Updated python packages fix security vulnerabilities:

A vulnerability was reported in Python’s socket module, due to
a boundary error within the sock_recvfrom_into() function, which
could be exploited to cause a buffer overflow. This could be used
to crash a Python application that uses the socket.recvfrom_info()
function or, possibly, execute arbitrary code with the permissions
of the user running vulnerable Python code (CVE-2014-1912).

This updates the python package to version 2.7.6, which fixes several
other bugs, including denial of service flaws due to unbound readline()
calls in the ftplib and nntplib modules (CVE-2013-1752).

Denial of service flaws due to unbound readline() calls in the imaplib,
poplib, and smtplib modules (CVE-2013-1752).

A gzip bomb and unbound read denial of service flaw in python XMLRPC
library (CVE-2013-1753).

Python are susceptible to arbitrary process memory reading by a user
or adversary due to a bug in the _json module caused by insufficient
bounds checking. The bug is caused by allowing the user to supply a
negative value that is used an an array index, causing the scanstring
function to access process memory outside of the string it is intended
to access (CVE-2014-4616).

The CGIHTTPServer Python module does not properly handle URL-encoded
path separators in URLs. This may enable attackers to disclose a CGI
script’s source code or execute arbitrary scripts in the server’s
document root (CVE-2014-4650).

Python before 2.7.8 is vulnerable to an integer overflow in the buffer
type (CVE-2014-7185).

When Python’s standard library HTTP clients (httplib, urllib,
urllib2, xmlrpclib) are used to access resources with HTTPS, by
default the certificate is not checked against any trust store,
nor is the hostname in the certificate checked against the requested
host. It was possible to configure a trust root to be checked against,
however there were no faculties for hostname checking (CVE-2014-9365).

The python-pip and tix packages was added due to missing build
dependencies.

A vulnerability has been discovered and corrected in openldap:

The deref_parseCtrl function in servers/slapd/overlays/deref.c in
OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a
denial of service (NULL pointer dereference and crash) via an empty
attribute list in a deref control in a search request (CVE-2015-1545).

The updated packages provides a solution for these security issues.

Multiple vulnerabilities has been discovered and corrected in openldap:

The deref_parseCtrl function in servers/slapd/overlays/deref.c in
OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a
denial of service (NULL pointer dereference and crash) via an empty
attribute list in a deref control in a search request (CVE-2015-1545).

Double free vulnerability in the get_vrFilter function in
servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to
cause a denial of service (crash) via a crafted search query with a
matched values control (CVE-2015-1546).

The updated packages provides a solution for these security issues.

Updated gnutls packages fix security vulnerabilities:

Suman Jana reported a vulnerability that affects the certificate
verification functions of gnutls 3.1.x and gnutls 3.2.x. A version
1 intermediate certificate will be considered as a CA certificate
by default (something that deviates from the documented behavior)
(CVE-2014-1959).

It was discovered that GnuTLS did not correctly handle certain errors
that could occur during the verification of an X.509 certificate,
causing it to incorrectly report a successful verification. An attacker
could use this flaw to create a specially crafted certificate that
could be accepted by GnuTLS as valid for a site chosen by the attacker
(CVE-2014-0092).

A NULL pointer dereference flaw was discovered in GnuTLS’s
gnutls_x509_dn_oid_name(). The function, when called with the
GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its
caller. However, it could previously return NULL when parsed X.509
certificates included specific OIDs (CVE-2014-3465).

A flaw was found in the way GnuTLS parsed session ids from Server
Hello packets of the TLS/SSL handshake. A malicious server could use
this flaw to send an excessively long session id value and trigger a
buffer overflow in a connecting TLS/SSL client using GnuTLS, causing
it to crash or, possibly, execute arbitrary code (CVE-2014-3466).

An out-of-bounds memory write flaw was found in the way GnuTLS
parsed certain ECC (Elliptic Curve Cryptography) certificates or
certificate signing requests (CSR). A malicious user could create a
specially crafted ECC certificate or a certificate signing request
that, when processed by an application compiled against GnuTLS (for
example, certtool), could cause that application to crash or execute
arbitrary code with the permissions of the user running the application
(CVE-2014-8564).

Updated libpng12 package fixes security vulnerabilities:

The png_do_expand_palette function in libpng before 1.6.8 allows remote
attackers to cause a denial of service (NULL pointer dereference and
application crash) via a PLTE chunk of zero bytes or a NULL palette,
related to pngrtran.c and pngset.c (CVE-2013-6954).

