Category Archives: Fedora

Fedora – Security Updates

Fedora 20 Security Update: mediawiki-1.23.7-1.fc20

http://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.7
* (bug 66776, bug 71478) SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done for format=json, and allowing sites to disable the mangling using $wgMangleFlashPolicy.
* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update the content model for a page could allow an unprivileged attacker to edit another user’s common.js under certain circumstances. The user right “editcontentmodel” was added, and is needed to change a revision’s content model.
* (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw HTML, it is not safe to preview wikitext coming from an untrusted source such as a cross-site request. Thus add an edit token to the form, and when raw HTML is allowed, ensure the token is provided before showing the preview. This check is not performed on wikis that both allow raw HTML and anonymous editing, since there are easier ways to exploit that scenario.
* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with DELETED_ACTION. NOTICE: this may be reverted in a future release pending a public RFC about the desired functionality. This issue was reported by user Bawolff.
* (bug 71621) Make allowing site-wide styles on restricted special pages a config option.
* (bug 42723) Added updated version history from 1.19.2 to 1.22.13
* $wgMangleFlashPolicy was added to make MediaWiki’s mangling of anything that might be a flash policy directive configurable.

Fedora 19 Security Update: mediawiki-1.23.7-1.fc19

http://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.7
* (bug 66776, bug 71478) SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done for format=json, and allowing sites to disable the mangling using $wgMangleFlashPolicy.
* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update the content model for a page could allow an unprivileged attacker to edit another user’s common.js under certain circumstances. The user right “editcontentmodel” was added, and is needed to change a revision’s content model.
* (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw HTML, it is not safe to preview wikitext coming from an untrusted source such as a cross-site request. Thus add an edit token to the form, and when raw HTML is allowed, ensure the token is provided before showing the preview. This check is not performed on wikis that both allow raw HTML and anonymous editing, since there are easier ways to exploit that scenario.
* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with DELETED_ACTION. NOTICE: this may be reverted in a future release pending a public RFC about the desired functionality. This issue was reported by user Bawolff.
* (bug 71621) Make allowing site-wide styles on restricted special pages a config option.
* (bug 42723) Added updated version history from 1.19.2 to 1.22.13
* $wgMangleFlashPolicy was added to make MediaWiki’s mangling of anything that might be a flash policy directive configurable.

Fedora 20 Security Update: mariadb-5.5.40-1.fc20

Resolved Bugs
1160551 – CVE-2014-6507 CVE-2014-6520 CVE-2014-6505 CVE-2014-4287 CVE-2014-6551 CVE-2014-6555 CVE-2014-6484 CVE-2014-6464 CVE-2014-6559 CVE-2014-6530 CVE-2014-6564 CVE-2014-6469 CVE-2014-6463 mariadb: various flaws [fedora-all]
1153461 – CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014)
1153462 – CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014)
1153463 – CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014)
1153464 – CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014)
1153467 – CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
1153489 – CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014)
1153490 – CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
1153491 – CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014)
1153493 – CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014)
1153494 – CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014)
1153495 – CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
1153496 – CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014)
1153497 – CVE-2014-6564 mysql: unspecified vulnerability related to SERVER:INNODB FULLTEXT SEARCH DML (CPU October 2014)<br
This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-changelog and also couple of security issues.

Fedora 19 Security Update: libreoffice-4.1.6.2-10.fc19

Resolved Bugs
1165740 – libreoffice: crash importing malformed .rtf [fedora-all]
1167503 – CVE-2014-3693 libreoffice: Use-After-Free in socket manager of Impress Remote [fedora-all]
1139592 – CVE-2014-3575 libreoffice: openoffice: Arbitrary file disclosure via crafted OLE objects [fedora-all]<br
CVE-2014-9093 backport some arbitrary rtf crash fixes
CVE-2014-3693 Use-after-free in Impress Remote socket manager
CVE-2014-3575 arbitrary file preview disclosure via ole2 objects
The vulnerability allows an attacker to send a document which when opened will trigger the prompt to “Update Links” but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties.

Fedora 19 Security Update: mariadb-5.5.40-1.fc19

Resolved Bugs
1160551 – CVE-2014-6507 CVE-2014-6520 CVE-2014-6505 CVE-2014-4287 CVE-2014-6551 CVE-2014-6555 CVE-2014-6484 CVE-2014-6464 CVE-2014-6559 CVE-2014-6530 CVE-2014-6564 CVE-2014-6469 CVE-2014-6463 mariadb: various flaws [fedora-all]
1153461 – CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014)
1153462 – CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014)
1153463 – CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014)
1153464 – CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014)
1153467 – CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
1153489 – CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014)
1153490 – CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
1153491 – CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014)
1153493 – CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014)
1153494 – CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014)
1153495 – CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
1153496 – CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014)
1153497 – CVE-2014-6564 mysql: unspecified vulnerability related to SERVER:INNODB FULLTEXT SEARCH DML (CPU October 2014)<br
This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-changelog and also couple of security issues.

Fedora 21 Security Update: libreoffice-4.3.4.1-8.fc21

Resolved Bugs
1165444 – [abrt] libreoffice-core: EditView::GetFieldUnderMousePointer(): soffice.bin killed by SIGSEGV
1165740 – libreoffice: crash importing malformed .rtf [fedora-all]<br
Don’t create duplicate Mirrored props which can lead to creating odp files which cannot be reloaded
Fix abrt crash with NULL pView
Crash in clipboard code
Fix export to pdf of Nimbus Sans L etc when using typographical quotes etc.
Fixes for various crashes on importing malformed rtf
New bugfix release.

Fedora 21 Security Update: xen-4.4.1-9.fc21

Resolved Bugs
1166461 – migrate –debug option can lead to Segmentation fault (core dumped)
1166913 – CVE-2014-9030 kernel: xen: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
1166914 – CVE-2014-9030 kernel: xen: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [fedora-all]
1165205 – CVE-2014-8594 kernel: xen: Insufficient restrictions on certain MMU update hypercalls (xsa109) [fedora-all]
1165204 – CVE-2014-8595 kernel: xen: Missing privilege level checks in x86 emulation of far branches (xsa110) [fedora-all]
1086776 – CVE-2014-0150 xen: qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function [fedora-all]
1160664 – CVE-2014-8594 kernel: xen: Insufficient restrictions on certain MMU update hypercalls (xsa109)
1160643 – CVE-2014-8595 kernel: xen: Missing privilege level checks in x86 emulation of far branches (xsa110)
1078846 – CVE-2014-0150 qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function<br
Excessive checking in compatibility mode hypercall argument translation,
Insufficient bounding of “REP MOVS” to MMIO emulated inside the hypervisor,
fix segfaults and failures in xl migrate –debug
Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
Insufficient restrictions on certain MMU update hypercalls,
Missing privilege level checks in x86 emulation of far branches,
Add fix for CVE-2014-0150 to qemu-dm, though it probably isn’t
exploitable from xen