Updated perl and perl-Data-Dumper packages fixes security
vulnerability:
The Dumper method in Data::Dumper before 2.154, allows
context-dependent attackers to cause a denial of service (stack
consumption and crash) via an Array-Reference with many nested
Array-References, which triggers a large number of recursive calls
to the DD_dump function (CVE-2014-4330).
The Data::Dumper module bundled with perl and the perl-Data-Dumper
packages has been updated to fix this issue.
Updated mediawiki packages fix security vulnerability:
MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to
JavaScript injection via CSS in uploaded SVG files (CVE-2014-7199).
MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to
JavaScript injection via user-specificed CSS in certain special pages
(CVE-2014-7295).
Updated python packages fix security vulnerability:
Python before 2.7.8 is vulnerable to an integer overflow in the buffer
type (CVE-2014-7185).
Updated rsyslog packages fix security vulnerability:
Rainer Gerhards, the rsyslog project leader, reported a vulnerability
in Rsyslog. As a consequence of this vulnerability an attacker can send
malformed messages to a server, if this one accepts data from untrusted
sources, and trigger a denial of service attack (CVE-2014-3634).
Red Hat Enterprise Linux: Updated rsyslog5 and rsyslog packages that fix one security issue are now
available for Red Hat Enterprise Linux 5 and 6 respectively.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-3634
Red Hat Enterprise Linux: Updated qemu-kvm-rhev packages that fix one security issue and one bug are
now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-3615
Red Hat Enterprise Linux: Updated qemu-kvm packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-3615
Red Hat Enterprise Linux: New PyYAML packages are now available for Red Hat Enterprise Linux 6.
Red Hat Enterprise Linux: An updated rhel-guest-image package that includes bash packages that are
not vulnerable to the CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and
CVE-2014-7187 issues is now available for Red Hat Enterprise Linux 6.
Red Hat Enterprise Linux: Updated libipathverbs packages that fix one bug are now available for Red Hat
Enterprise Linux 6.