The following Fedora EPEL 6 Security updates need testing:
Age URL
674 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
668 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
558 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
529 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
140 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
36 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c0d33ae70f
tnef-1.4.14-1.el6
16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b56d84e139
mod_security-2.7.3-5.el6
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4efdb40c89
squirrelmail-1.4.22-5.el6
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-59f87a9740
php-horde-ingo-3.2.15-1.el6
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0868b62cfe
lynis-2.5.0-1.el6
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9c983665aa
roundcubemail-1.0.9-4.el6
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3e639b5a06
python-fedora-0.9.0-3.el6 python-openidc-client-0-3.20170327git5456800.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6ee18d1c7b
openvpn-2.4.2-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1f2571d162
nagios-4.3.2-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4aef39b497
chicken-4.12.0-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
chicken-4.12.0-2.el6
davix-0.6.6-1.el6
golang-github-petar-GoLLRB-0-0.1.git53be0d3.el6
gsmartcontrol-0.9.0-1.el6
libmediainfo-0.7.95-1.el6
mediainfo-0.7.95-1.el6
mozilla-https-everywhere-5.2.16-2.el6
nagios-4.3.2-1.el6
openvpn-2.4.2-1.el6
php-pear-Text-Diff-1.2.2-1.el6
qpid-proton-0.17.0-2.el6
xrootd-4.6.1-1.el6
Details about builds:
================================================================================
chicken-4.12.0-2.el6 (FEDORA-EPEL-2017-4aef39b497)
A practical and portable Scheme system
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2017-6949, also bump to 4.12.0 ---- Security fix for
CVE-2016-6830, CVE-2016-6831
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433278 - CVE-2017-6949 chicken: Unchecked size argument in
malloc() in CHICKEN Scheme
https://bugzilla.redhat.com/show_bug.cgi?id=1433278
[ 2 ] Bug #1369108 - CVE-2016-6830 CVE-2016-6831 chicken: Buffer overflow and
a memory leak in the POSIX unit's procedures process-execute and process-spawn
https://bugzilla.redhat.com/show_bug.cgi?id=1369108
--------------------------------------------------------------------------------
================================================================================
davix-0.6.6-1.el6 (FEDORA-EPEL-2017-1f7398f41c)
Toolkit for Http-based file management
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
================================================================================
golang-github-petar-GoLLRB-0-0.1.git53be0d3.el6 (FEDORA-EPEL-2017-c70875d8ca)
Left-Leaning Red-Black implementation of balanced binary search trees
--------------------------------------------------------------------------------
Update Information:
First package in Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1245962 - Review Request: golang-github-petar-GoLLRB -
Left-Leaning Red-Black implementation of balanced binary search trees
https://bugzilla.redhat.com/show_bug.cgi?id=1245962
--------------------------------------------------------------------------------
================================================================================
gsmartcontrol-0.9.0-1.el6 (FEDORA-EPEL-2017-1894e9ef52)
Graphical user interface for smartctl
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1417410 - [abrt] gsmartcontrol: std::__throw_out_of_range_fmt():
gsmartcontrol killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1417410
[ 2 ] Bug #1408946 - Fixes crash on startup, at scan time, a parser crash
https://bugzilla.redhat.com/show_bug.cgi?id=1408946
--------------------------------------------------------------------------------
================================================================================
libmediainfo-0.7.95-1.el6 (FEDORA-EPEL-2017-ea642a6d3a)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.95.
--------------------------------------------------------------------------------
================================================================================
mediainfo-0.7.95-1.el6 (FEDORA-EPEL-2017-ea642a6d3a)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.95.
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-5.2.16-2.el6 (FEDORA-EPEL-2017-9ff4313486)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
Why do medication commercials have to tell you not to take it if you're
allergic?
