Resolved Bugs
1150283 – KDE logout never completes
1114192 – SELinux is preventing /usr/bin/sddm from ‘write’ accesses on the file .
1119777 – PrivateTmp makes files invisible for the same user
1123506 – sddm startup is slow
1125129 – SELinux is preventing sddm from ‘write’ accesses on the file /etc/sddm.conf.
1140386 – SDDM login screen is not reached.
1112841 – Cannot log into account with NFS home directory
1128463 – sddm does not open kde wallet with pam_wallet.so
1128465 – sddm does not run /etc/X11/xinit/Xsession
1149608 – CVE-2014-7271 sddm: user “sddm” can login without authentication.
1149628 – CVE-2014-7271 sddm: user “sddm” can login without authentication. [fedora-all]
1148659 – sddm: multiple flaws in SDDM display manager leading to privilege escalation to root
1148660 – sddm: multiple flaws in SDDM display manager leading to privilege escalation to root [fedora-all]
1149610 – CVE-2014-7272 sddm: several local privileges escalation issues
1149629 – CVE-2014-7272 sddm: several local privileges escalation issues [fedora-all]<br
Bump to latest upstream git (and a new release), fixes CVE-2014-7271 and CVE-2014-7272
Category Archives: Fedora
Fedora – Security Updates
Fedora 20 Security Update: php-ZendFramework-1.12.9-1.fc20
Resolved Bugs
1151278 – php-ZendFramework2: various flaws [fedora-all]
1151276 – CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP without knowing the password (ZF2014-05)
1151277 – CVE-2014-8089 php-ZendFramework: SQL injection issue when using the sqlsrv PHP extension (ZF2014-06)<br
Contains fixes for two security relevant bugs:
* “ZF2014-05: Anonymous authentication in ldap_bind() function of PHP, using null byte” (http://framework.zend.com/security/advisory/ZF2014-05)
* “ZF2014-06: SQL injection vector when manually quoting values for sqlsrv extension, using null byte” (http://framework.zend.com/security/advisory/ZF2014-06)
Fedora 21 Security Update: openstack-cinder-2014.1.3-1.fc21
Fedora 19 Security Update: sddm-0.9.0-2.20141007git6a28c29b.fc19
Resolved Bugs
1114192 – SELinux is preventing /usr/bin/sddm from ‘write’ accesses on the file .
1119777 – PrivateTmp makes files invisible for the same user
1123506 – sddm startup is slow
1125129 – SELinux is preventing sddm from ‘write’ accesses on the file /etc/sddm.conf.
1140386 – SDDM login screen is not reached.
1112841 – Cannot log into account with NFS home directory
1128463 – sddm does not open kde wallet with pam_wallet.so
1128465 – sddm does not run /etc/X11/xinit/Xsession
1149608 – CVE-2014-7271 sddm: user “sddm” can login without authentication.
1149628 – CVE-2014-7271 sddm: user “sddm” can login without authentication. [fedora-all]
1148659 – sddm: multiple flaws in SDDM display manager leading to privilege escalation to root
1148660 – sddm: multiple flaws in SDDM display manager leading to privilege escalation to root [fedora-all]
1149610 – CVE-2014-7272 sddm: several local privileges escalation issues
1149629 – CVE-2014-7272 sddm: several local privileges escalation issues [fedora-all]
1034414 – KDE live images with sddm > 0.2.0-0.14.20130914git50ca5b20 often boot to a blank screen (SDDM fails to start)
1035939 – sddm fails at login
1035950 – SDDM hangs with auto login enabled
1036308 – sddm use 100% of CPU and do not continue after login/pass and ‘enter’
1038548 – sddm-greeter after login not closing
1045722 – [abrt] sddm: SDDM::DisplayManager::RemoveSession(): sddm killed by SIGSEGV
1045937 – sddm causes plasma-nm to not attempt to connect to any listed networks on Fedora KDE
1065715 – [abrt] sddm: _pam_free_data(): sddm killed by SIGABRT
1082229 – Cannot log in to KDE after yum update
1007067 – Empty userlist with ldap/sssd
1027711 – failed to login when try to start a new sessoin
1031745 – SDDM turns on NUM LOCK
1008951 – New KDE session starts just after Logout
1016902 – session does not grant privileges for /dev/dri/card0
1031415 – [abrt] sddm-0.2.0-0.16.20130914git50ca5b20.fc20: __memcpy_sse2_unaligned: Process /usr/bin/sddm was killed by signal 11 (SIGSEGV)
1020921 – sddm does not use full screen on two monitor system<br
Bump to latest upstream git (and a new release), fixes CVE-2014-7271 and CVE-2014-7272
