Updated dbus packages fix multiple vulnerabilities:

A denial of service vulnerability in D-Bus before 1.6.20 allows a
local attacker to cause a bus-activated service that is not currently
running to attempt to start, and fail, denying other users access to
this service Additionally, in highly unusual environments the same
flaw could lead to a side channel between processes that should not
be able to communicate (CVE-2014-3477).

A flaw was reported in D-Bus’s file descriptor passing feature. A
local attacker could use this flaw to cause a service or application
to disconnect from the bus, typically resulting in that service or
application exiting (CVE-2014-3532).

A flaw was reported in D-Bus’s file descriptor passing feature. A local
attacker could use this flaw to cause an invalid file descriptor to be
forwarded to a service or application, causing it to disconnect from
the bus, typically resulting in that service or application exiting
(CVE-2014-3533).

On 64-bit platforms, file descriptor passing could be abused by local
users to cause heap corruption in dbus-daemon, leading to a crash,
or potentially to arbitrary code execution (CVE-2014-3635).

A denial-of-service vulnerability in dbus-daemon allowed local
attackers to prevent new connections to dbus-daemon, or disconnect
existing clients, by exhausting descriptor limits (CVE-2014-3636).

Malicious local users could create D-Bus connections to dbus-daemon
which could not be terminated by killing the participating processes,
resulting in a denial-of-service vulnerability (CVE-2014-3637).

dbus-daemon suffered from a denial-of-service vulnerability in the
code which tracks which messages expect a reply, allowing local
attackers to reduce the performance of dbus-daemon (CVE-2014-3638).

dbus-daemon did not properly reject malicious connections from local
users, resulting in a denial-of-service vulnerability (CVE-2014-3639).

The patch issued by the D-Bus maintainers for CVE-2014-3636 was
based on incorrect reasoning, and does not fully prevent the attack
described as CVE-2014-3636 part A, which is repeated below. Preventing
that attack requires raising the system dbus-daemon’s RLIMIT_NOFILE
(ulimit -n) to a higher value.

By queuing up the maximum allowed number of fds, a malicious sender
could reach the system dbus-daemon’s RLIMIT_NOFILE (ulimit -n,
typically 1024 on Linux). This would act as a denial of service in
two ways:

* new clients would be unable to connect to the dbus-daemon

* when receiving a subsequent message from a non-malicious client
that contained a fd, dbus-daemon would receive the MSG_CTRUNC flag,
indicating that the list of fds was truncated; kernel fd-passing
APIs do not provide any way to recover from that, so dbus-daemon
responds to MSG_CTRUNC by disconnecting the sender, causing denial
of service to that sender.

This update resolves the issue (CVE-2014-7824).

non-systemd processes can make dbus-daemon think systemd failed to
activate a system service, resulting in an error reply back to the
requester, causing a local denial of service (CVE-2015-0245).

Updated ctdb packages fix security vulnerability:

ctdb before 2.5 is vulnerable to symlink attacks to due the
use of predictable filenames in /tmp, such as /tmp/ctdb.socket
(CVE-2013-4159).

Updated ctags package fixes security vulnerability:

A denial of service issue was discovered in ctags 5.8. A remote
attacker could cause excessive CPU usage and disk space consumption
via a crafted JavaScript file by triggering an infinite loop
(CVE-2014-7204).

Updated coreutils packages fix security vulnerability:

Bertrand Jacquin and Fiedler Roman discovered date and touch
incorrectly handled user-supplied input. An attacker could possibly
use this to cause a denial of service or potentially execute code
(CVE-2014-9471).

Updated ffmpeg packages fix security vulnerabilities:

The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before
2.0.4 does not properly validate a certain bits-per-sample value, which
allows remote attackers to cause a denial of service (out-of-bounds
array access) or possibly have unspecified other impact via crafted
TAK (aka Tom’s lossless Audio Kompressor) data (CVE-2014-2097).

libavcodec/wmalosslessdec.c in FFmpeg before 2.0.4 uses an incorrect
data-structure size for certain coefficients, which allows remote
attackers to cause a denial of service (memory corruption) or possibly
have unspecified other impact via crafted WMA data (CVE-2014-2098).

The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before
2.0.4 does not properly calculate line sizes, which allows remote
attackers to cause a denial of service (out-of-bounds array access)
or possibly have unspecified other impact via crafted Microsoft RLE
video data (CVE-2014-2099).

The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)
muxer (libavformat/mpegtsenc.c) in FFmpeg before 2.0.4 allows remote
attackers to have unspecified impact and vectors, which trigger an
out-of-bounds write (CVE-2014-2263).

An integer overflow in LZO decompression in FFmpeg before 2.0.5 allows
remote attackers to have an unspecified impact by embedding compressed
data in a video file (CVE-2014-4610).

A heap-based buffer overflow in the encode_slice function in
libavcodec/proresenc_kostya.c in FFmpeg before 2.0.6 can cause a
crash, allowing a malicious image file to cause a denial of service
(CVE-2014-5271).

libavcodec/iff.c in FFmpeg before 2.0.6 allows an attacker to have
an unspecified impact via a crafted iff image, which triggers an
out-of-bounds array access, related to the rgb8 and rgbn formats
(CVE-2014-5272).

libavcodec/mjpegdec.c in FFmpeg before 2.0.6 considers only dimension
differences, and not bits-per-pixel differences, when determining
whether an image size has changed, which allows remote attackers to
cause a denial of service (out-of-bounds access) or possibly have
unspecified other impact via crafted MJPEG data (CVE-2014-8541).

libavcodec/utils.c in FFmpeg before 2.0.6 omits a certain codec ID
during enforcement of alignment, which allows remote attackers to
cause a denial of service (out-of-bounds access) or possibly have
unspecified other impact via crafted JV data (CVE-2014-8542).

