The following Fedora EPEL 6 Security updates need testing: Age URL 108 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828 chicken-4.9.0.1-4.el6 91 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 85 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148 optipng-0.7.5-5.el6 16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-68a2c2db36 python-pymongo-3.0.3-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d6cc67d0d6 opensmtpd-5.7.3p1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing linux_logo-5.11-12.el6 ocaml-biniou-1.0.9-18.el6 ocaml-ounit-2.0.0-17.el6 opensmtpd-5.7.3p1-1.el6 preprocess-1.2.2-2.20150919gitd5ab9a.el6 viewvc-1.1.24-1.el6 vile-9.8q-1.el6 Details about builds: ================================================================================ linux_logo-5.11-12.el6 (FEDORA-EPEL-2015-409b04edfc) Show a logo with some system info on the console -------------------------------------------------------------------------------- Update Information: linux_logo-5.11-12.el6 - Include patch to have a consistent default logo, the banner logo (#1268065). linux_logo-5.11-12.fc23 - Include patch to have a consistent default logo, the banner logo (#1268065). linux_logo-5.11-12.el7 - Include patch to have a consistent default logo, the banner logo (#1268065). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1268065 - linux_logo uses an arbitrary (possibly non-Linux) logo by default https://bugzilla.redhat.com/show_bug.cgi?id=1268065 -------------------------------------------------------------------------------- ================================================================================ ocaml-biniou-1.0.9-18.el6 (FEDORA-EPEL-2015-7d2e328541) Safe and fast binary data format -------------------------------------------------------------------------------- Update Information: Exclude ppc64 for EPEL, as ocaml-findlib-devel is not available on it. -------------------------------------------------------------------------------- ================================================================================ ocaml-ounit-2.0.0-17.el6 (FEDORA-EPEL-2015-7326e51678) Unit test framework for OCaml -------------------------------------------------------------------------------- Update Information: Exclude ppc64 for EPEL, as ocaml-findlib-devel is not available on it. -------------------------------------------------------------------------------- ================================================================================ opensmtpd-5.7.3p1-1.el6 (FEDORA-EPEL-2015-d6cc67d0d6) Free implementation of the server-side SMTP protocol as defined by RFC 5321 -------------------------------------------------------------------------------- Update Information: Issues fixed in this release (since 5.7.2): - fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda; - fix remote buffer overflow in unprivileged pony process; - reworked offline enqueue to better protect against hardlink attacks. ---- Several vulnerabilities have been fixed in OpenSMTPD 5.7.2: - an oversight in the portable version of fgetln() that allows attackers to read and write out-of-bounds memory; - multiple denial-of- service vulnerabilities that allow local users to kill or hang OpenSMTPD; - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user; - a hardlink attack (or race-conditioned symlink attack) that allows local users to unset the chflags() of arbitrary files; - a hardlink attack that allows local users to read the first line of arbitrary files (for example, root's hash from /etc/master.passwd); - a denial-of-service vulnerability that allows remote attackers to fill OpenSMTPD's queue or mailbox hard-disk partition; - an out- of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leak information and defeat the ASLR protection; - a use-after-free vulnerability that allows remote attackers to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user; Further details can be found in Qualys' audit report: http://seclists.org/oss-sec/2015/q4/17 MITRE has assigned one CVE for the use-after-free vulnerability; additional CVEs may be assigned: http://seclists.org/oss-sec/2015/q4/23 External References: https://www.opensmtpd.org/announces/release-5.7.2.txt http://seclists.org/oss- sec/2015/q4/17 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1268837 - opensmtpd-5.7.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1268837 [ 2 ] Bug #1268509 - opensmtpd: 5.7.2 release available https://bugzilla.redhat.com/show_bug.cgi?id=1268509 [ 3 ] Bug #1268795 - CVE-2015-7687 OpenSMTPD: multiple vulnerabilities fixed in 5.7.2 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1268795 [ 4 ] Bug #1268858 - opensmtpd: Remotely triggerable buffer overflow vulnerability in filter_tx_io [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1268858 -------------------------------------------------------------------------------- ================================================================================ preprocess-1.2.2-2.20150919gitd5ab9a.el6 (FEDORA-EPEL-2015-d194a77f7b) A portable multi-language file Python2 preprocessor -------------------------------------------------------------------------------- Update Information: - Update to 1.2.2 - Added 'python-setuptools' as BR on EPEL -------------------------------------------------------------------------------- ================================================================================ viewvc-1.1.24-1.el6 (FEDORA-EPEL-2015-4e174f698c) Browser interface for CVS and SVN version control repositories -------------------------------------------------------------------------------- Update Information: This is a maintenance release which includes all the bug fixes and enhancements that we've made thus far to our 1.1.x line. -------------------------------------------------------------------------------- ================================================================================ vile-9.8q-1.el6 (FEDORA-EPEL-2015-2c5c5df40a) VI Like Emacs -------------------------------------------------------------------------------- Update Information: upgrade to 9.8q (RHBZ#1260817) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1260817 - vile-9.8q is available https://bugzilla.redhat.com/show_bug.cgi?id=1260817 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel