Resolved Bugs
1167537 – CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
1170650 – CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]<br
Fixes CVE-2014-9029 vulnerability.
Category Archives: Fedora
Fedora – Security Updates
Fedora 20 Security Update: gpgme-1.3.2-5.fc20
Fedora 19 Security Update: grub2-2.00-27.fc19
Fedora 19 Security Update: pyxdg-0.25-5.fc19
Fedora EPEL 6 Security Update: seamonkey-2.28-2.ESR_31.3.0.el6
Update to the codebase of Extended Support Release (ESR) 31.3.0
Fixes various security issues, see https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html and https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html for more info
Fedora EPEL 7 Security Update: pwgen-2.07-1.el7
Resolved Bugs
1020220 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default
1020223 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default [epel-all]
1020258 – CVE-2013-4442 pwgen: silent fallback to insecure entropy
1020261 – CVE-2013-4442 pwgen: silent fallback to insecure entropy [epel-all]<br
Update to 2.07:
* Remove backwards compatibility for no-tty mode. Addresses CVE-2013-4440
* Fail hard if /dev/urandom and /dev/random are not available. Addresses CVE-2013-4442 and Launchpad #1183213 (Closes: #767008)
* Fix pwgen -B so that it doesn’t accidentally generate passwords with ambiguous characters after changing the case of some letters. Addresses Launchpad Bugs #638418 and #1349863
* Fix potential portability bug on architectures where unsgined ints are not 4 bytes long
Fedora EPEL 6 Security Update: python-tornado-2.2.1-7.el6
Resolved Bugs
963260 – CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns
966272 – CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [epel-6]<br
– Add patch to fix CVE-2013-2098 CVE-2013-2099 (bug #96627)
– Drop requires python-simplejson, not needed for modern python
Fedora EPEL 5 Security Update: pwgen-2.07-1.el5
Resolved Bugs
1020220 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default
1020223 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default [epel-all]
1020258 – CVE-2013-4442 pwgen: silent fallback to insecure entropy
1020261 – CVE-2013-4442 pwgen: silent fallback to insecure entropy [epel-all]<br
Update to 2.07:
* Remove backwards compatibility for no-tty mode. Addresses CVE-2013-4440
* Fail hard if /dev/urandom and /dev/random are not available. Addresses CVE-2013-4442 and Launchpad #1183213 (Closes: #767008)
* Fix pwgen -B so that it doesn’t accidentally generate passwords with ambiguous characters after changing the case of some letters. Addresses Launchpad Bugs #638418 and #1349863
* Fix potential portability bug on architectures where unsgined ints are not 4 bytes long
Fedora EPEL 6 Security Update: pwgen-2.07-1.el6
Resolved Bugs
1020220 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default
1020223 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default [epel-all]
1020258 – CVE-2013-4442 pwgen: silent fallback to insecure entropy
1020261 – CVE-2013-4442 pwgen: silent fallback to insecure entropy [epel-all]<br
Update to 2.07:
* Remove backwards compatibility for no-tty mode. Addresses CVE-2013-4440
* Fail hard if /dev/urandom and /dev/random are not available. Addresses CVE-2013-4442 and Launchpad #1183213 (Closes: #767008)
* Fix pwgen -B so that it doesn’t accidentally generate passwords with ambiguous characters after changing the case of some letters. Addresses Launchpad Bugs #638418 and #1349863
* Fix potential portability bug on architectures where unsgined ints are not 4 bytes long