Resolved Bugs
1218074 – CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation
1218110 – CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation [fedora-all]
1218662 – I/O errors, broken ncq trim since Samsung SSD update EXT0DB6Q
1208999 – iscsi issues on 3.19 kernel
1204390 – [abrt] WARNING: CPU: 6 PID: 790 at drivers/media/v4l2-core/v4l2-ioctl.c:1025 v4l_querycap+0x41/0x70 [videodev]() [videodev]
1206036 – Impossible to reduce the display brightness under the new kernel – Toshiba Z30 laptop
1215989 – Backlight is non-responsive on Toshiba Satellite
1205083 – [abrt] WARNING: CPU: 3 PID: 644 at drivers/net/wireless/iwlwifi/mvm/tx.c:952 iwl_mvm_rx_ba_notif+0x525/0x5c0 [iwlmvm]() [iwlmvm]
1214030 – CVE-2015-3339 kernel: race condition between chown() and execve()<br
The 3.19.7 update contains an number of important fixes across the tree.
The 3.19.6 stable update contains an number of fixes across the kernel tree

* **ZF2015-04**: ZendMail and ZendHttp were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either ZendMail or ZendHttp (which includes users of ZendMvc), we recommend upgrading immediately.

This is an update to the set of CA certificates released with NSS version 3.18.1
However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details.
If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the “ca-legacy disable” command.
This update adds a manual page for the ca-legacy command.
This update changes the names of the possible values in the ca-legacy configuration file. It still uses the term legacy=disable to override the compatibility option and follow the upstream Mozilla.org decision. However it now uses the term legacy=default for the default configuration, to make it more obvious that the legacy certificates won’t be kept enabled forever.

Resolved Bugs
1219368 – wordpress: two cross-site scripting flaws fixed in 4.2.2
1219369 – wordpress: two cross-site scripting flaws fixed in 4.2.2 [fedora-all]<br
**WordPress 4.2.2 Security and Maintenance Release**
* Upstream announcement https://wordpress.org/news/2015/05/wordpress-4-2-2/

* **ZF2015-04**: ZendMail and ZendHttp were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either ZendMail or ZendHttp (which includes users of ZendMvc), we recommend upgrading immediately.