Linux Advisory Watch: April 3rd, 2015

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

CVE-2015-0296 texlive rpm scriptlet allows unprivileged user to delete arbitrary files. This update fixes this issue

Security fix for CVE-2014-6585, CVE-2014-6591

Update to upstream 1.7 release for security fixes

Update to latest upstream - 37.0

Update to upstream 1.7 release for security fixes

**19 Mar 2015, PHP 5.5.23**Core:* Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence)* Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence)* Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net)* Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike)* Fixed bug #69017 (Fail to push to the empty array with the constant value defined in class scope). (Laruence)* Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dot com)* Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)* Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com)* Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)* Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski)* Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)CGI:* Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)CLI:* Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)cURL:* Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). (Grant Pannell)* Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. (Linus Unneback)Ereg:* Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas)FPM:* Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)ODBC:* Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)Opcache:* Fixed bug #69125 (Array numeric string as key). (Laruence)* Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)OpenSSL:* Fixed bugs #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). (Brad Broerman)pgsql:* Fixed bug #68638 (pg_update() fails to store infinite values). (william dot welter at 4linux dot com dot br, Laruence)Readline:* Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). (Laruence)SOAP:* Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (andrea dot palazzo at truel dot it, Laruence)SPL:* Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). (Laruence)* Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien)ZIP:* Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). (Stas)

Security fix for CVE-2015-2331.

## 7.x-1.6See [SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905)Changes since 7.x-1.5:- by klausi: Sanitize field labels before passing them to the Token API.- Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field.- Issue #2039601 by DuaelFr, fago: Added Ease EntityMetadataWrapper usage with a getter.- Issue #2160355 by wodenx, gmercer, fgm, jgullstr: Fixed Trying to get property of non-object in entity_metadata_user_access().- Issue #1651824 by meatsack | joachim: Fixed 'entity_test' table has incorrect declaration of foreign keys.- Issue #2309697 by kristiaanvandeneynde; joachim: Fixed variable mistake in entity_views_handler_relationship_by_bundle.- Issue #2003826 by greenmother, stella, jazzdrive3, fago: Fixed template_preprocess_entity does not check for existing 'path' index.- Issue #1104286: Support generating database schema for date properties.- Issue #2013473 by fietserwin: Title attribute of image field not listed as possible token.

Release 1.3.3.9 with security bug fixes

## 7.x-1.6See [SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905)Changes since 7.x-1.5:- by klausi: Sanitize field labels before passing them to the Token API.- Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field.- Issue #2039601 by DuaelFr, fago: Added Ease EntityMetadataWrapper usage with a getter.- Issue #2160355 by wodenx, gmercer, fgm, jgullstr: Fixed Trying to get property of non-object in entity_metadata_user_access().- Issue #1651824 by meatsack | joachim: Fixed 'entity_test' table has incorrect declaration of foreign keys.- Issue #2309697 by kristiaanvandeneynde; joachim: Fixed variable mistake in entity_views_handler_relationship_by_bundle.- Issue #2003826 by greenmother, stella, jazzdrive3, fago: Fixed template_preprocess_entity does not check for existing 'path' index.- Issue #1104286: Support generating database schema for date properties.- Issue #2013473 by fietserwin: Title attribute of image field not listed as possible token.

Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261, CVE-2015-2154, CVE-2015-2153, CVE-2015-2155.

## 7.x-1.6See [SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905)Changes since 7.x-1.5:- by klausi: Sanitize field labels before passing them to the Token API.- Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field.- Issue #2039601 by DuaelFr, fago: Added Ease EntityMetadataWrapper usage with a getter.- Issue #2160355 by wodenx, gmercer, fgm, jgullstr: Fixed Trying to get property of non-object in entity_metadata_user_access().- Issue #1651824 by meatsack | joachim: Fixed 'entity_test' table has incorrect declaration of foreign keys.- Issue #2309697 by kristiaanvandeneynde; joachim: Fixed variable mistake in entity_views_handler_relationship_by_bundle.- Issue #2003826 by greenmother, stella, jazzdrive3, fago: Fixed template_preprocess_entity does not check for existing 'path' index.- Issue #1104286: Support generating database schema for date properties.- Issue #2013473 by fietserwin: Title attribute of image field not listed as possible token.

CVE-2015-1827: It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash.CVE-2015-0283: It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for information about a group with many members, or a request for a user that belongs to a large number of groups, would cause a Directory Server to enter an infinite loop and consume an excessive amount of CPU time.These issues were discovered by Sumit Bose of Red Hat.

CVE-2015-1827: It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash.CVE-2015-0283: It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for information about a group with many members, or a request for a user that belongs to a large number of groups, would cause a Directory Server to enter an infinite loop and consume an excessive amount of CPU time.These issues were discovered by Sumit Bose of Red Hat.

Security fix for CVE-2014-9472Security fix for CVE-2015-1165Security fix for CVE-2015-1464

* Fix privilege escalation via user creation with a crafted POST request

Security fix for CVE-2015-0778

Update to Qt 5.4.1

Update to Qt 5.4.1

Update to Qt 5.4.1

Update to Qt 5.4.1

Update to Qt 5.4.1

Update to Qt 5.4.1

Update to Qt 5.4.1

Update to Qt 5.4.1

Update to Qt 5.4.1

Update to Qt 5.4.1

Update to Qt 5.4.1

Update to Qt 5.4.1

Security fix for CVE-2015-1815

Update to Qt 5.4.1

Update to Qt 5.4.1

**19 Mar 2015, PHP 5.5.23**Core:* Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence)* Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence)* Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net)* Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike)* Fixed bug #69017 (Fail to push to the empty array with the constant value defined in class scope). (Laruence)* Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dot com)* Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)* Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com)* Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)* Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski)* Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)CGI:* Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)CLI:* Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)cURL:* Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). (Grant Pannell)* Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. (Linus Unneback)Ereg:* Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas)FPM:* Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)ODBC:* Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)Opcache:* Fixed bug #69125 (Array numeric string as key). (Laruence)* Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)OpenSSL:* Fixed bugs #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). (Brad Broerman)pgsql:* Fixed bug #68638 (pg_update() fails to store infinite values). (william dot welter at 4linux dot com dot br, Laruence)Readline:* Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). (Laruence)SOAP:* Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (andrea dot palazzo at truel dot it, Laruence)SPL:* Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). (Laruence)* Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien)ZIP:* Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). (Stas)

Security fix for CVE-2015-2331.

Multiple vulnerabilities have been found in BusyBox, allowing context dependent attackers to load arbitrary kernel modules, execute arbitrary files, or cause a Denial of Service condition.

Multiple vulnerabilities has been discovered and corrected in subversion: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests [More...]

Updated icu packages fix security vulnerabilities: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified [More...]

Multiple vulnerabilities has been discovered and corrected in owncloud: * Multiple stored XSS in contacts application (oC-SA-2015-001) * Multiple stored XSS in documents application (oC-SA-2015-002) [More...]

Multiple vulnerabilities has been discovered and corrected in owncloud: * Login bypass when using user_ldap due to unauthenticated binds (oC-SA-2014-020) [More...]

Updated tor packages fix security vulnerabilities: The tor package has been updated to version 0.2.4.26, which fixes possible crashes that may be remotely trigger-able, which would result in a denial of service, and also fixes a few other bugs. [More...]

Multiple vulnerabilities has been discovered and corrected in flac: Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file (CVE-2014-9028). [More...]

Updated graphviz packages fix security vulnerability: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, [More...]

A vulnerability has been discovered and corrected in phpmyadmin: libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain [More...]

Updated dokuwiki packages fix security vulnerabilities: inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call (CVE-2014-8761). [More...]

Updated git packages fix security vulnerability: It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a git pull. Because git permitted committing [More...]

Updated glibc packages fix security vulnerabilities: Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with .. components in the LC_* and LANG variables. Together with typical OpenSSH [More...]

Updated glpi package fixes security vulnerabilities: Due to a bug in GLPI before 0.84.7, a user without access to cost information can in fact see the information when selecting cost as a search criteria (CVE-2014-5032). [More...]

Updated clamav packages fix security vulnerabilities: ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs: [More...]

Updated bind packages fix security vulnerabilities: By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue [More...]

Updated bash packages fix security vulnerability: A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain [More...]

Updated grub2 package fixes security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker [More...]

Updated icu packages fix security vulnerabilities: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified [More...]

Updated gtk+3.0 packages fix security vulnerability: Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An attacker with physical access to the machine could use this flaw to take over the locked desktop session [More...]

Updated ipython package fixes security vulnerability: In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on [More...]

Updated jasper packages fix security vulnerabilities: Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service (application crash) or the execution of arbitrary code (CVE-2014-9029). [More...]

Updated jython packages fix security vulnerability: There are serveral problems with the way Jython creates class cache files, potentially leading to arbitrary code execution or information disclosure (CVE-2013-2027). [More...]

Updated libarchive packages fix security vulnerability: Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths (CVE-2015-2304). [More...]

Updated libcap-ng packages fix security vulnerability: capng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, [More...]

Updated libevent packages fix security vulnerability: Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open [More...]