Sync to the newest upstream development, fixes authentication
Fedora 21 Security Update: wireshark-1.12.1-1.fc21
Resolved Bugs
1142602 – CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19)
1142603 – CVE-2014-6428 wireshark: SES dissector crash (wnpa-sec-2014-18)
1142604 – CVE-2014-6427 wireshark: RTSP dissector crash (wnpa-sec-2014-17)
1142609 – CVE-2014-6424 wireshark: Netflow dissector crash (wnpa-sec-2014-14)
1142610 – CVE-2014-6423 wireshark: MEGACO dissector infinite loop (wnpa-sec-2014-13)
1142611 – CVE-2014-6421 CVE-2014-6422 wireshark: RTP dissector crash (wnpa-sec-2014-12)
1150080 – CVE-2014-6430 et.al. applies to F21 version of wireshark too<br
Ver. 1.12.1
Fedora 19 Security Update: php-ZendFramework-1.12.9-1.fc19
Resolved Bugs
1151278 – php-ZendFramework2: various flaws [fedora-all]
1151276 – CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP without knowing the password (ZF2014-05)
1151277 – CVE-2014-8089 php-ZendFramework: SQL injection issue when using the sqlsrv PHP extension (ZF2014-06)<br
Contains fixes for two security relevant bugs:
* “ZF2014-05: Anonymous authentication in ldap_bind() function of PHP, using null byte” (http://framework.zend.com/security/advisory/ZF2014-05)
* “ZF2014-06: SQL injection vector when manually quoting values for sqlsrv extension, using null byte” (http://framework.zend.com/security/advisory/ZF2014-06)
Fedora 21 Security Update: php-ZendFramework-1.12.9-1.fc21
Resolved Bugs
1151278 – php-ZendFramework2: various flaws [fedora-all]
1151276 – CVE-2014-8088 php-ZendFramework: null byte issue, connect to LDAP without knowing the password (ZF2014-05)
1151277 – CVE-2014-8089 php-ZendFramework: SQL injection issue when using the sqlsrv PHP extension (ZF2014-06)<br
Contains fixes for two security relevant bugs:
* “ZF2014-05: Anonymous authentication in ldap_bind() function of PHP, using null byte” (http://framework.zend.com/security/advisory/ZF2014-05)
* “ZF2014-06: SQL injection vector when manually quoting values for sqlsrv extension, using null byte” (http://framework.zend.com/security/advisory/ZF2014-06)
Fedora 20 Security Update: sddm-0.9.0-2.20141007git6a28c29b.fc20
Resolved Bugs
1114192 – SELinux is preventing /usr/bin/sddm from ‘write’ accesses on the file .
1119777 – PrivateTmp makes files invisible for the same user
1123506 – sddm startup is slow
1125129 – SELinux is preventing sddm from ‘write’ accesses on the file /etc/sddm.conf.
1140386 – SDDM login screen is not reached.
1112841 – Cannot log into account with NFS home directory
1128463 – sddm does not open kde wallet with pam_wallet.so
1128465 – sddm does not run /etc/X11/xinit/Xsession
1149608 – CVE-2014-7271 sddm: user “sddm” can login without authentication.
1149628 – CVE-2014-7271 sddm: user “sddm” can login without authentication. [fedora-all]
1148659 – sddm: multiple flaws in SDDM display manager leading to privilege escalation to root
1148660 – sddm: multiple flaws in SDDM display manager leading to privilege escalation to root [fedora-all]
1149610 – CVE-2014-7272 sddm: several local privileges escalation issues
1149629 – CVE-2014-7272 sddm: several local privileges escalation issues [fedora-all]<br
Bump to latest upstream git (and a new release), fixes CVE-2014-7271 and CVE-2014-7272
Fedora 20 Security Update: mediawiki-1.23.5-1.fc20
Resolved Bugs
1148675 – CVE-2014-7295 mediawiki: remove separation of css and js module allowance issue fixed in versions 1.19.20, 1.22.12, and 1.23.5.
1148676 – mediawiki: remove separation of css and js module allowance issue fixed in versions 1.19.20, 1.22.12, and 1.23.5. [fedora-all]<br
* CVE-2014-7295 (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance.
Fedora 19 Security Update: mediawiki-1.23.5-1.fc19
Resolved Bugs
1148675 – CVE-2014-7295 mediawiki: remove separation of css and js module allowance issue fixed in versions 1.19.20, 1.22.12, and 1.23.5.
1148676 – mediawiki: remove separation of css and js module allowance issue fixed in versions 1.19.20, 1.22.12, and 1.23.5. [fedora-all]<br
* CVE-2014-7295 (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance.