Category Archives: Fedora

Fedora – Security Updates

Fedora

Fedora EPEL 7 Security Update: varnish-4.0.3-3.el7

Resolved Bugs
1200034 – varnish: heap-based buffer overflow in backend server HTTP response parsing
1200036 – varnish: heap-based buffer overflow in backend server HTTP response parsing [epel-all]<br
This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread.
New upstream release. A bugfix release.
Highlights from the changelog:
* 26 reported bugs fixed.
* Replaced objects are now expired immediately, instead of kept around until expiry.
* Memory usage on chunked backend responses is lower
Fore a detailed list of changes, please see the project’s announcement at https://www.varnish-cache.org/content/varnish-cache-403

Fedora

Fedora 20 Security Update: ettercap-0.8.2-1.fc20

0.8.2-Ferri
Bug Fix
!! Fixed some openssl deprecated functions usage
!! Fixed log file ownership
!! Fixed mixed output print
!! Fixed drop_privs function usage
!! Fixed nopromisc option usage.
!! Fixed missing break in parser code.
!! Improved redirect commands
!! Fix truncated VLAN packet headers
!! Fix ettercap.rc file (windows only)
!! Various cmake fixes
!! A ton of BSD bug fixes
!! Simplify macosx cmake files
!! Fix incorrect sequence number after TCP injection
!! Fix pcap length, and aligment problems with libpcap
!! Bug fixes and gtk code refactor (gtk box wrapper)
!! Fix some ipv6 send issues
!! Fixed sleep time on Windows (high CPU usage)
!! Fixed many CVE vulnerabilities (some of them already fixed in 0.8.1)
– CVE-2014-6395 (Length Parameter Inconsistency)
– CVE-2014-6396 (Arbitrary write)
– CVE-2014-9376 (Negative index/underflow)
– CVE-2014-9377 (Heap overflow)
– CVE-2014-9378 (Unchecked return value)
– CVE-2014-9379 (Incorrect cast)
– CVE-2014-9380 (Buffer over-read)
– CVE-2014-9381 (Signedness error)
New Features
+ Updated etter.finger.mac
+ Add TXT and ANY query support on dns_spoof
+ New macosx travis-ci build!
+ Enable again PDF generation
Removed
– Remove gprof support

Fedora

Fedora 22 Security Update: ettercap-0.8.2-1.fc22

0.8.2-Ferri
Bug Fix
!! Fixed some openssl deprecated functions usage
!! Fixed log file ownership
!! Fixed mixed output print
!! Fixed drop_privs function usage
!! Fixed nopromisc option usage.
!! Fixed missing break in parser code.
!! Improved redirect commands
!! Fix truncated VLAN packet headers
!! Fix ettercap.rc file (windows only)
!! Various cmake fixes
!! A ton of BSD bug fixes
!! Simplify macosx cmake files
!! Fix incorrect sequence number after TCP injection
!! Fix pcap length, and aligment problems with libpcap
!! Bug fixes and gtk code refactor (gtk box wrapper)
!! Fix some ipv6 send issues
!! Fixed sleep time on Windows (high CPU usage)
!! Fixed many CVE vulnerabilities (some of them already fixed in 0.8.1)
– CVE-2014-6395 (Length Parameter Inconsistency)
– CVE-2014-6396 (Arbitrary write)
– CVE-2014-9376 (Negative index/underflow)
– CVE-2014-9377 (Heap overflow)
– CVE-2014-9378 (Unchecked return value)
– CVE-2014-9379 (Incorrect cast)
– CVE-2014-9380 (Buffer over-read)
– CVE-2014-9381 (Signedness error)
New Features
+ Updated etter.finger.mac
+ Add TXT and ANY query support on dns_spoof
+ New macosx travis-ci build!
+ Enable again PDF generation
Removed
– Remove gprof support

