[EPEL-devel] Fedora EPEL 6 updates-testing report

updates Wed, 07 Oct 2015 12:20:07 -0700

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 108  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828   
chicken-4.9.0.1-4.el6
  91  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031   
python-virtualenv-12.0.7-1.el6
  85  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168   
rubygem-crack-0.3.2-2.el6
  16  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148   
optipng-0.7.5-5.el6
  16  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156   
nagios-4.0.8-1.el6
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-68a2c2db36   
python-pymongo-3.0.3-1.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d6cc67d0d6   
opensmtpd-5.7.3p1-1.el6



The following builds have been pushed to Fedora EPEL 6 updates-testing

    linux_logo-5.11-12.el6
    ocaml-biniou-1.0.9-18.el6
    ocaml-ounit-2.0.0-17.el6
    opensmtpd-5.7.3p1-1.el6
    preprocess-1.2.2-2.20150919gitd5ab9a.el6
    viewvc-1.1.24-1.el6
    vile-9.8q-1.el6

Details about builds:


================================================================================
 linux_logo-5.11-12.el6 (FEDORA-EPEL-2015-409b04edfc)
 Show a logo with some system info on the console
--------------------------------------------------------------------------------
Update Information:

  linux_logo-5.11-12.el6  - Include patch to have a consistent default logo, the
banner logo (#1268065).   linux_logo-5.11-12.fc23  - Include patch to have a
consistent default logo, the banner logo (#1268065).   linux_logo-5.11-12.el7  -
Include patch to have a consistent default logo, the banner logo (#1268065).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1268065 - linux_logo uses an arbitrary (possibly non-Linux) logo 
by default
        https://bugzilla.redhat.com/show_bug.cgi?id=1268065
--------------------------------------------------------------------------------


================================================================================
 ocaml-biniou-1.0.9-18.el6 (FEDORA-EPEL-2015-7d2e328541)
 Safe and fast binary data format
--------------------------------------------------------------------------------
Update Information:

Exclude ppc64 for EPEL, as ocaml-findlib-devel is not available on it.
--------------------------------------------------------------------------------


================================================================================
 ocaml-ounit-2.0.0-17.el6 (FEDORA-EPEL-2015-7326e51678)
 Unit test framework for OCaml
--------------------------------------------------------------------------------
Update Information:

Exclude ppc64 for EPEL, as ocaml-findlib-devel is not available on it.
--------------------------------------------------------------------------------


================================================================================
 opensmtpd-5.7.3p1-1.el6 (FEDORA-EPEL-2015-d6cc67d0d6)
 Free implementation of the server-side SMTP protocol as defined by RFC 5321
--------------------------------------------------------------------------------
Update Information:

Issues fixed in this release (since 5.7.2):  - fix an mda buffer truncation bug
which allows a user to create forward   files that pass session checks but fail
delivery later down the chain,   within the user mda; - fix remote buffer
overflow in unprivileged pony process; - reworked offline enqueue to better
protect against hardlink attacks.  ----  Several vulnerabilities have been fixed
in OpenSMTPD 5.7.2:  - an oversight in the portable version of fgetln() that
allows attackers to read and write out-of-bounds memory;  - multiple denial-of-
service vulnerabilities that allow local users to kill or hang OpenSMTPD;  - a
stack-based buffer overflow that allows local users to crash OpenSMTPD, or
execute arbitrary code as the non-chrooted _smtpd user;  - a hardlink attack (or
race-conditioned symlink attack) that allows local users to unset the chflags()
of arbitrary files;  - a hardlink attack that allows local users to read the
first line of arbitrary files (for example, root's hash from
/etc/master.passwd);  - a denial-of-service vulnerability that allows remote
attackers to fill OpenSMTPD's queue or mailbox hard-disk partition;  - an out-
of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leak
information and defeat the ASLR protection;  - a use-after-free vulnerability
that allows remote attackers to crash OpenSMTPD, or execute arbitrary code as
the non-chrooted _smtpd user;  Further details can be found in Qualys' audit
report: http://seclists.org/oss-sec/2015/q4/17  MITRE has assigned one CVE for
the use-after-free vulnerability; additional CVEs may be assigned:
http://seclists.org/oss-sec/2015/q4/23  External References:
https://www.opensmtpd.org/announces/release-5.7.2.txt http://seclists.org/oss-
sec/2015/q4/17
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1268837 - opensmtpd-5.7.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1268837
  [ 2 ] Bug #1268509 - opensmtpd: 5.7.2 release available
        https://bugzilla.redhat.com/show_bug.cgi?id=1268509
  [ 3 ] Bug #1268795 - CVE-2015-7687 OpenSMTPD: multiple vulnerabilities fixed 
in 5.7.2 [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1268795
  [ 4 ] Bug #1268858 - opensmtpd: Remotely triggerable buffer overflow 
vulnerability in filter_tx_io [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1268858
--------------------------------------------------------------------------------


================================================================================
 preprocess-1.2.2-2.20150919gitd5ab9a.el6 (FEDORA-EPEL-2015-d194a77f7b)
 A portable multi-language file Python2 preprocessor
--------------------------------------------------------------------------------
Update Information:

- Update to 1.2.2  - Added 'python-setuptools' as BR on EPEL
--------------------------------------------------------------------------------


================================================================================
 viewvc-1.1.24-1.el6 (FEDORA-EPEL-2015-4e174f698c)
 Browser interface for CVS and SVN version control repositories
--------------------------------------------------------------------------------
Update Information:

This is a maintenance release which includes all the bug fixes and enhancements
that we've made thus far to our 1.1.x line.
--------------------------------------------------------------------------------


================================================================================
 vile-9.8q-1.el6 (FEDORA-EPEL-2015-2c5c5df40a)
 VI Like Emacs
--------------------------------------------------------------------------------
Update Information:

upgrade to 9.8q (RHBZ#1260817)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1260817 - vile-9.8q is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1260817
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

[EPEL-devel] Fedora EPEL 6 updates-testing report

Reply via email to