Resolved Bugs
1185900 – CVE-2015-1351 php: use after free in opcache extension
1209865 – CVE-2015-1351 php-pecl-zendopcache: php: use after free in opcache extension [epel-all]<br
Fix free after use.
Monthly Archives: April 2015
Fedora EPEL 6 Security Update: chrony-1.31.1-1.el6
Resolved Bugs
1209572 – CVE-2015-1853 chrony: authentication doesn’t protect symmetric associations against DoS attacks
1209633 – CVE-2015-1822 CVE-2015-1821 chrony: various flaws [epel-all]
1209632 – CVE-2015-1822 chrony: uninitialized pointer in cmdmon reply slots
1209579 – CVE-2015-1853 chrony: authentication doesn’t protect symmetric associations against DoS attacks [epel-all]
1209631 – CVE-2015-1821 chrony: Heap out of bound write in address filter<br
Security fix for CVE-2015-1853, CVE-2015-1821, CVE-2015-1822
Fedora EPEL 5 Security Update: chrony-1.31.1-1.el5
Resolved Bugs
1209633 – CVE-2015-1822 CVE-2015-1821 chrony: various flaws [epel-all]
1209632 – CVE-2015-1822 chrony: uninitialized pointer in cmdmon reply slots
1209579 – CVE-2015-1853 chrony: authentication doesn’t protect symmetric associations against DoS attacks [epel-all]
1209631 – CVE-2015-1821 chrony: Heap out of bound write in address filter
1209572 – CVE-2015-1853 chrony: authentication doesn’t protect symmetric associations against DoS attacks<br
Security fix for CVE-2015-1853, CVE-2015-1821, CVE-2015-1822
Fedora EPEL 6 Security Update: knot-1.6.3-1.el6
new upstream release
Fedora EPEL 6 Security Update: php-pecl-zendopcache-7.0.4-2.el6
Fedora 22 Security Update: knot-1.6.3-1.fc22
new upstream release
Fedora 22 Security Update: ntp-4.2.6p5-29.fc22
Resolved Bugs
1209578 – CVE-2015-1798 CVE-2015-1799 ntp: various flaws [fedora-all]
1199435 – CVE-2015-1799 ntp: authentication doesn’t protect symmetric associations against DoS attacks
1199430 – CVE-2015-1798 ntp: ntpd accepts unauthenticated packets with symmetric key crypto<br
Security fix for CVE-2015-1799, CVE-2015-1798
Fedora 22 Security Update: python-django-1.8-1.fc22
Resolved Bugs
1191053 – Django18
1196439 – python-django-1.8c1 is available
1203614 – CVE-2015-2316 python-django: Django: possible denial of service in strip_tags() [fedora-all]
1203616 – CVE-2015-2317 python-django: Django: possible XSS attack via user-supplied redirect URLs [fedora-all]<br
update to 1.8 final
modernize spec for python3
Fedora 22 Security Update: chrony-2.0-0.3.pre2.fc22
Resolved Bugs
1209572 – CVE-2015-1853 chrony: authentication doesn’t protect symmetric associations against DoS attacks
1209580 – CVE-2015-1853 chrony: authentication doesn’t protect symmetric associations against DoS attacks [fedora-all]
1209634 – CVE-2015-1822 CVE-2015-1821 chrony: various flaws [fedora-all]
1209631 – CVE-2015-1821 chrony: Heap out of bound write in address filter
1209632 – CVE-2015-1822 chrony: uninitialized pointer in cmdmon reply slots<br
Security fix for CVE-2015-1853, CVE-2015-1821, CVE-2015-1822
CVE-2015-2822
Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.