Resolved Bugs
1194651 – CVE-2015-0278 libuv: incorrect revocation order while relinquishing privileges
1195457 – nodejs-0.10.36 causes undefined symbols
1194653 – libuv: incorrect revocation order while relinquishing privileges [fedora-all]<br
# nodejs
* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)
* timers: don’t close interval timers when unrefd (Julien Gilli)
* timers: don’t mutate unref list while iterating it (Julien Gilli)
* child_process: check execFile args is an array (Sam Roberts)
* child_process: check fork args is an array (Sam Roberts)
* crypto: update root certificates (Ben Noordhuis)
* domains: fix issues with abort on uncaught (Julien Gilli)
* timers: Avoid linear scan in _unrefActive. (Julien Gilli)
* timers: fix unref() memory leak (Trevor Norris)
* debugger: fix when using “use strict” (Julien Gilli)
# libuv
* linux: fix epoll_pwait() regression with < 2.6.19 (Ben Noordhuis)
* linux: fix epoll_pwait() sigmask size calculation (Ben Noordhuis)
* linux: fix sigmask size arg in epoll_pwait() call (Ben Noordhuis)
* linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge Deller)
* doc: update project links (Ben Noordhuis)
* unix: add flag for blocking SIGPROF during poll (Ben Noordhuis)
* unix, windows: add uv_loop_configure() function (Ben Noordhuis)
# v8
* Fix debugger and strict mode regression (Julien Gilli)
* don’t busy loop in cpu profiler thread (Ben Noordhuis)
* add api for aborting on uncaught exception (Julien Gilli)

Resolved Bugs
1194651 – CVE-2015-0278 libuv: incorrect revocation order while relinquishing privileges
1195457 – nodejs-0.10.36 causes undefined symbols
1194653 – libuv: incorrect revocation order while relinquishing privileges [fedora-all]<br
# nodejs
* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)
* timers: don’t close interval timers when unrefd (Julien Gilli)
* timers: don’t mutate unref list while iterating it (Julien Gilli)
* child_process: check execFile args is an array (Sam Roberts)
* child_process: check fork args is an array (Sam Roberts)
* crypto: update root certificates (Ben Noordhuis)
* domains: fix issues with abort on uncaught (Julien Gilli)
* timers: Avoid linear scan in _unrefActive. (Julien Gilli)
* timers: fix unref() memory leak (Trevor Norris)
* debugger: fix when using “use strict” (Julien Gilli)
# libuv
* linux: fix epoll_pwait() regression with < 2.6.19 (Ben Noordhuis)
* linux: fix epoll_pwait() sigmask size calculation (Ben Noordhuis)
* linux: fix sigmask size arg in epoll_pwait() call (Ben Noordhuis)
* linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge Deller)
* doc: update project links (Ben Noordhuis)
* unix: add flag for blocking SIGPROF during poll (Ben Noordhuis)
* unix, windows: add uv_loop_configure() function (Ben Noordhuis)
# v8
* Fix debugger and strict mode regression (Julien Gilli)
* don’t busy loop in cpu profiler thread (Ben Noordhuis)
* add api for aborting on uncaught exception (Julien Gilli)

Resolved Bugs
1191144 – CVE-2014-9680 sudo: unsafe handling of TZ environment variable
1191145 – sudo: unsafe handling of TZ environment variable [fedora-all]<br
– update to 1.8.12
– fixes CVE-2014-9680

Resolved Bugs
963283 – e2fsck.conf makes e2fsck ignore check intervals
1192861 – e2fsck seg faults on 6TB HDD
1187032 – CVE-2015-0247 e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)
1189834 – CVE-2015-0247 e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002) [fedora-all]<br
Changes e2fsck.conf so that for filesystems with time-based check intervals set in the superblock, these time-based checks will work again. You may need to wait through an e2fsck on your next reboot in this case.
New upstream release
Security fix for CVE-2015-0247

Resolved Bugs
1191144 – CVE-2014-9680 sudo: unsafe handling of TZ environment variable
1191145 – sudo: unsafe handling of TZ environment variable [fedora-all]
1065423 – -sesh replaces /path/to/myshell with /path/to-myshell instead of -myshell
979382 – sudo packages requires vim-minimal
1006611 – sudo: internal error, tried to erealloc3(0) on sudorule with hostgroup
1034533 – inclusion of system-auth for session hooks missing in sudo PAM snippets
917887 – sudo does not honour PAM environment set from PAM session hooks<br
– update to 1.8.12
– fixes CVE-2014-9680
Update to 1.8.11p2
Major upstream changes & fixes:
– when running a command in the background, sudo will now forward SIGINFO to the command
– the passwords in ldap.conf and ldap.secret may now be encoded in base64.
– SELinux role changes are now audited. For sudoedit, we now audit the actual editor being run, instead of just the sudoedit command.
– it is now possible to match an environment variable’s value as well as its name using env_keep and env_check
– new files created via sudoedit as a non-root user now have the proper group id
– sudoedit now works correctly in conjunction with sudo’s SELinux RBAC support
– it is now possible to disable network interface probing in sudo.conf by changing the value of the probe_interfaces setting
– when listing a user’s privileges (sudo -l), the sudoers plugin will now prompt for the user’s password even if the targetpw, rootpw or runaspw options are set.
– the new use_netgroups sudoers option can be used to explicitly enable or disable netgroups support
– visudo can now export a sudoers file in JSON format using the new -x flag
Distribution specific changes:
– added patch to read ldap.conf more closely to nss_ldap
– require /usr/bin/vi instead of vim-minimal
– include pam.d/system-auth in PAM session phase from pam.d/sudo
– include pam.d/sudo in PAM session phase from pam.d/sudo-i

Resolved Bugs
1191078 – CVE-2014-9656 freetype: integer overflow in the tt_sbit_decoder_load_image function in sfnt/ttsbit.c
1191081 – CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
1191083 – CVE-2014-9661 freetype: use-after-free in type42/t42parse.c
1191085 – CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c
1191087 – CVE-2014-9665 freetype: integer overflow and heap-based buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c
1191090 – CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c
1191092 – CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c
1191093 – CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c
1191191 – CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c [fedora-all]
1191193 – CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font [fedora-all]
1191099 – CVE-2014-9656 CVE-2014-9657 CVE-2014-9661 CVE-2014-9660 CVE-2014-9667 CVE-2014-9666 CVE-2014-9665 CVE-2014-9664 CVE-2014-9669 CVE-2014-9668 CVE-2014-9662 CVE-2014-9658 CVE-2014-9659 CVE-2014-9663 CVE-2014-9670 freetype: various flaws [fedora-all]
1191079 – CVE-2014-9657 freetype: DoS in the tt_face_load_hdmx function in truetype/ttpload.c
1191080 – CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c
1191082 – CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c
1191084 – CVE-2014-9662 freetype: heap-based buffer overflow in cff/cf2ft.c
1191086 – CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font
1191089 – CVE-2014-9666 freetype: integer overflow and out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c
1191091 – CVE-2014-9668 freetype: integer overflow and heap-based buffer overflow in the woff_open_font function in sfnt/sfobjs.c
1191190 – CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
1191192 – CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font<br
This update fixes several security issues.

Resolved Bugs
1190864 – libhtp: denial of service under memory stress
1190866 – libhtp: denial of service under memory stress [fedora-all]<br
Backport an upstream patch to fix a security issue.

Resolved Bugs
1191191 – CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c [fedora-all]
1191192 – CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font
1191099 – CVE-2014-9656 CVE-2014-9657 CVE-2014-9661 CVE-2014-9660 CVE-2014-9667 CVE-2014-9666 CVE-2014-9665 CVE-2014-9664 CVE-2014-9669 CVE-2014-9668 CVE-2014-9662 CVE-2014-9658 CVE-2014-9659 CVE-2014-9663 CVE-2014-9670 freetype: various flaws [fedora-all]
1191078 – CVE-2014-9656 freetype: integer overflow in the tt_sbit_decoder_load_image function in sfnt/ttsbit.c
1191079 – CVE-2014-9657 freetype: DoS in the tt_face_load_hdmx function in truetype/ttpload.c
1191080 – CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c
1191081 – CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
1191082 – CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c
1191083 – CVE-2014-9661 freetype: use-after-free in type42/t42parse.c
1191084 – CVE-2014-9662 freetype: heap-based buffer overflow in cff/cf2ft.c
1191085 – CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c
1191086 – CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font
1191087 – CVE-2014-9665 freetype: integer overflow and heap-based buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c
1191089 – CVE-2014-9666 freetype: integer overflow and out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c
1191090 – CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c
1191091 – CVE-2014-9668 freetype: integer overflow and heap-based buffer overflow in the woff_open_font function in sfnt/sfobjs.c
1191092 – CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c
1191093 – CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c
1191190 – CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
1191193 – CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font [fedora-all]<br
This update fixes several security issues.

Update to 2.40.7. This contains various security fixes for which CVEs have apparently not yet been issued.

Resolved Bugs
1191591 – cups: cupsRasterReadPixels buffer overflow [fedora-all]
1191588 – CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow<br
This update fixes CVE-2014-9679, a buffer overflow when handling CUPS Raster format.