Fedora Essential and Critical Security Patch Updates - Page 740
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
* Fix privilege escalation via user creation with a crafted POST request
CVE-2015-1827: It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash. CVE-2015-0283: It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory re [More...]
CVE-2015-1827: It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash. CVE-2015-0283: It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory re [More...]
## 7.x-1.6 See [SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905) Changes since 7.x-1.5: - by klausi: Sanitize field labels before passing them to the Token API. - Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field.
## 7.x-1.6 See [SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905) Changes since 7.x-1.5: - by klausi: Sanitize field labels before passing them to the Token API. - Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field.
Security fix for CVE-2014-9472 Security fix for CVE-2015-1165 Security fix for CVE-2015-1464
Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261, CVE-2015-2154, CVE-2015-2153, CVE-2015-2155.
## 7.x-1.6 See [SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905) Changes since 7.x-1.5: - by klausi: Sanitize field labels before passing them to the Token API. - Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field.
**19 Mar 2015, PHP 5.5.23** Core: * Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence) * Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence) * Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net)
Update to 1.8.6 p368 This package also fixes the build failure on arm -gnueabi systems (bug 506233), and DOS vulnerability issue on BigDecimal method (bug 504958, CVE-2009-1904)
Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release: -------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module
Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release: -------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module