Resolved Bugs
1182578 – CVE-2015-1029 puppetlabs-stdlib: local information leakage and local privilege escalation vulnerability
1182580 – CVE-2015-1029 puppetlabs-stdlib: local information leakage and local privilege escalation vulnerability [epel-all]
1182579 – CVE-2015-1029 puppetlabs-stdlib: local information leakage and local privilege escalation vulnerability [fedora-all]<br
Install metadata.json for Puppet to pick stdlib release when “puppet module list” is called
Security fix for CVE-2015-1029
Security fix for CVE-2015-1029
Security fix for CVE-2015-1029

Resolved Bugs
1188203 – CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [epel-all]
1188202 – CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [fedora-all]<br
Cross-site scripting vulnerability has been fixed in Roundcube 1.0.5 version.
http://roundcube.net/news/2015/01/24/security-update-1.0.5/
http://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5
http://trac.roundcube.net/ticket/1490227
CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/3

Resolved Bugs
1185484 – CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes [fedora-all]
1070979 – Access to /var/lib/bugzilla/data/webdot is denied by default bugzilla.conf
1185483 – CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes<br
This is a security update for Bugzilla which fixes two issues:
* A user with editcomponents permissions could possibly inject system
commands in product names and possibly other attributes.
* Methods from imported modules could possibly be executed using
the WebService API.
The first issue is tracked as CVE-2014-8630.
See https://www.bugzilla.org/security/4.0.15/ for all the details.

Resolved Bugs
1185484 – CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes [fedora-all]
1185483 – CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes
1070979 – Access to /var/lib/bugzilla/data/webdot is denied by default bugzilla.conf<br
This is a security update for Bugzilla which fixes two issues:
* A user with editcomponents permissions could possibly inject system
commands in product names and possibly other attributes.
* Methods from imported modules could possibly be executed using
the WebService API.
The first issue is tracked as CVE-2014-8630.
See https://www.bugzilla.org/security/4.0.15/ for all the details.

Resolved Bugs
1182578 – CVE-2015-1029 puppetlabs-stdlib: local information leakage and local privilege escalation vulnerability
1182580 – CVE-2015-1029 puppetlabs-stdlib: local information leakage and local privilege escalation vulnerability [epel-all]
1182579 – CVE-2015-1029 puppetlabs-stdlib: local information leakage and local privilege escalation vulnerability [fedora-all]<br
Install metadata.json for Puppet to pick stdlib release when “puppet module list” is called
Security fix for CVE-2015-1029
Security fix for CVE-2015-1029
Security fix for CVE-2015-1029

Resolved Bugs
1182579 – CVE-2015-1029 puppetlabs-stdlib: local information leakage and local privilege escalation vulnerability [fedora-all]
1182578 – CVE-2015-1029 puppetlabs-stdlib: local information leakage and local privilege escalation vulnerability
1182580 – CVE-2015-1029 puppetlabs-stdlib: local information leakage and local privilege escalation vulnerability [epel-all]<br
Install metadata.json for Puppet to pick stdlib release when “puppet module list” is called
Security fix for CVE-2015-1029
Security fix for CVE-2015-1029
Security fix for CVE-2015-1029

Resolved Bugs
1188074 – adjtimex fails with kernel-3.18.5 when ca
1183744 – kernel: net: DoS due to routing packets to too many different dsts/too fast
1188347 – kernel: net: DoS due to routing packets to too many different dsts/too fast [fedora-all]
1186448 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
1186453 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code [fedora-all]<br
This update should fix the adjtimex issues seen on 32bit systems with 3.18.5-100
The 3.18.5 stable update contains a number of important fixes across the tree.
The 3.18.4 stable update contains a number new features and drivers as well as several important fixes across the tree.

Resolved Bugs
1188074 – adjtimex fails with kernel-3.18.5 when ca
1183744 – kernel: net: DoS due to routing packets to too many different dsts/too fast
1188347 – kernel: net: DoS due to routing packets to too many different dsts/too fast [fedora-all]
1186448 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
1186453 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code [fedora-all]<br
This update should fix the adjtimex issues seen on 32bit systems with 3.18.5-200
The 3.18.5 stable update contains a number of important fixes across the tree.
The 3.18.4 stable update contains a number of important fixes across the tree.

Resolved Bugs
992975 – CVE-2013-4276 lcms: Stack-based buffer overflows in ColorSpace conversion calculator and TIFF compare utility
992979 – lcms: Stack-based buffer overflows in ColorSpace conversion calculator and TIFF compare utility [fedora-all]
1003950 – Use of uninitialized values on 64 bit machines.<br
* apply patch for CVE-2013-4276
* apply patch for “Use of uninitialized values on 64 bit machines.”

Resolved Bugs
1088732 – CVE-2014-0189 virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file
1186034 – CVE-2014-0189 virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file [fedora-all]<br
Security fix for CVE-2014-0189