Resolved Bugs
1166041 – CVE-2010-5312 jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
1166767 – CVE-2010-5312 couchdb: jquery-ui: XSS vulnerability in jQuery.ui.dialog title option [fedora-all]<br
* Fix CVE-2010-5312 couchdb: jquery-ui: XSS vulnerability in jQuery.ui.dialog title option (rhbz #1166767)
Monthly Archives: November 2014
Fedora 21 Security Update: libreoffice-4.3.4.1-8.fc21
Resolved Bugs
1165444 – [abrt] libreoffice-core: EditView::GetFieldUnderMousePointer(): soffice.bin killed by SIGSEGV
1165740 – libreoffice: crash importing malformed .rtf [fedora-all]<br
Don’t create duplicate Mirrored props which can lead to creating odp files which cannot be reloaded
Fix abrt crash with NULL pView
Crash in clipboard code
Fix export to pdf of Nimbus Sans L etc when using typographical quotes etc.
Fixes for various crashes on importing malformed rtf
New bugfix release.
Fedora 21 Security Update: xen-4.4.1-9.fc21
Resolved Bugs
1166461 – migrate –debug option can lead to Segmentation fault (core dumped)
1166913 – CVE-2014-9030 kernel: xen: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
1166914 – CVE-2014-9030 kernel: xen: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [fedora-all]
1165205 – CVE-2014-8594 kernel: xen: Insufficient restrictions on certain MMU update hypercalls (xsa109) [fedora-all]
1165204 – CVE-2014-8595 kernel: xen: Missing privilege level checks in x86 emulation of far branches (xsa110) [fedora-all]
1086776 – CVE-2014-0150 xen: qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function [fedora-all]
1160664 – CVE-2014-8594 kernel: xen: Insufficient restrictions on certain MMU update hypercalls (xsa109)
1160643 – CVE-2014-8595 kernel: xen: Missing privilege level checks in x86 emulation of far branches (xsa110)
1078846 – CVE-2014-0150 qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function<br
Excessive checking in compatibility mode hypercall argument translation,
Insufficient bounding of “REP MOVS” to MMIO emulated inside the hypervisor,
fix segfaults and failures in xl migrate –debug
Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
Insufficient restrictions on certain MMU update hypercalls,
Missing privilege level checks in x86 emulation of far branches,
Add fix for CVE-2014-0150 to qemu-dm, though it probably isn’t
exploitable from xen
Ubuntu Security Notice USN-2426-1
Ubuntu Security Notice 2426-1 – Michele Spagnuolo discovered that FLAC incorrectly handled certain malformed audio files. An attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice USN-2427-1
Ubuntu Security Notice 2427-1 – Hanno Bock discovered that Libksba incorrectly handled certain S/MIME messages or ECC based OpenPGP data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.
Tiny Server 1.1.9 Arbitrary File Disclosure
Tiny Server version 1.1.9 suffers from a file disclosure vulnerability via directory traversal.
WordPress 4.0 Denial Of Service
WordPress versions 4.0 and below suffer from a denial of service vulnerability.
Bugtraq: [ MDVSA-2014:234 ] libksba
[ MDVSA-2014:234 ] libksba
Bugtraq: [ MDVSA-2014:235 ] perl-Plack
[ MDVSA-2014:235 ] perl-Plack
Bugtraq: [ MDVSA-2014:236 ] file
[ MDVSA-2014:236 ] file