Monthly Archives: August 2015

Fedora

Fedora 23 Security Update: qemu-2.4.0-0.2.rc4.fc23

Resolved Bugs
1230536 – CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path [fedora-all]
1225882 – CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path
1243728 – CVE-2015-3214 qemu: qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function [fedora-all]
1229640 – CVE-2015-3214 qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function
1246025 – CVE-2015-5158 Qemu: scsi stack buffer overflow [fedora-all]
1244332 – CVE-2015-5158 Qemu: scsi stack buffer overflow
1247141 – CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access [fedora-all]
1243563 – CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access
1249755 – CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest [fedora-all]
1248760 – CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)
1249758 – CVE-2015-5166 Qemu: BlockBackend object use after free issue [fedora-all]
1248997 – CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139)
1251160 – CVE-2015-5745 qemu: kernel: qemu buffer overflow in virtio-serial [fedora-all]
1251157 – CVE-2015-5745 kernel: qemu buffer overflow in virtio-serial<br
* CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path (bz #1230536)
* CVE-2015-3214: i8254: out-of-bounds memory access (bz #1243728)
* CVE-2015-5158: scsi stack buffer overflow (bz #1246025)
* CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access (bz #1247141)
* CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest (bz #1249755)
* CVE-2015-5166: BlockBackend object use after free issue (bz #1249758)
* CVE-2015-5745: buffer overflow in virtio-serial (bz #1251160)

Fedora

Fedora 23 Security Update: icecast-2.4.2-1.fc23

Resolved Bugs
1236296 – icecast-2.4.2 is available
1210198 – CVE-2015-3026 icecast: NULL pointer dereference in stream_auth handler leading to DoS
1210199 – CVE-2015-3026 icecast: NULL pointer dereference in stream_auth handler leading to DoS [fedora-all]
1210200 – CVE-2015-3026 icecast: NULL pointer dereference in stream_auth handler leading to DoS [epel-all]<br
* update to 2.4.2
* fix CVE-2015-3026
* use %license on Fedora 22+

Fedora

Fedora 22 Security Update: icecast-2.4.2-1.fc22

Resolved Bugs
1236296 – icecast-2.4.2 is available
1210198 – CVE-2015-3026 icecast: NULL pointer dereference in stream_auth handler leading to DoS
1210199 – CVE-2015-3026 icecast: NULL pointer dereference in stream_auth handler leading to DoS [fedora-all]
1210200 – CVE-2015-3026 icecast: NULL pointer dereference in stream_auth handler leading to DoS [epel-all]<br
* update to 2.4.2
* fix CVE-2015-3026
* use %license on Fedora 22+

Security

Red Hat Security Advisory 2015-1581-01

Red Hat Security Advisory 2015-1581-01 – Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer. An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files from the system running Firefox.