Category Archives: Fedora

Fedora – Security Updates

Fedora

Fedora 21 Security Update: kernel-3.17.7-300.fc21

Leave a comment

Resolved Bugs
1159313 – CVE-2014-8559 Kernel: fs: deadlock due to incorrect usage of rename_lock
1173814 – CVE-2014-8559 Kernel: fs: deadlock due to incorrect usage of rename_lock [fedora-all]
1126580 – need suppression of kernel commit #2062afb4f804a (gcc -fvar-tracking)
1173806 – Fedora21 freezes when use smt-enabled=off as kernel argument
1172797 – CVE-2014-8133 kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS
1174374 – CVE-2014-8133 kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS [fedora-all]
1172543 – [abrt] WARNING: CPU: 2 PID: 3667 at net/wireless/reg.c:1806 reg_process_hint+0x2d1/0x460 [cfg80211]() [cfg80211]
1084928 – ata1.00: failed command: READ FPDMA QUEUED without libata.force=noncq on SAMSUNG MZHPU128HCGM PCIe SSD disk
1164945 – UAS driver crashes system with Seagate USB 3.0 drive and Fresco Logic FL1000G controller
1172765 – CVE-2014-8134 kernel: x86: espfix not working for 32-bit KVM paravirt guests
1172769 – CVE-2014-8134 kernel: x86: espfix not working for 32-bit KVM paravirt guests [fedora-all]<br
The 3.17.7 stable update contains a number of important fixes across the tree.

Fedora

Fedora 19 Security Update: ca-certificates-2014.2.2-1.0.fc19

Leave a comment

This is an update to the set of CA certificates released with NSS version 3.17.3
However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details.
If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the “ca-legacy disable” command.

Fedora

Fedora 19 Security Update: php-5.5.20-2.fc19

Leave a comment

Resolved Bugs
1175718 – CVE-2014-8142 php: use after free vulnerability in unserialize()
1176156 – CVE-2014-8142 php: use after free vulnerability in unserialize() [fedora-all]<br
18 Dec 2014, PHP 5.5.20\r\n\r\nCore:\r\n* Fixed bug #68091 (Some Zend headers lack appropriate extern “C” blocks). (Adam)\r\n* Fixed bug #68185 (“Inconsistent insteadof definition.”- incorrectly triggered). (Julien)\r\n* Fixed bug #68370 (“unset($this)” can make the program crash). (Laruence)\r\n* Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)\r\n* Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) (Stefan Esser)\r\n\r\nDate:\r\n* Fixed day_of_week function as it could sometimes return negative values internally. (Derick)\r\n\r\nFPM:\r\n* Fixed bug #68381 (fpm_unix_init_main ignores log_level). (David Zuelke, Remi)\r\n* Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). (Remi)\r\n* Fixed bug #68421 (access.format=’%R’ doesn’t log ipv6 address). (Remi)\r\n* Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)\r\n* Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)\r\n* Fixed bug #68452 (php-fpm man page is oudated). (Remi)\r\n* Fixed request #68458 (Change pm.start_servers default warning to notice). (David Zuelke, Remi)\r\n* Fixed bug #68463 (listen.allowed_clients can silently result in no allowed access). (Remi)\r\n* Fixed request #68391 (php-fpm conf files loading order). (Florian Margaine, Remi)\r\n* Fixed bug #68478 (access.log don’t use prefix). (Remi)\r\n\r\nMcrypt:\r\n* Fixed possible read after end of buffer and use after free. (Dmitry)\r\n\r\nPDO_pgsql:\r\n* Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)\r\n* Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when not in transaction) (Matteo)\r\n* Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving)\r\n (Matteo)\r\n\r\nzlib:\r\n* Fixed bug #53829 (Compiling PHP with large file support will replace function gzopen by gzopen64) (Sascha Kettler, Matteo)