Fedora Linux Distribution - Page 558.1
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
* (T109140) (T122209) Special:UserLogin and Special:Search allow redirect to interwiki links. (CVE-2017-0363, CVE-2017-0364) * (T144845) XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true. (CVE-2017-0365) * (T125177) API parameters may now be marked as "sensitive" to keep their values out of the logs. (CVE-2017-0361) * (T150044) "Mark all
* Update to upstream release **1.2.57**. * Fixes **CVE-2016-10087**.
Fix a nss_wins crash ---- Security fix for CVE-2017-2619
Release 0.4.8 (no ABI or API changes) * Add PHP7 compatibility * Fix C++ output of disassembler * Fix heap overflows in parser.c (CVE-2017-7578) * Avoid division by zero in listmp3 when no valid frame was found (CVE-2016-9265) * Don't try printing unknown block (CVE-2016-9828) * Parse Protect tag's Password as string (CVE-2016-9827) * Check values before deriving malloc
The 4.10.9 stable kernel update contains a number of important fixes across the tree.
* updated to 1.0.28 * fixes possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586) * fixes possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585)
Security fix for: * **CVE-2017-7592** * **CVE-2017-7593** * **CVE-2017-7594** * **CVE-2017-7595** * **CVE-2017-7596** * **CVE-2017-7597** * **CVE-2017-7598** * **CVE-2017-7599** * **CVE-2017-7600** * **CVE-2017-7601** * **CVE-2017-7602**
Qemu: 9pfs: host memory leakage via v9fs_create [CVE-2017-7377] (#1437873) ---- add additional patch for [XSA-206] (#1436690) ---- xenstore denial of service via repeated update [XSA-206] (#1436690)
The 4.10.9 stable kernel update contains a number of important fixes across the tree.
* updated to 1.0.28 * fixes possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586) * fixes possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585)
Security fix for: * **CVE-2017-7592** * **CVE-2017-7593** * **CVE-2017-7594** * **CVE-2017-7595** * **CVE-2017-7596** * **CVE-2017-7597** * **CVE-2017-7598** * **CVE-2017-7599** * **CVE-2017-7600** * **CVE-2017-7601** * **CVE-2017-7602**
Current upstream maintenance release for the 1.3.5 series. Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link.
Security fix for CVE-2017-5055, CVE-2017-5054, CVE-2017-5052, CVE-2017-5056, CVE-2017-5053
New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX codec support is now enabled by default. - Bitmap updates support is now enabled by default. - TLS ciphers suites and version is now logged. - Connected computer name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. - Miscellaneous RemoteFX codec mode improvements. - Socket directory is
New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX codec support is now enabled by default. - Bitmap updates support is now enabled by default. - TLS ciphers suites and version is now logged. - Connected computer name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. - Miscellaneous RemoteFX codec mode improvements. - Socket directory is
https://www.mediawiki.org/wiki/Release_notes/1.28#MediaWiki_1.28.1 Changes since 1.28.0 * $wgRunJobsAsync is now false by default (T142751). This change only affects wikis with $wgJobRunRate > 0. * Fix fatal from "WaitConditionLoop" not being found, experienced when a wiki has more than one database server setup. * (T152717) Better escaping for PHP mail() command * (T154670) A missing
Update to latest upstream release 1.3.2 to fix CVE-2017-5591 (rhbz#1421077)
**Horde_Crypt 2.7.6** * [mjr] SECURITY: Fix remote code execution vulnerability (**CVE-2017-7413**, and **CVE-2017-7414**).
* Update to upstream release **1.5.28**. * Fixes **CVE-2016-10087**.
**Horde_Crypt 2.7.6** * [mjr] SECURITY: Fix remote code execution vulnerability (**CVE-2017-7413**, and **CVE-2017-7414**).