Fedora

Fedora 21 Security Update: ettercap-0.8.2-1.fc21

0.8.2-Ferri
Bug Fix
!! Fixed some openssl deprecated functions usage
!! Fixed log file ownership
!! Fixed mixed output print
!! Fixed drop_privs function usage
!! Fixed nopromisc option usage.
!! Fixed missing break in parser code.
!! Improved redirect commands
!! Fix truncated VLAN packet headers
!! Fix ettercap.rc file (windows only)
!! Various cmake fixes
!! A ton of BSD bug fixes
!! Simplify macosx cmake files
!! Fix incorrect sequence number after TCP injection
!! Fix pcap length, and aligment problems with libpcap
!! Bug fixes and gtk code refactor (gtk box wrapper)
!! Fix some ipv6 send issues
!! Fixed sleep time on Windows (high CPU usage)
!! Fixed many CVE vulnerabilities (some of them already fixed in 0.8.1)
– CVE-2014-6395 (Length Parameter Inconsistency)
– CVE-2014-6396 (Arbitrary write)
– CVE-2014-9376 (Negative index/underflow)
– CVE-2014-9377 (Heap overflow)
– CVE-2014-9378 (Unchecked return value)
– CVE-2014-9379 (Incorrect cast)
– CVE-2014-9380 (Buffer over-read)
– CVE-2014-9381 (Signedness error)
New Features
+ Updated etter.finger.mac
+ Add TXT and ANY query support on dns_spoof
+ New macosx travis-ci build!
+ Enable again PDF generation
Removed
– Remove gprof support

Fedora

Fedora EPEL 6 Security Update: nx-libs-3.5.0.29-1.el6

Update to 3.5.0.29:
– further reduction of code size by Mike Gabriel
– ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and
/etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier
– security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396,
CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211,
CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096,
CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101,
CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo
– other (build) bug fixes
Update to 3.5.0.28:
o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller!
o Adapt X11 launchd socket path for recent Mac OS X versions.
o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros.
o Partly make nxcomp aware of nx-libs’s four-digit version string. Thanks to Nito Martinez from TheQVD project!
– Fix unowned directories
– Minor cleanup

Fedora

Fedora EPEL 7 Security Update: nx-libs-3.5.0.29-1.el7

Update to 3.5.0.29:
– further reduction of code size by Mike Gabriel
– ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and
/etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier
– security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396,
CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211,
CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096,
CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101,
CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo
– other (build) bug fixes
Update to 3.5.0.28:
o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller!
o Adapt X11 launchd socket path for recent Mac OS X versions.
o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros.
o Partly make nxcomp aware of nx-libs’s four-digit version string. Thanks to Nito Martinez from TheQVD project!
– Fix unowned directories
– Minor cleanup

Fedora

Fedora 20 Security Update: nx-libs-3.5.0.29-1.fc20

Update to 3.5.0.29:
– further reduction of code size by Mike Gabriel
– ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and
/etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier
– security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396,
CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211,
CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096,
CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101,
CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo
– other (build) bug fixes
Update to 3.5.0.28:
o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller!
o Adapt X11 launchd socket path for recent Mac OS X versions.
o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros.
o Partly make nxcomp aware of nx-libs’s four-digit version string. Thanks to Nito Martinez from TheQVD project!
– Fix unowned directories
– Minor cleanup

Fedora

Fedora 22 Security Update: nx-libs-3.5.0.29-1.fc22

Update to 3.5.0.29:
– further reduction of code size by Mike Gabriel
– ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and
/etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier
– security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396,
CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211,
CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096,
CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101,
CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo
– other (build) bug fixes
Update to 3.5.0.28:
o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller!
o Adapt X11 launchd socket path for recent Mac OS X versions.
o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros.
o Partly make nxcomp aware of nx-libs’s four-digit version string. Thanks to Nito Martinez from TheQVD project!
– Fix unowned directories
– Minor cleanup

Fedora

Fedora 21 Security Update: nx-libs-3.5.0.29-1.fc21

Update to 3.5.0.29:
– further reduction of code size by Mike Gabriel
– ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and
/etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier
– security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396,
CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211,
CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096,
CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101,
CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo
– other (build) bug fixes
Update to 3.5.0.28:
o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller!
o Adapt X11 launchd socket path for recent Mac OS X versions.
o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros.
o Partly make nxcomp aware of nx-libs’s four-digit version string. Thanks to Nito Martinez from TheQVD project!
– Fix unowned directories
– Minor cleanup