The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
Monthly Archives: April 2015
CVE-2015-3417 (ffmpeg)
Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.
Fedora 20 Security Update: ikiwiki-3.20150329-1.fc20
Fedora 20 Security Update: wordpress-4.2.1-1.fc20
Resolved Bugs
1214651 – wordpress: several vulnerabilities fixed in WordPress 4.1.2 [fedora-all]
1214650 – wordpress: several vulnerabilities fixed in WordPress 4.1.2
1216069 – wordpress: stored XSS via long comments
1216070 – wordpress: stored XSS via long comments [fedora-all]<br
**WordPress 4.2 “Powell” **
* Upstream announcement https://wordpress.org/news/2015/04/powell/
**WordPress 4.2.1 Security Release**
* Upstream announcement https://wordpress.org/news/2015/04/wordpress-4-2-1/
Fedora 21 Security Update: wordpress-4.2.1-1.fc21
Resolved Bugs
1214650 – wordpress: several vulnerabilities fixed in WordPress 4.1.2
1216070 – wordpress: stored XSS via long comments [fedora-all]
1214651 – wordpress: several vulnerabilities fixed in WordPress 4.1.2 [fedora-all]
1216069 – wordpress: stored XSS via long comments<br
**WordPress 4.2 “Powell” **
* Upstream announcement https://wordpress.org/news/2015/04/powell/
**WordPress 4.2.1 Security Release**
* Upstream announcement https://wordpress.org/news/2015/04/wordpress-4-2-1/
Fedora 20 Security Update: wordpress-4.1.3-1.fc20
Resolved Bugs
1214651 – wordpress: several vulnerabilities fixed in WordPress 4.1.2 [fedora-all]
1214650 – wordpress: several vulnerabilities fixed in WordPress 4.1.2<br
This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
https://wordpress.org/news/2015/04/wordpress-4-1-2/
Fedora 21 Security Update: wordpress-4.1.3-1.fc21
Resolved Bugs
1214651 – wordpress: several vulnerabilities fixed in WordPress 4.1.2 [fedora-all]
1214650 – wordpress: several vulnerabilities fixed in WordPress 4.1.2<br
This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
https://wordpress.org/news/2015/04/wordpress-4-1-2/
Fedora 20 Security Update: wordpress-4.1.2-1.fc20
Resolved Bugs
1214651 – wordpress: several vulnerabilities fixed in WordPress 4.1.2 [fedora-all]
1214650 – wordpress: several vulnerabilities fixed in WordPress 4.1.2<br
This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
https://wordpress.org/news/2015/04/wordpress-4-1-2/
Fedora 21 Security Update: ikiwiki-3.20150329-1.fc21
Fedora 21 Security Update: wordpress-4.1.2-1.fc21
Resolved Bugs
1214651 – wordpress: several vulnerabilities fixed in WordPress 4.1.2 [fedora-all]
1214650 – wordpress: several vulnerabilities fixed in WordPress 4.1.2<br
This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
https://wordpress.org/news/2015/04/wordpress-4-1-2/