Category Archives: Fedora

Fedora – Security Updates

Fedora

Fedora 21 Security Update: icecast-2.4.1-1.fc21

Leave a comment

Resolved Bugs
1168146 – CVE-2014-9091 icecast: supplementary groups are not overriden
1168147 – CVE-2014-9091 icecast: supplementary groups are not overriden [fedora-all]
1168148 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-5]
1168149 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-6]
1165880 – CVE-2014-9018 icecast: possible leak of on-connect scripts
1165882 – icecast: possible leak of on-connect scripts [fedora-all]
1165883 – icecast: possible leak of on-connect scripts [epel-5]
1165885 – icecast: possible leak of on-connect scripts [epel-6]
954320 – icecast package should be built with PIE flags
1101950 – icecast-2.4.1 is available<br
**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)**
**fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)**
**enabled fully hardened build (#954320)**
* update new to release v2.4.1 (#1101950)
* added doc-subpkg

Fedora

Fedora 21 Security Update: pwgen-2.07-1.fc21

Leave a comment

Resolved Bugs
1020220 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default
1020222 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default [fedora-all]
1020258 – CVE-2013-4442 pwgen: silent fallback to insecure entropy
1020259 – CVE-2013-4442 pwgen: silent fallback to insecure entropy [fedora-all]<br
Update to 2.07 (bug 1159526) fixes:
– CVE-2013-4440 (bug 1020222, 1020223)
– CVE-2013-4442 (bug 1020259, 1020261)

Fedora

Fedora 20 Security Update: php-horde-kronolith-4.2.4-1.fc20

Leave a comment

kronolith 4.2.4
* [jan] Make access to non-CalDAV remote calendars faster (Bug #12379).
* [jan] Continue with further events if parsing of one remote event date fails.
* [jan] Fix JS error in month view with more events today than the maximum threshold.
* [mjr] Fix fatal error when creating or modifying an entry via PUT.
* [mjr] Don’t show private event details in daily agenda emails if not the owner (Bug #13660).

Fedora

Fedora 20 Security Update: icecast-2.4.1-1.fc20

Leave a comment

Resolved Bugs
1168146 – CVE-2014-9091 icecast: supplementary groups are not overriden
1168147 – CVE-2014-9091 icecast: supplementary groups are not overriden [fedora-all]
1168148 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-5]
1168149 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-6]
1165880 – CVE-2014-9018 icecast: possible leak of on-connect scripts
1165882 – icecast: possible leak of on-connect scripts [fedora-all]
1165883 – icecast: possible leak of on-connect scripts [epel-5]
1165885 – icecast: possible leak of on-connect scripts [epel-6]
954320 – icecast package should be built with PIE flags
1101950 – icecast-2.4.1 is available<br
**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)**
**fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)**
**enabled fully hardened build (#954320)**
* update new to release v2.4.1 (#1101950)
* added doc-subpkg

Fedora

Fedora 20 Security Update: python3-3.3.2-19.fc20

Leave a comment

Resolved Bugs
1078014 – CVE-2013-7338 python: malformed ZIP files could cause 100% CPU usage
1078015 – python3: python: malformed ZIP files could cause 100% CPU usage [fedora-all]
1082177 – CVE-2014-2667 python: os.makedirs(exist_ok=True) is not thread-safe in Python 3.x
1083594 – CVE-2014-2667 python3: python: os.makedirs(exist_ok=True) is not thread-safe in Python 3.x [fedora-all]<br
Fixes CVEs 2013-7338 and 2014-2667.

Fedora

Fedora 20 Security Update: python-tornado-2.2.1-7.fc20

Leave a comment

Resolved Bugs
963260 – CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns
966270 – CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [fedora-all]<br
– Add patch to fix CVE-2013-2098 CVE-2013-2099 (bug #96627)
– Drop requires python-simplejson, not needed for modern python