Monthly Archives: February 2015
GLSA 201502-10: libpng: User-assisted execution of arbitrary code
GLSA 201502-10: libpng: User-assisted execution of arbitrary code
Fedora 21 Security Update: openldap-2.4.40-3.fc21
Resolved Bugs
1190643 – CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list
1190645 – CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list [fedora-all]<br
CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list
Fedora 20 Security Update: dbus-1.6.30-1.fc20
Update to 1.6.30
Fedora 21 Security Update: unzip-6.0-20.fc21
Resolved Bugs
1191118 – CVE-2014-8139 CVE-2014-8141 CVE-2014-8140 unzip: various flaws [fedora-all]
1174844 – CVE-2014-8139 unzip: CRC32 verification heap-based buffer overread (oCERT-2014-011)
1174851 – CVE-2014-8140 unzip: out-of-bounds write issue in test_compr_eb() (oCERT-2014-011)
1174856 – CVE-2014-8141 unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)
1191136 – unzip: buffer overflows on long compression factors and methods
1184985 – CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c
1184986 – CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c [fedora-all]<br
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)
– CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c – re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)
Fedora 21 Security Update: file-5.22-2.fc21
Resolved Bugs
1180640 – file: limit the number of ELF notes processed [fedora-all]
1180642 – CVE-2014-9621 file: limit string printing to 100 chars
1190118 – CVE-2014-9653 file: malformed elf file causes access to uninitialized memory [fedora-all]
1174608 – CVE-2014-8116 CVE-2014-8117 file: various flaws [fedora-all]
1171580 – CVE-2014-8116 file: multiple denial of service issues (resource consumption)
1174606 – CVE-2014-8117 file: denial of service issue (resource consumption)
1180639 – CVE-2014-9620 file: limit the number of ELF notes processed
1180643 – file: limit string printing to 100 chars [fedora-all]
1190116 – CVE-2014-9653 file: malformed elf file causes access to uninitialized memory<br
Update to File-5.22. Fixes various CVE bugs.
Fedora 21 Security Update: dbus-1.8.16-1.fc21
Update to 1.8.16
Fedora 21 Security Update: file-5.22-1.fc21
Resolved Bugs
1174608 – CVE-2014-8116 CVE-2014-8117 file: various flaws [fedora-all]
1171580 – CVE-2014-8116 file: multiple denial of service issues (resource consumption)
1174606 – CVE-2014-8117 file: denial of service issue (resource consumption)
1180639 – CVE-2014-9620 file: limit the number of ELF notes processed
1180640 – file: limit the number of ELF notes processed [fedora-all]
1180642 – CVE-2014-9621 file: limit string printing to 100 chars
1180643 – file: limit string printing to 100 chars [fedora-all]
1190116 – CVE-2014-9653 file: malformed elf file causes access to uninitialized memory
1190118 – CVE-2014-9653 file: malformed elf file causes access to uninitialized memory [fedora-all]<br
Update to File-5.22. Fixes various CVE bugs.
Fedora 20 Security Update: unzip-6.0-17.fc20
Resolved Bugs
1191118 – CVE-2014-8139 CVE-2014-8141 CVE-2014-8140 unzip: various flaws [fedora-all]
1174844 – CVE-2014-8139 unzip: CRC32 verification heap-based buffer overread (oCERT-2014-011)
1174851 – CVE-2014-8140 unzip: out-of-bounds write issue in test_compr_eb() (oCERT-2014-011)
1174856 – CVE-2014-8141 unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)
1191136 – unzip: buffer overflows on long compression factors and methods
1184985 – CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c
1184986 – CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c [fedora-all]<br
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)
– CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c – re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)