Fedora Essential and Critical Security Patch Updates - Page 729
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
- require credentials to match for NTLM re-use (CVE-2015-3143) - fix invalid write with a zero-length host name in URL (CVE-2015-3144) - fix invalid write in cookie path sanitization code (CVE-2015-3145) - close Negotiate connections when done (CVE-2015-3148)
Multiple vulnerabilities were found in Qt image format handling of BMP, ICO and GIF files. The issues exposed included denial of service and buffer overflows leading to heap corruption. It is possible the latter could be used to perform remote code execution. See also https://lists.qt-project.org/pipermail/announce/2015-April/000067.html
This update provides a security fix related to the Nasal scripting language.
This update provides a security fix related to the Nasal scripting language.
This update fixes CVE-2015-1860, a buffer overflow when loading some specific invalid GIF image files, which could be exploited for denial of service (application crash) and possibly even arbitrary code execution attacks. The security patch is backported from Qt 4. (Please note that Qt 3 is NOT vulnerable to the simultaneously published issues CVE-2015-1858 and CVE-2015-1859.)
Update to new upstream - 37.0.2 Bookmark rebuild - Bug 1210474
16 Apr 2015, **PHP 5.6.8** Core: * Fixed bug #66609 (php crashes with __get() and ++ operator in some cases). (Dmitry, Laruence) * Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters). (Tjerk) * Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
Update of sqlite to latest upstream version, with spatialite-tools rebuild.
Update of sqlite to latest upstream version, with spatialite-tools rebuild.
Fixes CVE-2015-1855 ruby: OpenSSL extension hostname matching implementation violates RFC 6125
* apply patch for CVE-2013-4276 * apply patch for "Use of uninitialized values on 64 bit machines."
Updated to upstream 0.16.0 Fix issue introduced by a samba subpackage split resulting in realmd failing to join Active Directory domains.
The 3.19.4 stable release contains a number of important fixes across the tree.