[SECURITY] Fedora 20 Update: netcf-0.2.8-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Sun May 10 23:38:56 UTC 2015

Fedora Update Notification
2015-04-10 02:58:36

Name        : netcf
Product     : Fedora 20
Version     : 0.2.8
Release     : 1.fc20
URL         : https://fedorahosted.org/netcf/
Summary     : Cross-platform network configuration library
Description :
Netcf is a library used to modify the network configuration of a
system. Network configurations are expressed in a platform-independent
XML format, which netcf translates into changes to the system's
'native' network configuration files.

Update Information:

Security fix for CVE 2014-8119, as well as adding a few other minor bugfixes and enhancements (support for multiple IPv4 addresses, simultaneous static & dhcp for IPv4)

* Wed Apr  8 2015 Laine Stump <laine at redhat.com> - 0.2.8-1
- rebase to netcf-0.2.8
 - resolve CVE-2014-8119
 - Fix build on systems with newer libnl3 that doesn't
    - support multiple IPv4 addresses in interface config (redhat driver)
 - allow static IPv4 config simultaneous with DHCPv4 (redhat driver)
 - remove extra quotes from IPV6ADDR_SECONDARIES (redhat+suse drivers)
 - miscellaneous systemd service fixes
 - use git to apply patches in rpm specfile
 - allow interleaved elements in interface XML schema
 - allow <link> element in vlan and bond interfaces
 - report link state/speed in interface status
 - change DHCPv6 to DHCPV6C in ifcfg files
 - max vlan id is 4095, not 4096
 - wait for IFF_UP and IFF_RUNNING after calling ifup
 - don't require IFF_RUNNING for bridge devices
 - avoid memory leak in debian when listing interfaces
 - avoid use of uninitialized data when getting mac address
   (fixes https://bugzilla.redhat.com/show_bug.cgi?id=1046594 )
 - limit interface names to IFNAMSIZ-1 characters in length
 - support systemd for netcf-transaction
* Sat May  3 2014 Cole Robinson <crobinso at redhat.com> - 0.2.3-6
- Fix reading bridge stp value (bz #1031053)

  [ 1 ] Bug #1172176 - CVE-2014-8119 netcf: augeas path expression injection via interface name

This update can be installed with the "yum" update program.  Use
su -c 'yum update netcf' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list