Repository 32bit  Forum
Repository 64bit  Wiki
Fri Mar 28 03:43:11 UTC 2014
l/mozilla-nss-3.16-x86_64-1.txz: Upgraded.
  This update fixes a security issue:
  The cert_TestHostName function in lib/certdb/certdb.c in the
  certificate-checking implementation in Mozilla Network Security Services
  (NSS) before 3.16 accepts a wildcard character that is embedded in an
  internationalized domain name's U-label, which might allow man-in-the-middle
  attackers to spoof SSL servers via a crafted certificate.
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
  (* Security fix *)
l/seamonkey-solibs-2.25-x86_64-1.txz: Upgraded.
n/curl-7.36.0-x86_64-1.txz: Upgraded.
  This update fixes four security issues.
  For more information, see:
  http://curl.haxx.se/docs/adv_20140326A.html
  http://curl.haxx.se/docs/adv_20140326B.html
  http://curl.haxx.se/docs/adv_20140326C.html
  http://curl.haxx.se/docs/adv_20140326D.html
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522
  (* Security fix *)
n/httpd-2.4.9-x86_64-1.txz: Upgraded.
  This update addresses two security issues.
  Segfaults with truncated cookie logging. mod_log_config: Prevent segfaults
  when logging truncated cookies. Clean up the cookie logging parser to
  recognize only the cookie=value pairs, not valueless cookies.
  mod_dav: Keep track of length of cdata properly when removing leading
  spaces. Eliminates a potential denial of service from specifically crafted
  DAV WRITE requests.
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
  (* Security fix *)
n/openssh-6.6p1-x86_64-1.txz: Upgraded.
  This update fixes a security issue when using environment passing with
  a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH could be
  tricked into accepting any environment variable that contains the
  characters before the wildcard character.
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
  (* Security fix *)
n/tin-2.2.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-28.0-x86_64-1.txz: Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
  http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/mozilla-thunderbird-24.4.0-x86_64-1.txz: Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
  http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
xap/seamonkey-2.25-x86_64-1.txz: Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
  http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)