Resolved Bugs
1172445 – firebird: malformed network packet can cause denial of service
1172446 – firebird: malformed network packet can cause denial of service [fedora-all]<br
These updates fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users
Category Archives: Fedora
Fedora – Security Updates
Fedora 20 Security Update: mantis-1.2.18-1.fc20
Resolved Bugs
1171714 – CVE-2014-9279 CVE-2014-9280 mantis: various flaws [fedora-all]
1171709 – CVE-2014-9280 mantis: PHP Object Injection in filter API
1171713 – CVE-2014-9279 mantis: database credentials disclosure in MantisBT’s unattended upgrade script
1170542 – CVE-2014-6316 mantis: URL redirection issue
1170543 – CVE-2014-6316 mantis: URL redirection issue [fedora-all]
1170193 – CVE-2014-9272 mantis: XSS in string_insert_hrefs()
1170196 – mantis: XSS in string_insert_hrefs() [fedora-all]
1170192 – CVE-2014-9281 mantis: XSS in admin panel / copy_field.php
1170194 – mantis: XSS in admin panel / copy_field.php [fedora-all]
1170188 – CVE-2014-9270 mantis: XSS in projax_api.php
1170189 – mantis: XSS in projax_api.php [fedora-all]
1170180 – CVE-2014-9269 mantis: XSS in extended project browser
1170182 – mantis: XSS in extended project browser [fedora-all]
1168618 – CVE-2014-9117 mantis: CAPTCHA bypass in registration form
1168621 – CVE-2014-9117 mantis: CAPTCHA bypass in registration form [fedora-all]
1168161 – CVE-2014-9089 mantis: SQL injection in view_all_set.php
1168163 – CVE-2014-9089 mantis: SQL injection in view_all_set.php [fedora-all]
1165152 – CVE-2014-8987 mantis: XSS on Configuration Report page
1165153 – mantis: XSS on Configuration Report page [fedora-all]
1164631 – CVE-2014-8988 mantis: information disclosure issue to be fixed in the upcoming 1.2.18 release
1164632 – mantis: information disclosure issue to be fixed in the upcoming 1.2.18 release [fedora-all]
1164620 – CVE-2014-8986 mantis: cross-site scripting (XSS) issues to be fixed in the upcoming 1.2.18 release
1164621 – mantis: cross-site scripting (XSS) issues to be fixed in the upcoming 1.2.18 release [fedora-all]
1169163 – mantis: various flaws [fedora-all]
1169162 – mantis: PHP object injection in filter API
1169194 – mantis: database credentials leak<br
Security fix for CVE-2014-9280, CVE-2014-9279, CVE-2014-6316, CVE-2014-9117, CVE-2014-9089
Fedora 20 Security Update: curl-7.32.0-17.fc20
Resolved Bugs
1172572 – XBMC issues due to Curl
1153814 – yum cannot access repositories using TLS 1.2
1166567 – curl: Disable out-of-protocol fallback to SSL 3.0
1166239 – Please include “low-speed-limit: avoid timeout flood” patch into fedora curl package
1154941 – CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS<br
– make CURLOPT_LOW_SPEED_LIMIT work again with threaded resolver (#1172572)
– allow to use TLS 1.1 and TLS 1.2 (#1153814)
– disable libcurl-level downgrade to SSLv3 (#1166567)
– low-speed-limit: avoid timeout flood (#1166239)
– fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)
Fedora 20 Security Update: firebird-2.5.2.26539.0-10.fc20
Resolved Bugs
1172445 – firebird: malformed network packet can cause denial of service
1172446 – firebird: malformed network packet can cause denial of service [fedora-all]<br
These updates fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users
Fedora 19 Security Update: mantis-1.2.18-1.fc19
Resolved Bugs
1171714 – CVE-2014-9279 CVE-2014-9280 mantis: various flaws [fedora-all]
1171709 – CVE-2014-9280 mantis: PHP Object Injection in filter API
1171713 – CVE-2014-9279 mantis: database credentials disclosure in MantisBT’s unattended upgrade script
1170542 – CVE-2014-6316 mantis: URL redirection issue
1170543 – CVE-2014-6316 mantis: URL redirection issue [fedora-all]
1170193 – CVE-2014-9272 mantis: XSS in string_insert_hrefs()
1170196 – mantis: XSS in string_insert_hrefs() [fedora-all]
1170192 – CVE-2014-9281 mantis: XSS in admin panel / copy_field.php
1170194 – mantis: XSS in admin panel / copy_field.php [fedora-all]
1170188 – CVE-2014-9270 mantis: XSS in projax_api.php
1170189 – mantis: XSS in projax_api.php [fedora-all]
1170180 – CVE-2014-9269 mantis: XSS in extended project browser
1170182 – mantis: XSS in extended project browser [fedora-all]
1168618 – CVE-2014-9117 mantis: CAPTCHA bypass in registration form
1168621 – CVE-2014-9117 mantis: CAPTCHA bypass in registration form [fedora-all]
1168161 – CVE-2014-9089 mantis: SQL injection in view_all_set.php
1168163 – CVE-2014-9089 mantis: SQL injection in view_all_set.php [fedora-all]
1165152 – CVE-2014-8987 mantis: XSS on Configuration Report page
1165153 – mantis: XSS on Configuration Report page [fedora-all]
1164631 – CVE-2014-8988 mantis: information disclosure issue to be fixed in the upcoming 1.2.18 release
1164632 – mantis: information disclosure issue to be fixed in the upcoming 1.2.18 release [fedora-all]
1164620 – CVE-2014-8986 mantis: cross-site scripting (XSS) issues to be fixed in the upcoming 1.2.18 release
1164621 – mantis: cross-site scripting (XSS) issues to be fixed in the upcoming 1.2.18 release [fedora-all]
1169163 – mantis: various flaws [fedora-all]
1169162 – mantis: PHP object injection in filter API
1169194 – mantis: database credentials leak<br
Security fix for CVE-2014-9280, CVE-2014-9279, CVE-2014-6316, CVE-2014-9117, CVE-2014-9089
Fedora 19 Security Update: xen-4.2.5-7.fc19
p2m lock starvation, fix build with –without xsm
Fedora 20 Security Update: mutt-1.5.23-4.fc20
Fedora EPEL 6 Security Update: xrdp-0.6.1-1.el6
Resolved Bugs
782621 – xrdp: predictable temporary files may lead to arbitrary file overwrite [epel-all]<br
Close a security vulnerability in 0.5.0 and update to a known working release, 0.6.1.
Fedora EPEL 5 Security Update: pywebdav-0.9.4.1-1.el5
Resolved Bugs
679339 – CVE-2011-0432 pywebdav: SQL injection due improper escaping of user credentials [epel-5]<br
updated to 0.9.4.1