Resolved Bugs
1167866 – graphviz: format string vulnerability
1167868 – graphviz: format string vulnerability [fedora-all]<br
This is an update fixing format string vulnerability in cgraph.
Category Archives: Fedora
Fedora – Security Updates
Fedora 19 Security Update: graphviz-2.30.1-13.fc19
Fedora 20 Security Update: docker-io-1.3.2-2.fc20
Fedora 21 Security Update: docker-io-1.3.2-2.fc21
Fedora 21 Security Update: jenkins-mailer-plugin-1.12-1.fc21,jenkins-javadoc-plugin-1.3-1.fc21,jenkins-external-monitor-job-plugin-1.4-1.fc21,jenkins-junit-plugin-1.2-1.fc21,jenkins-matrix-project-plugin-1.4-1.fc21,jenkins-icon-shim-1.0.4-1.fc21,jenkins-credentials-plugin-1.18-2.fc21,jenkins-ssh-credentials-plugin-1.10-3.fc21,jenkins-ssh-slaves-plugin-1.9-2.fc21,jenkins-winstone-2.8-1.fc21,stapler-1.233-1.fc21,jenkins-remoting-2.48-1.fc21,jenkins-ant-plugin-1.2-3.fc21,jenkins-1.590-1.fc21
Resolved Bugs
1163695 – jenkins-credentials-plugin: stored credentials are not visible in UI
1165086 – jenkins-icon-shim: incorrect plugin name<br
This big update fixes several security vulnerabilities [1] as well as few packaging bugs.
[1]: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
Fedora 21 Security Update: graphviz-2.38.0-11.fc21
Fedora 21 Security Update: hivex-1.3.11-4.fc21
Update to 1.3.11. Fix handling of invalid hive files.
Fedora EPEL 6 Security Update: docker-io-1.3.2-2.el6
Resolved Bugs
1167642 – docker-io-1.3.2 is available
1167505 – CVE-2014-6407 docker: symbolic and hardlink issues leading to privilege escalation
1167508 – CVE-2014-6408 CVE-2014-6407 docker-io: various flaws [epel-6]
1167506 – CVE-2014-6408 docker: potential container escalation<br
Security fix for CVE-2014-6407, CVE-2014-6408
Fedora EPEL 5 Security Update: hivex-1.3.5-6.el5
Fedora 19 Security Update: curl-7.29.0-26.fc19
Resolved Bugs
1153814 – yum cannot access repositories using TLS 1.2
1166567 – curl: Disable out-of-protocol fallback to SSL 3.0
1166239 – Please include “low-speed-limit: avoid timeout flood” patch into fedora curl package
1154941 – CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS<br
– allow to use TLS 1.1 and TLS 1.2 (#1153814)
– disable libcurl-level downgrade to SSLv3 (#1166567)
– low-speed-limit: avoid timeout flood (#1166239)
– fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)