Resolved Bugs
1153402 – CVE-2014-3704 drupal7: SQL injection leading to code execution and privilege escalation (SA-CORE-2014-005)
1153404 – CVE-2014-3704 drupal7: SQL injection leading to code execution and privilege escalation (SA-CORE-2014-005) [epel-all]<br
Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3704
Category Archives: Fedora
Fedora – Security Updates
Fedora 20 Security Update: java-1.8.0-openjdk-1.8.0.25-0.b18.fc20
Updated to security u25.
Security bugs are same as for http://blog.fuseyism.com/index.php/2014/10/15/security-icedtea-2-5-3-for-openjdk-7-released/
Fedora 19 Security Update: rubygem-httpclient-2.4.0-2.fc19
Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation
Fedora 20 Security Update: openssl-1.0.1e-40.fc20
Resolved Bugs
1152850 – CVE-2014-3566 openssl: Padding Oracle On Downgraded Legacy Encryption attack [fedora-all]<br
Update fixing three moderate security issues.
Fedora 20 Security Update: devscripts-2.14.10-1.fc20
Resolved Bugs
1059947 – CVE-2014-1833 devscripts: directory traversal flaw in uupdate
1059948 – devscripts: directory traversal flaw in uupdate [fedora-20]<br
Update to version 2.14.10, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.10_changelog for details.
Update to version 2.14.9, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.9_changelog for details.
Update to version 2.14.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.8_changelog for details. Fixes CVE-2014-1833.
Update to version 2.14.9, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.9_changelog for details.
Update to version 2.14.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.8_changelog for details. Fixes CVE-2014-1833.
Fedora 19 Security Update: drupal7-7.32-1.fc19
Resolved Bugs
1153402 – CVE-2014-3704 drupal7: SQL injection leading to code execution and privilege escalation (SA-CORE-2014-005)
1153403 – CVE-2014-3704 drupal7: SQL injection leading to code execution and privilege escalation (SA-CORE-2014-005) [fedora-all]<br
Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3704
Fedora 19 Security Update: java-1.8.0-openjdk-1.8.0.25-0.b18.fc19
Updated to security u25.
Security bugs are same as for http://blog.fuseyism.com/index.php/2014/10/15/security-icedtea-2-5-3-for-openjdk-7-released/
Fedora 19 Security Update: libxml2-2.9.1-2.fc19
Resolved Bugs
1149084 – CVE-2014-3660 libxml2: denial of service via recursive entity expansion<br
New variants for the billion laugh DOS attacks
Fedora 20 Security Update: kernel-3.16.6-200.fc20
Resolved Bugs
1151108 – CVE-2014-7975 Kernel: fs: umount denial of service
1152025 – CVE-2014-7975 Kernel: fs: umount denial of service [fedora-all]
1151095 – CVE-2014-7970 Kernel: fs: VFS denial of service
1151484 – CVE-2014-7970 Kernel: fs: VFS denial of service [fedora-all]
1149414 – bcache Oops at bch_btree_node_read_done+0x4c/0x450 [bcache]
1149509 – [PATCH] Apply quirk for elan touchscreens<br
The 3.16.6 stable update contains a number of important fixes across the tree.
Fedora 19 Security Update: thunderbird-31.2.0-1.fc19
For list of changes see: https://www.mozilla.org/en-US/thunderbird/31.2.0/releasenotes/
For release notes and fixed issues see here: https://www.mozilla.org/en-US/thunderbird/31.1.1/releasenotes/