New upstream version – Firefox 33.
Update to the latest upstream 32.0.2.
Monthly Archives: October 2014
Fedora 19 Security Update: openssl-1.0.1e-40.fc19
Resolved Bugs
1152850 – CVE-2014-3566 openssl: Padding Oracle On Downgraded Legacy Encryption attack [fedora-all]<br
Update fixing three moderate security issues.
Fedora 20 Security Update: php-5.5.18-1.fc20
16 Oct 2014, PHP 5.5.18
Core:
* Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk)
* Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). (Christian Wenz)
* Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). (Nikita)
* Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol)
* Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas)
cURL:
* Fixed bug #68089 (NULL byte injection – cURL lib). (Stas)
EXIF:
* Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas)
FPM:
* Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). (Remi)
OpenSSL:
* Revert regression introduced by fix of bug #41631
Reflection:
* Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi)
Session:
* Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam)
XMLRPC:
* Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas)
Fedora 19 Security Update: firefox-33.0-1.fc19
New upstream version – Firefox 33.
Update to the latest upstream 32.0.2.
Fedora 20 Security Update: libxml2-2.9.1-3.fc20
Resolved Bugs
1149084 – CVE-2014-3660 libxml2: denial of service via recursive entity expansion<br
New variants for the billion laugh DOS attacks
Fedora 20 Security Update: thunderbird-31.2.0-1.fc20
For list of changes see: https://www.mozilla.org/en-US/thunderbird/31.2.0/releasenotes/
For release notes and fixed issues see here: https://www.mozilla.org/en-US/thunderbird/31.1.1/releasenotes/
Fedora 20 Security Update: deluge-1.3.10-1.fc20
Resolved Bugs
1153456 – deluge-web is vulnerable to POODLE<br
update to 1.3.10
Google Releases Security Updates for Chrome and Chrome OS
Original release date: October 16, 2014
Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, one of which could potentially allow an attacker to take control of the affected system.
Updates available include:
- Chrome 38.0.2125.104 for Windows, Mac and Linux
- Chrome OS 38.0.2125.108 for all Chrome OS devices except Chromeboxes
Users and administrators are encouraged to review the Google Chrome blog entries 1, and 2, and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
FBI Director To Citizens: Let Us Spy On You
CESA-2014:1652 Important CentOS 6 opensslSecurity Update
CentOS Errata and Security Advisory 2014:1652
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
i386
-----------------------------
5898ac3179dfdd904c352badd79b6f5ec702315f4bc7b8989de8f114304fbd78 openssl-1.0.1e-30.el6_5.2.i686.rpm
dcc5d47340d69f53af592a92282df89ef3bd4705ce34f4a57a93d211e93cfd7d openssl-devel-1.0.1e-30.el6_5.2.i686.rpm
dc42eb136b3cfef78d590d4ab29d36e5e5951bc9433d20d5ca633033d960a00d openssl-perl-1.0.1e-30.el6_5.2.i686.rpm
95e67f00f7d58348e5f0df6ac74d7baecb9d5fc214d58ad257a14bec353219a3 openssl-static-1.0.1e-30.el6_5.2.i686.rpm
-----------------------------
X86_64
-----------------------------
5898ac3179dfdd904c352badd79b6f5ec702315f4bc7b8989de8f114304fbd78 openssl-1.0.1e-30.el6_5.2.i686.rpm
17bfdb52afcb2ebaa16875819b9d8d2f3dc84eb061ee3e194da14e286bc76029 openssl-1.0.1e-30.el6_5.2.x86_64.rpm
dcc5d47340d69f53af592a92282df89ef3bd4705ce34f4a57a93d211e93cfd7d openssl-devel-1.0.1e-30.el6_5.2.i686.rpm
7c390aab888c07887fc783686f42216711665738e58c2b23029748292dd0f96d openssl-devel-1.0.1e-30.el6_5.2.x86_64.rpm
dfdcf88163743d5f4fda06a69cba00b822b73ba66aa5841faf8c0e9841b91bcb openssl-perl-1.0.1e-30.el6_5.2.x86_64.rpm
0f8cc0615d96d4d7e74b5ffc109143873510406dbb6be679d4ab94bd4f731cdb openssl-static-1.0.1e-30.el6_5.2.x86_64.rpm
-----------------------------
Source:
-----------------------------
1a1c3ed0d8eb5775d89b726e7f19ff2d8b52b7ef27f6e36260e83ffc40328460 openssl-1.0.1e-30.el6_5.2.src.rpm
=====================================================
The following upstream security issues are addressed in this update:
https://rhn.redhat.com/errata/RHSA-2014-1652.html
=====================================================
NOTE: This update is released into the CentOS-6.5 tree and has a .el6_5 dist
tag, *NOT* the .el6_6 dist tag that Red Hat used for RHEL in the link above.
This update was built against 'CentOS-6.5 + updates' and that is where it is
intended to be used.
The CentOS team will build and release a openssl-1.0.1e-30.el6_6.2.src.rpm as
a zero day update to CentOS-6.6 when that is released as we are currently
building CentOS-6.6 from the released Red Hat Enterprise Linux sources.
Please also note that even after installing this update, further action is
required to mitigate the POODLE issue on CentOS-6. Please see this link for
steps to take and ways to test for both the POODLE and TLS_FALLBACK_SCSV issues.
http://wiki.centos.org/Security/POODLE
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net