| |
(Sep 25) |
| |
Security Report Summary
|
| |
(Sep 24) |
| |
Security Report Summary
|
| |
|
| |
(Oct 1) |
| |
This update fixes CVE-2015-5262 denial of service security vulnerability byrespectinc configured SO_TIMEOUT parameter during SSL handshake.
|
| |
(Oct 1) |
| |
This update resolves CVE-2015-0852.
|
| |
(Oct 1) |
| |
Security fix for use after free vulnerability
|
| |
(Oct 1) |
| |
golang-1.5.1-0.fc21 - update to go1.5.1 golang-1.5.1-0.fc22 - update togo1.5.1 golang-1.5.1-0.el6 - update to go1.5.1 golang-1.5.1-0.fc23 -update to go1.5.1 ---- update to go1.5; shared objects for x86_64; gdb fixes;full http smuggle fix; fixes for tests
|
| |
(Oct 1) |
| |
Security fix for use after free vulnerability
|
| |
(Oct 1) |
| |
golang-1.5.1-0.fc21 - update to go1.5.1 golang-1.5.1-0.fc22 - update togo1.5.1 golang-1.5.1-0.el6 - update to go1.5.1 golang-1.5.1-0.fc23 -update to go1.5.1 ---- bz1258166 remove srpm macros, for go-srpm-macros ----update to go1.5; shared objects for x86_64; gdb fixes; full http smuggle fix;fixes for tests ---- bz1258166 remove srpm macros, for go-srpm-macros
|
| |
(Oct 1) |
| |
This update fixes CVE-2015-5262 denial of service security vulnerability byrespectinc configured SO_TIMEOUT parameter during SSL handshake.
|
| |
(Oct 1) |
| |
This update resolves CVE-2015-0852.
|
| |
(Oct 1) |
| |
This update fixes CVE-2015-5262 denial of service security vulnerability byrespectinc configured SO_TIMEOUT parameter during SSL handshake.
|
| |
(Oct 1) |
| |
Update to 2.35 Fixes various security issues, seehttp://https://www.mozilla.org/en-US/security/known-vulnerabilities/seamonkey/ for moreinfo.
|
| |
(Sep 26) |
| |
libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possiblefix)] ---- Use after free in QEMU/Xen block unplug protocol [XSA-139,CVE-2015-5166] QEMU leak of uninitialized heap memory in rtl8139 device model[XSA-140, CVE-2015-5165]
|
| |
(Sep 26) |
| |
rolekit-0.3.2-2.fc22 - Fix permissions on role JSON settings files to avoidleaking sensitive info
|
| |
(Sep 26) |
| |
- Upstream released new version - Security fix for CVE-2015-5230
|
| |
(Sep 26) |
| |
This update fixes a critical bug with the Xdummy setup which allows local usersto access the virtual display used for the xpra sessions. xpra-0.15.6-1.fc21 -Update to 0.15.6 xpra-0.15.6-1.fc22 - Update to 0.15.6 xpra-0.15.6-1.fc23- Update to 0.15.6
|
| |
(Sep 26) |
| |
firefox-41.0-4.fc21 - New upstream 41.0 firefox-41.0-4.fc22 - New upstream41.0 firefox-41.0-4.fc23 - New upstream 41.0
|
| |
(Sep 26) |
| |
- Upstream released new version - Security fix for CVE-2015-5230
|
| |
(Sep 26) |
| |
This update fixes a critical bug with the Xdummy setup which allows local usersto access the virtual display used for the xpra sessions. xpra-0.15.6-1.fc21 -Update to 0.15.6 xpra-0.15.6-1.fc22 - Update to 0.15.6 xpra-0.15.6-1.fc23- Update to 0.15.6
|
| |
(Sep 26) |
| |
libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possiblefix)] ---- update to xen-4.4.3, including Use after free in QEMU/Xen blockunplug protocol [XSA-139, CVE-2015-5166], QEMU leak of uninitialized heap memoryin rtl8139 device model [XSA-140, CVE-2015-5165]
|
| |
(Sep 26) |
| |
- Upstream released new version - Security fix for CVE-2015-5230
|
| |
(Sep 26) |
| |
This update fixes a critical bug with the Xdummy setup which allows local usersto access the virtual display used for the xpra sessions. xpra-0.15.6-1.fc21 -Update to 0.15.6 xpra-0.15.6-1.fc22 - Update to 0.15.6 xpra-0.15.6-1.fc23- Update to 0.15.6
|
| |
(Sep 26) |
| |
Update to version 3.17.0, see https://freeimage.sourceforge.io/news.html fordetails. This update includes a patch for CVE-2015-0852.
