Resolved Bugs
1108639 – CVE-2014-3004 castor: XML External Entity (XXE) attacks via a crafted XML document
1108691 – CVE-2014-3004 castor: XML External Entity (XXE) attacks via a crafted XML document [fedora-all]<br
Update to latest upstream point release containing fix for CVE-2014-3004
Monthly Archives: December 2014
Fedora 21 Security Update: kernel-3.17.4-302.fc21
Resolved Bugs
1170691 – CVE-2014-9090 kernel: local DoS via do_double_fault() due to improper handling of faults associated with SS segment register
1094048 – [abrt] WARNING: CPU: 4 PID: 0 at drivers/usb/core/urb.c:450 usb_submit_urb+0x1fd/0x5c0()<br
Small bugfix update. A few AArch64 fixes and a patch to quiet a common i915 warning.
Fedora 21 Security Update: gpgme-1.4.3-5.fc21
Fedora 21 Security Update: icecast-2.4.1-1.fc21
Resolved Bugs
1168146 – CVE-2014-9091 icecast: supplementary groups are not overriden
1168147 – CVE-2014-9091 icecast: supplementary groups are not overriden [fedora-all]
1168148 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-5]
1168149 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-6]
1165880 – CVE-2014-9018 icecast: possible leak of on-connect scripts
1165882 – icecast: possible leak of on-connect scripts [fedora-all]
1165883 – icecast: possible leak of on-connect scripts [epel-5]
1165885 – icecast: possible leak of on-connect scripts [epel-6]
954320 – icecast package should be built with PIE flags
1101950 – icecast-2.4.1 is available<br
**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)**
**fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)**
**enabled fully hardened build (#954320)**
* update new to release v2.4.1 (#1101950)
* added doc-subpkg
Fedora 21 Security Update: grub2-2.02-0.13.fc21
Fedora 21 Security Update: pwgen-2.07-1.fc21
Resolved Bugs
1020220 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default
1020222 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default [fedora-all]
1020258 – CVE-2013-4442 pwgen: silent fallback to insecure entropy
1020259 – CVE-2013-4442 pwgen: silent fallback to insecure entropy [fedora-all]<br
Update to 2.07 (bug 1159526) fixes:
– CVE-2013-4440 (bug 1020222, 1020223)
– CVE-2013-4442 (bug 1020259, 1020261)
Bugtraq: [security bulletin] HPSBGN03205 rev.1 – HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information
[security bulletin] HPSBGN03205 rev.1 – HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBUX03218 SSRT101770 rev.1 – HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
[security bulletin] HPSBUX03218 SSRT101770 rev.1 – HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Bugtraq: NEW: VMSA-2014-0012 – VMware vSphere product updates address security vulnerabilities
NEW: VMSA-2014-0012 – VMware vSphere product updates address security vulnerabilities
Bugtraq: NASA Orion Mars Program – Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass)
NASA Orion Mars Program – Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass)