Resolved Bugs
1191118 – CVE-2014-8139 CVE-2014-8141 CVE-2014-8140 unzip: various flaws [fedora-all]
1174844 – CVE-2014-8139 unzip: CRC32 verification heap-based buffer overread (oCERT-2014-011)
1174851 – CVE-2014-8140 unzip: out-of-bounds write issue in test_compr_eb() (oCERT-2014-011)
1174856 – CVE-2014-8141 unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)
1191136 – unzip: buffer overflows on long compression factors and methods
1184985 – CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c
1184986 – CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c [fedora-all]<br
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)
– CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c – re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)

Resolved Bugs
1180640 – file: limit the number of ELF notes processed [fedora-all]
1180642 – CVE-2014-9621 file: limit string printing to 100 chars
1190118 – CVE-2014-9653 file: malformed elf file causes access to uninitialized memory [fedora-all]
1174608 – CVE-2014-8116 CVE-2014-8117 file: various flaws [fedora-all]
1171580 – CVE-2014-8116 file: multiple denial of service issues (resource consumption)
1174606 – CVE-2014-8117 file: denial of service issue (resource consumption)
1180639 – CVE-2014-9620 file: limit the number of ELF notes processed
1180643 – file: limit string printing to 100 chars [fedora-all]
1190116 – CVE-2014-9653 file: malformed elf file causes access to uninitialized memory<br
Update to File-5.22. Fixes various CVE bugs.

Resolved Bugs
1174608 – CVE-2014-8116 CVE-2014-8117 file: various flaws [fedora-all]
1171580 – CVE-2014-8116 file: multiple denial of service issues (resource consumption)
1174606 – CVE-2014-8117 file: denial of service issue (resource consumption)
1180639 – CVE-2014-9620 file: limit the number of ELF notes processed
1180640 – file: limit the number of ELF notes processed [fedora-all]
1180642 – CVE-2014-9621 file: limit string printing to 100 chars
1180643 – file: limit string printing to 100 chars [fedora-all]
1190116 – CVE-2014-9653 file: malformed elf file causes access to uninitialized memory
1190118 – CVE-2014-9653 file: malformed elf file causes access to uninitialized memory [fedora-all]<br
Update to File-5.22. Fixes various CVE bugs.

Update to 1.8.16

Resolved Bugs
1191118 – CVE-2014-8139 CVE-2014-8141 CVE-2014-8140 unzip: various flaws [fedora-all]
1174844 – CVE-2014-8139 unzip: CRC32 verification heap-based buffer overread (oCERT-2014-011)
1174851 – CVE-2014-8140 unzip: out-of-bounds write issue in test_compr_eb() (oCERT-2014-011)
1174856 – CVE-2014-8141 unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)
1191136 – unzip: buffer overflows on long compression factors and methods
1184985 – CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c
1184986 – CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c [fedora-all]<br
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)
– CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c – re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)
– Fix CVE-2014-8139 – CRC32 verification heap-based buffer overread (#1174844)
– Fix CVE-2014-8140 – out-of-bounds write issue in test_compr_eb() (#1174851)
– Fix CVE-2014-8141 – getZip64Data() out-of-bounds read issues (#1174856)
– Fix buffer overflow on long file sizes (#1191136)

Resolved Bugs
1174792 – CVE-2014-8145 sox: two heap out-of-bounds access issues (oCERT-2014-010)
1184079 – CVE-2014-8145 sox: two heap out-of-bounds access issues (oCERT-2014-010) [fedora-all]<br
Security fix for CVE-2014-8145

Resolved Bugs
1192960 – drupal6-views: drupal-views: multiple vulnerabilities (SA-CONTRIB-2015-039) [fedora-all]
1192340 – drupal6-views-2.18 is available
1192959 – drupal-views: multiple vulnerabilities (SA-CONTRIB-2015-039)<br
Latest upstream release.

Resolved Bugs
1192340 – drupal6-views-2.18 is available
1192960 – drupal6-views: drupal-views: multiple vulnerabilities (SA-CONTRIB-2015-039) [fedora-all]<br
Latest upstream release.

Resolved Bugs
1192340 – drupal6-views-2.18 is available
1192962 – drupal6-views: drupal-views: multiple vulnerabilities (SA-CONTRIB-2015-039) [epel-all]
1192959 – drupal-views: multiple vulnerabilities (SA-CONTRIB-2015-039)<br
Latest upstream release.

Resolved Bugs
1103566 – python-crypto2.6 breaks ansible in epel repository<br
* Disable C extension accelerator to avoid a timing vulnerability with the version of libgmp available on RHEL6