Resolved Bugs
1171090 – seamonkey-2.31 is available<br
Update to 2.31
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.
Category Archives: Fedora
Fedora – Security Updates
Fedora 19 Security Update: ettercap-0.8.1-2.fc19
Resolved Bugs
1174821 – CVE-2014-6396 CVE-2014-6395 CVE-2014-9377 CVE-2014-9376 CVE-2014-9379 CVE-2014-9378 CVE-2014-9380 CVE-2014-9381 ettercap: multiple vulnerabilities [fedora-all]<br
Fix for multiple CVEs.
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
Fedora 21 Security Update: httpd-2.4.10-15.fc21
Resolved Bugs
1082903 – CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests
1082908 – CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests [fedora-all]
1149709 – CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value
1149712 – CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value [fedora-all]
1163555 – CVE-2014-3583 httpd: mod_proxy_fcgi handle_headers() buffer over read
1163556 – CVE-2014-3583 httpd: mod_proxy_fcgi heap-based buffer overflow [fedora-all]<br
– core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
– mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
– mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
– mod_lua: fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments (CVE-2014-8109)
Fedora 21 Security Update: python-django-horizon-2014.1.3-2.fc21
Fedora 20 Security Update: httpd-2.4.10-2.fc20
Resolved Bugs
1082903 – CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests
1082908 – CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests [fedora-all]
1149709 – CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value
1149712 – CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value [fedora-all]
1163555 – CVE-2014-3583 httpd: mod_proxy_fcgi handle_headers() buffer over read
1163556 – CVE-2014-3583 httpd: mod_proxy_fcgi heap-based buffer overflow [fedora-all]<br
– core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
– mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
– mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
– mod_lua: fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments (CVE-2014-8109)
Fedora 21 Security Update: orthanc-0.8.5-2.fc21,dcmtk-3.6.1-1.fc21
Resolved Bugs
1104041 – CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails [fedora-all]<br
This upgrade to latest upstream snapshot fixes a setuid vulnerability.
Fedora 21 Security Update: seamonkey-2.31-1.fc21
Resolved Bugs
1171090 – seamonkey-2.31 is available<br
Update to 2.31
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.
Fedora 19 Security Update: mariadb-5.5.40-2.fc19
Resolved Bugs
1173702 – Can’t pip install MySQL-python
1160551 – CVE-2014-6507 CVE-2014-6520 CVE-2014-6505 CVE-2014-4287 CVE-2014-6551 CVE-2014-6555 CVE-2014-6484 CVE-2014-6464 CVE-2014-6559 CVE-2014-6530 CVE-2014-6564 CVE-2014-6469 CVE-2014-6463 mariadb: various flaws [fedora-all]
1153461 – CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014)
1153462 – CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014)
1153463 – CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014)
1153464 – CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014)
1153467 – CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
1153489 – CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014)
1153490 – CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
1153491 – CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014)
1153493 – CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014)
1153494 – CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014)
1153495 – CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
1153496 – CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014)
1153497 – CVE-2014-6564 mysql: unspecified vulnerability related to SERVER:INNODB FULLTEXT SEARCH DML (CPU October 2014)<br
This update fixis pip install MySQL-python and other packages build against mariadb-devel.
This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-changelog and also couple of security issues.
Fedora 20 Security Update: ettercap-0.8.1-2.fc20
Resolved Bugs
1174821 – CVE-2014-6396 CVE-2014-6395 CVE-2014-9377 CVE-2014-9376 CVE-2014-9379 CVE-2014-9378 CVE-2014-9380 CVE-2014-9381 ettercap: multiple vulnerabilities [fedora-all]<br
Fix for multiple CVEs.
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
Fedora 21 Security Update: subversion-1.8.11-1.fc21
Resolved Bugs
1174521 – CVE-2014-8108 CVE-2014-3580 subversion: various flaws [fedora-all]
1155670 – svn fails to start with libserf 1.2.1 requires: libserf 1.3.4
1174054 – CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests
1174057 – CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names<br
This update includes the latest stable release of **Apache Subversion**, version **1.8.11**. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see:
http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
**Client-side bugfixes:**
* checkout/update: fix file externals failing to follow history and subsequently silently failing http://subversion.tigris.org/issues/show_bug.cgi?id=4185
* patch: don’t skip targets in valid –git difs
* diff: make property output in diffs stable
* diff: fix diff of local copied directory with props
* diff: fix changelist filter for repos-WC and WC-WC
* remove broken conflict resolver menu options that always error out
* improve gpg-agent support
* fix crash in eclipse IDE with GNOME Keyring http://subversion.tigris.org/issues/show_bug.cgi?id=3498
* fix externals shadowing a versioned directory http://subversion.tigris.org/issues/show_bug.cgi?id=4085
* fix problems working on unix file systems that don’t support permissions
* upgrade: keep external registrations http://subversion.tigris.org/issues/show_bug.cgi?id=4519
* cleanup: iprove performance of recorded timestamp fixups
* translation updates for German
**Server-side bugfixes:**
* disable revprop caching feature due to cache invalidation problems
* skip generating uniquifiers if rep-sharing is not supported
* mod_dav_svn: reject requests with missing repository paths
* mod_dav_svn: reject requests with invalid virtual transaction names
* mod_dav_svn: avoid unneeded memory growth in resource walking http://subversion.tigris.org/issues/show_bug.cgi?id=4531