Category Archives: Fedora

Fedora – Security Updates

Fedora

webkitgtk4-2.14.3-1.fc24

This update addresses the following vulnerabilities:

* [CVE-2016-7656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7656), [CVE-2016-7635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7635), [CVE-2016-7654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7654), [CVE-2016-7639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7639), [CVE-2016-7645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7645), [CVE-2016-7652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7652), [CVE-2016-7641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7641), [CVE-2016-7632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7632), [CVE-2016-7599](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7599), [CVE-2016-7592](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7592), [CVE-2016-7589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7589), [CVE-2016-7623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7623), [CVE-2016-7586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7586)

Additional fixes:

* Create GLX OpenGL contexts using version 3.2 (core profile) when available to reduce the memory consumption on Mesa based drivers.
* Improve memory pressure handler to reduce the CPU usage on memory pressure situations.
* Fix a regression in WebKitWebView title notify signal emission that caused the signal to be emitted multiple times.
* Fix high CPU usage in the web process loading hyphenation dictionaries.
More user agent string improvements to improve compatibility with several websites.
* Fix web process crash when closing the web view in X11.
* Fix the build with OpenGL ES2 enabled.
* Fix several crashes and rendering issues.

Translation updates:

* German.

Fedora

webkitgtk4-2.14.3-1.fc25

This update addresses the following vulnerabilities:

* [CVE-2016-7656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7656), [CVE-2016-7635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7635), [CVE-2016-7654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7654), [CVE-2016-7639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7639), [CVE-2016-7645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7645), [CVE-2016-7652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7652), [CVE-2016-7641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7641), [CVE-2016-7632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7632), [CVE-2016-7599](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7599), [CVE-2016-7592](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7592), [CVE-2016-7589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7589), [CVE-2016-7623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7623), [CVE-2016-7586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7586)

Additional fixes:

* Create GLX OpenGL contexts using version 3.2 (core profile) when available to reduce the memory consumption on Mesa based drivers.
* Improve memory pressure handler to reduce the CPU usage on memory pressure situations.
* Fix a regression in WebKitWebView title notify signal emission that caused the signal to be emitted multiple times.
* Fix high CPU usage in the web process loading hyphenation dictionaries.
More user agent string improvements to improve compatibility with several websites.
* Fix web process crash when closing the web view in X11.
* Fix the build with OpenGL ES2 enabled.
* Fix several crashes and rendering issues.

Translation updates:

* German.

Fedora

pdns-4.0.3-1.fc24

– Update to 4.0.3
– Security fix for CVE-2016-2120, CVE-2016-7068, CVE-2016-7072, CVE-2016-7073, CVE-2016-7074

Release notes 4.0.2: https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402
Release notes 4.0.3: https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-403

Fedora

pdns-4.0.3-1.fc25

– Update to 4.0.3
– Security fix for CVE-2016-2120, CVE-2016-7068, CVE-2016-7072, CVE-2016-7073, CVE-2016-7074

Release notes 4.0.2: https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402
Release notes 4.0.3: https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-403

Fedora

qemu-2.7.1-2.fc25

* CVE-2016-6836: vmxnet: Information leakage in vmxnet3_complete_packet (bz #1366370)
* CVE-2016-7909: pcnet: Infinite loop in pcnet_rdra_addr (bz #1381196)
* CVE-2016-7994: virtio-gpu: memory leak in resource_create_2d (bz #1382667)
* CVE-2016-8577: 9pfs: host memory leakage in v9fs_read (bz #1383286)
* CVE-2016-8578: 9pfs: potential NULL dereferencein 9pfs routines (bz #1383292)
* CVE-2016-8668: OOB buffer access in rocker switch emulation (bz #1384898)
* CVE-2016-8669: divide by zero error in serial_update_parameters (bz #1384911)
* CVE-2016-8909: intel-hda: infinite loop in dma buffer stream (bz #1388053)
* Infinite loop vulnerability in a9_gtimer_update (bz #1388300)
* CVE-2016-9101: eepro100: memory leakage at device unplug (bz #1389539)
* CVE-2016-9103: 9pfs: information leakage via xattr (bz #1389643)
* CVE-2016-9102: 9pfs: memory leakage when creating extended attribute (bz #1389551)
* CVE-2016-9104: 9pfs: integer overflow leading to OOB access (bz #1389687)
* CVE-2016-9105: 9pfs: memory leakage in v9fs_link (bz #1389704)
* CVE-2016-9106: 9pfs: memory leakage in v9fs_write (bz #1389713)
* CVE-2016-9381: xen: incautious about shared ring processing (bz #1397385)
* CVE-2016-9921: Divide by zero vulnerability in cirrus_do_copy (bz #1399054)
* CVE-2016-9776: infinite loop while receiving data in mcf_fec_receive (bz #1400830)
* CVE-2016-9845: information leakage in virgl_cmd_get_capset_info (bz #1402247)
* CVE-2016-9846: virtio-gpu: memory leakage while updating cursor data (bz #1402258)
* CVE-2016-9907: usbredir: memory leakage when destroying redirector (bz #1402266)
* CVE-2016-9911: usb: ehci: memory leakage in ehci_init_transfer (bz #1402273)
* CVE-2016-9913: 9pfs: memory leakage via proxy/handle callbacks (bz #1402277)
* CVE-2016-10028: virtio-gpu-3d: OOB access while reading virgl capabilities (bz #1406368)
* CVE-2016-9908: virtio-gpu: information leakage in virgl_cmd_get_capset (bz #1402263)
* CVE-2016-9912: virtio-gpu: memory leakage when destroying gpu resource (bz #1402285)