The following Fedora EPEL 7 Security updates need testing:
Age URL
1051 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
814 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
396 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
294 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
125 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23
libmspack-0.6-0.1.alpha.el7
63 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece
nagios-4.3.4-5.el7
26 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8d57a2487b
monit-5.25.1-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-28611aa33f
python-bottle-0.12.13-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-885bb5ec89
poco-1.6.1-3.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65
rootsh-1.5.3-17.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73feedd767
wordpress-4.9.2-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-11ba3bced1
clamav-0.99.2-18.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
GraphicsMagick-1.3.28-1.el7
distribution-gpg-keys-1.18-1.el7
fedfind-4.0.0-1.el7
freeciv-2.5.10-1.el7
freshmaker-0.0.10-1.el7
knot-2.6.4-1.el7
mock-core-configs-28.2-1.el7
module-build-service-1.6.3-1.el7
modulemd-1.3.3-1.el7
moodle-3.1.10-1.el7
mozilla-https-everywhere-2018.1.11-1.el7
python-fdb-1.8-1.el7
python3-docker-2.6.1-1.el7
radcli-1.2.9-1.el7
standard-test-roles-2.6-2.el7
transmission-2.92-12.el7
Details about builds:
================================================================================
GraphicsMagick-1.3.28-1.el7 (FEDORA-EPEL-2018-ce6223e559)
An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:
Latest stable release, includes many bug and security fixes. See also
http://www.graphicsmagick.org/NEWS.html#january-20-2017
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1473729 - CVE-2017-11102 GraphicsMagick: Input validation failure
in ReadOneJNGImage function may cause denial of service [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473729
[ 2 ] Bug #1473741 - CVE-2017-11139 GraphicsMagick: double free
vulnerabilities in the [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473741
[ 3 ] Bug #1473752 - CVE-2017-11140 GraphicsMagick: Resource exhaustion
denial of service in ReadJPEGImage function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473752
[ 4 ] Bug #1475454 - CVE-2017-11637 GraphicsMagick: NULL pointer dereference
in WritePCLImage() in coders/pcl.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475454
[ 5 ] Bug #1475458 - CVE-2017-11636 GraphicsMagick: Heap based buffer
over-write in WriteRGBImage in coders/rgb.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475458
[ 6 ] Bug #1475490 - CVE-2017-11641 GraphicsMagick: Memory Leak in the
PersistCache in magick/pixel_cache.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475490
[ 7 ] Bug #1475498 - CVE-2017-11643 GraphicsMagick: Heap based over-write in
WriteCMYKImagefunction in coders/cmyk.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475498
[ 8 ] Bug #1484483 - CVE-2017-13147 GraphicsMagick: Allocation failure in
ReadMNGImage function in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1484483
[ 9 ] Bug #1512038 - CVE-2017-16669 GraphicsMagick: Heap buffer over-write in
AcquireCacheNexus function in magick/pixel_cache.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1512038
[ 10 ] Bug #1512049 - CVE-2017-16353 GraphicsMagick: ImageMagick,
GraphicsMagick: memory information disclosure in DescribeImage function in
magick/describe.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1512049
[ 11 ] Bug #1528037 - CVE-2017-17782 GraphicsMagick: heap-based buffer
over-read in ReadOneJNGImage function in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528037
[ 12 ] Bug #1528051 - CVE-2017-17783 GraphicsMagick: heap based buffer
over-read in ReadPALMImage in coders/palm.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528051
[ 13 ] Bug #1529535 - CVE-2017-17915 GraphicsMagick: Memory leak in the
function ReadMNGImage in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529535
[ 14 ] Bug #1529557 - CVE-2017-17913 GraphicsMagick: stack-based buffer
over-read in WriteWEBPImage in coders/webp.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529557
[ 15 ] Bug #1529580 - CVE-2017-17912 GraphicsMagick: GraphicsMagick:
heap-based buffer over-read in ReadNewsProfile in coders/tiff.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529580
[ 16 ] Bug #1536951 - GraphicsMagick: 2018-5685 GraphicsMagick: Infinite loop
and application hang in coders/bmp.c:ReadBMPImage [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1536951
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.18-1.el7 (FEDORA-EPEL-2018-5d1486ae23)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
- updated Copr keys - add UnitedRPMs - add remi 2018 key
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1536804 - distribution-gpg-keys-1.18-1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1536804
--------------------------------------------------------------------------------
================================================================================
fedfind-4.0.0-1.el7 (FEDORA-EPEL-2018-a292395242)
Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:
This update provides a new major release of fedfind. It is going out to stable
releases as fedfind is used quite extensively in Fedora QA infrastructure, and
we prefer to keep all those deployments on the latest code. The new release also
provides some significant enhancements in correctness checking that will be
useful in these cases. See [the upstream changelog](https://pagure.io/fedora-
qa/fedfind/blob/5713f806517a358a5761aaaff9cfd276f8aeb862/f/CHANGELOG.md) for
more details on the specific changes in this release. Most uses of fedfind (both
CLI and as a Python library) should continue to work unchanged, or with only
minimal changes (mainly because `get_release` can raise some different
exceptions now).
--------------------------------------------------------------------------------
================================================================================
freeciv-2.5.10-1.el7 (FEDORA-EPEL-2018-9092e4f094)
A multi-player strategy game
--------------------------------------------------------------------------------
Update Information:
2.5.10
--------------------------------------------------------------------------------
================================================================================
freshmaker-0.0.10-1.el7 (FEDORA-EPEL-2018-688fb40278)
Freshmaker is a service scheduling rebuilds of artifacts as new content
becomes available.
