Fedora Linux Distribution - Page 518
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
MIMEDefang 2.81 Sys::Syslog has a developer tag added (like 0.33_01 on Debian Stretch). * Make mimedefang and mimedefang-multiplexor write their PID files as root to avoid an unprivileged user tampering with the pidfiles. Thanks to Michael Orlitzky for pointing this issue out.
**Version 1.3.0** It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are: * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing.
**passwd 5.0.7** * [jan] Officially support PHP 7. * [jan] SECURITY: Fix open redirects.
**wicked 2.0.8** * [jan] SECURITY: Fix unauthorized access to page attachments.
**nag 4.2.17** * [jan] SECURITY: Fix unauthorized access to task exports. * [jan] Fix regression when exporting single tags to iCalendar CATEGORIES. * [jan] Officially support PHP 7.
**Version 2.2.5** - 2017-08-30 * **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** * **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386:
Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections.
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections.
- CVE-2017-14520 Floating point exception in Splash::scaleImageYuXd
These releases are about hardening `git shell` that is used on servers against an unsafe user input, which `git cvsserver` copes with poorly. From the release notes: * "git cvsserver" no longer is invoked by "git shell" by default, as it is old and largely unmaintained. * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to
This release fixes a crash when parsing an empty code string of a codewscope type.
This release fixes a crash when parsing an empty code string of a codewscope type.
The 4.12.14 stable kernel update contains a number of important fixes across the tree.
The 4.13.3 stable update contains a number of important fixes across the tree.
This update fixes CVE-2017-14348. ---- This update fixes CVE-2017-13735.