Fedora Linux Distribution - Page 511.25
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
This update fixes a security bug in the FGLogger subsystem, to prevent it from overwriting arbitrary files the user has write access to (CVE-2017-13709)
- Prevent applications from accidentally implementing CVE-2017-11462 (double free if sec_context is copied). - fc26+: Add ccselect hostrealm module for ccache selection based on service hostname.
- lightdm-1.24.0 - Disable guest login as system default preset (CVE-2017-8900) - Modernize spec-file
MIMEDefang 2.81 Sys::Syslog has a developer tag added (like 0.33_01 on Debian Stretch). * Make mimedefang and mimedefang-multiplexor write their PID files as root to avoid an unprivileged user tampering with the pidfiles. Thanks to Michael Orlitzky for pointing this issue out.
**Version 1.3.0** It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are: * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing.
**passwd 5.0.7** * [jan] Officially support PHP 7. * [jan] SECURITY: Fix open redirects.
**wicked 2.0.8** * [jan] SECURITY: Fix unauthorized access to page attachments.
**nag 4.2.17** * [jan] SECURITY: Fix unauthorized access to task exports. * [jan] Fix regression when exporting single tags to iCalendar CATEGORIES. * [jan] Officially support PHP 7.
**Version 2.2.5** - 2017-08-30 * **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** * **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386:
Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections.
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections.
- CVE-2017-14520 Floating point exception in Splash::scaleImageYuXd
These releases are about hardening `git shell` that is used on servers against an unsafe user input, which `git cvsserver` copes with poorly. From the release notes: * "git cvsserver" no longer is invoked by "git shell" by default, as it is old and largely unmaintained. * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.