Resolved Bugs
1172445 – firebird: malformed network packet can cause denial of service
1172447 – firebird: malformed network packet can cause denial of service [epel-all]<br
These updates fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users
Category Archives: Fedora
Fedora – Security Updates
Fedora EPEL 7 Security Update: firebird-2.5.3.26778.0-2.el7
Resolved Bugs
1172445 – firebird: malformed network packet can cause denial of service
1172447 – firebird: malformed network packet can cause denial of service [epel-all]<br
These updates fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users
Fedora EPEL 5 Security Update: xrdp-0.6.1-1.el5
Resolved Bugs
782621 – xrdp: predictable temporary files may lead to arbitrary file overwrite [epel-all]<br
Close a security vulnerability in 0.5.0 and update to a known working release, 0.6.1.
Fedora EPEL 5 Security Update: firebird-2.1.5.18496.0-5.el5
Resolved Bugs
1172445 – firebird: malformed network packet can cause denial of service
1172447 – firebird: malformed network packet can cause denial of service [epel-all]<br
These updates fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users
Fedora 19 Security Update: pam-1.1.6-13.fc19
Resolved Bugs
1080243 – CVE-2014-2583 pam: path traversal issue in pam_timestamp’s format_timestamp_name()
1038557 – pam: password hashes aren’t compared case-sensitively [fedora-all]
1038555 – CVE-2013-7041 pam: pam_userdb case insensitive password hash comparison
1120104 – pam segfaults on unexpected /etc/security/opasswd contents<br
Update fixing minor security issues and bugs.
Fedora 19 Security Update: icecast-2.4.1-1.fc19
Resolved Bugs
1168146 – CVE-2014-9091 icecast: supplementary groups are not overriden
1168147 – CVE-2014-9091 icecast: supplementary groups are not overriden [fedora-all]
1168148 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-5]
1168149 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-6]
1165880 – CVE-2014-9018 icecast: possible leak of on-connect scripts
1165882 – icecast: possible leak of on-connect scripts [fedora-all]
1165883 – icecast: possible leak of on-connect scripts [epel-5]
1165885 – icecast: possible leak of on-connect scripts [epel-6]
954320 – icecast package should be built with PIE flags
1101950 – icecast-2.4.1 is available<br
**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)**
**fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)**
**enabled fully hardened build (#954320)**
* update new to release v2.4.1 (#1101950)
* added doc-subpkg
Fedora 19 Security Update: python3-3.3.2-11.fc19
Resolved Bugs
1078014 – CVE-2013-7338 python: malformed ZIP files could cause 100% CPU usage
1078015 – python3: python: malformed ZIP files could cause 100% CPU usage [fedora-all]
1082177 – CVE-2014-2667 python: os.makedirs(exist_ok=True) is not thread-safe in Python 3.x
1083594 – CVE-2014-2667 python3: python: os.makedirs(exist_ok=True) is not thread-safe in Python 3.x [fedora-all]<br
Fixes CVEs 2013-7338 and 2014-2667.
Fedora 19 Security Update: python-tornado-2.2.1-7.fc19
Resolved Bugs
963260 – CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns
966270 – CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [fedora-all]<br
– Add patch to fix CVE-2013-2098 CVE-2013-2099 (bug #96627)
– Drop requires python-simplejson, not needed for modern python
Fedora 19 Security Update: phpMyAdmin-4.2.13.1-1.fc19
Resolved Bugs
1170597 – CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords
1170598 – CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords [fedora-all]
1170604 – CVE-2014-9219 phpMyAdmin: XSS vulnerability in redirection mechanism
1170605 – CVE-2014-9219 phpMyAdmin: XSS vulnerability in redirection mechanism [fedora-all]<br
phpMyAdmin 4.2.13.1 (2014-12-03)
================================
– [security] XSS vulnerability in redirection mechanism
– [security] DOS attack with long passwords
Fedora 19 Security Update: pwgen-2.07-1.fc19
Resolved Bugs
1020220 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default
1020222 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default [fedora-all]
1020258 – CVE-2013-4442 pwgen: silent fallback to insecure entropy
1020259 – CVE-2013-4442 pwgen: silent fallback to insecure entropy [fedora-all]<br
Update to 2.07 (bug 1159526) fixes:
– CVE-2013-4440 (bug 1020222, 1020223)
– CVE-2013-4442 (bug 1020259, 1020261)