CentOS Errata and Bugfix Advisory 2014:1854 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1854.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 04ed08ddb1825992d3b08e7e7aa6f6160fa9ccca70264648f2d14255a408a567 openssh-5.3p1-104.el6_6.1.i686.rpm 08c9bc5c3bf34d5ebeb2375673d83667a2b83009174eca8bbb31d41ffa697206 openssh-askpass-5.3p1-104.el6_6.1.i686.rpm 90b6d106efd2241af293d358275950480bc8cbfbfaf8a04252d3ca2f22f6b086 openssh-clients-5.3p1-104.el6_6.1.i686.rpm cc126463d9e948296f19650f62cc7e1036fd4eabeea6ff6fdb5b16e45edd299c openssh-ldap-5.3p1-104.el6_6.1.i686.rpm 3a9fdc899d5496740f2682aab4549d3d654568ca28be499635f112dc3dde4037 openssh-server-5.3p1-104.el6_6.1.i686.rpm 449e1ab7a79098f4f289a7631da5fe05dfd45b168eeece8e02c5d0120b4dc927 pam_ssh_agent_auth-0.9.3-104.el6_6.1.i686.rpm x86_64: c281fdd4d310e426956c239e29d56aa7056b0ca16ef2388ca7a9596253df5c0e openssh-5.3p1-104.el6_6.1.x86_64.rpm 987cb791f2e408885321e3044b8227f8d87c05bdde61dea81d60536ef4526abd openssh-askpass-5.3p1-104.el6_6.1.x86_64.rpm 4562ce87863dfce71e79d5a6b354598e7852e5554850322a852cd95af60afbce openssh-clients-5.3p1-104.el6_6.1.x86_64.rpm 11900b8936e24737ac1aa3735718748cca23960f4ab793d95332b08a8c973474 openssh-ldap-5.3p1-104.el6_6.1.x86_64.rpm 119c16c9208714d1cc87cde1d3f44e23cf8047db099323bae4f274b4453f8939 openssh-server-5.3p1-104.el6_6.1.x86_64.rpm 449e1ab7a79098f4f289a7631da5fe05dfd45b168eeece8e02c5d0120b4dc927 pam_ssh_agent_auth-0.9.3-104.el6_6.1.i686.rpm 5855f8c4977258c913fc05c90446fe3fe07a5bb8ba479f21fd83b6d8aeb63e91 pam_ssh_agent_auth-0.9.3-104.el6_6.1.x86_64.rpm Source: d296e16009ad1bd70003fe543b326d46024f8420dad5efaf5e27480bb91641fe openssh-5.3p1-104.el6_6.1.src.rpm
Monthly Archives: November 2014
Fedora 21 Security Update: arm-none-eabi-binutils-cs-2014.05.28-3.fc21
Resolved Bugs
1162655 – CVE-2014-8737 binutils: directory traversal vulnerability
1162656 – arm-none-eabi-binutils-cs: binutils: directory traversal vulnerability [fedora-all]
1162594 – CVE-2014-8502 binutils: heap overflow in objdump
1162598 – CVE-2014-8502 arm-none-eabi-binutils-cs: binutils: heap overflow in objdump [fedora-all]
1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
1162622 – CVE-2014-8504 arm-none-eabi-binutils-cs: binutils: stack overflow in the SREC parser [fedora-all]
1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
1162574 – CVE-2014-8501 arm-none-eabi-binutils-cs: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
1162666 – CVE-2014-8738 binutils: out of bounds memory write
1162669 – arm-none-eabi-binutils-cs: binutils: out of bounds memory write [fedora-all]<br
– fix directory traversal vulnerability (#1162657)
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
– fix out of bounds memory write
Fedora 21 Security Update: arm-none-eabi-binutils-cs-2014.05.28-2.fc21
Resolved Bugs
1162655 – binutils: directory traversal vulnerability
1162656 – arm-none-eabi-binutils-cs: binutils: directory traversal vulnerability [fedora-all]
1162594 – CVE-2014-8502 binutils: heap overflow in objdump
1162598 – CVE-2014-8502 arm-none-eabi-binutils-cs: binutils: heap overflow in objdump [fedora-all]
1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
1162622 – CVE-2014-8504 arm-none-eabi-binutils-cs: binutils: stack overflow in the SREC parser [fedora-all]
1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
1162574 – CVE-2014-8501 arm-none-eabi-binutils-cs: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]<br
