Resolved Bugs
1059331 – CVE-2014-1693 erlang-inets: command injection flaw in FTP module
1059335 – CVE-2014-1693 erlang: erlang-inets: command injection flaw in FTP module [epel-all]
1161922 – Too many dependencies from Erlang<br
* Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Trimmed dependency chain

Resolved Bugs
1160823 – CVE-2014-3633 libvirt: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index [fedora-all]
1141131 – CVE-2014-3633 libvirt: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index
1160824 – CVE-2014-3657 libvirt: domain_conf: domain deadlock DoS [fedora-all]
1145667 – CVE-2014-3657 libvirt: domain_conf: domain deadlock DoS
1160822 – CVE-2014-7823 libvirt: dumpxml: information leak with migratable flag [fedora-all]
1160817 – CVE-2014-7823 libvirt: dumpxml: information leak with migratable flag<br
* Rebased to version 1.1.3.8
* CVE-2014-3633: out-of-bounds read in blockiotune (bz #1160823)
* CVE-2014-3657: Potential deadlock in domain_conf (bz #1160824)
* CVE-2014-7823: information leak with migratable flag (bz #1160822)

Resolved Bugs
1163762 – CVE-2014-7842 kernel: kvm: reporting emulation failures to userspace
1163767 – CVE-2014-7842 kernel: kvm: reporting emulation failures to userspace [fedora-all]
1163087 – CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet
1163095 – CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet [fedora-all]
1161565 – CVE-2014-7825 CVE-2014-7826 kernel: insufficient syscall number validation in perf and ftrace subsystems
1161572 – CVE-2014-7826 CVE-2014-7825 kernel: insufficient syscall number validation in perf and ftrace subsystems [fedora-all]<br
The 3.14.24 stable update contains a number of important fixes across the tree.

Resolved Bugs
1164029 – i40evf module not enabled in default kernel config
1135338 – Typecover on Surface Pro (keyboard) doesnt work on F20
1163744 – CVE-2014-7843 kernel: aarch64: copying from /dev/zero causes local DoS
1163745 – CVE-2014-7843 kernel: aarch64: copying from /dev/zero causes local DoS [fedora-all]
1163762 – CVE-2014-7842 kernel: kvm: reporting emulation failures to userspace
1163767 – CVE-2014-7842 kernel: kvm: reporting emulation failures to userspace [fedora-all]
1163087 – CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet
1163095 – CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet [fedora-all]
1161805 – Bad IO performance on SSD MacBookPro 13 late 2013 model
1151836 – [abrt] WARNING: CPU: 0 PID: 1916 at drivers/net/wireless/iwlwifi/mvm/tx.c:191 iwl_mvm_set_tx_params+0x5d4/0x610 [iwlmvm]()
1161565 – CVE-2014-7825 CVE-2014-7826 kernel: insufficient syscall number validation in perf and ftrace subsystems
1161572 – CVE-2014-7826 CVE-2014-7825 kernel: insufficient syscall number validation in perf and ftrace subsystems [fedora-all]<br
The 3.17.3 stable update contains a number of important fixes across the tree.

Resolved Bugs
1160289 – CryptoError: luks_format failed for ‘/dev/sda3’
1159592 – Kernel panic when boot kernel 3.17.1-300 and 3.17.1-304 testing
1164029 – i40evf module not enabled in default kernel config
1135338 – Typecover on Surface Pro (keyboard) doesnt work on F20
1163744 – CVE-2014-7843 kernel: aarch64: copying from /dev/zero causes local DoS
1163745 – CVE-2014-7843 kernel: aarch64: copying from /dev/zero causes local DoS [fedora-all]
1163762 – CVE-2014-7842 kernel: kvm: reporting emulation failures to userspace
1163767 – CVE-2014-7842 kernel: kvm: reporting emulation failures to userspace [fedora-all]
1163087 – CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet
1163095 – CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet [fedora-all]
1161805 – Bad IO performance on SSD MacBookPro 13 late 2013 model
1151836 – [abrt] WARNING: CPU: 0 PID: 1916 at drivers/net/wireless/iwlwifi/mvm/tx.c:191 iwl_mvm_set_tx_params+0x5d4/0x610 [iwlmvm]()
1161565 – CVE-2014-7825 CVE-2014-7826 kernel: insufficient syscall number validation in perf and ftrace subsystems
1161572 – CVE-2014-7826 CVE-2014-7825 kernel: insufficient syscall number validation in perf and ftrace subsystems [fedora-all]<br
Latest upstream stable release, Linux v3.17.3. A wide variety of fixes across the tree.

Resolved Bugs
1164293 – CVE-2014-8600 kwebkitpart, kde-runtime: Insufficient Input Validation By IO Slaves and Webkit Part<br
Sanitize input to disallow javascript being executed in the context of the referenced hostname. See also https://www.kde.org/info/security/advisory-20141113-1.txt

Resolved Bugs
1164073 – moodle: security issues fixed in versions 2.7.3, 2.6.6 and 2.5.9 [epel-6]
1164072 – moodle: security issues fixed in versions 2.7.3, 2.6.6 and 2.5.9 [fedora-all]<br
Fix for security issues.
https://moodle.org/mod/forum/discuss.php?d=274730

Resolved Bugs
1162046 – CVE-2014-7146 CVE-2014-8598 mantis: issues in the XML Import/Export plug-in to be fixed in the upcoming 1.2.18 release
1162047 – CVE-2014-8598 CVE-2014-7146 mantis: issues in the XML Import/Export plug-in to be fixed in the upcoming 1.2.18 release [fedora-all]
1159295 – CVE-2014-8554 mantis: incomplete fix for CVE-2014-1609
1159679 – CVE-2014-8554 mantis: incomplete fix for CVE-2014-1609 [fedora-all]<br
fix CVE-2014-7146, CVE-2014-8598 (#1162046)
fix CVE-2014-8554 (#1159295)

Resolved Bugs
1164293 – CVE-2014-8600 kwebkitpart, kde-runtime: Insufficient Input Validation By IO Slaves and Webkit Part<br
Sanitize input to disallow javascript being executed in the context of the referenced hostname.
See also https://www.kde.org/info/security/advisory-20141113-1.txt

Resolved Bugs
1164293 – CVE-2014-8600 kwebkitpart, kde-runtime: Insufficient Input Validation By IO Slaves and Webkit Part<br
Sanitize input to disallow javascript being executed in the context of the referenced hostname.
See also https://www.kde.org/info/security/advisory-20141113-1.txt