--------------------------------------------------------------------------------
Update Information:
New version 0.0.10.
--------------------------------------------------------------------------------
================================================================================
knot-2.6.4-1.el7 (FEDORA-EPEL-2018-d0d50ca69d)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Knot DNS 2.6.4 (2018-01-02) =========================== Features: ---------- -
Module synthrecord allows multiple 'network' specification - New CSK handling
support in keymgr Improvements: ------------- - Allowed configuration for
infinite zsk lifetime - Increased performance and security of the module
synthrecord - Signing changeset is stored into journal even if 'zonefile-load'
is whole Bugfixes: --------- - Unintentional zone re-sign during reload if
empty NSEC3 salt - Inconsistent zone names in journald structured logs -
Malformed outgoing transfer for big zone with TSIG - Some minor DNSSEC-related
issues Knot DNS 2.6.3 (2017-11-24) =========================== Bugfixes:
--------- - Wrong detection of signing scheme rollover Knot DNS 2.6.2
(2017-11-23) =========================== Features: --------- - CSK algorithm
rollover and (KSK, ZSK) <-> CSK rollover support Improvements: ------------- -
Allowed explicit configuration for infinite ksk lifetime - Proper error
messages instead of unclear error codes in server log - Better support for old
compilers Bugfixes: --------- - Unexpected reply for DS query with an owner
below a delegation point - Old dependencies in the pkg-config file
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-28.2-1.el7 (FEDORA-EPEL-2018-d64efdfb20)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
- add fedora 28 configs - remove failovermethod=priority for repos which use dnf
- remove fedora 24 configs - set skip_if_unavailable=False for all repos
--------------------------------------------------------------------------------
================================================================================
module-build-service-1.6.3-1.el7 (FEDORA-EPEL-2018-e4e74e197f)
The Module Build Service for Modularity
--------------------------------------------------------------------------------
Update Information:
Changes ------- * Fix a bug that caused a module build to fail when it was
cancelled during the module-build-macros phase and then resumed * Reset the
"state_reason" field on all components after a module build is resumed * Cancel
new repo tasks on module build failures in Koji * Use available Koji repos
during local builds instead of building them locally * Add an incrementing
prefix to module components' releases * Add a "context" field on component and
module releases in Koji for uniqueness for when Module Stream Expansion is
implemented * Remove urlgrabber as a dependency * Set an explicit log level on
our per-build file handler * Set the timeout on git operations to 60 seconds to
help alleviate client tooling timeouts * Improve the efficiency of the stale
module builds poller * Fix situations where module-build-macros builds in Koji
but fails in MBS and the build is resumed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1487065 - module-build-service-1.3.26-3.fc26: local build always
disables tests
https://bugzilla.redhat.com/show_bug.cgi?id=1487065
[ 2 ] Bug #1514631 - module-build-service-1.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1514631
--------------------------------------------------------------------------------
================================================================================
modulemd-1.3.3-1.el7 (FEDORA-EPEL-2018-701ce7a3d5)
Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
moodle-3.1.10-1.el7 (FEDORA-EPEL-2018-9eb18da891)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
CVE-2018-1042/CVE-2018-1043/CVE-2018-1044/CVE-2018-1045 fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1537469 - CVE-2018-1042 CVE-2018-1043 CVE-2018-1044 CVE-2018-1045
moodle: Four security issues fixed in the latest release [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1537469
[ 2 ] Bug #1537470 - CVE-2018-1042 CVE-2018-1043 CVE-2018-1044 CVE-2018-1045
moodle: Four security issues fixed in the latest release [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1537470
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-2018.1.11-1.el7 (FEDORA-EPEL-2018-c9726806a3)
HTTPS enforcement extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
* More ruleset updates
--------------------------------------------------------------------------------
================================================================================
python-fdb-1.8-1.el7 (FEDORA-EPEL-2018-e752d34c99)
Firebird RDBMS bindings for Python
--------------------------------------------------------------------------------
Update Information:
New upstream 1.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1525032 - '403 SSL is required' while trying to download Source0
with spectool
https://bugzilla.redhat.com/show_bug.cgi?id=1525032
--------------------------------------------------------------------------------
================================================================================
python3-docker-2.6.1-1.el7 (FEDORA-EPEL-2018-b5d2d52b39)
A Python library for the Docker Engine API
--------------------------------------------------------------------------------
Update Information:
- Initial EPEL7 package
--------------------------------------------------------------------------------
================================================================================
radcli-1.2.9-1.el7 (FEDORA-EPEL-2018-4a215d352d)
RADIUS protocol client library
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1266675 - radcli-1.2.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1266675
--------------------------------------------------------------------------------
================================================================================
standard-test-roles-2.6-2.el7 (FEDORA-EPEL-2018-fa163f5366)
Standard Test Interface Ansible roles
--------------------------------------------------------------------------------
Update Information:
Build with the latest merged PRs.
--------------------------------------------------------------------------------
================================================================================
transmission-2.92-12.el7 (FEDORA-EPEL-2018-c0d5d190b0)
A lightweight GTK+ BitTorrent client
--------------------------------------------------------------------------------
Update Information:
CVE patch fix. ---- Security fix for CVE-2018-5702 (Mitigate dns rebinding
attacks against daemon)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1534061 - CVE-2018-5702 transmission: Remote code execution (RCE)
in rpc session-id via dns rebinding attack
https://bugzilla.redhat.com/show_bug.cgi?id=1534061
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
