Category Archives: Fedora

Fedora – Security Updates

Fedora 20 Security Update: dbus-1.6.28-1.fc20

Resolved Bugs
1115636 – CVE-2014-3533 CVE-2014-3532 dbus: various flaws [fedora-all]
1142581 – CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 dbus: various flaws [fedora-all]
1140523 – CVE-2014-3635 dbus: heap-based buffer overflow flaw in file descriptor passing
1140525 – CVE-2014-3636 dbus: denial of service by queuing or splitting file descriptors
1140527 – CVE-2014-3637 dbus: denial of service by creating unkillable D-Bus connections
1140529 – CVE-2014-3638 dbus: denial of service in method call handling
1140532 – CVE-2014-3639 dbus: denial of service flaw in incomplete connection handling
1114414 – CVE-2014-3532 dbus: denial of service in file descriptor passing feature
1114416 – CVE-2014-3533 dbus: denial of service when forwarding invalid file descriptors<br
Update to 1.6.28

Fedora 19 Security Update: pkcs11-helper-1.11-3.fc19,openvpn-2.3.6-1.fc19

Resolved Bugs
1169487 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
1169488 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]<br
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b

Fedora 19 Security Update: dbus-1.6.28-1.fc19

Resolved Bugs
1115636 – CVE-2014-3533 CVE-2014-3532 dbus: various flaws [fedora-all]
1142581 – CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 dbus: various flaws [fedora-all]
1140523 – CVE-2014-3635 dbus: heap-based buffer overflow flaw in file descriptor passing
1140525 – CVE-2014-3636 dbus: denial of service by queuing or splitting file descriptors
1140527 – CVE-2014-3637 dbus: denial of service by creating unkillable D-Bus connections
1140529 – CVE-2014-3638 dbus: denial of service in method call handling
1140532 – CVE-2014-3639 dbus: denial of service flaw in incomplete connection handling
1114414 – CVE-2014-3532 dbus: denial of service in file descriptor passing feature
1114416 – CVE-2014-3533 dbus: denial of service when forwarding invalid file descriptors<br
Update to 1.6.28

Fedora 19 Security Update: perl-YAML-LibYAML-0.54-1.fc19

Resolved Bugs
1169369 – CVE-2014-9130 libyaml: assert failure when processing wrapped strings
1169750 – CVE-2014-9130 perl-YAML-LibYAML: libyaml: assert failure when processing wrapped strings [fedora-all]<br
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.