Resolved Bugs
1236011 – CVE-2015-5070 CVE-2015-5069 wesnoth: authentication information disclosure [fedora-all]<br
http://www.openwall.com/lists/oss-security/2015/06/25/2
Monthly Archives: June 2015
Fedora 21 Security Update: pam-1.1.8-19.fc21
Resolved Bugs
1228571 – CVE-2015-3238 pam: DoS/user enumeration due to blocking pipe in pam_unix module<br
Update fixing a minor security issue CVE-2015-3238.
Fedora 22 Security Update: mariadb-10.0.20-1.fc22
Resolved Bugs
1217506 – CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)
1217508 – CVE-2015-3152 mariadb: mysql: SSL/TLS downgrade (oCERT-2015-003) [fedora-all]
1233467 – mariadb-10.0.20 is available<br
This is an update to most recent version 10.0.20, that also fixes CVE-2015-3152.
Fedora 22 Security Update: pam-1.1.8-19.fc22
Resolved Bugs
1228571 – CVE-2015-3238 pam: DoS/user enumeration due to blocking pipe in pam_unix module<br
Update fixing a minor security issue CVE-2015-3238.
Fedora 21 Security Update: mariadb-10.0.20-1.fc21
Resolved Bugs
1217506 – CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)
1217508 – CVE-2015-3152 mariadb: mysql: SSL/TLS downgrade (oCERT-2015-003) [fedora-all]
1233467 – mariadb-10.0.20 is available<br
This is an update to most recent version 10.0.20, that also fixes CVE-2015-3152.
Fedora 21 Security Update: condor-8.3.6-1.fc21
Resolved Bugs
1169800 – CVE-2014-8126 condor: mailx invocation enables code execution as condor user
1181291 – CVE-2014-8126 condor: mailx invocation enables code execution as condor user [fedora-all]
1197703 – Update Condor to 8.3.3 for the security fixes<br
Security fix for CVE-2014-8126 and update to latest source 8.3.6
Fedora 22 Security Update: wesnoth-1.12.2-3.fc22
Resolved Bugs
1236011 – CVE-2015-5070 CVE-2015-5069 wesnoth: authentication information disclosure [fedora-all]<br
http://www.openwall.com/lists/oss-security/2015/06/25/2
APPLE-SA-2015-06-26-1 OS X: Flash Player plug-in blocked
From: Apple Product Security
Reply to list
APPLE-SA-2015-06-26-1 OS X: Flash Player plug-in blocked Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 18.0.0.194 and 13.0.0.296. Information on blocked web plug-ins will be posted to: http://support. [...]
RHBA-2015:1191-1: irqbalance bug fix update
Red Hat Enterprise Linux: Updated irqbalance packages that fix one bug are now available for Red Hat
Enterprise Linux 5.
Adobe Flash Player Drawing Fill Shader Memory Corruption
This Metasploit module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.188, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.188, and Linux Mint “Rebecca” (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.460.