Resolved Bugs
1139181 – CVE-2014-4877 wget: FTP symlink arbitrary filesystem access
1157633 – CVE-2014-4877 wget: FTP symlink arbitrary filesystem access [fedora-all]<br
security update

Resolved Bugs
1114071 – ruby-libs conflicts with rubygem-pysch
1144367 – ruby-2.1.3 is available
1120856 – CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function [fedora-all]
1157709 – CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion
1157936 – CVE-2014-8080 ruby: Denial Of Service XML Expansion [fedora-all]
1118158 – CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function<br
Update to Ruby 2.1.4.
Include only vendor directories, not their content (rhbz#1114071).
Fix “invalid regex” warning for non-rubygem packages (rhbz#1154067).
Use load macro introduced in RPM 4.12.

Resolved Bugs
1139181 – CVE-2014-4877 wget: FTP symlink arbitrary filesystem access
1157633 – CVE-2014-4877 wget: FTP symlink arbitrary filesystem access [fedora-all]<br
Security update

Resolved Bugs
1139181 – CVE-2014-4877 wget: FTP symlink arbitrary filesystem access
1157633 – CVE-2014-4877 wget: FTP symlink arbitrary filesystem access [fedora-all]<br
security update

New upstream version – Firefox 33.
Update to the latest upstream 32.0.2.

Resolved Bugs
1155838 – CVE-2014-3698 CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 pidgin: various flaws [fedora-all]
1154908 – CVE-2014-3694 pidgin: SSL/TLS plug-ins failed to check Basic Constraints
1154909 – CVE-2014-3695 pidgin: crash in MXit protocol plug-in
1154910 – CVE-2014-3696 pidgin: denial of service parsing Groupwise server message
1154911 – CVE-2014-3698 pidgin: remote information leak via crafted XMPP message<br
Update to 2.10.10
Security fix for CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3698

Resolved Bugs
1144883 – CVE-2014-3610 kernel: kvm: noncanonical MSR writes
1156543 – CVE-2014-3610 kernel: kvm: noncanonical MSR writes [fedora-all]
1156518 – CVE-2014-8369 kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path
1144878 – CVE-2014-3611 kernel: kvm: PIT timer race condition
1156537 – CVE-2014-3611 kernel: kvm: PIT timer race condition [fedora-all]
1156522 – CVE-2014-8369 kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path [fedora-all]
1144825 – CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled
1156534 – CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled [fedora-all]
1153322 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries
1155372 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries [fedora-all]
1155745 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing
1155751 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing [fedora-all]
1155731 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks
1155738 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks [fedora-all]
1147850 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
1155727 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks [fedora-all]<br
The 3.14.23 stable update contains a number of important fixes across the tree.
Various security fixes for KVM and SCTP

Resolved Bugs
1035593 – CVE-2013-6403 owncloud: possible security bypass on admin page (5.0.13) [fedora-all]<br
This update provides ownCloud 5.0.17, the latest release in the 5.x series, plus an extra security-related fix backported from the stable5 branch.
It also provides SabreDAV 1.7.13. This is also a major upgrade from SabreDAV 1.6, and has API incompatibilities. ownCloud is the only Fedora 19 package that requires SabreDAV, and ownCloud 5 cannot work with SabreDAV 1.6: the API-incompatible upgrade is unfortunate but necessary to provide a secure ownCloud release.
ownCloud 4.5, the current version in Fedora 19, is un-maintained, subject to known security issues, and has no upgrade path beyond ownCloud 5. Upgrading directly from 4.5 to the current version in Fedora 20 or 21 – ownCloud 7 – would likely fail.
I plan to update the package to 6.x before Fedora 19 goes EOL and maintain the 5.x and 6.x builds in a side repository to make sure there is a viable upgrade path from Fedora 19.
Initial testing on the 4.x -> 5.x upgrade has been performed, but please back up your user data, ownCloud configuration and ownCloud database before performing the upgrade. Please file negative karma and a bug report for any issues encountered during the upgrade. Ideally, the upgrade should run smoothly on first access to the updated ownCloud instance with no manual intervention required.

Resolved Bugs
1148230 – CVE-2014-3675 shim: out-of-bounds memory read flaw in DHCPv6 packet processing
1148231 – CVE-2014-3676 shim: heap-based buffer overflow flaw in IPv6 address parsing
1148232 – CVE-2014-3677 shim: memory corruption flaw when processing Machine Owner Keys (MOKs)<br
This update fixes CVEs CVE-2014-3675, CVE-2014-3676, and CVE-2014-3677, as well as moving to the 0.8 release, which adds support for Aarch64 and fixes several bugs.

Resolved Bugs
1148230 – CVE-2014-3675 shim: out-of-bounds memory read flaw in DHCPv6 packet processing
1148231 – CVE-2014-3676 shim: heap-based buffer overflow flaw in IPv6 address parsing
1148232 – CVE-2014-3677 shim: memory corruption flaw when processing Machine Owner Keys (MOKs)<br
This update fixes CVEs CVE-2014-3675, CVE-2014-3676, and CVE-2014-3677, as well as moving to the 0.8 release, which adds support for Aarch64 and fixes several bugs.