|
| |
(Sep 25) |
| |
**WordPress 4.3.1 Security and Maintenance Release** [Upstreamannouncement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress4.3.1 is now available. This is a security release for all previous versions andwe strongly encourage you to update your sites immediately. This releaseaddresses three issues, including two cross-site scripting vulnerabilities and apotential privilege escalation. * WordPress versions 4.3 and earlier arevulnerable to a cross-site scripting vulnerability when processing shortcodetags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. *A separate cross-site scripting vulnerability was found in the user list table.Reported by Ben Bidner of the WordPress security team. * Finally, in certaincases, users without proper permissions could publish private posts and makethem sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of CheckPoint. WordPress 4.3.1 also fixes twenty-six bugs. For more information, seethe [release notes](https://wordpress.org/documentation/wordpress-version/version-4-3-1/) or consult the[list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&stop_rev=33647).
|
| |
(Sep 25) |
| |
**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystemstorage adapter of Zend\Cache was creating directories with a liberal umask thatcould lead to local arbitrary code execution and/or local privilege escalation.This release contains a patch that ensures the directories are created usingpermissions of 0775 and files using 0664 (essentially umask 0002). **Bugfixed** from upstream [Changelog]( ) *validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 asnon-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto-attaching NonEmpty validators in favor of explicit attachment * ensure fallbackvalues work as per pre-2.4 behavior * update the InputFilterInterface::add()docblock to match implementations * Fix how missing optoinal fields arevalidated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmptyannotations, per zend-inputfilter#26 * fix typos in aria attribute names ofAbstractHelper * fixes the ContentType header to properly handle encodedparameter values * fixes the Sender header to allow mailbox addresses withoutTLDs * fixes parsing of messages that contain an initial blank line beforeheaders * fixes the SetCookie header to allow multiline values (as they arealways encoded * fixes DefaultRenderingStrategy errors due to controllersreturning non-view model results
|
| |
(Sep 25) |
| |
**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystemstorage adapter of Zend\Cache was creating directories with a liberal umask thatcould lead to local arbitrary code execution and/or local privilege escalation.This release contains a patch that ensures the directories are created usingpermissions of 0775 and files using 0664 (essentially umask 0002). **Bugfixed** from upstream [Changelog]( ) *validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 asnon-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto-attaching NonEmpty validators in favor of explicit attachment * ensure fallbackvalues work as per pre-2.4 behavior * update the InputFilterInterface::add()docblock to match implementations * Fix how missing optoinal fields arevalidated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmptyannotations, per zend-inputfilter#26 * fix typos in aria attribute names ofAbstractHelper * fixes the ContentType header to properly handle encodedparameter values * fixes the Sender header to allow mailbox addresses withoutTLDs * fixes parsing of messages that contain an initial blank line beforeheaders * fixes the SetCookie header to allow multiline values (as they arealways encoded * fixes DefaultRenderingStrategy errors due to controllersreturning non-view model results
|
| |
(Sep 25) |
| |
**WordPress 4.3.1 Security and Maintenance Release** [Upstreamannouncement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress4.3.1 is now available. This is a security release for all previous versions andwe strongly encourage you to update your sites immediately. This releaseaddresses three issues, including two cross-site scripting vulnerabilities and apotential privilege escalation. * WordPress versions 4.3 and earlier arevulnerable to a cross-site scripting vulnerability when processing shortcodetags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. *A separate cross-site scripting vulnerability was found in the user list table.Reported by Ben Bidner of the WordPress security team. * Finally, in certaincases, users without proper permissions could publish private posts and makethem sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of CheckPoint. WordPress 4.3.1 also fixes twenty-six bugs. For more information, seethe [release notes](https://wordpress.org/documentation/wordpress-version/version-4-3-1/) or consult the[list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&stop_rev=33647).
