Category Archives: Fedora

Fedora – Security Updates

Fedora

phpMyAdmin-4.0.10.19-1.el6

Leave a comment

phpMyAdmin 4.0.10.19 (2017-01-23)
=================================

This release includes many security fixes of various levels of severity. For full information on the vulnerabilities fixed and mitigation factors for users who are unable to upgrade, refer to the ChangeLog file included with this release and the security announcements at https://www.phpmyadmin.net/security/

Fedora

phpMyAdmin-4.4.15.10-1.el7

Leave a comment

phpMyAdmin 4.4.15.10 (2017-01-23)
=================================

This release includes many security fixes of various levels of severity. For full information on the vulnerabilities fixed and mitigation factors for users who are unable to upgrade, refer to the ChangeLog file included with this release and the security announcements at https://www.phpmyadmin.net/security/

Fedora

openssl101e-1.0.1e-10.el5

Leave a comment

OpenSSL
=======

Security Fixes
————–

* An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731)
* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610)
* The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve operations and modular inversion. A software defect omits setting the BN_FLG_CONSTTIME flag for nonces, failing to take a secure code path in the BN_mod_inverse method and therefore resulting in a cache-timing attack vulnerability. A malicious user with local access can recover ECDSA P-256 private keys. (CVE-2016-7056)