– fix directory traversal vulnerability (#1162657)
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
Fedora 21 Security Update: libdigidoc-3.9.1.1191-1.fc21
Fedora 21 Security Update: kde-workspace-4.11.14-1.fc21
Resolved Bugs
1163778 – CVE-2014-8651 kde-workspace: arbitrary code execution and local privilege escalation<br
New security fix release, privilege escalation issue, see also https://www.kde.org/info/security/advisory-20141106-1.txt
Fedora 20 Security Update: polarssl-1.2.12-1.fc20
Resolved Bugs
1159845 – CVE-2014-8627 CVE-2014-8628 polarssl: various issues fixed in 1.3.9<br
– Update to 1.2.12
– CVE-2014-8628 (#1159845)
Fedora 19 Security Update: arm-none-eabi-binutils-cs-2014.05.28-3.fc19
Resolved Bugs
1162655 – CVE-2014-8737 binutils: directory traversal vulnerability
1162656 – arm-none-eabi-binutils-cs: binutils: directory traversal vulnerability [fedora-all]
1162594 – CVE-2014-8502 binutils: heap overflow in objdump
1162598 – CVE-2014-8502 arm-none-eabi-binutils-cs: binutils: heap overflow in objdump [fedora-all]
1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
1162622 – CVE-2014-8504 arm-none-eabi-binutils-cs: binutils: stack overflow in the SREC parser [fedora-all]
1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
1162574 – CVE-2014-8501 arm-none-eabi-binutils-cs: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
1162666 – CVE-2014-8738 binutils: out of bounds memory write
1162669 – arm-none-eabi-binutils-cs: binutils: out of bounds memory write [fedora-all]<br
– fix directory traversal vulnerability (#1162657)
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
– fix out of bounds memory write
Fedora 19 Security Update: arm-none-eabi-binutils-cs-2014.05.28-2.fc19
Resolved Bugs
1162655 – binutils: directory traversal vulnerability
1162656 – arm-none-eabi-binutils-cs: binutils: directory traversal vulnerability [fedora-all]
1162594 – CVE-2014-8502 binutils: heap overflow in objdump
1162598 – CVE-2014-8502 arm-none-eabi-binutils-cs: binutils: heap overflow in objdump [fedora-all]
1162621 – CVE-2014-8504 binutils: stack overflow in the SREC parser
1162622 – CVE-2014-8504 arm-none-eabi-binutils-cs: binutils: stack overflow in the SREC parser [fedora-all]
1162570 – CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
1162574 – CVE-2014-8501 arm-none-eabi-binutils-cs: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]<br
– fix directory traversal vulnerability (#1162657)
– fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
– fix CVE-2014-8502: heap overflow in objdump
– fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
– fix CVE-2014-8504: stack overflow in the SREC parser
Fedora 20 Security Update: python-pillow-2.2.1-7.fc20
Resolved Bugs
1163343 – CVE-2014-3007 python-pillow: python-pillow, python-imaging: command injection issue [fedora-all]
1094101 – CVE-2014-3007 python-pillow, python-imaging: command injection issue
1063658 – CVE-2014-1932 python-pillow, python-imaging: insecure temporary file creation
1089795 – CVE-2014-1933 CVE-2014-1932 python-pillow: various flaws [fedora-all]<br
Security fix for CVE-2014-3007, updated fix for CVE-2014-1932.
Followup fix for CVE-2014-1933.
Fedora 19 Security Update: kde-workspace-4.11.14-1.fc19
Resolved Bugs
1163778 – CVE-2014-8651 kde-workspace: arbitrary code execution and local privilege escalation<br
New security fix release, privilege escalation issue, see also https://www.kde.org/info/security/advisory-20141106-1.txt