|
(Oct 13) |
|
Security Report Summary
|
|
(Oct 9) |
|
Security Report Summary
|
|
|
|
(Oct 16) |
|
The 4.2.3 stable rebase contains a number of new features and important bugfixes across the tree and improved hardware support. kernel-4.2.3-200.fc22 -Linux v4.2.3 - CVE-2015-5156 virtio-net: bug overflow with large fraglist (rhbz1243852 1266515)
|
|
(Oct 15) |
|
Update to latest release
|
|
(Oct 14) |
|
Update to latest release
|
|
(Oct 14) |
|
ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792)
|
|
(Oct 14) |
|
ide: fix ATAPI command permissions [CVE-2015-6855] (#1261792)
|
|
(Oct 13) |
|
Security fix for CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926CVE-2014-9654
|
|
(Oct 13) |
|
01 Oct 2015, **PHP 5.6.14** **Core:** * Fixed bug php#70370 (Bundledlibtool.m4 doesn't handle FreeBSD 10 when building extensions). (Adam) **CLIserver:** * Fixed bug php#68291 (404 on urls with '+'). (cmb) **DOM:** *Fixed bug php#70001 (Assigning to DOMNode::textContent does additional entityencoding). (cmb) **Mysqlnd:** * Fixed bug php#70456 (mysqlnd doesn't activateTCP keep-alive when connecting to a server). (Sergei Turchanov) **OpenSSL:** *Fixed bug php#55259 (openssl extension does not get the DH parameters from DHkey resource). (Jakub Zelenka) * Fixed bug php#70395 (Missing ARG_INFO foropenssl_seal()). (cmb) * Fixed bug php#60632 (openssl_seal fails with AES).(Jakub Zelenka) * Fixed bug php#68312 (Lookup for openssl.cnf causes a messagebox). (Anatol) **PDO:** * Fixed bug php#70389 (PDO constructor changesunrelated variables). (Laruence) **Phar:** * Fixed bug php#69720 (Null pointerdereference in phar_get_fp_offset()). (Stas) * Fixed bug php#70433(Uninitialized pointer in phar_make_dirstream when zip entry filename is "/").(Stas) **Phpdbg:** * Fix phpdbg_break_next() sometimes not breaking. (Bob)**Standard:** * Fixed bug php#67131 (setcookie() conditional for empty valuesnot met). (cmb) **Streams:** * Fixed bug php#70361 (HTTP stream wrapperdoesn't close keep-alive connections). (Niklas Keller)
|
|
(Oct 13) |
|
01 Oct 2015, **PHP 5.6.14** **Core:** * Fixed bug php#70370 (Bundledlibtool.m4 doesn't handle FreeBSD 10 when building extensions). (Adam) **CLIserver:** * Fixed bug php#68291 (404 on urls with '+'). (cmb) **DOM:** *Fixed bug php#70001 (Assigning to DOMNode::textContent does additional entityencoding). (cmb) **Mysqlnd:** * Fixed bug php#70456 (mysqlnd doesn't activateTCP keep-alive when connecting to a server). (Sergei Turchanov) **OpenSSL:** *Fixed bug php#55259 (openssl extension does not get the DH parameters from DHkey resource). (Jakub Zelenka) * Fixed bug php#70395 (Missing ARG_INFO foropenssl_seal()). (cmb) * Fixed bug php#60632 (openssl_seal fails with AES).(Jakub Zelenka) * Fixed bug php#68312 (Lookup for openssl.cnf causes a messagebox). (Anatol) **PDO:** * Fixed bug php#70389 (PDO constructor changesunrelated variables). (Laruence) **Phar:** * Fixed bug php#69720 (Null pointerdereference in phar_get_fp_offset()). (Stas) * Fixed bug php#70433(Uninitialized pointer in phar_make_dirstream when zip entry filename is "/").(Stas) **Phpdbg:** * Fix phpdbg_break_next() sometimes not breaking. (Bob)**Standard:** * Fixed bug php#67131 (setcookie() conditional for empty valuesnot met). (cmb) **Streams:** * Fixed bug php#70361 (HTTP stream wrapperdoesn't close keep-alive connections). (Niklas Keller)
|
|
(Oct 13) |
|
This update adds a fix for CVE-2015-6581 (double free vulnerability).