An integer overflow leading to a heap-based buffer overflow was found
in the png_set_sPLT() and png_set_text_2() API functions of libpng. An
attacker could create a specially-crafted image file and render it
with an application written to explicitly call png_set_sPLT() or
png_set_text_2() function, could cause libpng to crash or execute
arbitrary code with the permissions of the user running such an
application (CVE-2013-7353).

An integer overflow leading to a heap-based buffer overflow was found
in the png_set_unknown_chunks() API function of libpng. An attacker
could create a specially-crafted image file and render it with an
application written to explicitly call png_set_unknown_chunks()
function, could cause libpng to crash or execute arbitrary code
with the permissions of the user running such an application
(CVE-2013-7354).

Updated libvirt packages fixes security vulnerabilities:

The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions
in qemu/qemu_driver.c in libvirt do not unlock the domain when an
ACL check fails, which allow local users to cause a denial of service
via unspecified vectors (CVE-2014-8136).

The XML getters for for save images and snapshots objects don’t
check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump
security sensitive information. A remote attacker able to establish
a connection to libvirtd could use this flaw to cause leak certain
limited information from the domain xml file (CVE-2015-0236).

The updated packages provides the latest 1.1.3.9 version whish has
more robust fixes for MDVSA-2015:023 and MDVSA-2015:035.

Multiple vulnerabilities has been discovered and corrected in krb5:

The krb5_gss_process_context_token function in
lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library
in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2,
and 1.13.x before 1.13.1 does not properly maintain security-context
handles, which allows remote authenticated users to cause a denial of
service (use-after-free and double free, and daemon crash) or possibly
execute arbitrary code via crafted GSSAPI traffic, as demonstrated
by traffic to kadmind (CVE-2014-5352).

MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that
a krb5_read_message data field is represented as a string ending
with a ” character, which allows remote attackers to (1) cause a
denial of service (NULL pointer dereference) via a zero-byte version
string or (2) cause a denial of service (out-of-bounds read) by
omitting the ” character, related to appl/user_user/server.c and
lib/krb5/krb/recvauth.c (CVE-2014-5355).

The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c
in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2,
and 1.13.x before 1.13.1 does not properly handle partial XDR
deserialization, which allows remote authenticated users to cause
a denial of service (use-after-free and double free, and daemon
crash) or possibly execute arbitrary code via malformed XDR data,
as demonstrated by data sent to kadmind (CVE-2014-9421).

The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in
kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through
1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to
bypass a kadmin/* authorization check and obtain administrative access
by leveraging access to a two-component principal with an initial
kadmind substring, as demonstrated by a ka/x principal (CVE-2014-9422).

The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c
in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through
1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer
data to clients, which allows remote attackers to obtain sensitive
information from process heap memory by sniffing the network for data
in a handle field (CVE-2014-9423).

The updated packages provides a solution for these security issues.

Updated e2fsprogs packages fix security vulnerability:

The libext2fs library, part of e2fsprogs and utilized by its utilities,
is affected by a boundary check error on block group descriptor
information, leading to a heap based buffer overflow. A specially
crafted filesystem image can be used to trigger the vulnerability. This
is due to an incomplete fix for CVE-2015-0247 (CVE-2015-1572).

Updated e2fsprogs packages fix security vulnerabilities:

The libext2fs library, part of e2fsprogs and utilized by its utilities,
is affected by a boundary check error on block group descriptor
information, leading to a heap based buffer overflow. A specially
crafted filesystem image can be used to trigger the vulnerability
(CVE-2015-0247).

The libext2fs library, part of e2fsprogs and utilized by its utilities,
is affected by a boundary check error on block group descriptor
information, leading to a heap based buffer overflow. A specially
crafted filesystem image can be used to trigger the vulnerability. This
is due to an incomplete fix for CVE-2015-0247 (CVE-2015-1572).

Updated cpio package fixes security vulnerability:

In GNU Cpio 2.11, the –no-absolute-filenames option limits
extracting contents of an archive to be strictly inside a current
directory. However, it can be bypassed with symlinks. While extracting
an archive, it will extract symlinks and then follow them if they
are referenced in further entries. This can be exploited by a rogue
archive to write files outside the current directory (CVE-2015-1197).