Red Hat Enterprise Linux: Updated openjpeg packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
Monthly Archives: December 2014
Fedora 20 Security Update: subversion-1.8.11-1.fc20
Resolved Bugs
1174521 – CVE-2014-8108 CVE-2014-3580 subversion: various flaws [fedora-all]
1155670 – svn fails to start with libserf 1.2.1 requires: libserf 1.3.4
1174054 – CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests
1174057 – CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names<br
This update includes the latest stable release of **Apache Subversion**, version **1.8.11**. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see:
http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
**Client-side bugfixes:**
* checkout/update: fix file externals failing to follow history and subsequently silently failing http://subversion.tigris.org/issues/show_bug.cgi?id=4185
* patch: don’t skip targets in valid –git difs
* diff: make property output in diffs stable
* diff: fix diff of local copied directory with props
* diff: fix changelist filter for repos-WC and WC-WC
* remove broken conflict resolver menu options that always error out
* improve gpg-agent support
* fix crash in eclipse IDE with GNOME Keyring http://subversion.tigris.org/issues/show_bug.cgi?id=3498
* fix externals shadowing a versioned directory http://subversion.tigris.org/issues/show_bug.cgi?id=4085
* fix problems working on unix file systems that don’t support permissions
* upgrade: keep external registrations http://subversion.tigris.org/issues/show_bug.cgi?id=4519
* cleanup: iprove performance of recorded timestamp fixups
* translation updates for German
**Server-side bugfixes:**
* disable revprop caching feature due to cache invalidation problems
* skip generating uniquifiers if rep-sharing is not supported
* mod_dav_svn: reject requests with missing repository paths
* mod_dav_svn: reject requests with invalid virtual transaction names
* mod_dav_svn: avoid unneeded memory growth in resource walking http://subversion.tigris.org/issues/show_bug.cgi?id=4531
Fedora 19 Security Update: ettercap-0.8.1-2.fc19
Resolved Bugs
1174821 – CVE-2014-6396 CVE-2014-6395 CVE-2014-9377 CVE-2014-9376 CVE-2014-9379 CVE-2014-9378 CVE-2014-9380 CVE-2014-9381 ettercap: multiple vulnerabilities [fedora-all]<br
Fix for multiple CVEs.
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
Fedora 19 Security Update: seamonkey-2.31-1.fc19
Resolved Bugs
1171090 – seamonkey-2.31 is available<br
Update to 2.31
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.
Fedora 20 Security Update: seamonkey-2.31-1.fc20
Resolved Bugs
1171090 – seamonkey-2.31 is available<br
Update to 2.31
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.
Fedora 21 Security Update: python-django-horizon-2014.1.3-2.fc21
Fedora 21 Security Update: httpd-2.4.10-15.fc21
Resolved Bugs
1082903 – CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests
1082908 – CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests [fedora-all]
1149709 – CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value
1149712 – CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value [fedora-all]
1163555 – CVE-2014-3583 httpd: mod_proxy_fcgi handle_headers() buffer over read
1163556 – CVE-2014-3583 httpd: mod_proxy_fcgi heap-based buffer overflow [fedora-all]<br
– core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
– mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
– mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
– mod_lua: fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments (CVE-2014-8109)
Fedora 20 Security Update: httpd-2.4.10-2.fc20
Resolved Bugs
1082903 – CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests
1082908 – CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests [fedora-all]
1149709 – CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value
1149712 – CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value [fedora-all]
1163555 – CVE-2014-3583 httpd: mod_proxy_fcgi handle_headers() buffer over read
1163556 – CVE-2014-3583 httpd: mod_proxy_fcgi heap-based buffer overflow [fedora-all]<br
– core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
– mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
– mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
– mod_lua: fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments (CVE-2014-8109)
Fedora 21 Security Update: seamonkey-2.31-1.fc21
Resolved Bugs
1171090 – seamonkey-2.31 is available<br
Update to 2.31
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.
Fedora 21 Security Update: orthanc-0.8.5-2.fc21,dcmtk-3.6.1-1.fc21
Resolved Bugs
1104041 – CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails [fedora-all]<br
This upgrade to latest upstream snapshot fixes a setuid vulnerability.