The following Fedora EPEL 5 Security updates need testing: Age URL 801 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5 444 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516 mcollective-2.8.4-1.el5 416 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6 thttpd-2.25b-24.el5 26 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ce45574ab6 libbsd-0.8.3-2.el5 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e541856e99 wordpress-4.7.1-1.el5 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cfdd99a20e opus-1.0.3-2.el5 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9ec4289f01 python-crypto-2.0.1-6.el5 The following builds have been pushed to Fedora EPEL 5 updates-testing GeoIP-GeoLite-data-2017.01-1.el5 gfal2-python-1.8.5-1.el5 opus-1.0.3-2.el5 python-crypto-2.0.1-6.el5 Details about builds: ================================================================================ GeoIP-GeoLite-data-2017.01-1.el5 (FEDORA-EPEL-2017-39e7e7c55d) Free GeoLite IP geolocation country database -------------------------------------------------------------------------------- Update Information: Periodic database update. -------------------------------------------------------------------------------- ================================================================================ gfal2-python-1.8.5-1.el5 (FEDORA-EPEL-2017-782211f0d1) Python bindings for gfal 2 -------------------------------------------------------------------------------- Update Information: Update for new upstream release -------------------------------------------------------------------------------- ================================================================================ opus-1.0.3-2.el5 (FEDORA-EPEL-2017-cfdd99a20e) An audio codec for use in low-delay speech and audio communication -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-0381 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1413604 - CVE-2017-0381 opus: Memory corruption during media file and data processing https://bugzilla.redhat.com/show_bug.cgi?id=1413604 -------------------------------------------------------------------------------- ================================================================================ python-crypto-2.0.1-6.el5 (FEDORA-EPEL-2017-9ec4289f01) Cryptography library for Python -------------------------------------------------------------------------------- Update Information: A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue. This is CVE-2013-7459. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409754 - CVE-2013-7459 pycrypto: Heap-buffer overflow in ALGobject structure https://bugzilla.redhat.com/show_bug.cgi?id=1409754 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
