– Upstream release notes: https://www.drupal.org/drupal-6.35-release-notes
– Official security advisory: https://www.drupal.org/SA-CORE-2015-001
Monthly Archives: March 2015
Fedora EPEL 6 Security Update: drupal7-webform-4.5-1.el6
Resolved Bugs
1199067 – drupal7-webform-4.5 is available
1193356 – drupal7-webform-4.3 is available
1150458 – drupal7-webform-4.2 is available<br
– Release notes can be found at https://www.drupal.org/node/2454063
– Update to 4.3
– Release notes can be found at https://www.drupal.org/node/2427257
– Update to 4.2
– Release notes can be found at https://www.drupal.org/node/2381793
CVE-2015-0669
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167.
CVE-2015-0670
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.
CVE-2015-0898
futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors.
Fedora 20 Security Update: texlive-2013-6.20131226_r32488.fc20
Resolved Bugs
1197084 – CVE-2015-0296 texlive: texlive rpm scriptlet allows unprivileged user to delete arbitrary files [fedora-all]
1197082 – CVE-2015-0296 texlive rpm scriptlet allows unprivileged user to delete arbitrary files<br
CVE-2015-0296 texlive rpm scriptlet allows unprivileged user to delete arbitrary files. This update fixes this issue
Fedora 21 Security Update: drupal7-7.35-1.fc21
– Upstream release notes: https://www.drupal.org/drupal-7.35-release-notes
– Official security advisory: https://www.drupal.org/SA-CORE-2015-001
Fedora 21 Security Update: openssl-1.0.1k-6.fc21
Resolved Bugs
1196738 – CVE-2015-0292 CVE-2015-0209 CVE-2015-0287 CVE-2015-0286 CVE-2015-0289 CVE-2015-0288 openssl: various flaws [fedora-all]
1196737 – CVE-2015-0209 openssl: use-after-free on invalid EC private key import
1202366 – CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()
1202380 – CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption
1202384 – CVE-2015-0289 openssl: PKCS7 NULL pointer dereference
1202418 – CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference
1202395 – CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding
1202404 – CVE-2015-0293 openssl: assertion failure in SSLv2 servers<br
Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292, CVE-2015-0287, CVE-2015-0286, CVE-2015-0288
Fedora 22 Security Update: drupal7-ctools-1.7-1.fc22
Resolved Bugs
1203480 – drupal7-ctools-1.7 is available<br
Update to upstream 1.7 release for security fixes
Fedora 20 Security Update: drupal7-7.35-1.fc20
– Upstream release notes: https://www.drupal.org/drupal-7.35-release-notes
– Official security advisory: https://www.drupal.org/SA-CORE-2015-001