Backport various security fixes.
Note they usually are extra options that need
to be enabled manually so that we won’t break functionality:
– CVE-2011-3389: Make it possible to deny use of “BEAST” vulnerable ciphers
– CVE-2012-4929: Disable compression to be safe from “CRIME”
– CVE-2005-2090: Chunked encofing response splitting (no awkward name here)
– CVE-2014-3566: Allow disabling SSLv3 (and others), to be safe from “POODLE”
– A redirect XSS fix

Resolved Bugs
1144825 – CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled
1156534 – CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled [fedora-all]
1111138 – TouchPad not recognized on fujitsu A544
1156518 – CVE-2014-8369 kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path
1156522 – CVE-2014-8369 kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path [fedora-all]
1144883 – CVE-2014-3610 kernel: kvm: noncanonical MSR writes
1156543 – CVE-2014-3610 kernel: kvm: noncanonical MSR writes [fedora-all]
1144878 – CVE-2014-3611 kernel: kvm: PIT timer race condition
1156537 – CVE-2014-3611 kernel: kvm: PIT timer race condition [fedora-all]<br
More KVM CVE fixes.

Backport various security fixes.
Note they usually are extra options that need
to be enabled manually so that we won’t break functionality:
– CVE-2011-3389: Make it possible to deny use of “BEAST” vulnerable ciphers
– CVE-2012-4929: Disable compression to be safe from “CRIME”
– CVE-2005-2090: Chunked encofing response splitting (no awkward name here)
– CVE-2014-3566: Allow disabling SSLv3 (and others), to be safe from “POODLE”
– A redirect XSS fix

Resolved Bugs
1154003 – seamonkey-2.30 is available<br
Update to 2.30
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.

Resolved Bugs
1157304 – CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
1157306 – CVE-2014-3623 wss4j: Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods [fedora-all]<br
Security fix for CVE-2014-3623

Resolved Bugs
1157342 – konversation: out-of-bounds read flaw [fedora-all]
1156418 – CVE-2014-8483 quassel, konversation: out-of-bounds read on a heap-allocated array<br
pull in 1.5 branch fixes, including… out-of-bounds read flaw (#1157342,1156418)

Resolved Bugs
1144883 – CVE-2014-3610 kernel: kvm: noncanonical MSR writes
1156543 – CVE-2014-3610 kernel: kvm: noncanonical MSR writes [fedora-all]
1111138 – TouchPad not recognized on fujitsu A544
1156615 – CVE-2014-8480 CVE-2014-8481 kernel: kvm: NULL pointer dereference during rip relative instruction emulation
1156616 – CVE-2014-8480 CVE-2014-8481 kernel: kvm: NULL pointer dereference during rip relative instruction emulation [fedora-all]
1156518 – CVE-2014-8369 kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path
1156522 – CVE-2014-8369 kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path [fedora-all]
1144825 – CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled
1156534 – CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled [fedora-all]
1144878 – CVE-2014-3611 kernel: kvm: PIT timer race condition
1156537 – CVE-2014-3611 kernel: kvm: PIT timer race condition [fedora-all]
1153381 – Synaptics clickpad on Lenovo T440s does not work properly after kernel update on Fedora 20
1089731 – Ath9k WiFi now disabled by radio killswitch
1153322 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries
1155372 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries [fedora-all]
1155745 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing
1155751 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing [fedora-all]
1155731 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks
1155738 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks [fedora-all]
1147850 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
1155727 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks [fedora-all]<br
Even more KVM CVE fixes
CVE fixes for KVM and SCTP.

New features:
– Send list of compliance reasons on dbus
– Added client-side support for –matches on the list command.
Security:
– 1153375: Support TLSv1.2 and v1.1 by default. (CVE-2014-3566)
Bug fixes:
– 1120772: Don’t traceback on missing /ostree/repo
– 1094747: add appdata metdata file
– 1122107: Clarify registration –consumerid option in manpage.
– 1151925: Improved filtered listing output when results are empty.
– 990183: Add a manpage for rhsm.conf

Resolved Bugs
1154003 – seamonkey-2.30 is available<br
Update to 2.30
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.

Resolved Bugs
1155982 – Pound POODLE exploit<br
Rebase to 2.7d. Notably allows disabling protocols known to be bad to prevent “POODLE” attack.