Upgrade to binutils-2.25 thus fixing a number of security bugs

Resolved Bugs
1180059 – SELinux is preventing /usr/bin/docker from ‘getattr’ accesses on the file /.docker/key.json.
1173324 – CVE-2014-9357 CVE-2014-9356 CVE-2014-9358 docker-io: various flaws [fedora-all]
1172782 – CVE-2014-9357 docker: Escalation of privileges during decompression of LZMA archives
1172761 – CVE-2014-9356 docker: Path traversal during processing of absolute symlinks
1172787 – CVE-2014-9358 docker: Path traversal and spoofing opportunities presented through image identifiers<br
allow unitfile to use /etc/sysconfig/docker-network
Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356

Resolved Bugs
1076676 – CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm()<br
Previous patch of #1076676 introduced memory leak.

Resolved Bugs
1178692 – CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()
1180062 – CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() [fedora-all]<br
– reject CRLFs in URLs passed to proxy (CVE-2014-8150)

Resolved Bugs
1178692 – CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()
1180062 – CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() [fedora-all]<br
– reject CRLFs in URLs passed to proxy (CVE-2014-8150)

Resolved Bugs
1179221 – CVE-2015-0361 xen: kernel: xen crash due to use after free on hvm guest teardown (xsa116) [fedora-all]
1176097 – CVE-2015-0361 kernel: xen crash due to use after free on hvm guest teardown (xsa116)<br
xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361]

Resolved Bugs
1179221 – CVE-2015-0361 xen: kernel: xen crash due to use after free on hvm guest teardown (xsa116) [fedora-all]
1176097 – CVE-2015-0361 kernel: xen crash due to use after free on hvm guest teardown (xsa116)<br
xen crash due to use after free on hvm guest teardown [XSA-116,
CVE-2015-0361]

Resolved Bugs
1175144 – docker-io-1.4.1 is available
1173950 – docker-io can’t be installed on rhel 6.5 due to requirement device-mapper-libs >= 1.02.90-1
1173325 – CVE-2014-9357 CVE-2014-9356 CVE-2014-9358 docker-io: various flaws [epel-6]
1172761 – CVE-2014-9356 docker: Path traversal during processing of absolute symlinks
1172782 – CVE-2014-9357 docker: Escalation of privileges during decompression of LZMA archives
1172787 – CVE-2014-9358 docker: Path traversal and spoofing opportunities presented through image identifiers<br
don’t require fish for fish-completion as it’s unavailable
Resolves: rhbz#1175144 – update to 1.4.1
Resolves: rhbz#1173950 remove min version requirements on device-mapper-libs
Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356

Resolved Bugs
1172386 – security update thunderbird for EPEL7<br
See https://www.mozilla.org/en-US/thunderbird/31.3.0/releasenotes/ for changes.

Resolved Bugs
1013589 – CVE-2013-5679 CVE-2013-5960 owasp-esapi-java: symmetric encryption MAC bypass
1013591 – CVE-2013-5679 owasp-esapi-java: symmetric encryption MAC bypass [fedora-all]<br
Release 2.1.0.