The following Fedora EPEL 7 Security updates need testing:
Age URL
551 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
313 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
76 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e0c08a1414
php-PHPMailer-5.2.16-2.el7
32 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c
redis-3.2.3-1.el7
30 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-4b8dd3488d
knot-1.6.8-1.el7
15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3
chicken-4.11.0-3.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-62fd4a9900
phpMyAdmin-4.4.15.8-2.el7
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c1dbac22db
elog-3.1.1-7.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2a2061ee5f
php-adodb-5.15-10.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7e2d0ee701
wordpress-4.6.1-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-12c4b7b928
php-horde-Horde-Core-2.26.1-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c7c4c1e885
php-horde-Horde-Mime-Viewer-2.2.1-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-175e2d3d7c
php-horde-Horde-Text-Filter-2.3.5-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-f71c0650c3
php-horde-horde-5.2.12-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-77f23b948f
GraphicsMagick-1.3.25-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0e40142bd3
pdns-3.4.10-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6d70ae9a57
chromium-53.0.2785.101-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
am-utils-6.2.0-20.el7
chromium-53.0.2785.101-1.el7
gitolite3-3.6.6-1.el7
kbibtex-0.6-4.el7
pdns-3.4.10-1.el7
perl-MCE-1.805-1.el7
php-ircmaxell-random-lib-1.2.0-1.el7
python-arrow-0.8.0-3.el7
python-fmn-rules-0.9.1-1.el7
python-pyvmomi-6.0.0.2016.6-1.el7
python3-dateutil-2.4.2-3.el7
Details about builds:
am-utils-6.2.0-20.el7 (FEDORA-EPEL-2016-8bddd3a8a4)
Automount utilities including an updated version of Amd
Update Information:
- sync with updtream git and add a couple of bug fixes.
chromium-53.0.2785.101-1.el7 (FEDORA-EPEL-2016-6d70ae9a57)
A WebKit (Blink) powered web browser
Update Information:
Stable update to 53.0.2785.101. Security fix for CVE-2016-5147, CVE-2016-5148,
CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153,
CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158,
CVE-2016-5159, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164,
CVE-2016-5165, CVE-2016-5166, CVE-2016-5160, CVE-2016-5167 Also applies fix for
chrome-remote-desktop where HOME env variable was not properly set via systemd
service. Remove fedora only Requires, use bundled harfbuzz because el7
system lib is too old. Disabled hidpi option in Chromium. Cleanup
widevine handling so that third party addon package can exist. Add
Requires(post) for selinux deps. Fix provides/requires to not include private
libs.
References:
[ 1 ] Bug #1372229 - CVE-2016-5167 chromium-browser: various fixes from
internal audits
https://bugzilla.redhat.com/show_bug.cgi?id=1372229
[ 2 ] Bug #1372228 - CVE-2016-5160 chromium-browser: extensions web
accessible resources bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1372228
[ 3 ] Bug #1372227 - CVE-2016-5166 chromium-browser: smb relay attack via
save page as
https://bugzilla.redhat.com/show_bug.cgi?id=1372227
[ 4 ] Bug #1372225 - CVE-2016-5165 chromium-browser: script injection in
devtools
https://bugzilla.redhat.com/show_bug.cgi?id=1372225
[ 5 ] Bug #1372224 - CVE-2016-5164 chromium-browser: universal xss using
devtools
https://bugzilla.redhat.com/show_bug.cgi?id=1372224
[ 6 ] Bug #1372223 - CVE-2016-5163 chromium-browser: address bar spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1372223
[ 7 ] Bug #137 - CVE-2016-5162 chromium-browser: extensions web
accessible resources bypass
https://bugzilla.redhat.com/show_bug.cgi?id=137
[ 8 ] Bug #1372221 - CVE-2016-5161 chromium-browser: type confusion in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1372221