Resolved Bugs
1169487 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
1169488 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]<br
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
Category Archives: Fedora
Fedora – Security Updates
Fedora 20 Security Update: antiword-0.37-17.fc20
Fedora 19 Security Update: mingw-flac-1.3.1-1.fc19
Resolved Bugs
1169699 – CVE-2014-9028 CVE-2014-8962 mingw-flac: various flaws [fedora-all]
1167236 – CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
1167741 – CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_<br
Security fix for CVE-2014-9028, CVE-2014-8962
Fedora 20 Security Update: cpio-2.11-28.fc20
Fedora 20 Security Update: dbus-1.6.28-1.fc20
Resolved Bugs
1115636 – CVE-2014-3533 CVE-2014-3532 dbus: various flaws [fedora-all]
1142581 – CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 dbus: various flaws [fedora-all]
1140523 – CVE-2014-3635 dbus: heap-based buffer overflow flaw in file descriptor passing
1140525 – CVE-2014-3636 dbus: denial of service by queuing or splitting file descriptors
1140527 – CVE-2014-3637 dbus: denial of service by creating unkillable D-Bus connections
1140529 – CVE-2014-3638 dbus: denial of service in method call handling
1140532 – CVE-2014-3639 dbus: denial of service flaw in incomplete connection handling
1114414 – CVE-2014-3532 dbus: denial of service in file descriptor passing feature
1114416 – CVE-2014-3533 dbus: denial of service when forwarding invalid file descriptors<br
Update to 1.6.28
Fedora 19 Security Update: firefox-34.0-1.fc19,thunderbird-31.3.0-1.fc19
New Firefox release – 34.0.
Fedora 19 Security Update: pkcs11-helper-1.11-3.fc19,openvpn-2.3.6-1.fc19
Resolved Bugs
1169487 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
1169488 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]<br
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
Fedora 19 Security Update: dbus-1.6.28-1.fc19
Resolved Bugs
1115636 – CVE-2014-3533 CVE-2014-3532 dbus: various flaws [fedora-all]
1142581 – CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 dbus: various flaws [fedora-all]
1140523 – CVE-2014-3635 dbus: heap-based buffer overflow flaw in file descriptor passing
1140525 – CVE-2014-3636 dbus: denial of service by queuing or splitting file descriptors
1140527 – CVE-2014-3637 dbus: denial of service by creating unkillable D-Bus connections
1140529 – CVE-2014-3638 dbus: denial of service in method call handling
1140532 – CVE-2014-3639 dbus: denial of service flaw in incomplete connection handling
1114414 – CVE-2014-3532 dbus: denial of service in file descriptor passing feature
1114416 – CVE-2014-3533 dbus: denial of service when forwarding invalid file descriptors<br
Update to 1.6.28
Fedora 19 Security Update: pcre-8.32-12.fc19
Resolved Bugs
1165626 – Heap overflow while matching against an expression with an assertion with a zero minimum repeat as the condition in a conditional group.
1166147 – CVE-2014-8964 pcre: incorrect handling of zero-repeat assertion conditions<br
This release fixes CVE-2014-8964 (an unused memory usage on zero-repeat assertion condition)
Fedora 20 Security Update: pcre-8.33-8.fc20
Resolved Bugs
1165626 – Heap overflow while matching against an expression with an assertion with a zero minimum repeat as the condition in a conditional group.
1166147 – CVE-2014-8964 pcre: incorrect handling of zero-repeat assertion conditions<br
This release fixes CVE-2014-8964 (an unused memory usage on zero-repeat assertion condition)