Red Hat Enterprise Linux: Updated system-config-firewall packages that fix one bug are now available for
Red Hat Enterprise Linux 6.
Monthly Archives: December 2014
RHBA-2014:1960-1: publican bug fix update
Red Hat Enterprise Linux: Updated publican packages that fix one bug are now available for Red Hat
Enterprise Linux 7.
Fedora 20 Security Update: php-horde-kronolith-4.2.4-1.fc20
kronolith 4.2.4
* [jan] Make access to non-CalDAV remote calendars faster (Bug #12379).
* [jan] Continue with further events if parsing of one remote event date fails.
* [jan] Fix JS error in month view with more events today than the maximum threshold.
* [mjr] Fix fatal error when creating or modifying an entry via PUT.
* [mjr] Don’t show private event details in daily agenda emails if not the owner (Bug #13660).
Fedora 20 Security Update: grub2-2.00-27.fc20
Fedora 20 Security Update: smack-3.2.2-6.fc20
Fedora 20 Security Update: python-tornado-2.2.1-7.fc20
Resolved Bugs
963260 – CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns
966270 – CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [fedora-all]<br
– Add patch to fix CVE-2013-2098 CVE-2013-2099 (bug #96627)
– Drop requires python-simplejson, not needed for modern python
Fedora 20 Security Update: python3-3.3.2-19.fc20
Resolved Bugs
1078014 – CVE-2013-7338 python: malformed ZIP files could cause 100% CPU usage
1078015 – python3: python: malformed ZIP files could cause 100% CPU usage [fedora-all]
1082177 – CVE-2014-2667 python: os.makedirs(exist_ok=True) is not thread-safe in Python 3.x
1083594 – CVE-2014-2667 python3: python: os.makedirs(exist_ok=True) is not thread-safe in Python 3.x [fedora-all]<br
Fixes CVEs 2013-7338 and 2014-2667.
Fedora 20 Security Update: icecast-2.4.1-1.fc20
Resolved Bugs
1168146 – CVE-2014-9091 icecast: supplementary groups are not overriden
1168147 – CVE-2014-9091 icecast: supplementary groups are not overriden [fedora-all]
1168148 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-5]
1168149 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-6]
1165880 – CVE-2014-9018 icecast: possible leak of on-connect scripts
1165882 – icecast: possible leak of on-connect scripts [fedora-all]
1165883 – icecast: possible leak of on-connect scripts [epel-5]
1165885 – icecast: possible leak of on-connect scripts [epel-6]
954320 – icecast package should be built with PIE flags
1101950 – icecast-2.4.1 is available<br
**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)**
**fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)**
**enabled fully hardened build (#954320)**
* update new to release v2.4.1 (#1101950)
* added doc-subpkg
Fedora 20 Security Update: jasper-1.900.1-26.fc20
Resolved Bugs
1167537 – CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
1170650 – CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]<br
Fixes CVE-2014-9029 vulnerability.
Fedora 20 Security Update: pam-1.1.8-2.fc20
Resolved Bugs
1080243 – CVE-2014-2583 pam: path traversal issue in pam_timestamp’s format_timestamp_name()
1038557 – pam: password hashes aren’t compared case-sensitively [fedora-all]
1038555 – CVE-2013-7041 pam: pam_userdb case insensitive password hash comparison
1120104 – pam segfaults on unexpected /etc/security/opasswd contents<br
Update fixing minor security issues and bugs.