Resolved Bugs
1151259 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue
1151263 – CVE-2014-3686 wpa_supplicant: wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue [fedora-all]<br
This update fixes a possible security issue executing scripts with wpa_cli.

Resolved Bugs
1153381 – Synaptics clickpad on Lenovo T440s does not work properly after kernel update on Fedora 20
1089731 – Ath9k WiFi now disabled by radio killswitch
1153322 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries
1155372 – CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries [fedora-all]
1155745 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing
1155751 – CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing [fedora-all]
1155731 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks
1155738 – CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks [fedora-all]
1147850 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
1155727 – CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks [fedora-all]<br
CVE fixes for KVM and SCTP.

Resolved Bugs
1155071 – CVE-2014-3710 file: out-of-bounds read in elf note headers
1155464 – CVE-2014-3710 file: out-of-bounds read in elf note headers [fedora-all]<br
Security fix for CVE-2014-3710

Update to 2.4.7.
This update disables the SSLv3 to address the POODLE vulnerability.

Resolved Bugs
1060758 – CVE-2012-2249 tor: denial of service via a renegotiation attempt
1060762 – CVE-2012-2249 tor: denial of service via a renegotiation attempt [epel-5]
1102136 – tor: security update [epel-all]
1055014 – CVE-2013-7295 tor: improper random number generation on certain Intel platforms with OpenSSL 1.x
1060768 – CVE-2012-2250 tor: denial of service via link protocol negotiation
1060769 – CVE-2012-2250 tor: denial of service via link protocol negotiation [epel-5]<br
Update to latest upstream release.

Resolved Bugs
1142849 – [RFE] include nginx vim files
1142298 – RFE: nginx + php + webapp
1142573 – CVE-2014-3616 nginx: virtual host confusion
1142576 – CVE-2014-3616 nginx: virtual host confusion [epel-all]<br
* use default.d directory
* add vim files (#1142849)
* Security fix for CVE-2014-3616
* Create nginx-filesystem subpackage

This is part of the second part of the security rollup to 2.3.18 for EPEL5. These packages don’t have security updates, but their dependencies of activerecord, activesupport and actionpack do.

Resolved Bugs
1155272 – phpMyAdmin-4.2.10.1 is available
1155362 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12)
1155363 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) [fedora-all]<br
phpMyAdmin 4.2.10.1 (2014-10-21)
================================
– [security] XSS in debug SQL output
– [security] XSS in monitor query analyzer

Resolved Bugs
1155272 – phpMyAdmin-4.2.10.1 is available
1155362 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12)
1155363 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) [fedora-all]<br
phpMyAdmin 4.2.10.1 (2014-10-21)
================================
– [security] XSS in debug SQL output
– [security] XSS in monitor query analyzer

Resolved Bugs
1155272 – phpMyAdmin-4.2.10.1 is available
1155362 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12)
1155363 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) [fedora-all]<br
phpMyAdmin 4.2.10.1 (2014-10-21)
================================
– [security] XSS in debug SQL output
– [security] XSS in monitor query analyzer