Resolved Bugs
1183593 – CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 mantis: multiple issues
1183595 – CVE-2014-9573 CVE-2014-9572 CVE-2014-9571 mantis: multiple issues [fedora-all]<br
Security fix for CVE-2014-9571, CVE-2014-9572, CVE-2014-9573

Resolved Bugs
1185241 – Enable click-to-play for flash-plugin play due to 0-day vulnerability<br
New upstream – 35.0.1
Enabled click-to-play for flash by default due to live and exploited 0-day flash vulnerability.

Resolved Bugs
1186448 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
1186453 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code [fedora-all]<br
The 3.18.4 stable update contains a number new features and drivers as well as several important fixes across the tree.

Resolved Bugs
1185241 – Enable click-to-play for flash-plugin play due to 0-day vulnerability<br
New upstream – 35.0.1
Enabled click-to-play for flash by default due to live and exploited 0-day flash vulnerability.

Resolved Bugs
1183593 – CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 mantis: multiple issues
1183595 – CVE-2014-9573 CVE-2014-9572 CVE-2014-9571 mantis: multiple issues [fedora-all]<br
Security fix for CVE-2014-9571, CVE-2014-9572, CVE-2014-9573

Resolved Bugs
1186448 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
1186453 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code [fedora-all]<br
The 3.18.4 stable update contains a number of important fixes across the tree.

Resolved Bugs
1184488 – build failure in qpid-cpp-0.30/src/tests/txshift.cpp
1181721 – CVE-2015-0203 qpid-cpp: qpidd can be crashed by authenticated user
1159008 – juno qpid: install qpid-cpp-server’ returned 1: Error: Package: qpid-cpp-client-0.30-3.fc21.x86_64<br
Resolves: BZ#1184488
Resolves: BZ#1181721
Resolves: BZ#1181721
Enabled building the linear store.

Resolved Bugs
1184985 – CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c
1184986 – CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c [fedora-all]<br
Security fix for CVE-2014-9636

This upgrade fixes CERT VU#264212 (infinite referral loop) along with few other fixes. Full details at http://samiam.org/blog/2015-01-25.html

Resolved Bugs
1185558 – oggenc crashes when encoding pcm from stdin
1185272 – CVE-2014-9640 vorbis-tools: segfault when trying to encode trivial raw input<br
– do not use stack variable out of its scope of validity (CVE-2014-9640)