Resolved Bugs
1165206 – USB mouse fails after resume from suspend
1167511 – HDMI output broken on Radeon with kernels 3.17.3 and 3.17.4
1094048 – [abrt] WARNING: CPU: 4 PID: 0 at drivers/usb/core/urb.c:450 usb_submit_urb+0x1fd/0x5c0()
1170691 – CVE-2014-9090 kernel: espfix64: local DoS via do_double_fault() due to improper handling of faults associated with SS segment register<br
The 3.17.6 stable update contains a number of important fixes across the tree.
Category Archives: Fedora
Fedora – Security Updates
Fedora 21 Security Update: xorg-x11-server-1.16.2.901-1.fc21
upstream security release. 1.16.2.901
Fedora 21 Security Update: mantis-1.2.18-1.fc21
Resolved Bugs
1171714 – CVE-2014-9279 CVE-2014-9280 mantis: various flaws [fedora-all]
1171709 – CVE-2014-9280 mantis: PHP Object Injection in filter API
1171713 – CVE-2014-9279 mantis: database credentials disclosure in MantisBT’s unattended upgrade script
1170542 – CVE-2014-6316 mantis: URL redirection issue
1170543 – CVE-2014-6316 mantis: URL redirection issue [fedora-all]
1170193 – CVE-2014-9272 mantis: XSS in string_insert_hrefs()
1170196 – mantis: XSS in string_insert_hrefs() [fedora-all]
1170192 – CVE-2014-9281 mantis: XSS in admin panel / copy_field.php
1170194 – mantis: XSS in admin panel / copy_field.php [fedora-all]
1170188 – CVE-2014-9270 mantis: XSS in projax_api.php
1170189 – mantis: XSS in projax_api.php [fedora-all]
1170180 – CVE-2014-9269 mantis: XSS in extended project browser
1170182 – mantis: XSS in extended project browser [fedora-all]
1168618 – CVE-2014-9117 mantis: CAPTCHA bypass in registration form
1168621 – CVE-2014-9117 mantis: CAPTCHA bypass in registration form [fedora-all]
1168161 – CVE-2014-9089 mantis: SQL injection in view_all_set.php
1168163 – CVE-2014-9089 mantis: SQL injection in view_all_set.php [fedora-all]
1165152 – CVE-2014-8987 mantis: XSS on Configuration Report page
1165153 – mantis: XSS on Configuration Report page [fedora-all]
1164631 – CVE-2014-8988 mantis: information disclosure issue to be fixed in the upcoming 1.2.18 release
1164632 – mantis: information disclosure issue to be fixed in the upcoming 1.2.18 release [fedora-all]
1164620 – CVE-2014-8986 mantis: cross-site scripting (XSS) issues to be fixed in the upcoming 1.2.18 release
1164621 – mantis: cross-site scripting (XSS) issues to be fixed in the upcoming 1.2.18 release [fedora-all]
1169163 – mantis: various flaws [fedora-all]
1169162 – mantis: PHP object injection in filter API
1169194 – mantis: database credentials leak<br
Security fix for CVE-2014-9280, CVE-2014-9279, CVE-2014-6316, CVE-2014-9117, CVE-2014-9089
Fedora 20 Security Update: xorg-x11-server-1.14.4-13.fc20
CVE fixes for everyone – all the X.org CVE fixes from Dec 9th 2014
Fedora 20 Security Update: bind-9.9.4-17.P2.fc20
Fedora 21 Security Update: curl-7.37.0-11.fc21
Resolved Bugs
1172572 – XBMC issues due to Curl
1153814 – yum cannot access repositories using TLS 1.2
1166567 – curl: Disable out-of-protocol fallback to SSL 3.0
1166239 – Please include “low-speed-limit: avoid timeout flood” patch into fedora curl package
1154941 – CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS<br
– make CURLOPT_LOW_SPEED_LIMIT work again with threaded resolver (#1172572)
– allow to use TLS 1.1 and TLS 1.2 (#1153814)
– disable libcurl-level downgrade to SSLv3 (#1166567)
– low-speed-limit: avoid timeout flood (#1166239)
– fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)
Fedora 20 Security Update: xen-4.3.3-7.fc20
p2m lock starvation, fix build with –without xsm
Fedora 19 Security Update: bind-9.9.3-16.P2.fc19
Fedora 20 Security Update: links-2.8-4.fc20
Fedora 21 Security Update: firebird-2.5.2.26539.0-14.fc21
Resolved Bugs
1172445 – firebird: malformed network packet can cause denial of service
1172446 – firebird: malformed network packet can cause denial of service [fedora-all]<br
These updates fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users