Resolved Bugs
1169487 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
1169488 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]<br
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
Monthly Archives: December 2014
Fedora EPEL 6 Security Update: perl-YAML-LibYAML-0.38-5.el6
Resolved Bugs
1169369 – CVE-2014-9130 libyaml: assert failure when processing wrapped strings
1169751 – CVE-2014-9130 perl-YAML-LibYAML: libyaml: assert failure when processing wrapped strings [epel-6]<br
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
Fedora EPEL 7 Security Update: perl-YAML-LibYAML-0.54-1.el7
Resolved Bugs
1169369 – CVE-2014-9130 libyaml: assert failure when processing wrapped strings
1169801 – CVE-2014-9130 perl-YAML-LibYAML: libyaml: assert failure when processing wrapped strings [epel-7]<br
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
Fedora EPEL 6 Security Update: pkcs11-helper-1.11-3.el6,openvpn-2.3.6-1.el6
Resolved Bugs
1169487 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
1169488 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]<br
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
Fedora EPEL 5 Security Update: libyaml-0.1.2-8.el5
Fedora EPEL 7 Security Update: erlang-R16B-03.10.el7
Resolved Bugs
1169375 – Disable SSL 3.0 in erlang-ssl
1059331 – CVE-2014-1693 erlang-inets: command injection flaw in FTP module
1059335 – CVE-2014-1693 erlang: erlang-inets: command injection flaw in FTP module [epel-all]
1161922 – Too many dependencies from Erlang<br
* Disable SSLv3
* Backport useful os:getenv/2 from master. See this GitHub pull request for further details – https://github.com/erlang/otp/pull/535
* Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Trimmed dependency chain
Fedora EPEL 7 Security Update: pkcs11-helper-1.11-3.el7,openvpn-2.3.6-1.el7
Resolved Bugs
1169487 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
1169488 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]<br
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
Fedora EPEL 6 Security Update: antiword-0.37-17.el6
Fedora EPEL 7 Security Update: mingw-flac-1.3.1-1.el7
Resolved Bugs
1169699 – CVE-2014-9028 CVE-2014-8962 mingw-flac: various flaws [fedora-all]
1167236 – CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
1167741 – CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_<br
Security fix for CVE-2014-9028, CVE-2014-8962
Fedora 21 Security Update: erlang-17.3.4-3.fc21
Resolved Bugs
1169375 – Disable SSL 3.0 in erlang-ssl
1059331 – CVE-2014-1693 erlang-inets: command injection flaw in FTP module
1059335 – CVE-2014-1693 erlang: erlang-inets: command injection flaw in FTP module [epel-all]
1161922 – Too many dependencies from Erlang<br
* Disable SSLv3
* Backport useful os:getenv/2 from master. See this GitHub pull request for further details – https://github.com/erlang/otp/pull/535
* Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Trimmed dependency chain