Category Archives: Fedora

Fedora – Security Updates

Fedora 19 Security Update: php-5.5.18-1.fc19

16 Oct 2014, PHP 5.5.18
Core:
* Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk)
* Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). (Christian Wenz)
* Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). (Nikita)
* Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol)
* Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas)
cURL:
* Fixed bug #68089 (NULL byte injection – cURL lib). (Stas)
EXIF:
* Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas)
FPM:
* Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). (Remi)
OpenSSL:
* Revert regression introduced by fix of bug #41631
Reflection:
* Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi)
Session:
* Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam)
XMLRPC:
* Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas)

Fedora 19 Security Update: kernel-3.14.22-100.fc19

Resolved Bugs
1151108 – CVE-2014-7975 Kernel: fs: umount denial of service
1152025 – CVE-2014-7975 Kernel: fs: umount denial of service [fedora-all]
1151095 – CVE-2014-7970 Kernel: fs: VFS denial of service
1151484 – CVE-2014-7970 Kernel: fs: VFS denial of service [fedora-all]<br
The 3.14.22 stable update contains a number of important fixes across the tree.
The 3.14.21 stable update contains a number of important fixes across the tree.
The 3.14.20 stable update contains a number of important fixes across the tree.

Fedora 20 Security Update: php-5.5.18-1.fc20

16 Oct 2014, PHP 5.5.18
Core:
* Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk)
* Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). (Christian Wenz)
* Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). (Nikita)
* Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol)
* Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas)
cURL:
* Fixed bug #68089 (NULL byte injection – cURL lib). (Stas)
EXIF:
* Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas)
FPM:
* Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). (Remi)
OpenSSL:
* Revert regression introduced by fix of bug #41631
Reflection:
* Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi)
Session:
* Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam)
XMLRPC:
* Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas)