Resolved Bugs
1155846 – CVE-2014-8350 php-Smarty: secure mode bypass
1155847 – php-Smarty: secure mode bypass [fedora-all]<br
New upstream release, fix CVE-2014-8350
New upstream release
New upstream release
New upstream release
Category Archives: Fedora
Fedora – Security Updates
Fedora 21 Security Update: hostapd-2.3-1.fc21
Resolved Bugs
1151259 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue
1151260 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue [fedora-all]<br
Security fix for CVE-2014-3686. Update to version 2.3 from upstream.
Fedora 21 Security Update: shim-0.8-1.fc22,shim-signed-0.8-1.fc22,mokutil-0.2.0-1.fc21
Resolved Bugs
1148230 – CVE-2014-3675 shim: out-of-bounds memory read flaw in DHCPv6 packet processing
1148231 – CVE-2014-3676 shim: heap-based buffer overflow flaw in IPv6 address parsing
1148232 – CVE-2014-3677 shim: memory corruption flaw when processing Machine Owner Keys (MOKs)<br
This update fixes CVEs CVE-2014-3675, CVE-2014-3676, and CVE-2014-3677, as well as moving to the 0.8 release, which adds support for Aarch64 and fixes several bugs.
Fedora 20 Security Update: php-Smarty-3.1.21-1.fc20
Fedora 20 Security Update: file-5.19-7.fc20
Fedora 19 Security Update: php-Smarty-3.1.21-1.fc19
Fedora 19 Security Update: kernel-3.14.22-101.fc19
Resolved Bugs
1153322 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries
1155372 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries [fedora-all]
1155745 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing
1155751 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing [fedora-all]
1155731 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks
1155738 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks [fedora-all]
1147850 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
1155727 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks [fedora-all]<br
Various security fixes for KVM and SCTP
Fedora 20 Security Update: kernel-3.16.6-202.fc20
Resolved Bugs
1151353 – CVE-2014-8086 Kernel: fs: ext4 race condition
1152608 – CVE-2014-8086 Kernel: fs: ext4 race condition [fedora-all]
1089731 – Ath9k WiFi now disabled by radio killswitch
1153381 – Synaptics clickpad on Lenovo T440s does not work properly after kernel update on Fedora 20
1153322 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries
1155372 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries [fedora-all]
1147850 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
1155727 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks [fedora-all]
1155745 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing
1155751 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing [fedora-all]
1155731 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks
1155738 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks [fedora-all]<br
CVE fixes in KVM, ext4, and SCTP.
Fedora 20 Security Update: wpa_supplicant-2.0-12.fc20
Resolved Bugs
1151259 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue
1151263 – CVE-2014-3686 wpa_supplicant: wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue [fedora-all]<br
This update fixes a possible security issue executing scripts with wpa_cli.
Fedora 19 Security Update: wpa_supplicant-2.0-12.fc19
Resolved Bugs
1151259 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue
1151263 – CVE-2014-3686 wpa_supplicant: wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue [fedora-all]<br
This update fixes a possible security issue executing scripts with wpa_cli.