--------------------------------------------------------------------------------
================================================================================
nagios-4.3.2-1.el6 (FEDORA-EPEL-2017-1f2571d162)
Host/service/network monitoring program
--------------------------------------------------------------------------------
Update Information:
Updated from 4.3.1 maint to 4.3.2 ---- We find out that RHEL-6 does not like
non-UTF so removed German translation ---- Major update to Nagios to address
outstanding Security needs. ---- nagios-4.0.8-1.fc21 nagios-4.0.8-1.fc22
nagios-4.0.8-1.el6 nagios-4.0.8-1.el7 nagios-4.0.8-1.fc23 - update to 4.0.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #469320 - CVE-2008-4796 snoopy: command execution via shell
metacharacters
https://bugzilla.redhat.com/show_bug.cgi?id=469320
[ 2 ] Bug #958002 - CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure
temporary file usage
https://bugzilla.redhat.com/show_bug.cgi?id=958002
[ 3 ] Bug #1046113 - CVE-2013-7108 CVE-2013-7205 nagios: denial of service
due to off-by-one flaw in process_cgivars()
https://bugzilla.redhat.com/show_bug.cgi?id=1046113
--------------------------------------------------------------------------------
================================================================================
openvpn-2.4.2-1.el6 (FEDORA-EPEL-2017-6ee18d1c7b)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
This update brings in the latest OpenVPN v2.4.2 release. This release contains
fixes for two authenticated remote DoS vulnerabilities (CVE-2017-7478 and
CVE-2017-7479). For more information see the upstream [security announcement](h
ttp://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits)
. In addition the plug-in location which got removed by an accident during the
clean-up is also back again.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1444535 - Plugin symlinks missing in openvpn-2.4.1-3.el6
https://bugzilla.redhat.com/show_bug.cgi?id=1444535
--------------------------------------------------------------------------------
================================================================================
php-pear-Text-Diff-1.2.2-1.el6 (FEDORA-EPEL-2017-b67c0d4a7e)
Engine for performing and rendering text diffs
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.2 : - Fully use PHP5 constructors - Make statically called method
static
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1430568 - php-pear-Text-Diff-1.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1430568
--------------------------------------------------------------------------------
================================================================================
qpid-proton-0.17.0-2.el6 (FEDORA-EPEL-2017-5a9ea6e5a6)
A high performance, lightweight messaging library
--------------------------------------------------------------------------------
Update Information:
Added a fix for PROTON-1466.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1427918 - qpid-proton: FTBFS - error: -Wformat-security ignored
without -Wformat [-Werror=format-security]
https://bugzilla.redhat.com/show_bug.cgi?id=1427918
--------------------------------------------------------------------------------
================================================================================
xrootd-4.6.1-1.el6 (FEDORA-EPEL-2017-cf02a2de1d)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
**Version 4.6.1:** The upstream release notes can be seen below. Note that many
of the changes were already applied in Fedora and EPEL as patches to version
4.6.0 in order to address reported bugs. **Major bug fixes** *
**[Server/Proxy]** Avoid SEGV when close(), closedir() returns an error. *
**[cmsd]** Fix feature interaction causing improper file existence to be sent.
* **[XrdCrypto/XrdSecgsi]** Make sure the CRL is loaded for the right CA. *
**[XrdCrypto]** Support for OpenSSL 1.1 * **[XrdSecgsi]** do not build/package
libXrdSecgsiGMAPLDAP-4.so. * **[XrdSecgsi]** Improve detection of errors when
loading CRL. * **[XrdSecgsi]** Fix for valid legacy proxy detection (PR #469)
* **[XrdSecgsi]** Absent CRLs not an error (#465) * **[XrdSecgsi]** Fix for CA
chain verification segfault (issue #463) * **[XrdSecgsi]** Two memory leaks
(PR #503) * **[XrdCl]** Make sure there is no request/response mismatch, when
the retry logics tries to recover from an error. * **[XrdCl/Server]** Be case
insensitive when it comes to checksum names. * **[XrdCeph]** Fix ability to
read back a file written with O_RDWR flags. * **[XrdCeph]** Disable logging of
every read and write operation. A proper debug-level logging
would be needed instead. * **[XrdCeph]** Added statistics about read/write
operations in the close log. **Minor bug fixes** *
**[XrdHttp]** Make the XrdHttpSecXtractor API backwards compatible. *
**[XrdFileCache]** Make caching proxy configuration backwards
compatible. * **[XrdFileCache]** Fix cache v1 to cache v2 bridge after
introducing cache v2. * **[XrdSec]** Use CommonCrypto
header instead of openssl for SHA on OSX. * **[XrdSeckrb5]** Fix memory leaks
in client context and cache. * **[Server/Logrotate]** Make sure XRootD
logrotate does not interfire with system logrotate,
fixes #490 * ** [Server]** Avoid std::ABORT should a naked logfile path be
specified. * **[XrdCl]** Make sure ForkHandler doesn't segv if PostMaster is
null, fixes #489 * **[Packaging]** Set the working dir to
/var/spool/xrootd on CC7, fixes #365 * **[Packaging]**
On platforms where systemd is available, manage files in
/var/run with tmpfiles.d, fixes #485 **Miscellaneous** * **[XrdPosix]** Add
new minpages option to pss.cache to support large pages. * **[XrdPosix]** Make
XrdPosix.hh a public header; closes #479 * **[XrdApps]** Remove XrdClient
dependency from xrdadler32. * **[Server]** Add XrdCksAssist functions to help
handle XRootD checksums. * **[Server/Proxy]** Move disk sync operations out of
IO::ioActive() call. * **[Server/Proxy]** Change severity IO::initLocalStat()
log message. * **[XrdFileCache]** Ease development of decision plugins.
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