Updated libssh2 packages fix security vulnerability: Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A [More...]

Updated gnupg and libgcrypt packages fix security vulnerabilities: GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak (CVE-2014-3591). [More...]

Updated gnupg, gnupg2 and libgcrypt packages fix security vulnerabilities: GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets [More...]

Updated libgd packages fix security vulnerabilities: The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an [More...]

Updated libjpeg packages fix security vulnerability: Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing (CVE-2014-9092). [More...] _______________________________________________________________________

Updated libksba packages fix security vulnerability: By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service (CVE-2014-9087). [More...]

Updated liblzo packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker [More...]

Updated libsndfile packages fix security vulnerabilities: libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause [More...]

Updated libssh2 packages fix security vulnerability: Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A [More...]

Updated libtiff packages fix security vulnerabilities: The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, [More...]

Updated nodejs package fixes security vulnerabilities: A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep [More...]

Updated libvncserver packages fix security vulnerabilities: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker [More...]

Updated libxfont packages fix security vulnerabilities: Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to [More...]

Updated lua and lua5.1 packages fix security vulnerability: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code [More...]

Updated not-yet-commons-ssl packages fixes security vulnerability: It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by [More...]

Updated mpfr packages fix security vulnerability: A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer (CVE-2014-9474). [More...]

Updated ntp packages fix security vulnerabilities: If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated (CVE-2014-9293). [More...]

Updated openvpn packages fix security vulnerability: Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of [More...]

Updated perl package fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many [More...]

Updated patch package fixes security vulnerabilities: It was reported that a crafted diff file can make patch eat memory and later segfault (CVE-2014-9637). [More...]

Updated pcre packages fix security vulnerability: A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions (CVE-2014-8964). [More...]

Updated ppp packages fix security vulnerability: A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options (CVE-2014-3158). [More...] _______________________________________________________________________

Updated python-requests packages fix security vulnerabilities: Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from ~/.netrc file through redirect requests, if the user has their passwords stored in the ~/.netrc file [More...]

Updated pulseaudio package fixes RTP remote crash vulnerability: PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. [More...]

Updated readline packages fix security vulnerability: Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks (CVE-2014-2524). [More...]

Updated rsync package fixes security vulnerability: Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via [More...]

Updated rsyslog packages fix security vulnerability: Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted [More...]

Updated ruby packages fix security vulnerabilities: Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory [More...]

Updated sendmail packages fix security vulnerability: Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own [More...]

Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in [More...]

Updated sudo packages fix security vulnerability: Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset() implementations support passing an absolute pathname in the time zone to point to an arbitrary, [More...]

Updated tcpdump package fixes security vulnerabilities: The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set (CVE-2014-8767). [More...]

Updated torque packages fix security vulnerabilities: Chad Vizino reported that within a TORQUE Resource Manager job a non-root user could use a vulnerability in the tm_adopt() library call to kill processes he/she doesn't own including root-owned ones [More...]

Updated unzip package fix security vulnerabilities: The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The [More...]

Updated util-linux packages fix security vulnerability: Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges (CVE-2014-9114). [More...]

Updated wget package fixes security vulnerability: Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP (CVE-2014-4877). [More...]

Updated wpa_supplicant and hostapd packages fix security vulnerability: A vulnerability was found in the mechanism wpa_cli and hostapd_cli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary [More...]

Updated x11-server packages fix security vulnerabilities: Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service (CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, [More...]

Updated xlockmore packages fix security vulnerability: xlockmore before 5.45 contains a security flaw related to a bad value of fnt for pyro2 which could cause an X error. This update backports the fix for version 5.43. [More...]

Updated emacs packages fix security vulnerabilities: Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs (CVE-2014-3421, CVE-2014-3422, [More...]

Updated libtasn1 packages fix security vulnerabilities: Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library [More...]

Updated libvirt packages fix security vulnerabilities: The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev [More...]

Updated cifs-utils packages fix security vulnerability: Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c (CVE-2014-2830). [More...] _______________________________________________________________________

Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly [More...]

Updated python-lxml packages fix security vulnerability: The clean_html() function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters (\x01-\x08). A remote attacker could use this flaw to serve malicious [More...]

Updated libxml2 packages fix security vulnerabilities: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using [More...]

Updated postgresql packages fix multiple security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The [More...]

Updated python-django packages fix security vulnerabilities: Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments (CVE-2015-0219). [More...]

Updated cups packages fix security vulnerabilities: Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, [More...]

Updated lcms2 packages fix security vulnerability: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D (CVE-2014-0459). [More...]

Updated apache-mod_security packages fix security vulnerability: Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests [More...]

