Resolved Bugs
1222923 – CVE-2015-2156 netty: HttpOnly cookie bypass
1222927 – CVE-2015-2156 netty: HttpOnly cookie bypass [fedora-all]
1111502 – Build with $RPM_OPT/LD_FLAGS, show native build output<br
Security fix for CVE-2015-2156
Monthly Archives: May 2015
Fedora 22 Security Update: python-django-1.8.2-1.fc22
Resolved Bugs
1223591 – python-django-1.8.2 is available<br
fix CVE-2015-3982 – Fixed session flushing in the cached_db backend
DSA-3267 chromium-browser – security update
Several vulnerabilities were discovered in the chromium web browser.
DSA-3269 postgresql-9.1 – security update
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL
database system.
DSA-3270 postgresql-9.4 – security update
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL
database system.
DSA-3268 ntfs-3g – security update
Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for
FUSE, does not scrub the environment before executing mount or umount
with elevated privileges. A local user can take advantage of this flaw
to overwrite arbitrary files and gain elevated privileges by accessing
debugging features via the environment that would not normally be safe
for unprivileged users.
Vuln: Oracle Java SE CVE-2015-0478 Remote Security Vulnerability
Oracle Java SE CVE-2015-0478 Remote Security Vulnerability
Vuln: WordPress WP Symposium Plugin CVE-2015-3325 SQL Injection Vulnerability
WordPress WP Symposium Plugin CVE-2015-3325 SQL Injection Vulnerability
Pluck CMS 4.7.2 Directory Traversal
Pluck CMS version 4.7.2 suffers from a directory traversal vulnerability.
Debian Security Advisory 3261-2
Debian Linux Security Advisory 3261-2 – The update for libmodule-signature-perl issued as DSA-3261-1 introduced a regression in the handling of the –skip option of cpansign. Updated packages are now available to address this regression.