Fedora Essential and Critical Security Patch Updates - Page 735
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
DBD::Firebird 1.19 [2015-03-22] * Fix $VERSION in Firebird.pm * Fix typo in ISC_PASSWORD spelling * Positive logic and early return
**2.5.11** (2015-04-01) * security #14167 CVE-2015-2308 (nicolas-grekas) * security #14166 CVE-2015-2309 (neclimdul)
QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode.
CVE-2015-2331: integer overflow when processing ZIP archives (#1204676,#1204677)
This is an update to the set of CA certificates released with NSS version 3.18 However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details. If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by exe [More...]
* CVE-2015-1779 vnc: insufficient resource limiting in VNC websockets decoder (bz #1205051, bz #1199572) * Qemu: PRDT overflow from guest to host (bz #1204919, bz #1205322) * CVE-2014-8106: cirrus: insufficient blit region checks (bz #1170612, bz #1169454) * Fix .vdi disk corruption (bz #1199400) * Don't install ksm services as executable (bz #1192720)
Security fix for CVE-2014-8354,CVE-2014-8355 and 4 other security issues
This is an update to the set of CA certificates released with NSS version 3.18 However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details. If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by exe [More...]
CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list
- Added patch from Debian to avoid free on invalid pointer due to a buffer overflow (#1196751, #1207180) - Added patch from Debian for symlink directory traversal (#1178824) - Added patch from Debian to fix the directory traversal via //multiple/leading/slash (#1178824)
This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread. New upstream release. A bugfix release. Highlights from the changelog: * 26 reported bugs fixed. * Replaced objects are now expired immediately, instead of kept around until expiry.
fixes built in also added a couple of other entities related pacthes including a fix to CVE-2014-3660
Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] update to xen-4.3.4
Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752] Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756] Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751] update to xen-4.4.2
Fix for CVE-2014-9706 (rhbz#1204889, rhbz#1204890, and rhbz#1204891)
Fix for CVE-2014-9706 (rhbz#1204889, rhbz#1204890, and rhbz#1204891)
- Added patch from Debian to avoid free on invalid pointer due to a buffer overflow (#1196751, #1207180) - Added patch from Debian for symlink directory traversal (#1178824) - Added patch from Debian to fix the directory traversal via //multiple/leading/slash (#1178824)