611 kernel: kvm: PIT timer race condition
1156537 – CVE-2014-3611 kernel: kvm: PIT timer race condition [fedora-all]
1153381 – Synaptics clickpad on Lenovo T440s does not work properly after kernel update on Fedora 20
1089731 – Ath9k WiFi now disabled by radio killswitch
1153322 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries
1155372 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries [fedora-all]
1155745 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing
1155751 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing [fedora-all]
1155731 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks
1155738 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks [fedora-all]
1147850 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
1155727 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks [fedora-all]<br
Linux v3.17.2. A wide variety of fixes across the tree.
Even more KVM CVE fixes
CVE fixes for KVM and SCTP.

Fedora 21 Security Update: pidgin-2.10.10-2.fc21

Resolved Bugs
1155838 – CVE-2014-3698 CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 pidgin: various flaws [fedora-all]
1154908 – CVE-2014-3694 pidgin: SSL/TLS plug-ins failed to check Basic Constraints
1154909 – CVE-2014-3695 pidgin: crash in MXit protocol plug-in
1154910 – CVE-2014-3696 pidgin: denial of service parsing Groupwise server message
1154911 – CVE-2014-3698 pidgin: remote information leak via crafted XMPP message<br
fix build on arches without valgrind
Update to 2.10.10
Security fix for CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3698

Fedora 21 Security Update: ruby-2.1.4-24.fc21

Resolved Bugs
1114071 – ruby-libs conflicts with rubygem-pysch
1144367 – ruby-2.1.3 is available
1120856 – CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function [fedora-all]
1157709 – CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion
1157936 – CVE-2014-8080 ruby: Denial Of Service XML Expansion [fedora-all]
1118158 – CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function<br
Update to Ruby 2.1.4.
Include only vendor directories, not their content (rhbz#1114071).
Fix “invalid regex” warning for non-rubygem packages (rhbz#1154067).
Use load macro introduced in RPM 4.12.

CVE-2014-8244

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request.