|
| |
(Sep 25) |
| |
**WordPress 4.3.1 Security and Maintenance Release** [Upstreamannouncement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress4.3.1 is now available. This is a security release for all previous versions andwe strongly encourage you to update your sites immediately. This releaseaddresses three issues, including two cross-site scripting vulnerabilities and apotential privilege escalation. * WordPress versions 4.3 and earlier arevulnerable to a cross-site scripting vulnerability when processing shortcodetags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. *A separate cross-site scripting vulnerability was found in the user list table.Reported by Ben Bidner of the WordPress security team. * Finally, in certaincases, users without proper permissions could publish private posts and makethem sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of CheckPoint. WordPress 4.3.1 also fixes twenty-six bugs. For more information, seethe [release notes](https://wordpress.org/documentation/wordpress-version/version-4-3-1/) or consult the[list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&stop_rev=33647).
|
| |
(Sep 25) |
| |
Add upstream patch to fix file execution vulnerability (bug #1264067) ----Add upstream patch to fix XSS vulnerability (bug #1259405)
|
| |
(Sep 25) |
| |
**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystemstorage adapter of Zend\Cache was creating directories with a liberal umask thatcould lead to local arbitrary code execution and/or local privilege escalation.This release contains a patch that ensures the directories are created usingpermissions of 0775 and files using 0664 (essentially umask 0002). **Bugfixed** from upstream [Changelog]( ) *validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 asnon-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto-attaching NonEmpty validators in favor of explicit attachment * ensure fallbackvalues work as per pre-2.4 behavior * update the InputFilterInterface::add()docblock to match implementations * Fix how missing optoinal fields arevalidated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmptyannotations, per zend-inputfilter#26 * fix typos in aria attribute names ofAbstractHelper * fixes the ContentType header to properly handle encodedparameter values * fixes the Sender header to allow mailbox addresses withoutTLDs * fixes parsing of messages that contain an initial blank line beforeheaders * fixes the SetCookie header to allow multiline values (as they arealways encoded * fixes DefaultRenderingStrategy errors due to controllersreturning non-view model results
|
| |
(Sep 24) |
| |
Update to 1.1.1 Security fix for CVE-2015-5198, CVE-2015-5199, CVE-2015-5200
|
| |
(Sep 24) |
| |
Fixed https://bugzilla.redhat.com/show_bug.cgi?id=1259563https://bugzilla.redhat.com/show_bug.cgi?id=1259691
|
| |
(Sep 24) |
| |
libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix CVE-2015-1258libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to fix CVE-2015-1258libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384 to avoid CVE-2015-1258
|
| |
(Sep 24) |
| |
Fixes CVE-2015-3253
|
| |
(Sep 24) |
| |
Update to 2.4.4, fixes CVE-2015-3253.
|
| |
(Sep 24) |
| |
Security fix for CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926CVE-2014-9654
|
| |
(Sep 24) |
| |
* CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225) * CVE-2015-6855:ide: divide by zero issue (bz #1261793) * CVE-2015-5278: Infinite loop inne2000_receive() (bz #1263284) * CVE-2015-5279: Heap overflow vulnerability inne2000_receive() (bz #1263287) ---- Fix emulation of various instructions,required by libm in F22 ppc64 guests.
