Resolved Bugs
1144825 – CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled
1156534 – CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled [fedora-all]
1111138 – TouchPad not recognized on fujitsu A544
1156518 – CVE-2014-8369 kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path
1156522 – CVE-2014-8369 kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path [fedora-all]
1144883 – CVE-2014-3610 kernel: kvm: noncanonical MSR writes
1156543 – CVE-2014-3610 kernel: kvm: noncanonical MSR writes [fedora-all]
1144878 – CVE-2014-3611 kernel: kvm: PIT timer race condition
1156537 – CVE-2014-3611 kernel: kvm: PIT timer race condition [fedora-all]<br
More KVM CVE fixes.
Monthly Archives: October 2014
Fedora 20 Security Update: Pound-2.6-8.fc20
Backport various security fixes.
Note they usually are extra options that need
to be enabled manually so that we won’t break functionality:
– CVE-2011-3389: Make it possible to deny use of “BEAST” vulnerable ciphers
– CVE-2012-4929: Disable compression to be safe from “CRIME”
– CVE-2005-2090: Chunked encofing response splitting (no awkward name here)
– CVE-2014-3566: Allow disabling SSLv3 (and others), to be safe from “POODLE”
– A redirect XSS fix
Fedora 19 Security Update: hostapd-2.0-5.fc19
Fedora 20 Security Update: subscription-manager-1.13.6-1.fc20,python-rhsm-1.13.6-1.fc20
New features:
– Send list of compliance reasons on dbus
– Added client-side support for –matches on the list command.
Security:
– 1153375: Support TLSv1.2 and v1.1 by default. (CVE-2014-3566)
Bug fixes:
– 1120772: Don’t traceback on missing /ostree/repo
– 1094747: add appdata metdata file
– 1122107: Clarify registration –consumerid option in manpage.
– 1151925: Improved filtered listing output when results are empty.
– 990183: Add a manpage for rhsm.conf
Fedora 20 Security Update: hostapd-2.3-1.fc20
Resolved Bugs
1151259 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue
1151260 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue [fedora-all]<br
Security fix for CVE-2014-3686. Update to version 2.3 from upstream
Fedora 19 Security Update: seamonkey-2.30-1.fc19
Resolved Bugs
1154003 – seamonkey-2.30 is available<br
Update to 2.30
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.
Fedora 19 Security Update: Pound-2.6-8.fc19
Backport various security fixes.
Note they usually are extra options that need
to be enabled manually so that we won’t break functionality:
– CVE-2011-3389: Make it possible to deny use of “BEAST” vulnerable ciphers
– CVE-2012-4929: Disable compression to be safe from “CRIME”
– CVE-2005-2090: Chunked encofing response splitting (no awkward name here)
– CVE-2014-3566: Allow disabling SSLv3 (and others), to be safe from “POODLE”
– A redirect XSS fix
Fedora 20 Security Update: wss4j-1.6.17-1.fc20
Resolved Bugs
1157304 – CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
1157306 – CVE-2014-3623 wss4j: Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods [fedora-all]<br
Security fix for CVE-2014-3623
Fedora 19 Security Update: konversation-1.5-6.fc19
Windows TrackPopupMenu Win32k NULL Pointer Dereference
This Metasploit module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution. This Metasploit module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.