Resolved Bugs
1208060 – CVE-2015-2775 mailman: directory traversal in MTA transports that deliver programmatically [fedora-all]
1208059 – CVE-2015-2775 mailman: directory traversal in MTA transports that deliver programmatically<br
Update to version 2.1.20.
Monthly Archives: April 2015
Fedora 22 Security Update: mingw-gnutls-3.3.14-1.fc22,mingw-libtasn1-4.4-1.fc22
Resolved Bugs
1207194 – mingw-libtasn1: libtasn1: stack overflow in asn1_der_decoding [fedora-all]
1207192 – CVE-2015-2806 libtasn1: stack overflow in asn1_der_decoding<br
libtasn1 4.4 release, fixing CVE-2015-2806.
GnuTLS 3.3.14 release
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8077
Fedora 22 Security Update: strongswan-5.3.0-1.fc22
Resolved Bugs
1178956 – CVE-2014-9221 strongswan: denial-of-service vulnerability in libtls when processing crafted Key Exchange payload [fedora-all]<br
New upstream release 5.3.0.
Fedora 22 Security Update: xen-4.5.0-7.fc22
Resolved Bugs
1207739 – CVE-2015-2751 xen: certain domctl operations may be abused to lock up the host [fedora-all]
1207741 – CVE-2015-2752 xen: long latency MMIO mapping operations are not preemptible (xsa125) [fedora-all]
1207738 – CVE-2015-2756 xen: unmediated PCI command register access in qemu (xsa126) [fedora-all]
1203732 – CVE-2015-2752 xen: long latency MMIO mapping operations are not preemptible (xsa125)
1203737 – CVE-2015-2756 xen: unmediated PCI command register access in qemu (xsa126)
1203745 – CVE-2015-2751 xen: certain domctl operations may be abused to lock up the host<br
Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752]
Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756]
Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751]
DSA-3212 icedove – security update
Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
use-after-frees and other implementation errors may lead to the
execution of arbitrary code, the bypass of security restrictions or
denial of service.
phpList 3.0.10 Insecure Direct Object Reference
phpList version 3.0.10 suffers from an insecure direct object reference vulnerability.
Samba / OpenLDAP Jitterbug Cross Site Scripting
Samba and OpenLDAP Jitterbug instances suffered from a cross site scripting vulnerability.
Google Releases Security Update for Chrome
Original release date: April 01, 2015
Google has released Chrome 41.0.2272.118 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
CVE-2015-1233
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-1234
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands.