CVE

Tango-document-new.png

Tango-document-new.png

This article is a stub.

Notes: Draft of a table containing already corrected CVE TODO: - improve sexiness of the table - links to Mitre for CVE-id (Discuss)

This article documents Common Vulnerabilities and Exposures (CVE's) that are found and fixed in Arch Linux.

Introduction

CVE's represent critical security vulnerabilities which must be addressed as quickly as possible.

Once a CVE has been located and fixed, it is added to the CVE documentation table below.

Helping

This is a community driven project. Please consider joining the Arch CVE Monitoring Team.

Also, join the Arch security mailing list. There is an IRC on irc://irc.freenode.net/archlinux-security.

Procedure

When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:

CVE Table Addition Template
|-
| {{CVE|CVE-2014-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports) || {{ASA|ASA-??????-??}}
Note: If the CVE is not found in NVD, just include a link to different database in the first column: [http://link.to.cve CVE-2014-????]
Note: The "Disclosure date" field should be expressed in ISO 8601 format to avoid any confusion. Example: 2014-03-22.
Note: The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.

The above "CVE-template" should be added after the line:

! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID

Response time

The response time is the time taken to get a fixed package to the stable repositories.

Documented CVE's


Note: Refer to the #Procedure section when adding new entries.
TRACKED CVE's
CVE-ID Package Disclosure date Affected versions Fixed in Arch Linux package version Arch Linux response time Status (and related bug reports) ASA-ID
CVE-2014-9636 CVE-2015-1315 templink templink unzip 2014-11-02 <= 6.0-9 Vulnerable
CVE-2014-9680 templink sudo 2015-02-09 <= 1.8.12-1 1.8.12-1 4d Fixed
CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 templink templink krb5 2015-02-03 <= 1.13-1 1.13.1-1 14d Fixed ASA-201502-12
CVE-2015-0255 templink xorg-server 2015-02-10 <= 1.16.3-2 1.16.4-1 <1d Fixed ASA-201502-11
CVE-2015-1191 templink pigz 2015-01-18 <= 2.3.1-1 2.3.3-1 21d Fixed (FS#43748) ASA-201502-9
CVE-2015-0245 templink dbus 2015-02-09 <= 1.8.14-1 1.8.16-1 1d Fixed ASA-201502-10
CVE-2015-1472 CVE-2015-1473 glibc 2015-02-05 <= 2.20-6 2.21-1 4d Fixed (FS#43747) ASA-201502-8
CVE-2014-9297 CVE-2014-9298 templink templink ntp 2015-02-04 <= 4.2.8-1 4.2.8.p1-1 2d Fixed ASA-201502-7
CVE-2014-9328 clamav 2015-01-28 <= 0.98.5-1 0.98.6-1 <1d Fixed ASA-201502-6
CVE-2015-1209 CVE-2015-1210 CVE-2015-1211 CVE-2015-1212 templink chromium 2015-02-05 <= 40.0.2214.94-1 40.0.2214.111-1 <1d Fixed ASA-201502-5
CVE-2015-0313 CVE-2015-0314 CVE-2015-0315 CVE-2015-0316 CVE-2015-0317 CVE-2015-0318 CVE-2015-0319 CVE-2015-0320 CVE-2015-0321 CVE-2015-0322 CVE-2015-0323 CVE-2015-0324 CVE-2015-0325 CVE-2015-0326 CVE-2015-0327 CVE-2015-0328 CVE-2015-0329 CVE-2015-0330 templink flashplugin 2015-02-05 <= 11.2.202.440-1 11.2.202.442-1 <1d Fixed ASA-201502-2
CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 templink postgresql 2015-02-05 <= 9.4.0-1 9.4.1-1 <1d Fixed ASA-201502-4
CVE-2015-1380 CVE-2015-1381 CVE-2015-1382 templink privoxy 2015-01-26 <= 3.0.22-1 3.0.23-1 3d Fixed ASA-201502-1
CVE-2015-0235 templink glibc 2015-01-27 < 2.18-1 ? 2.18-1 < 1d Fixed None
CVE-2015-0311 CVE-2015-0301 CVE-2015-0302 CVE-2015-0303 CVE-2015-0304 CVE-2015-0305 CVE-2015-0306 CVE-2015-0307 CVE-2015-0308 CVE-2015-0309 templink flashplugin 2015-01-23 <= 11.2.202.438-1 11.2.202.440-1 3d Fixed ASA-201501-22
CVE-2015-0231 CVE-2014-9427 CVE-2015-0232 templink templink templink php 2015-01-22 <= 5.6.4-1 5.6.5-1 <1d Fixed ASA-201501-17
CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 templink vorbis-tools 2015-01-21 <= 1.4.0-4 Vulnerable
CVE-2015-1345 templink grep 2015-01-18 <= 2.21-1 Vulnerable
CVE-2014-7923 CVE-2014-7924 CVE-2014-7925 CVE-2014-7926 CVE-2014-7927 CVE-2014-7928 CVE-2014-7930 CVE-2014-7931 CVE-2014-7929 CVE-2014-7932 CVE-2014-7933 CVE-2014-7934 CVE-2014-7935 CVE-2014-7936 CVE-2014-7937 CVE-2014-7938 CVE-2014-7939 CVE-2014-7940 CVE-2014-7941 CVE-2014-7942 CVE-2014-7943 CVE-2014-7944 CVE-2014-7945 CVE-2014-7946 CVE-2014-7947 CVE-2014-7948 CVE-2015-1205 templink chromium 2015-01-22 <= 39.0.2171.99-1 40.0.2214.91-1 3d Fixed ASA-201501-21
CVE-2014-3566 CVE-2014-6549 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0413 CVE-2015-0421 CVE-2015-0437 templink jdk8-openjdk jre8-openjdk jre8-openjdk-headless 2015-01-22 <= 8.u25-2 8.u31-1 1d Fixed ASA-201501-14 ASA-201501-15 ASA-201501-16
CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 templink jdk7-openjdk jre7-openjdk jre7-openjdk-headless 2015-01-22 <= 7.u71_2.5.3-3 Fixed ASA-201501-18 ASA-201501-19 ASA-201501-20
CVE-2014-8157 CVE-2014-8158 templink jasper 2015-01-22 <= 1.900.1-12 1.900.1-13 5d Fixed (FS#43592) ASA-201501-23
CVE-2014-8132 templink libssh 2014-12-19 <= 0.6.3-1 0.6.4-1 26d Fixed ASA-201501-12
CVE-2015-1182 templink polarssl 2012-09-19 <= 1.3.9-1 1.3.9-2 1d Fixed (FS#43508) ASA-201501-13
CVE-2012-3505 templink tinyproxy 2012-09-10 <= 1.8.3-1 1.8.4-1 > 740d Fixed (FS#38400) ASA-201501-11
CVE-2014-9447 templink elfutils 2015-01-19 <= 0.161-2 Vulnerable
CVE-2014-8143 templink samba 2015-01-15 <= 4.1.15-1 4.1.16-1 4d Fixed ASA-201501-10
CVE-2015-1197 templink cpio 2015-01-16 <= 2.11-5 Vulnerable
CVE-2015-1196 CVE-2014-9637 templink templink patch 2015-01-14 <= 2.7.1-3 2.7.3-1 14d Fixed ASA-201501-24
CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042 templink templink templink templink mantisbt 2015-01-17 <= 1.2.18-1 1.2.19-1 20d Fixed ASA-201502-3
CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 templink thunderbird 2015-01-13 <= 31.3.0-1 31.4.0-1 <1d Fixed ASA-201501-7
CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 templink firefox 2015-01-13 <= 34.0.5-1 35.0-1 <1d Fixed ASA-201501-6
CVE-2014-3571 CVE-2015-0206 CVE-2014-3569 CVE-2014-3572 CVE-2015-0204 CVE-2015-0205 CVE-2014-8275 CVE-2014-3570 templink openssl 2015-01-08 <= 1.0.1.j-1 1.0.1.k-1 <1d Fixed ASA-201501-2
CVE-2014-8150 templink curl 2015-01-08 <= 7.39.0-1 7.40.0-1 10d Fixed (FS#43379) ASA-201501-9
CVE-2014-6272 templink libevent 2015-01-05 <= 2.0.21-3 2.0.22-1 7d Fixed (FS#43366) ASA-201501-4
CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 templink unzip 2014-12-22 <= 6.0-7 6.0-9 17d Fixed (FS#43300) (FS#43391) ASA-201501-3
CVE-2014-9380 CVE-2014-9381 templink ettercap 2014-12-16 <= 0.8.1-2 Vulnerable
CVE-2014-9425 templink php 2014-12-29 <= 5.6.4-1 5.6.5-1 6d Fixed None
CVE-2014-9295 CVE-2014-9296 templink ntp 2014-12-19 < 4.2.8-1 4.2.8-1 1d Fixed ASA-201412-24
CVE-2014-8142 templink php 2014-12-18 <= 5.6.3-1 5.6.4-1 1d Fixed ASA-201412-23
CVE-2014-8137 CVE-2011-4516 CVE-2011-4517 templink jasper 2014-12-18 <= 1.900.1-11 1.900.1-12 1d Fixed (FS#43155) ASA-201412-22
CVE-2014-9029 templink jasper 2014-12-04 <= 1.900.1-10 1.900.1-12 6d Fixed (FS#43044) ASA-201412-22
CVE-2012-3406 CVE-2014-9402 templink glibc lib32-glibc 2014-12-17 <= 2.20-4 2.20-5 1d Fixed ASA-201412-21
CVE-2014-9253 templink dokuwiki 2014-12-15 <= 20140929_a-1 20140929_b-1 <1d Fixed ASA-201412-19
CVE-2014-3580 CVE-2014-8108 templink templink subversion 2014-12-16 <= 1.8.10-1 1.8.11-1 <1d Fixed ASA-201412-17
CVE-2014-9356 CVE-2014-9357 CVE-2014-9358 templink docker 2014-12-12 <= 1:1.3.2-1 1:1.4.0-1 2d Fixed ASA-201412-16
CVE-2013-1752 CVE-2013-1753 CVE-2014-9365 templink python2 2014-12-11 <= 2.7.8-1 2.7.9-1 3d Fixed ASA-201412-15
CVE-2014-0580 CVE-2014-0587 CVE-2014-8443 CVE-2014-9162 CVE-2014-9163 CVE-2014-9164 templink flashplugin 2014-12-09 <= 11.2.202.424-1 11.2.202.425-1 3d Fixed ASA-201412-13
CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 templink xorg-server 2014-12-09 <= 1.16.2-1 1.16.2.901-1 2d Fixed ASA-201412-14
CVE-2014-8093 CVE-2014-8098 CVE-2014-8298 templink nvidia nvidia-lts 2014-12-09 <= 343.22-6 343.36-1 3d Fixed ASA-201412-12
CVE-2014-8093 CVE-2014-8098 CVE-2014-8298 templink nvidia-340xx nvidia-340xx-lts 2014-12-09 <= 340.58-3 340.65-1 3d Fixed ASA-201412-11
CVE-2014-8093 CVE-2014-8098 CVE-2014-8298 templink nvidia-304xx nvidia-304xx-lts 2014-12-09 < 304.125-1 304.125-1 < 1d Fixed ASA-201412-10
CVE-2014-8601 templink powerdns-recursor 2014-12-09 <= 3.6.1-1 3.6.2-1 <1d Fixed ASA-201412-9
CVE-2014-8602 templink unbound 2014-12-09 <= 1.5.0-1 1.5.1-1 <1d Fixed ASA-201412-8
CVE-2014-8500 CVE-2014-8680 templink bind 2014-12-08 <= 9.10.1-2 9.10.1.P1-1 <1d Fixed ASA-201412-7
CVE-2014-9274 CVE-2014-9275 templink unrtf 2014-12-04 <= 0.21.5-1 0.21.7-1 10d Fixed (FS#43131) ASA-201412-20
CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8631 CVE-2014-8632 templink firefox 2014-12-02 <= 33.1.1-1 34.0.5-1 < 1d Fixed ASA-201412-3
CVE-2014-9157 templink graphviz 2014-11-25 <= 2.38.0-2 2.38.0-3 8d Fixed (FS#42983) ASA-201412-4
CVE-2014-8123 templink antiword 2014-12-01 <= 0.37-4 0.37-5 3d Fixed (FS#42982) ASA-201412-5
CVE-2014-8104 templink openvpn 2014-11-30 <= 2.3.5-1 2.3.6-1 4d Fixed (FS#42975) ASA-201412-2
CVE-2014-9087 templink gnupg 2014-11-25 <= 2.1.0-5 2.1.0-6 4d Fixed (FS#42943) ASA-201412-1
CVE-2014-9087 templink libksba 2014-11-25 <= 1.3.1-1 1.3.2-1 <1d Fixed ASA-201411-31
CVE-2014-9114 templink util-linux 2014-11-27 <= 2.25.2-1 Vulnerable
CVE-2014-9112 templink cpio 2014-11-26 <= 2.11-4 2.11-5 20d Fixed ASA-201501-5
CVE-2014-9116 templink mutt 2014-11-27 <= 1.5.23-1 Vulnerable
CVE-2014-9093 templink libreoffice-fresh 2014-11-19 <= 4.3.4-1 4.3.5-1 31d Fixed None
CVE-2014-9092 templink libjpeg-turbo 2014-11-26 <= 1.3.1-2 1.3.1-3 2d Fixed (FS#42922) ASA-201411-33
CVE-2014-9272 CVE-2014-9270 CVE-2014-8987 CVE-2014-9271 CVE-2014-9281 CVE-2014-8986 CVE-2014-9269 CVE-2014-9280 CVE-2014-9089 CVE-2014-9279 CVE-2014-8988 CVE-2014-8553 CVE-2014-6387 CVE-2014-6316 CVE-2014-9117 templink templink templink mantisbt 2014-11-25 <= 1.2.17-4 1.2.18-1 13d Fixed (FS#42920) ASA-201412-6
CVE-2014-9090 templink linux linux-lts 2014-11-26 <= 3.18-rc6 3.19 - Invalid None
CVE-2014-9018 CVE-2014-9091 templink icecast 2014-11-20 <= 2.4.0-1 2.4.1-1 8d Fixed (FS#42912) ASA-201411-32
CVE-2014-8964 templink pcre 2014-11-18 <= 8.36-1 8.36-2 8d Fixed (FS#42860) ASA-201411-29
CVE-2014-8962 CVE-2014-9028 templink flac 2014-11-25 <= 1.3.0-4 1.3.0-5 < 1d Fixed (FS#42898) ASA-201411-30
CVE-2014-7899 CVE-2014-7900 CVE-2014-7901 CVE-2014-7902 CVE-2014-7903 CVE-2014-7904 CVE-2014-7906 CVE-2014-7907 CVE-2014-7908 CVE-2014-7909 CVE-2014-7910 templink chromium 2014-11-20 <= 38.0.2125.122-1 39.0.2171.65-1 <1d Fixed ASA-201411-26
CVE-2014-9015 CVE-2014-9016 templink drupal 2014-11-19 <= 7.33-1 7.34-1 <1d Fixed ASA-201411-25
CVE-2013-6497 templink clamav 2014-11-18 <= 0.98.4-1 0.98.5-1 1d Fixed ASA-201411-21
CVE-2014-7817 templink glibc lib32-glibc 2014-11-19 <= 2.20-2 2.20.3 2d Fixed ASA-201411-27
CVE-2014-8600 templink kwebkitpart 2014-11-18 <= 1.3.4-3 Vulnerable
CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2014-9140 templink templink templink templink tcpdump 2014-11-18 <= 4.6.2-1 Vulnerable
CVE-2014-8090 ruby 2014-11-13 <= 2.1.4-1 2.1.5-1 1d Fixed ASA-201411-16
CVE-2014-7823 libvirt 2014-11-13 <= 1.2.10-1 1.2.11-1 33d Fixed None
CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 templink templink templink wireshark-cli wireshark-gtk wireshark-qt 2014-11-13 <= 1.12.1-1 1.12.2-1 7d Fixed ASA-201411-22 ASA-201411-23 ASA-201411-24
CVE-2014-0573 CVE-2014-0574 CVE-2014-0576 CVE-2014-0577 CVE-2014-0581 CVE-2014-0582 CVE-2014-0583 CVE-2014-0584 CVE-2014-0585 CVE-2014-0586 CVE-2014-0588 CVE-2014-0589 CVE-2014-0590 CVE-2014-8437 CVE-2014-8438 CVE-2014-8440 CVE-2014-8441 CVE-2014-8442 templink flashplugin 2014-11-11 <= 11.2.202.411-1 11.2.202.418-1 <1d Fixed (FS#42769) ASA-201411-11
CVE-2014-3710 templink php 2014-10-29 <= 5.6.2-2 5.6.3-1 14d Fixed (FS#42764) ASA-201411-13
CVE-2014-8564 templink gnutls 2014-11-10 <= 3.3.9-1 3.3.10-1 <1d Fixed ASA-201411-10
CVE-2014-8716 templink imagemagick 2014-11-12 <= 6.8.9.9-1 6.8.9.10-1 1d Fixed ASA-201411-12
CVE-2014-3710 templink file 2014-10-29 <= 5.20-1 5.20-2 12d Fixed (FS#42759) ASA-201411-9
CVE-2014-1569 templink nss 2014-11-07 <= 3.17.2-1 3.17.3-1 22d Fixed (FS#42760) ASA-201412-18
CVE-2014-7824 templink dbus 2014-11-10 <= 1.8.8-1 1.8.10-1 14d Fixed ASA-201411-28
CVE-2014-8598 CVE-2014-7146 templink templink mantisbt 2014-11-08 <= 1.2.17-3 1.2.17-4 <4d Fixed (FS#42761) ASA-201411-8
CVE-2014-8483 templink konversation 2014-11-04 <= 1.5-1 1.5.1-1 <4d Fixed (FS#42698) ASA-201411-5
CVE-2014-3707 templink curl 2014-11-05 <= 7.38.0-3 7.39.0-1 6d Fixed ASA-201411-7
CVE-2014-8651 templink kdebase-workspace 2014-11-04 <= 4.11.13-1 4.11.13-2 6d Fixed (FS#42679) ASA-201411-6
CVE-2014-8627 CVE-2014-8628 templink polarssl 2014-10-23 <= 1.3.8-3 1.3.9-1 11d Fixed ASA-201411-4
CVE-2014-8321 CVE-2014-8322 CVE-2014-8323 CVE-2014-8324 templink aircrack-ng 2014-11-02 <= 1.2beta3-1 1.2rc1-1 1d Fixed ASA-201411-2
CVE-2014-8554 templink mantisbt 2014-10-30 <= 1.2.17-2 1.2.17-3 5d Fixed (FS#42683) ASA-201411-3
CVE-2014-8354 CVE-2014-8355 CVE-2014-8561 CVE-2014-8562 templink imagemagick 2014-10-29 <= 6.8.9.8-1 6.8.9.9-1 <1d Fixed None
CVE-2014-8517 templink tnftp 2014-10-28 <= 20130505-2 20141031-1 4d Fixed (FS#42646) ASA-201411-1
CVE-2014-4877 templink wget 2014-10-27 <= 1.15-1 1.16-1 <2d Fixed ASA-201410-14
CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 templink tmplink templink avr-binutils 2014-10-23 <= 2.24-2 2.24-3 27d Fixed (FS#42773) ASA-201411-20
CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 templink tmplink templink mingw-w64-binutils 2014-10-23 <= 2.24-1 2.24-2 26d Fixed (FS#42773) ASA-201411-19
CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 templink tmplink templink arm-none-eabi-binutils 2014-10-23 <= 2.24-2 2.24-3 26d Fixed (FS#42773) ASA-201411-18
CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 templink tmplink templink binutils 2014-10-23 <= 2.24-7 2.24-8 26d Fixed (FS#42773) ASA-201411-17
CVE-2014-8559 templink linux, linux-lts 2014-10-30 <= 3.17.3-1, <= 3.14.24-1 3.17.4-1 3.14.25-1 23d 22d Fixed None
CVE-2014-3610 CVE-2014-3611 CVE-2014-3646 CVE-2014-3647 CVE-2014-7825 CVE-2014-7826 CVE-2014-8369 templink templink linux, linux-lts 2014-10-21 <= 3.17.2-1, <= 3.14.23-1 3.17.3-1, 3.14.24-1 Fixed ASA-201411-14 ASA-201411-15
CVE-2014-8480 CVE-2014-8481 templink linux 2014-10-21 <= 3.17.2-1 3.17.3-1 Fixed ASA-201411-14
CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 templink libpurple 2014-10-22 <= 2.10.9-2 2.10.10-1 < 1d Fixed ASA-201410-9
CVE-2014-8760 ejabberd 2014-10-13 <= 14.07-1 14.07-2 14d Fixed (FS#42541) ASA-201410-13
CVE-2014-3686 wpa_supplicant, hostapd 2014-10-09 <= 2.2-2 2.3-1 ~10d Fixed (FS#42401) ASA-201410-8
CVE-2014-0191 CVE-2014-3660 libxml2 2014-10-16 <= 2.9.1-5 2.9.2-1 8d Fixed (FS#40790) ASA-201410-12
CVE-2014-3704 templink drupal 2014-10-15 <= 7.31-2 7.32-1 1d Fixed (FS#42388) ASA-201410-7
CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 templink temp link openssl 2014-10-15 <= 1.0.1.i-1 1.0.1.j-1 1d Fixed ASA-201410-6
CVE-2014-8242 temp link librsync 2014-10-12 <= 0.9.7-7 Vulnerable
CVE-2014-7203 CVE-2014-7202 temp link zeromq 2014-09-27 <= 4.0.4-4 4.0.5-1 18d Fixed (FS#42381) ASA-201410-4
CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 temp link libvncserver 2014-09-23 <= 0.9.9-3 0.9.10-1 31d Fixed (FS#42321) ASA-201410-10
CVE-2014-3683 temp link rsyslog 2014-10-02 <= 8.4.1-1 8.4.2-1 1d Fixed ASA-201410-5
CVE-2014-7204 temp link ctags 2014-09-29 <= 5.8-4 5.8-5 26d Fixed (FS#42246) ASA-201410-11
CVE-2014-7295 temp link mediawiki 2014-10-02 <= 1.23.4-1 1.23.5-1 <1d Fixed ASA-201410-3
CVE-2014-3661 CVE-2014-3662 CVE-2014-3663 CVE-2014-3664 CVE-2014-3680 CVE-2014-3681 CVE-2014-3666 CVE-2014-3667 CVE-2013-2186 CVE-2014-1869 CVE-2014-3678 CVE-2014-3679 temp link jenkins 2014-10-01 <= 1.582-1 1.583-1 <1d Fixed ASA-201410-2
CVE-2014-3634 temp link rsyslog 2014-09-30 <= 8.4.0-1 8.4.1-1 1d Fixed (FS#42200) ASA-201410-1
CVE-2014-3657 CVE-2014-3633 temp link libvirt 2014-09-26 <= 1.2.8-1 1.2.8-2 3d Fixed (FS#42159) ASA-201409-5
CVE-2014-7199 temp link mediawiki 2014-09-24 <= 1.23.3-1 1.23.4-1 5d Fixed (FS#42161) ASA-201409-4
CVE-2014-7185 temp link python2 2014-09-24 < 2.7.8 2.7.8-1 < 1d Fixed ASA-201409-3
CVE-2014-1568 temp link nss 2014-09-24 < 3.17.1 3.17.1-1 < 1d Fixed ASA-201409-1
CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2014-6277 CVE-2014-6278 temp link bash 2014-09-24 <= 4.3.024-1 4.3.026-1 2d Fixed (FS#42109) ASA-201409-2
CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 temp link dbus libdbus lib32-libdbus 2014-09-16 < 1.8.8 1.8.8-1 1d Fixed (FS#41993)
CVE-2014-3613 CVE-2014-3620 temp link curl lib32-curl 2014-09-10 < 7.38.0 7.38.0-1 5d (curl), 7d (lib32-curl) Fixed
CVE-2014-3609 temp link squid 2014-08-28 < 3.4.7 3.4.7-1 < 1d Fixed
CVE-2014-5119 temp link glibc 2014-07-21 <= 2.19 2.20-2 55d Fixed (FS#41713)
CVE-2014-3508 CVE-2014-5139 CVE-2014-3509 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 temp link openssl 2014-08-06 < 1.0.1.i 1.0.1.i-1 <1d Fixed
CVE-2014-0226 temp link apache 2014-07-15 < 2.4.10 2.4.10-1 ~7d Fixed (FS#41244)
CVE-2014-4943 temp link linux, linux-lts, linux-grsec 2014-07-16 3.15.5.201407170639-1 linux-grsec, 3.14.16 (linux-lts), 3.16 (linux) 1d (linux-grsec), 23d (linux-lts), 27d linux Fixed in linux, linux-lts (FS#41231), Fixed in linux-grsec
CVE-2014-0475 temp link glibc 2014-07-10 <=2.19 2.20-2 66d Fixed (FS#41166)
CVE-2014-4699 temp link linux, linux-lts, linux-grsec 2014-07-04 3.15.3.201407060933-1 linux-grsec, 3.15.4-1 linux, 3.14.11-1 linux-lts 2d (linux-grsec), 3d (linux, linux-lts) Fixed (FS#41115)
CVE-2014-4715 temp link lz4 2014-07-02 119-1 <1d Fixed
CVE-2014-4611 temp link linux, linux-grsec, lz4 2014-06-26 3.15.2-1 (linux), 3.15.2.201406262058-1 (linux-grsec), 118-1 lz4 <1d (linux, linux-grsec, lz4) Fixed in linux (FS#40992), Fixed in linux-grsec, Fixed in lz4 (FS#40997)
CVE-2014-4610 temp link ffmpeg 2014-06-26 1:2.2.4-1 -2d Fixed
CVE-2014-4609 temp link gst-libav 2014-06-26 1.2.4-1 1.2.4-2 (with libav 9.14) 2d Fixed (FS#40995)
CVE-2014-4608 temp link linux, linux-lts, linux-grsec 2014-06-26 3.15.2-1 (linux), 3.10.45-1 (linux-lts), 3.15.2.201406262058-1 (linux-grsec) <1d (linux, linux-lts, linux-grsec) Fixed in linux and linux-lts (FS#40992), Fixed in linux-grsec
CVE-2014-4607 temp link lzo2 2014-06-26 2.07-2 3d Fixed (FS#40993)
CVE-2014-4617 temp link gnupg 2014-06-24 < 2.0.24 2.0.24 7d Fixed
CVE-2014-0244 CVE-2014-3493 temp link samba 2014-06-23 < 4.1.9 4.1.9 <1d Fixed
CVE-2014-1545 temp link nspr 2014-06-10 < 4.10.6 4.10.6 ~1d Fixed
CVE-2014-3859 bind 2014-06-11 9.10.0, 9.10.0-P1 9.10.0-P2 <1d Fixed
CVE-2014-3477 dbus 2014-06-10 <= 1.8.2 1.8.4 3d Fixed
CVE-2014-0195 CVE-2014-0198 CVE-2010-5298 CVE-2014-3470 CVE-2014-0224 CVE-2014-0221 temp link openssl 2014-06-05 1.0.1 - 1.0.1g 1.0.1h <1d Fixed
CVE-2014-3153 temp link linux, linux-lts, linux-grsec 2014-06-05  ? 3.14.6 (linux), 3.10.42-1 (linux-lts), 3.14.5.201406051310-1 (linux-grsec) 3d (linux, linux-lts), <1d (linux-grsec) Fixed in linux (FS#40715), Fixed in linux-lts, Fixed in linux-grsec
CVE-2014-3466 temp link gnutls 2014-05-30 < 3.3.3 3.3.3 <1d Fixed
CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 libxfont 2014-05-13 < 1.4.18 1.4.18 3d Fixed (FS#40409 )
CVE-2014-0196 temp-link linux, linux-lts, linux-grsec 2014-05-05 2.6.31 - 3.14 3.14.3-2 (linux), 3.10.39-2 (linux-lts), 3.14.3.201405121814-1 (linux-grsec) 7d (linux), 8d linux-lts, <1d (linux-grsec) Fixed in linux (FS#40232), Fixed in linux-lts, Fixed in linux-grsec
CVE-2014-2905 CVE-2014-2906 CVE-2014-2914 temp-link fish 2014-04-28 1.16.0 - 2.1.0 2.2.1 <0 Fixed
CVE-2014-0160 openssl 2014-04-07 1.0.1 - 1.0.1f 1.0.1g ~1d Fixed (FS#39775)
CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715 chromium v8 2014-03-11 32 33 4d Fixed
CVE-2014-0098 CVE-2013-6438 apache 2014-03-17 2.4.8 2.4.9 -1d Fixed
CVE-2014-1492 nss 2014-03-18 3.15.5 3.16 22d Fixed
CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 firefox thunderbird 2014-03-18 27 28 1d Fixed
CVE-2014-2240 CVE-2014-2241 freetype2  ? 2.5.2 2.5.3  ? Fixed
CVE-2014-2029 xtrabackup 2014-02-16 2.1.7 2.1.8 28d Fixed
CVE-2014-1958 CVE-2014-2030 imagemagick  ?  ? 6.8.8.9-1  ? Fixed
CVE-2014-1943 CVE-2014-2270 php 2014-03-06 5.5.9 5.5.110 -1d Fixed
CVE-2014-0404 CVE-2014-0406 CVE-2014-0407 virtualbox 2014-02-28 4.3.4 4.3.6  ? Fixed
CVE-2014-2323 CVE-2014-2324 lighttpd 2014-03-12 1.4.34 1.4.35 0d Fixed
CVE-2014-0333 libpng 2014-02-28 1.6.9 1.6.10 9d Fixed
CVE-2014-0017 libssh 2014-03-04  ? 3.5.7.29 5d Fixed
CVE-2013-7339 linux 2014-03-20 < 3.5.7.29 3.5.7.29 0d Fixed
