Resolved Bugs
1169699 – CVE-2014-9028 CVE-2014-8962 mingw-flac: various flaws [fedora-all]
1167236 – CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
1167741 – CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_<br
Security fix for CVE-2014-9028, CVE-2014-8962
Category Archives: Fedora
Fedora – Security Updates
Fedora EPEL 6 Security Update: antiword-0.37-17.el6
Fedora EPEL 7 Security Update: pkcs11-helper-1.11-3.el7,openvpn-2.3.6-1.el7
Resolved Bugs
1169487 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
1169488 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]<br
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
Fedora 21 Security Update: erlang-17.3.4-3.fc21
Resolved Bugs
1169375 – Disable SSL 3.0 in erlang-ssl
1059331 – CVE-2014-1693 erlang-inets: command injection flaw in FTP module
1059335 – CVE-2014-1693 erlang: erlang-inets: command injection flaw in FTP module [epel-all]
1161922 – Too many dependencies from Erlang<br
* Disable SSLv3
* Backport useful os:getenv/2 from master. See this GitHub pull request for further details – https://github.com/erlang/otp/pull/535
* Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Trimmed dependency chain
Fedora 21 Security Update: flac-1.3.1-1.fc21
Resolved Bugs
1169698 – CVE-2014-9028 CVE-2014-8962 flac: various flaws [fedora-all]
1167236 – CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
1167741 – CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_<br
Security fix for CVE-2014-9028, CVE-2014-8962
Fedora 21 Security Update: cpio-2.11-33.fc21
Fedora 21 Security Update: antiword-0.37-17.fc21
Fedora 21 Security Update: firefox-34.0-1.fc21,thunderbird-31.3.0-1.fc21
New Firefox release – 34.0.
Fedora 21 Security Update: mingw-flac-1.3.1-1.fc21
Resolved Bugs
1169699 – CVE-2014-9028 CVE-2014-8962 mingw-flac: various flaws [fedora-all]
1167236 – CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
1167741 – CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_<br
Security fix for CVE-2014-9028, CVE-2014-8962
Fedora 21 Security Update: dbus-1.8.12-1.fc21
Resolved Bugs
1168438 – Update to 1.8.12
1142581 – CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 dbus: various flaws [fedora-all]
1140523 – CVE-2014-3635 dbus: heap-based buffer overflow flaw in file descriptor passing
1140525 – CVE-2014-3636 dbus: denial of service by queuing or splitting file descriptors
1140527 – CVE-2014-3637 dbus: denial of service by creating unkillable D-Bus connections
1140529 – CVE-2014-3638 dbus: denial of service in method call handling
1140532 – CVE-2014-3639 dbus: denial of service flaw in incomplete connection handling<br
Update to 1.8.12 (#1168438)
* Fixes CVE-2014-3635 (fd.o#83622)
* Fixes CVE-2014-3636 (fd.o#82820)
* Fixes CVE-2014-3637 (fd.o#80559)
* Fixes CVE-2014-3638 (fd.o#81053)
* Fixes CVE-2014-3639 (fd.o#80919)
* Fixes CVE-2014-7824 (fd.o#85105)