Category Archives: Fedora

Fedora – Security Updates

Fedora

Fedora 21 Security Update: rubygem-actionpack-4.1.5-2.fc21

Leave a comment

Resolved Bugs
1161499 – CVE-2014-7818 rubygem-actionpack: arbitrary file existence disclosure
1163511 – CVE-2014-7818 rubygem-actionpack: arbitrary file existence disclosure [fedora-all]
1164659 – CVE-2014-7829 rubygem-actionpack: incomplete fix for CVE-2014-7818, arbitrary file existence disclosure
1165077 – CVE-2014-7829 rubygem-actionpack: incomplete fix for CVE-2014-7818, arbitrary file existence disclosure [fedora-all]<br
Fixes for CVE-2014-7818 (rhbz#1163511) and CVE-2014-7829 (rhbz#1165077)

Fedora

Fedora 21 Security Update: xen-4.4.1-7.fc21

Leave a comment

Resolved Bugs
1165205 – CVE-2014-8594 kernel: xen: Insufficient restrictions on certain MMU update hypercalls (xsa109) [fedora-all]
1165204 – CVE-2014-8595 kernel: xen: Missing privilege level checks in x86 emulation of far branches (xsa110) [fedora-all]
1086776 – CVE-2014-0150 xen: qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function [fedora-all]
1160664 – CVE-2014-8594 kernel: xen: Insufficient restrictions on certain MMU update hypercalls (xsa109)
1160643 – CVE-2014-8595 kernel: xen: Missing privilege level checks in x86 emulation of far branches (xsa110)
1078846 – CVE-2014-0150 qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function<br
Insufficient restrictions on certain MMU update hypercalls,
Missing privilege level checks in x86 emulation of far branches,
Add fix for CVE-2014-0150 to qemu-dm, though it probably isn’t
exploitable from xen

Fedora

Fedora 19 Security Update: python-django14-1.4.16-1.fc19

Leave a comment

Resolved Bugs
1132774 – CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django14: various flaws [fedora-all]
1129950 – CVE-2014-0480 Django: reverse() can generate URLs pointing to other hosts, leading to phishing attacks
1129952 – CVE-2014-0481 Django: file upload denial of service
1129954 – CVE-2014-0482 Django: RemoteUserMiddleware session hijacking
1129959 – CVE-2014-0483 Django: data leakage via querystring manipulation in admin<br
Update to latest stable release

Fedora

Fedora 20 Security Update: python-django14-1.4.16-1.fc20

Leave a comment

Resolved Bugs
1132774 – CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django14: various flaws [fedora-all]
1129950 – CVE-2014-0480 Django: reverse() can generate URLs pointing to other hosts, leading to phishing attacks
1129952 – CVE-2014-0481 Django: file upload denial of service
1129954 – CVE-2014-0482 Django: RemoteUserMiddleware session hijacking
1129959 – CVE-2014-0483 Django: data leakage via querystring manipulation in admin<br
update to latest stable release

Fedora

Fedora 20 Security Update: wireshark-1.10.11-1.fc20

Leave a comment

Resolved Bugs
1163585 – CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 wireshark: various flaws [fedora-all]
1163581 – CVE-2014-8714 wireshark: TN5250 infinite loop (wnpa-sec-2014-23)
1163582 – CVE-2014-8712 CVE-2014-8713 wireshark: NCP dissector crashes (wnpa-sec-2014-22)
1163583 – CVE-2014-8711 wireshark: AMQP dissector crash (wnpa-sec-2014-21)
1163584 – CVE-2014-8710 wireshark: SigComp dissector crash (wnpa-sec-2014-20)<br
Ver. 1.10.11, Security fix for CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2014-8710

Fedora

Fedora EPEL 7 Security Update: kwebkitpart-1.3.4-5.el7

Leave a comment

Resolved Bugs
1164293 – CVE-2014-8600 kwebkitpart, kde-runtime: Insufficient Input Validation By IO Slaves and Webkit Part
1164608 – CVE-2014-8600 kwebkitpart: kwebkitpart, kde-runtime: Insufficient Input Validation By IO Slaves and Webkit Part [epel-7]<br
Sanitize input to disallow javascript being executed in the context of the referenced hostname. See also https://www.kde.org/info/security/advisory-20141113-1.txt