CVE-2014-2568 linux 2014-03-18  ?  ?  ? Invalid (FS#39566)
CVE-2014-2524 tigervnc 2014-03-19  ? 1.3.1 1d Fixed
CVE-2013-7338 python 2014-03-19 3.4beta (?) 3.4 2013-12-27:? Fixed (FS#39540)
CVE-2014-0133 nginx 2014-03-18  ? 1.4.7 0d Fixed
CVE-2013-7336 libvirt 2013-09-19  ? 1.1.1-7 (in RHEL 7) 0d Fixed
CVE-2014-2523 linux 2014-03-17  ? 3.13-rc5  ? Fixed
CVE-2014-0004 udisks2 & udisks 2014-03-10 2.1.3 / 1.0.5 2.1.3 / 1.0.5 3d Fixed
CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 wireshark-cli 2014-03-10 1.10.6 1.10.6  ? Fixed
CVE-2014-0050 tomcat7 2014-02-06 7.0.51 7.0.51  ? Fixed
CVE-2014-0033 tomcat6 2014-01-10 6.0.37 6.0.37  ? Fixed
CVE-2014-0032 subversion 2014-01-10 1.8.6 1.8.6  ? Fixed
CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 postgresql 2014-02-20 9.3.3 9.33 0d Fixed
CVE-2014-1912 python python2 2014-02-07  ?  ?  ? Fixed
CVE-2013-4496 CVE-2013-6442 samba 2014-03-14  ? 4.1.6 2d Fixed (FS#39424)
CVE-2014-0504 flashplugin 2014-03-12  ? 11.2.202.346 1d Fixed (FS#39385)
CVE-2014-0106 sudo 1.8.9.p5 1.8.10  ?  ? Fixed
CVE-2014-2285 CVE-2014-2284 net-snmp 2014-03-05  ?  ? 8d Fixed (FS#39190)
CVE-2014-0092 gnutls 2014-03-04 <3.2.12 3.2.12-1 1d Fixed
CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 mediawiki 2014-03-14 <1.22.3 1.22.3 1d Fixed
CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 catfish 2014-02-25 <1.0.1 1.0.1 8d Fixed
CVE-2014-0497 flashplugin 2014-02-04  ?  ? 1d  ?
CVE-2014-0015 curl 2014-01-29 <7.35 7.35 0d Fixed
CVE-2014-1610 mediawiki 2014-01-29 <1.22.2 1.22.2 0d Fixed
CVE-2014-0021 chrony 2014-01-17 <1.29.1-1 1.29.1-1 14d Fixed
CVE-2014-1875 perl-capture-tiny 2014-02-06  ?  ? 4d Fixed (FS#38862)
CVE-2013-6493 icedtea-web-java7 2014-02-05 <1.4.2 1.4.2 0d Fixed
CVE-2014-1858 CVE-2014-1859 python-numpy 2014-02-06  ?  ? 4d Fixed (FS#38863)
CVE-2014-1932 CVE-2014-1933 python-pillow 2014-02-10 <2.3.1 2.3.1  ? Fixed
CVE-2014-1935 9base 2014-02-10  ?  ?  ?  ?
CVE-2014-1949 temp link cinnamon-screensaver 2014-02-12 2.0.3  ?  ?  ?
CVE-2014-1959 gnutls 2014-02-13 <3.2.11 3.2.11 2d Fixed
CVE-2014-1943 CVE-2014-2270 file 2014-02-10 <5.17 5.17-1 3d Fixed
CVE-2014-0001 CVE-2014-0412 CVE-2014-0437 CVE-2014-0420 CVE-2014-0393 CVE-2014-0386 CVE-2014-0401 CVE-2014-0402 mariadb 2014-01-31 <5.5.35 5.5.35-1 1d Fixed
CVE-2014-1447 libvirt 2014-01-16 <1.2.1 1.2.1 0d Fixed
CVE-2014-0979 lightdm-gtk* 2014-01-07  ?  ? 25d Fixed (FS#38715)
CVE-2014-1475 CVE-2014-1476 drupal 2014-01-15 <7.26 7.26-1 12d Fixed
CVE-2014-0019 socat 2014-01-29 <1.7.2.3 1.7.2.3 0d Fixed
CVE-2014-1838 CVE-2014-1839 python-logilab-common 2014-01-31  ?  ? 3d Fixed [1]
CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 *-openjdk-* 2014-01-15  ?  ? 2d  ?
CVE-2014-1402 python-jinja 2014-01-10 <2.7.2 2.7.2 1d Fixed
CVE-2013-6462 libxfont 2014-01-07 <1.4.7 1.4.7 0d Fixed
CVE-2014-1235 graphviz 2014-01-07  ?  ? 3d Fixed (FS#38441)
CVE-2014-0978 freerdp 2014-01-10 <1.0.2 1.0.2-5 67d Fixed (FS#38802)