Resolved Bugs
1160724 – CVE-2014-3707 mingw-curl: curl: incorrect handle duplication after COPYPOSTFIELDS [fedora-all]
1140037 – CVE-2014-3620 CVE-2014-3613 mingw-curl: various flaws [fedora-all]<br
* Update to 7.39.0
Category Archives: Fedora
Fedora – Security Updates
Fedora 20 Security Update: mingw-curl-7.39.0-1.fc20
Fedora 21 Security Update: mingw-dbus-1.8.12-1.fc21
Resolved Bugs
1173557 – CVE-2014-7824 mingw-dbus: dbus: local denial of service via incomplete fix for CVE-2014-3636 [fedora-all]
1142582 – CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 mingw-dbus: various flaws [fedora-all]
1115637 – CVE-2014-3533 CVE-2014-3532 mingw-dbus: various flaws [fedora-all]
1117395 – CVE-2014-3477 mingw-dbus: dbus: denial of service flaw in dbus-daemon [fedora-all]<br
* Update to 1.8.12\r\n* Fixes various CVE’s
Fedora 20 Security Update: mingw-dbus-1.6.28-1.fc20
Resolved Bugs
1173557 – CVE-2014-7824 mingw-dbus: dbus: local denial of service via incomplete fix for CVE-2014-3636 [fedora-all]
1142582 – CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 mingw-dbus: various flaws [fedora-all]
1115637 – CVE-2014-3533 CVE-2014-3532 mingw-dbus: various flaws [fedora-all]
1117395 – CVE-2014-3477 mingw-dbus: dbus: denial of service flaw in dbus-daemon [fedora-all]<br
* Update to 1.8.12\r\n* Fixes various CVE’s
Fedora 20 Security Update: mingw-openssl-1.0.1j-1.fc20
Resolved Bugs
1152851 – CVE-2014-3566 mingw-openssl: openssl: Padding Oracle On Downgraded Legacy Encryption attack [fedora-all]
1096234 – CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [fedora-all]
1127705 – CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 mingw-openssl: various flaws [fedora-all]<br
* Synced with native openssl-1.0.1j-3.fc22rn* Add support for RFC 5649rn* Prevent compiler warning “Please include winsock2.h before windows.h” when using the OpenSSL headersrn* Fixes various CVE’s
Fedora 21 Security Update: mingw-binutils-2.25-1.fc21
Resolved Bugs
1162578 – CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
1162602 – CVE-2014-8502 mingw-binutils: binutils: heap overflow in objdump [fedora-all]
1162612 – CVE-2014-8503 mingw-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [fedora-all]
1162626 – CVE-2014-8504 mingw-binutils: binutils: stack overflow in the SREC parser [fedora-all]
1162660 – mingw-binutils: binutils: directory traversal vulnerability [fedora-all]
1162673 – mingw-binutils: binutils: out of bounds memory write [fedora-all]<br
Fix various CVE’s
Fedora 20 Security Update: mingw-freetype-2.5.4-1.fc20
Fedora 21 Security Update: mingw-openssl-1.0.1j-1.fc21
Resolved Bugs
1152851 – CVE-2014-3566 mingw-openssl: openssl: Padding Oracle On Downgraded Legacy Encryption attack [fedora-all]
1127705 – CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 mingw-openssl: various flaws [fedora-all]
1096234 – CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [fedora-all]<br
* Synced with native openssl-1.0.1j-3.fc22rn* Add support for RFC 5649rn* Prevent compiler warning “Please include winsock2.h before windows.h” when using the OpenSSL headersrn* Fixes various CVE’s
Fedora 20 Security Update: mingw-libxml2-2.9.2-1.fc20
Resolved Bugs
1107557 – CVE-2014-0191 mingw-libxml2: libxml2: external parameter entity loaded when entity substitution is disabled [fedora-all]<br
Update to libxml2 2.9.2