|
|
(Oct 12) |
|
01 Oct 2015, **PHP 5.6.14** **Core:** * Fixed bug php#70370 (Bundledlibtool.m4 doesn't handle FreeBSD 10 when building extensions). (Adam) **CLIserver:** * Fixed bug php#68291 (404 on urls with '+'). (cmb) **DOM:** *Fixed bug php#70001 (Assigning to DOMNode::textContent does additional entityencoding). (cmb) **Mysqlnd:** * Fixed bug php#70456 (mysqlnd doesn't activateTCP keep-alive when connecting to a server). (Sergei Turchanov) **OpenSSL:** *Fixed bug php#55259 (openssl extension does not get the DH parameters from DHkey resource). (Jakub Zelenka) * Fixed bug php#70395 (Missing ARG_INFO foropenssl_seal()). (cmb) * Fixed bug php#60632 (openssl_seal fails with AES).(Jakub Zelenka) * Fixed bug php#68312 (Lookup for openssl.cnf causes a messagebox). (Anatol) **PDO:** * Fixed bug php#70389 (PDO constructor changesunrelated variables). (Laruence) **Phar:** * Fixed bug php#69720 (Null pointerdereference in phar_get_fp_offset()). (Stas) * Fixed bug php#70433(Uninitialized pointer in phar_make_dirstream when zip entry filename is "/").(Stas) **Phpdbg:** * Fix phpdbg_break_next() sometimes not breaking. (Bob)**Standard:** * Fixed bug php#67131 (setcookie() conditional for empty valuesnot met). (cmb) **Streams:** * Fixed bug php#70361 (HTTP stream wrapperdoesn't close keep-alive connections). (Niklas Keller)
|
|
(Oct 12) |
|
Qemu: net: virtio-net possible remote DoS [CVE-2015-7295]
|
|
(Oct 11) |
|
Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195,CVE-2015-5196
|
|
(Oct 11) |
|
Update spice-gtk/spice-protocol/spice to new upstream releases. The spice updatefixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261.
|
|
(Oct 11) |
|
Security fix for CVE-2015-5292
|
|
(Oct 11) |
|
Update spice-gtk/spice-protocol/spice to new upstream releases. The spice updatefixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261.
|
|
(Oct 11) |
|
Update spice-gtk/spice-protocol/spice to new upstream releases. The spice updatefixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261.
|
|
(Oct 11) |
|
Update spice-gtk/spice-protocol/spice to new upstream releases. The spice updatefixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261.
|
|
(Oct 11) |
|
Update spice-gtk/spice-protocol/spice to new upstream releases. The spice updatefixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261.
|
|
(Oct 11) |
|
update to 9.4.5 per release noteshttp://https://www.postgresql.org/docs/9.4/release-9-4-5.html
|
|
(Oct 11) |
|
freeipa-4.2.2-1.fc23 - Update to upstream 4.2.2 - seehttp://www.freeipa.org/page/Releases/4.2.2
|
|
(Oct 11) |
|
* Rebased to version 2.4.0.1 * CVE-2015-7295: virtio-net possible remote DoS (bz#1264393) * drive-mirror: Fix coroutine reentrance (bz #1266936)
|
|
(Oct 9) |
|
* CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225) * CVE-2015-6855:ide: divide by zero issue (bz #1261793) * CVE-2015-5278: Infinite loop inne2000_receive() (bz #1263284) * CVE-2015-5279: Heap overflow vulnerability inne2000_receive() (bz #1263287) * Make block copy more stable (bz #1264416) * Fixhang at start of live merge for large images (bz #1262901) ---- *CVE-2015-5225: heap memory corruption in vnc_refresh_server_surface (bz#1255899)
|
|
(Oct 9) |
|
* Fix typo causing qemu-img to link against entire world (bz #1260996) *CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225) * CVE-2015-6855:ide: divide by zero issue (bz #1261793) * CVE-2015-5278: Infinite loop inne2000_receive() (bz #1263284) * CVE-2015-5279: Heap overflow vulnerability inne2000_receive() (bz #1263287) * Make block copy more stable (bz #1264416) * Fixhang at start of live merge for large images (bz #1262901) ---- Fix emulationof various instructions, required by libm in F22 ppc64 guests.
