Resolved Bugs
1115636 – CVE-2014-3533 CVE-2014-3532 dbus: various flaws [fedora-all]
1142581 – CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 dbus: various flaws [fedora-all]
1140523 – CVE-2014-3635 dbus: heap-based buffer overflow flaw in file descriptor passing
1140525 – CVE-2014-3636 dbus: denial of service by queuing or splitting file descriptors
1140527 – CVE-2014-3637 dbus: denial of service by creating unkillable D-Bus connections
1140529 – CVE-2014-3638 dbus: denial of service in method call handling
1140532 – CVE-2014-3639 dbus: denial of service flaw in incomplete connection handling
1114414 – CVE-2014-3532 dbus: denial of service in file descriptor passing feature
1114416 – CVE-2014-3533 dbus: denial of service when forwarding invalid file descriptors<br
Update to 1.6.28

Resolved Bugs
1169487 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
1169488 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]<br
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b

Resolved Bugs
1169886 – kde-plasma-networkmanagement, kde-plasma-nm: creates OpenVPN connections vulnerable to MITM attack
1169887 – kde-plasma-networkmanagement: kde-plasma-networkmanagement, kde-plasma-nm: created OpenVPN connections vulnerable to MITM attack [fedora-19]<br
Add option for server certificate verification.

Resolved Bugs
1169369 – CVE-2014-9130 libyaml: assert failure when processing wrapped strings
1169750 – CVE-2014-9130 perl-YAML-LibYAML: libyaml: assert failure when processing wrapped strings [fedora-all]<br
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.

Resolved Bugs
1169375 – Disable SSL 3.0 in erlang-ssl
1059331 – CVE-2014-1693 erlang-inets: command injection flaw in FTP module
1059335 – CVE-2014-1693 erlang: erlang-inets: command injection flaw in FTP module [epel-all]
1161922 – Too many dependencies from Erlang<br
* Disable SSLv3
* Backport useful os:getenv/2 from master. See this GitHub pull request for further details – https://github.com/erlang/otp/pull/535
* Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Trimmed dependency chain

Resolved Bugs
1165626 – Heap overflow while matching against an expression with an assertion with a zero minimum repeat as the condition in a conditional group.
1166147 – CVE-2014-8964 pcre: incorrect handling of zero-repeat assertion conditions<br
This release fixes CVE-2014-8964 (an unused memory usage on zero-repeat assertion condition)