Resolved Bugs
1181721 – CVE-2015-0203 qpid-cpp: qpidd can be crashed by unauthenticated user
1186308 – CVE-2015-0223 qpid-cpp: anonymous access to qpidd cannot be prevented
1184488 – build failure in qpid-cpp-0.30/src/tests/txshift.cpp<br
Resolves: BZ#1186308
Apply patch 10.
Resolves: BZ#1184488
Resolves: BZ#1181721
Enabled building the linear store.

Resolved Bugs
1186308 – CVE-2015-0223 qpid-cpp: anonymous access to qpidd cannot be prevented
1181721 – CVE-2015-0203 qpid-cpp: qpidd can be crashed by authenticated user
1184488 – build failure in qpid-cpp-0.30/src/tests/txshift.cpp<br
Resolves: BZ#1186308
Apply patch 10.
Resolves: BZ#1184488
Resolves: BZ#1181721

Resolved Bugs
1188578 – patch: infinite loop with a crafted diff
1188583 – patch: infinite loop with a crafted diff [fedora-all]<br
Latest upstream release, restoring the ability to create symbolic links referencing “..” pathname components and preventing a local denial of service.

Resolved Bugs
1181045 – CVE-2015-1191 pigz: directory traversal vulnerability
1181046 – pigz: directory traversal vulnerability [fedora-all]<br
Update to 2.3.3, fixes CVE-2015-1191:
– Return zero exit code when only warnings are issued
– Increase speed of unlzw (Unix compress decompression)
– Update zopfli to current google state
– Allow larger maximum blocksize (-b), now 512 MiB
– Do not require that -d precede -N, -n, -T options
– Strip any path from header name for -dN or -dNT
– Remove use of PATH_MAX (PATH_MAX is not reliable)
– Do not abort on inflate data error, do remaining files
– Check gzip header CRC if present
– Improve decompression error detection and reporting

Resolved Bugs
1186448 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
1186453 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code [fedora-all]<br
The 3.18.5 stable update contains a number of important fixes across the tree.
The 3.18.4 stable update contains a number of important fixes across the tree.

Resolved Bugs
1186448 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
1186453 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code [fedora-all]<br
The 3.18.5 stable update contains a number of important fixes across the tree.
The 3.18.4 stable update contains a number new features and drivers as well as several important fixes across the tree.

Resolved Bugs
1181045 – CVE-2015-1191 pigz: directory traversal vulnerability
1181046 – pigz: directory traversal vulnerability [fedora-all]<br
Update to 2.3.3, fixes CVE-2015-1191:
– Return zero exit code when only warnings are issued
– Increase speed of unlzw (Unix compress decompression)
– Update zopfli to current google state
– Allow larger maximum blocksize (-b), now 512 MiB
– Do not require that -d precede -N, -n, -T options
– Strip any path from header name for -dN or -dNT
– Remove use of PATH_MAX (PATH_MAX is not reliable)
– Do not abort on inflate data error, do remaining files
– Check gzip header CRC if present
– Improve decompression error detection and reporting

Resolved Bugs
1181045 – CVE-2015-1191 pigz: directory traversal vulnerability
1181047 – pigz: directory traversal vulnerability [epel-all]<br
Update to 2.3.3, fixes CVE-2015-1191:
– Return zero exit code when only warnings are issued
– Increase speed of unlzw (Unix compress decompression)
– Update zopfli to current google state
– Allow larger maximum blocksize (-b), now 512 MiB
– Do not require that -d precede -N, -n, -T options
– Strip any path from header name for -dN or -dNT
– Remove use of PATH_MAX (PATH_MAX is not reliable)
– Do not abort on inflate data error, do remaining files
– Check gzip header CRC if present
– Improve decompression error detection and reporting

Resolved Bugs
1181045 – CVE-2015-1191 pigz: directory traversal vulnerability
1181047 – pigz: directory traversal vulnerability [epel-all]<br
Update to 2.3.3, fixes CVE-2015-1191:
– Return zero exit code when only warnings are issued
– Increase speed of unlzw (Unix compress decompression)
– Update zopfli to current google state
– Allow larger maximum blocksize (-b), now 512 MiB
– Do not require that -d precede -N, -n, -T options
– Strip any path from header name for -dN or -dNT
– Remove use of PATH_MAX (PATH_MAX is not reliable)
– Do not abort on inflate data error, do remaining files
– Check gzip header CRC if present
– Improve decompression error detection and reporting

Resolved Bugs
1183647 – CVE-2014-9623 openstack-glance: user storage quota bypass
1187001 – CVE-2014-9623 openstack-glance: user storage quota bypass [fedora-all]<br
Fix CVE-2014-9623