|
| |
(Sep 24) |
| |
firefox-41.0-4.fc21 - New upstream 41.0 firefox-41.0-4.fc22 - New upstream41.0 firefox-41.0-4.fc23 - New upstream 41.0
|
| |
(Sep 24) |
| |
The 4.2.1 stable update contains a number of bug fixes across the tree.kernel-4.2.1-300.fc23 - Linux v4.2.1
|
| |
|
| |
(Sep 25) |
| |
Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.
|
| |
(Sep 24) |
| |
An attacker could execute arbitrary commands via Git repositories in a case-insensitive or case-normalizing filesystem.
|
| |
(Sep 24) |
| |
Improper handling of Router Advertisements in NetworkManager could cause a Denial of Service condition in IPv6 network stacks.
|
| |
(Sep 24) |
| |
Multiple vulnerabilities have been found in libtasn1, the worst of which could lead to arbitrary code execution.
|
| |
(Sep 24) |
| |
Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution.
|
| |
(Sep 24) |
| |
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition.
|
| |
(Sep 24) |
| |
Multiple vulnerabilities have been found in NTP, the worst of which could lead to arbitrary code execution.
|
| |
|
| |
Red Hat: 2015:1855-01: mod_proxy_fcgi: Low Advisory (Oct 2) |
| |
An updated mod_proxy_fcgi package that fixes one security issue is now available for Red Hat Ceph Storage 1.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security [More...]
|
| |
Red Hat: 2015:1852-01: thunderbird: Important Advisory (Oct 1) |
| |
An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1840-01: openldap: Important Advisory (Sep 29) |
| |
Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1841-01: chromium-browser: Important Advisory (Sep 29) |
| |
Updated chromium-browser packages that fix two security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1834-02: firefox: Critical Advisory (Sep 24) |
| |
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
|
| |
(Oct 1) |
| |
New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
|
| |
(Oct 1) |
| |
New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
|
| |
(Oct 1) |
| |
New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
|
| |
|
| |
Ubuntu: 2758-1: PHP vulnerabilities (Sep 30) |
| |
Several security issues were fixed in PHP.
|
| |
Ubuntu: 2753-2: LXC regression (Sep 30) |
| |
USN-2753-1 introduced a regression in LXC.
|
| |
Ubuntu: 2756-1: rpcbind vulnerability (Sep 30) |
| |
rpcbind could be made to crash or run programs if it received speciallycrafted network traffic.
|
| |
Ubuntu: 2755-1: Cyrus SASL vulnerability (Sep 30) |
| |
Cyrus SASL could be made to crash if it processed specially crafted input.
|
| |
Ubuntu: 2753-1: LXC vulnerability (Sep 29) |
| |
LXC could be made to start containers without AppArmor confinement or accessthe host filesystem.
|
| |
Ubuntu: 2749-1: Linux kernel (Trusty HWE) vulnerabilities (Sep 29) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2751-1: Linux kernel (Vivid HWE) vulnerabilities (Sep 29) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2747-1: NVIDIA graphics drivers vulnerability (Sep 28) |
| |
NVIDIA graphics drivers could be made to run programs as an administrator.
|
| |
Ubuntu: 2746-2: Simple Streams regression (Sep 25) |
| |
USN-2746-1 introduced a regression in Simple Streams.
|
| |
Ubuntu: 2746-1: Simple Streams vulnerability (Sep 24) |
| |
Applications using Simple Streams could be made to crash or runprograms if it received specially crafted network traffic.
|
| |
Ubuntu: 2745-1: QEMU vulnerabilities (Sep 24) |
| |
Several security issues were fixed in QEMU.
|
| |
Ubuntu: 2743-3: Unity Integration for Firefox, Unity Websites (Sep 24) |
| |
This update provides compatible packages for Firefox 41
|
| |
Ubuntu: 2744-1: Apport vulnerability (Sep 24) |
| |
Apport could be made to crash or overwrite files as an administrator.
|