|
|
(Oct 9) |
|
kernel-4.1.10-200.fc22 - Linxu v4.1.10 - Add patch to fix soft lockups innetwork stack (rhbz 1266691)
|
|
(Oct 9) |
|
The 4.2.3 stable kernel update contains a number of important fixes across thetree. kernel-4.2.3-300.fc23 - Linux v4.2.3 - Netdev fix race inresq_queue_unlink
|
|
(Oct 8) |
|
389-ds-base-1.3.3.13-1.fc21 - release 1.3.3.13 - Ticket 48265 - Complexfilter in a search request doen't work as expected. (regression) - Ticket 47981- COS cache doesn't properly mark vattr cache as invalid when there are multiplesuffixes - Ticket 48252 - db2index creates index entry from deleted records -Ticket 48228 - wrong password check if passwordInHistory is decreased. - Ticket48252 - db2index creates index entry from deleted records - Ticket 48254 - CLIdb2index fails with usage errors - Ticket 47831 - remove debug logging fromretro cl - Ticket 48245 - Man pages and help for remove-ds.pl doesn't display"-a" option - Ticket 47931 - Fix coverity issues - Ticket 47931 - memberOf &retrocl deadlocks - Ticket 48228 - wrong password check if passwordInHistory isdecreased. - Ticket 48215 - update dbverify usage in main.c - Ticket 48215 -update dbverify usage - Ticket 48215 - verify_db.pl doesn't verify DB specifiedby -a option - Ticket 47810 - memberOf plugin not properly rejecting updates -Ticket 48231 - logconv autobind handling regression caused by 47446 - Ticket48232 - winsync lastlogon attribute not syncing between DS and AD. - Ticket48206 - Crash during retro changelog trimming - Ticket 48224 - redux 2 -logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket 48226 - InMMR, double free coould occur under some special condition - Ticket 48224 -redux - logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket 48224- redux - logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket48224 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket 48192- Individual abandoned simple paged results request has no chance to be cleanedup - Ticket 48212 - Dynamic nsMatchingRule changes had no effect on the attrinfothus following reindexing, as well. - Ticket 48195 - Slow replication whendeleting large quantities of multi-valued attributes - Ticket 48175 - Avoidusing regex in ACL if possible
|
|
|
|
Red Hat: 2015:1912-01: chromium-browser: Important Advisory (Oct 15) |
|
Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2015:1894-01: python-django: Moderate Advisory (Oct 15) |
|
Updated python-django packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2015:1909-01: openstack-neutron: Moderate Advisory (Oct 15) |
|
Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. [More...]
|
|
Red Hat: 2015:1895-01: openstack-swift: Moderate Advisory (Oct 15) |
|
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. [More...]
|
|
Red Hat: 2015:1897-01: openstack-glance: Moderate Advisory (Oct 15) |
|
Updated openstack-glance packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. [More...]
|
|
Red Hat: 2015:1896-01: qemu-kvm-rhev: Important Advisory (Oct 15) |
|
Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]
|
|
Red Hat: 2015:1898-01: openstack-nova: Moderate Advisory (Oct 15) |
|
Updated openstack-nova packages that fix one security issue and several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0 [More...]
|
|
Red Hat: 2015:1893-01: flash-plugin: Critical Advisory (Oct 15) |
|
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
|
Red Hat: 2015:1889-01: spice-server: Important Advisory (Oct 12) |
|
An updated spice-server package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2015:1890-01: spice: Important Advisory (Oct 12) |
|
Updated spice packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2015:1876-01: python-django: Moderate Advisory (Oct 8) |
|
Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
|
|
Ubuntu: 2768-1: Firefox vulnerability (Oct 16) |
|
Firefox could be made to expose sensitive information across origins
|
|
Ubuntu: 2772-1: PostgreSQL vulnerabilities (Oct 16) |
|
PostgreSQL could be made to crash or expose private information if ithandled specially crafted data.
|
|
Ubuntu: 2771-1: Click vulnerability (Oct 15) |
|
Click could be made to allow malicious apps unintended access to thesystem.
|
|
Ubuntu: 2709-2: pollinate update (Oct 14) |
|
The system would not have expected entropy available.
|
|
Ubuntu: 2769-1: Apache Commons HttpClient (Oct 14) |
|
Several security issues were fixed in commons-httpclient.
|