Fedora Essential and Critical Security Patch Updates - Page 700
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
unzip-6.0-22.fc21 - Fix heap overflow and infinite loop when invalid input is given (#1260947) unzip-6.0-22.fc22 - Fix heap overflow and infinite loop when invalid input is given (#1260947) unzip-6.0-23.fc23 - Fix heap overflow and infinite loop when invalid input is given (#1260947)
libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)]
Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195, CVE-2015-5196
libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384 to avoid CVE-2015-1258
From changelog for **Version 1.12.5** * add OPSYS_Z_CPM missing constant Backported from **1.13.0** * Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (neal at fb dot com)
From changelog for **Version 1.12.5** * add OPSYS_Z_CPM missing constant Backported from **1.13.0** * Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (neal at fb dot com)
Upstream change, **Version 1.13** * update bundled libzip to 1.0.1 (Remi, Anatol) * new methods for ZipArchive: setCompressionName, setCompressionIndex (Cedric Delmas) * allow to build with PHP 7 * Fixed bug 70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (neal at fb dot com) * Fixed bug 70322 (ZipArchive::close()
pcs-0.9.137-5.fc21 - Fix for CVE-2015-5189 incorrect authorization - Fix for CVE-2015-5190 command injection
pcs-0.9.139-7.fc22 - Fix for CVE-2015-5189 incorrect authorization - Fix for CVE-2015-5190 command injection
Fix typo causing qemu-img to link against entire world (bz #1260996) ---- * CVE-2015-5225: heap memory corruption in vnc_refresh_server_surface (bz #1255899)
smuxi-1.0-2.fc23 - Added patch to not expose the user's realname automatically (bz#1257597)
03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219 (Use after free vulnerability in session
CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
## 1.5.2 (2015-08-31) ### Security: * Fix Security Misconfiguration Vulnerability, allowing potential local arbitrary code execution * CVE-2015-5723 * guration_vulnerability_in_various_doctrine_projects.html ## 1.5.1 (2015-08-12) ### Bugfix: * Fixed the JS expanding all queries in the profiler in case of
CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
Use %configure macro as it deals with config.sub/guess and various flags properly ---- nrpe-2.15-6.el7 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.el6 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc23 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc22 -