Updated imagemagick package fixes security vulnerabilities: A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick [More...]

Updated elfutils packages fix security vulnerabilities: The libdw library provides support for accessing DWARF debugging information inside ELF files. An integer overflow flaw in check_section(), leading to a heap-based buffer overflow, was found [More...]

Updated squid packages fix security vulnerabilities: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled (CVE-2014-0128). [More...]

Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using [More...]

Updated jbigkit packages fix security vulnerability: Florian Weimer found a stack-based buffer overflow flaw in the libjbig library (part of jbigkit). A specially-crafted image file read by libjbig could be used to cause a program linked to libjbig to crash [More...]

Updated cups-filters packages fix security vulnerabilities: Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user [More...]

Updated python-imaging packages fix security vulnerabilities: Jakub Wilk discovered that temporary files were insecurely created (via mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker [More...]

Updated curl packages fix security vulnerabilities: Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as [More...]

Updated php-ZendFramework packages fix multiple vulnerabilities: XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server [More...]

Updated stunnel package fixes security vulnerability: A flaw was found in the way stunnel, a socket wrapper which can provide SSL support to ordinary applications, performed (re)initialization of PRNG after fork. When accepting a new connection, the server forks and [More...]

Updated openssh packages fix security vulnerabilities: sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located [More...]

Updated nginx package fixes security vulnerabilities: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially [More...]

Updated apache packages fix security vulnerabilities: Apache HTTPD before 2.4.9 was vulnerable to a denial of service in mod_dav when handling DAV_WRITE requests (CVE-2013-6438). [More...]

Updated net-snmp packages fix security vulnerabilities: Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects [More...]

This update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. [More...]

Updated libpng package fixes security vulnerabilities: The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT [More...]

Updated freetype2 packages fix security vulnerabilities: It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow [More...]

Updated udisks2 packages fixes security vulnerability: A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary [More...]

Updated egroupware packages fix security vulnerabilities: eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize() method (CVE-2014-2027). [More...]

Updated libssh packages fix security vulnerabilities: When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the [More...]

Updated subversion packages fix security vulnerabilities: The mod_dav_svn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via an OPTIONS request (CVE-2014-0032). [More...]

Updated tomcat package fixes security vulnerabilities: It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition [More...]

Multiple vulnerabilities has been discovered and corrected in samba4: Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB [More...]

Updated samba packages fix security vulnerabilities: In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts [More...]

Updated samba packages fix security vulnerabilities: An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to [More...]

Multiple vulnerabilities has been discovered and corrected in php: It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain [More...]

Multiple vulnerabilities has been discovered and corrected in php: S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute [More...]

Updated mutt packages fix security vulnerability: A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition (CVE-2014-9116). [More...]

Updated python-numpy packages fix security vulnerabilities: f2py insecurely used a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py (CVE-2014-1858, CVE-2014-1859). [More...]

Updated python3 packages fix security vulnerabilities: ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips (CVE-2013-7338). [More...]

Updated python packages fix security vulnerabilities: A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used [More...]

A vulnerability has been discovered and corrected in openldap: The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty [More...]

Multiple vulnerabilities has been discovered and corrected in openldap: The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty [More...]

Updated gnutls packages fix security vulnerabilities: Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate [More...]

Updated libpng12 package fixes security vulnerabilities: The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, [More...]

Updated libvirt packages fixes security vulnerabilities: The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service [More...]

Multiple vulnerabilities has been discovered and corrected in krb5: The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, [More...]

Updated e2fsprogs packages fix security vulnerability: The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially [More...]

Updated e2fsprogs packages fix security vulnerabilities: The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially [More...]

Updated cpio package fixes security vulnerability: In GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory. However, it can be bypassed with symlinks. While extracting [More...]

Updated cpio package fixes security vulnerabilities: Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive (CVE-2014-9112). [More...]

Updated cabextract packages fix security vulnerabilities: Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If [More...]

Multiple vulnerabilities has been discovered and corrected in openssl: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate [More...]

Multiple vulnerabilities has been discovered and corrected in openssl: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of [More...]

An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]

Updated flac packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]

Updated setroubleshoot packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]

Updated ipa and slapi-nis packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]

Updated kernel-rt packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]

Several security issues were fixed in Thunderbird.

USN-2553-1 introduced a regression in LibTIFF.

Firefox could be made to crash or run programs as your login if itopened a malicious website.

Several security issues were fixed in Libgcrypt.

Several security issues were fixed in GnuPG.

LibTIFF could be made to crash or run programs as your login if it opened aspecially crafted file.