libavcodec/mmvideo.c in FFmpeg before 2.0.6 does not consider all lines
of HHV Intra blocks during validation of image height, which allows
remote attackers to cause a denial of service (out-of-bounds access)
or possibly have unspecified other impact via crafted MM video data
(CVE-2014-8543).

libavcodec/tiff.c in FFmpeg before 2.0.6 does not properly validate
bits-per-pixel fields, which allows remote attackers to cause a denial
of service (out-of-bounds access) or possibly have unspecified other
impact via crafted TIFF data (CVE-2014-8544).

libavcodec/pngdec.c in FFmpeg before 2.0.6 accepts the monochrome-black
format without verifying that the bits-per-pixel value is 1, which
allows remote attackers to cause a denial of service (out-of-bounds
access) or possibly have unspecified other impact via crafted PNG data
(CVE-2014-8545).

Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.0.6 allows
remote attackers to cause a denial of service (out-of-bounds access)
or possibly have unspecified other impact via crafted Cinepak video
data (CVE-2014-8546).

libavcodec/gifdec.c in FFmpeg before 2.0.6 does not properly compute
image heights, which allows remote attackers to cause a denial of
service (out-of-bounds access) or possibly have unspecified other
impact via crafted GIF data (CVE-2014-8547).

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.0.6 allows
remote attackers to cause a denial of service (out-of-bounds access) or
possibly have unspecified other impact via crafted Quicktime Graphics
(aka SMC) video data (CVE-2014-8548).

This updates provides ffmpeg version 2.0.6, which fixes these issues
and several other bugs which were corrected upstream.

Updated erlang packages fixes security vulnerability:

An FTP command injection flaw was found in Erlang’s FTP module. Several
functions in the FTP module do not properly sanitize the input before
passing it into a control socket. A local attacker can use this flaw
to execute arbitrary FTP commands on a system that uses this module
(CVE-2014-1693).

This update also disables SSLv3 by default to mitigate the POODLE
issue.

Updated ejabberd packages fix security vulnerability:

A flaw was discovered in ejabberd that allows clients to connect
with an unencrypted connection even if starttls_required is set
(CVE-2014-8760).

Updated firebird packages fix a remote denial of service vulnerability:

These update fix the recently discovered security vulnerability
(CORE-4630) that may be used for a remote DoS attack performed by
unauthorized users (CVE-2014-9492).

Updated glibc packages fix security vulnerabilities:

Stephane Chazelas discovered that directory traversal issue in locale
handling in glibc. glibc accepts relative paths with .. components
in the LC_* and LANG variables. Together with typical OpenSSH
configurations (with suitable AcceptEnv settings in sshd_config),
this could conceivably be used to bypass ForceCommand restrictions
(or restricted shells), assuming the attacker has sufficient level
of access to a file system location on the host to create crafted
locale definitions there (CVE-2014-0475).

David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where
posix_spawn_file_actions_addopen fails to copy the path argument
(glibc bz #17048) which can, in conjunction with many common memory
management techniques from an application, lead to a use after free,
or other vulnerabilities (CVE-2014-4043).

This update also fixes the following issues: x86: Disable x87 inline
functions for SSE2 math (glibc bz #16510) malloc: Fix race in free()
of fastbin chunk (glibc bz #15073)

Tavis Ormandy discovered a heap-based buffer overflow in the
transliteration module loading code. As a result, an attacker who can
supply a crafted destination character set argument to iconv-related
character conversation functions could achieve arbitrary code
execution.

This update removes support of loadable gconv transliteration
modules. Besides the security vulnerability, the module loading code
had functionality defects which prevented it from working for the
intended purpose (CVE-2014-5119).

Adhemerval Zanella Netto discovered out-of-bounds reads in additional
code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
that can be used to crash the systems, causing a denial of service
conditions (CVE-2014-6040).

The function wordexp() fails to properly handle the WRDE_NOCMD
flag when processing arithmetic inputs in the form of “$((… ))”
where “…” can be anything valid. The backticks in the arithmetic
epxression are evaluated by in a shell even if WRDE_NOCMD forbade
command substitution. This allows an attacker to attempt to pass
dangerous commands via constructs of the above form, and bypass the
WRDE_NOCMD flag. This update fixes the issue (CVE-2014-7817).

The vfprintf function in stdio-common/vfprintf.c in GNU C Library
(aka glibc) 2.5, 2.12, and probably other versions does not properly
restrict the use of the alloca function when allocating the SPECS
array, which allows context-dependent attackers to bypass the
FORTIFY_SOURCE format-string protection mechanism and cause a denial
of service (crash) or possibly execute arbitrary code via a crafted
format string using positional parameters and a large number of format
specifiers (CVE-2012-3406).

The nss_dns implementation of getnetbyname could run into an infinite
loop if the DNS response contained a PTR record of an unexpected format
(CVE-2014-9402).

Also glibc lock elision (new feature in glibc 2.18) has been disabled
as it can break glibc at runtime on newer Intel hardware (due to
hardware bug)

Under certain conditions wscanf can allocate too little memory
for the to-be-scanned arguments and overflow the allocated buffer
(CVE-2015-1472).

The incorrect use of “__libc_use_alloca (newsize)” caused a different
(and weaker) policy to be enforced which could allow a denial of
service attack (CVE-2015-1473).

Updated git packages fix security vulnerability:

It was reported that git, when used as a client on a case-insensitive
filesystem, could allow the overwrite of the .git/config file when
the client performed a git pull. Because git permitted committing
.Git/config (or any case variation), on the pull this would replace the
user’s .git/config. If this malicious config file contained defined
external commands (such as for invoking and editor or an external diff
utility) it could allow for the execution of arbitrary code with the
privileges of the user running the git client (CVE-2014-9390).