The following Fedora EPEL 6 Security updates need testing: Age URL 591 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 585 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 475 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 446 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 177 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53 chicken-4.11.0-3.el6 57 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6 41 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8c6c7bf06e dbus-sharp-0.7.0-16.el6 dbus-sharp-glib-0.5.0-14.el6 mono-4.2.4-9.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-acd2c2af0d nagios-4.2.4-4.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2f218dd2b9 python-cjson-1.1.0-9.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c3b112eb9e tomcat-7.0.75-1.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing RackTables-0.20.12-2.el6 fail2ban-0.9.6-1.el6.1 fedfind-3.5.0-1.el6 lua-sec-0.6-1.el6 lynis-2.4.2-1.el6 mozilla-https-everywhere-5.2.11-1.el6 python-cached_property-1.3.0-7.el6 python-productmd-1.4-2.el6 tomcat-7.0.75-1.el6 Details about builds: ================================================================================ RackTables-0.20.12-2.el6 (FEDORA-EPEL-2017-0d03dfd411) A data-center asset management system -------------------------------------------------------------------------------- Update Information: Correct distro macro usage ---- Rebase to 0.20.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305396 - RackTables-0.20.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1305396 -------------------------------------------------------------------------------- ================================================================================ fail2ban-0.9.6-1.el6.1 (FEDORA-EPEL-2017-8cbc2bd81b) Ban IPs that make too many password failures -------------------------------------------------------------------------------- Update Information: Restore proper backend on EL6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1424639 - paths-fedora.conf refers to systemd on non-systemd build https://bugzilla.redhat.com/show_bug.cgi?id=1424639 -------------------------------------------------------------------------------- ================================================================================ fedfind-3.5.0-1.el6 (FEDORA-EPEL-2017-0a935d4db5) Fedora compose and image finder -------------------------------------------------------------------------------- Update Information: This update provides a new version of fedfind. The main changes are: * The synthesized metadata for non-Pungi 4 composes has been enhanced to include a `composeinfo` dict, and `disc_number` items in the image dicts. These changes are necessary for `resultsdb_conventions` to work with the synthesized metadata. * The new Cloud nightly composes are now supported. This is necessary to prevent some of the things that react to 'compose complete' messages doing wacky stuff when they encounter such a compose. Another change is that `fedfind.release.get_release(url='someurl')` will no longer return generic `Pungi4Compose` instances for URLs in unknown domains, as Patrick van Uiterwijk suggested it may constitute a potential security problem in some use cases. On EPEL 6, the other packages don't change significantly, but the package spec files were adjusted a bit so I went ahead and built the packages. -------------------------------------------------------------------------------- ================================================================================ lua-sec-0.6-1.el6 (FEDORA-EPEL-2017-3e0831a324) Lua binding for OpenSSL library -------------------------------------------------------------------------------- Update Information: LuaSec 0.6 ========== * Lua 5.2 and 5.3 compatibility * Context module: - Add ctx:checkkey() * SSL module: - Add conn:sni() and conn:getsniname() * Context options: - Add "any" protocol ("sslv23" is deprecated) * HTTPS module: - Using "any" protocol without SSLv2/SSLv3, by default * X509 module: - Human readable IP address - Add cert:issued() - Add cert:pubkey() * Some bug fixes -------------------------------------------------------------------------------- ================================================================================ lynis-2.4.2-1.el6 (FEDORA-EPEL-2017-e5760c4a67) Security and system auditing tool -------------------------------------------------------------------------------- Update Information: Update to 2.4.2 ---- Update to 2.4.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1422705 - lynis-2.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1422705 [ 2 ] Bug #1421133 - lynis-2.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1421133 -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-5.2.11-1.el6 (FEDORA-EPEL-2017-7631c7b2ff) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: Apparently not all moving companies know that if you want the seat for your recliner, you probably want the back of the chair, too. ---- Many ruleset fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1400517 - mozilla-https-everywhere-5.2.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400517 -------------------------------------------------------------------------------- ================================================================================ python-cached_property-1.3.0-7.el6 (FEDORA-EPEL-2017-0a935d4db5) A cached-property for decorating methods in Python classes -------------------------------------------------------------------------------- Update Information: This update provides a new version of fedfind. The main changes are: * The synthesized metadata for non-Pungi 4 composes has been enhanced to include a `composeinfo` dict, and `disc_number` items in the image dicts. These changes are necessary for `resultsdb_conventions` to work with the synthesized metadata. * The new Cloud nightly composes are now supported. This is necessary to prevent some of the things that react to 'compose complete' messages doing wacky stuff when they encounter such a compose. Another change is that `fedfind.release.get_release(url='someurl')` will no longer return generic `Pungi4Compose` instances for URLs in unknown domains, as Patrick van Uiterwijk suggested it may constitute a potential security problem in some use cases. On EPEL 6, the other packages don't change significantly, but the package spec files were adjusted a bit so I went ahead and built the packages. -------------------------------------------------------------------------------- ================================================================================ python-productmd-1.4-2.el6 (FEDORA-EPEL-2017-0a935d4db5) Library providing parsers for metadata related to OS installation -------------------------------------------------------------------------------- Update Information: This update provides a new version of fedfind. The main changes are: * The synthesized metadata for non-Pungi 4 composes has been enhanced to include a `composeinfo` dict, and `disc_number` items in the image dicts. These changes are necessary for `resultsdb_conventions` to work with the synthesized metadata. * The new Cloud nightly composes are now supported. This is necessary to prevent some of the things that react to 'compose complete' messages doing wacky stuff when they encounter such a compose. Another change is that `fedfind.release.get_release(url='someurl')` will no longer return generic `Pungi4Compose` instances for URLs in unknown domains, as Patrick van Uiterwijk suggested it may constitute a potential security problem in some use cases. On EPEL 6, the other packages don't change significantly, but the package spec files were adjusted a bit so I went ahead and built the packages. -------------------------------------------------------------------------------- ================================================================================ tomcat-7.0.75-1.el6 (FEDORA-EPEL-2017-c3b112eb9e) Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API -------------------------------------------------------------------------------- Update Information: This updates includes a rebase from tomcat 7.0.73 up to 7.0.75. The update resolves a single CVE and one bug: * rhbz#1420223 - CVE-2016-6325 tomcat writable config files allow privilege escalation * rhbz#1372789 - init script status gives incorrect results -------------------------------------------------------------------------------- References: [ 1 ] Bug #1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=1367447 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
