Resolved Bugs
1164293 – CVE-2014-8600 kwebkitpart, kde-runtime: Insufficient Input Validation By IO Slaves and Webkit Part<br
Sanitize input to disallow javascript being executed in the context of the referenced hostname.
See also https://www.kde.org/info/security/advisory-20141113-1.txt
Monthly Archives: November 2014
Fedora 20 Security Update: kwebkitpart-1.3.4-5.fc20
Resolved Bugs
1164293 – CVE-2014-8600 kwebkitpart, kde-runtime: Insufficient Input Validation By IO Slaves and Webkit Part<br
Sanitize input to disallow javascript being executed in the context of the referenced hostname.
See also https://www.kde.org/info/security/advisory-20141113-1.txt
Fedora 21 Security Update: mantis-1.2.17-4.fc21
Resolved Bugs
1162046 – CVE-2014-7146 CVE-2014-8598 mantis: issues in the XML Import/Export plug-in to be fixed in the upcoming 1.2.18 release
1162047 – CVE-2014-8598 CVE-2014-7146 mantis: issues in the XML Import/Export plug-in to be fixed in the upcoming 1.2.18 release [fedora-all]
1159295 – CVE-2014-8554 mantis: incomplete fix for CVE-2014-1609
1159679 – CVE-2014-8554 mantis: incomplete fix for CVE-2014-1609 [fedora-all]<br
fix CVE-2014-7146, CVE-2014-8598 (#1162046)
fix CVE-2014-8554 (#1159295)
Fedora 21 Security Update: moodle-2.7.3-1.fc21
Fedora 20 Security Update: moodle-2.5.9-1.fc20
Fedora 20 Security Update: mantis-1.2.17-4.fc20
Resolved Bugs
1162046 – CVE-2014-7146 CVE-2014-8598 mantis: issues in the XML Import/Export plug-in to be fixed in the upcoming 1.2.18 release
1162047 – CVE-2014-8598 CVE-2014-7146 mantis: issues in the XML Import/Export plug-in to be fixed in the upcoming 1.2.18 release [fedora-all]
1159295 – CVE-2014-8554 mantis: incomplete fix for CVE-2014-1609
1159679 – CVE-2014-8554 mantis: incomplete fix for CVE-2014-1609 [fedora-all]<br
fix CVE-2014-7146, CVE-2014-8598 (#1162046)
fix CVE-2014-8554 (#1159295)
Fedora 19 Security Update: mantis-1.2.17-4.fc19
Resolved Bugs
1162046 – CVE-2014-7146 CVE-2014-8598 mantis: issues in the XML Import/Export plug-in to be fixed in the upcoming 1.2.18 release
1162047 – CVE-2014-8598 CVE-2014-7146 mantis: issues in the XML Import/Export plug-in to be fixed in the upcoming 1.2.18 release [fedora-all]
1159295 – CVE-2014-8554 mantis: incomplete fix for CVE-2014-1609
1159679 – CVE-2014-8554 mantis: incomplete fix for CVE-2014-1609 [fedora-all]<br
fix CVE-2014-7146, CVE-2014-8598 (#1162046)
fix CVE-2014-8554 (#1159295)
CVE-2014-7248
Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file.
CVE-2014-7997
The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281.
CVE-2014-7998
Cisco IOS on Aironet access points, when “dot11 aaa authenticator” debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.