Category Archives: Fedora

Fedora – Security Updates

Fedora

Fedora 20 Security Update: php-ZendFramework2-2.3.3-2.fc20

Leave a comment

Resolved Bugs
1151278 – php-ZendFramework2: various flaws [fedora-all]
1151276 – CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP without knowing the password (ZF2014-05)
1151277 – CVE-2014-8089 php-ZendFramework: SQL injection issue when using the sqlsrv PHP extension (ZF2014-06)<br
Security release
* ZF2014-05, which mititages null byte poisoning of the password provided for LDAP authentication, thus prevening unauthorized LDAP binding. This corrects for unpatched versions of PHP (versions 5.5.11 and below, 5.4.27 and below, and any prior releases).
* ZF2014-06, which mitigates null byte poisoning of quoted SQL values provided to the sqlsrv extension, thus preventing a potential SQL injection vector.

Fedora

Fedora EPEL 5 Security Update: drupal7-7.32-1.el5

Leave a comment

Resolved Bugs
1120641 – CVE-2014-5019 CVE-2014-5020 CVE-2014-5021 CVE-2014-5022 drupal7: multiple vulnerabilities (SA-CORE-2014-003)
1120643 – drupal7: multiple vulnerabilities (SA-CORE-2014-003) [epel-all]
1127538 – CVE-2014-5265 CVE-2014-5266 CVE-2014-5267 drupal: denial of service issue (SA-CORE-2014-004)
1127542 – drupal7: drupal: denial of service issue (SA-CORE-2014-004) [epel-all]
1153402 – CVE-2014-3704 drupal7: SQL injection leading to code execution and privilege escalation (SA-CORE-2014-005)
1153404 – CVE-2014-3704 drupal7: SQL injection leading to code execution and privilege escalation (SA-CORE-2014-005) [epel-all]<br
Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3407
Update to upstream 7.31 release for SA-CORE-2014-004
This is a bugfix release. For complete details refer to: https://www.drupal.org/drupal-7.30-release-notes
Fixes SA-CORE-2014-003. For details refer to: https://www.drupal.org/drupal-7.29-release-notes