The following Fedora EPEL 6 Security updates need testing: Age URL 674 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 668 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 558 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 529 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 140 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6 36 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c0d33ae70f tnef-1.4.14-1.el6 16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b56d84e139 mod_security-2.7.3-5.el6 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4efdb40c89 squirrelmail-1.4.22-5.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-59f87a9740 php-horde-ingo-3.2.15-1.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0868b62cfe lynis-2.5.0-1.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9c983665aa roundcubemail-1.0.9-4.el6 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3e639b5a06 python-fedora-0.9.0-3.el6 python-openidc-client-0-3.20170327git5456800.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6ee18d1c7b openvpn-2.4.2-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1f2571d162 nagios-4.3.2-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4aef39b497 chicken-4.12.0-2.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing chicken-4.12.0-2.el6 davix-0.6.6-1.el6 golang-github-petar-GoLLRB-0-0.1.git53be0d3.el6 gsmartcontrol-0.9.0-1.el6 libmediainfo-0.7.95-1.el6 mediainfo-0.7.95-1.el6 mozilla-https-everywhere-5.2.16-2.el6 nagios-4.3.2-1.el6 openvpn-2.4.2-1.el6 php-pear-Text-Diff-1.2.2-1.el6 qpid-proton-0.17.0-2.el6 xrootd-4.6.1-1.el6 Details about builds: ================================================================================ chicken-4.12.0-2.el6 (FEDORA-EPEL-2017-4aef39b497) A practical and portable Scheme system -------------------------------------------------------------------------------- Update Information: Fix for CVE-2017-6949, also bump to 4.12.0 ---- Security fix for CVE-2016-6830, CVE-2016-6831 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433278 - CVE-2017-6949 chicken: Unchecked size argument in malloc() in CHICKEN Scheme https://bugzilla.redhat.com/show_bug.cgi?id=1433278 [ 2 ] Bug #1369108 - CVE-2016-6830 CVE-2016-6831 chicken: Buffer overflow and a memory leak in the POSIX unit's procedures process-execute and process-spawn https://bugzilla.redhat.com/show_bug.cgi?id=1369108 -------------------------------------------------------------------------------- ================================================================================ davix-0.6.6-1.el6 (FEDORA-EPEL-2017-1f7398f41c) Toolkit for Http-based file management -------------------------------------------------------------------------------- Update Information: * new upstream release -------------------------------------------------------------------------------- ================================================================================ golang-github-petar-GoLLRB-0-0.1.git53be0d3.el6 (FEDORA-EPEL-2017-c70875d8ca) Left-Leaning Red-Black implementation of balanced binary search trees -------------------------------------------------------------------------------- Update Information: First package in Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1245962 - Review Request: golang-github-petar-GoLLRB - Left-Leaning Red-Black implementation of balanced binary search trees https://bugzilla.redhat.com/show_bug.cgi?id=1245962 -------------------------------------------------------------------------------- ================================================================================ gsmartcontrol-0.9.0-1.el6 (FEDORA-EPEL-2017-1894e9ef52) Graphical user interface for smartctl -------------------------------------------------------------------------------- Update Information: Update to 0.9.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1417410 - [abrt] gsmartcontrol: std::__throw_out_of_range_fmt(): gsmartcontrol killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1417410 [ 2 ] Bug #1408946 - Fixes crash on startup, at scan time, a parser crash https://bugzilla.redhat.com/show_bug.cgi?id=1408946 -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.95-1.el6 (FEDORA-EPEL-2017-ea642a6d3a) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Update to 0.7.95. -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.95-1.el6 (FEDORA-EPEL-2017-ea642a6d3a) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Update to 0.7.95. -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-5.2.16-2.el6 (FEDORA-EPEL-2017-9ff4313486) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: Why do medication commercials have to tell you not to take it if you're allergic? -------------------------------------------------------------------------------- ================================================================================ nagios-4.3.2-1.el6 (FEDORA-EPEL-2017-1f2571d162) Host/service/network monitoring program -------------------------------------------------------------------------------- Update Information: Updated from 4.3.1 maint to 4.3.2 ---- We find out that RHEL-6 does not like non-UTF so removed German translation ---- Major update to Nagios to address outstanding Security needs. ---- nagios-4.0.8-1.fc21 nagios-4.0.8-1.fc22 nagios-4.0.8-1.el6 nagios-4.0.8-1.el7 nagios-4.0.8-1.fc23 - update to 4.0.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #469320 - CVE-2008-4796 snoopy: command execution via shell metacharacters https://bugzilla.redhat.com/show_bug.cgi?id=469320 [ 2 ] Bug #958002 - CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage https://bugzilla.redhat.com/show_bug.cgi?id=958002 [ 3 ] Bug #1046113 - CVE-2013-7108 CVE-2013-7205 nagios: denial of service due to off-by-one flaw in process_cgivars() https://bugzilla.redhat.com/show_bug.cgi?id=1046113 -------------------------------------------------------------------------------- ================================================================================ openvpn-2.4.2-1.el6 (FEDORA-EPEL-2017-6ee18d1c7b) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information: This update brings in the latest OpenVPN v2.4.2 release. This release contains fixes for two authenticated remote DoS vulnerabilities (CVE-2017-7478 and CVE-2017-7479). For more information see the upstream [security announcement](h ttp://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits) . In addition the plug-in location which got removed by an accident during the clean-up is also back again. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1444535 - Plugin symlinks missing in openvpn-2.4.1-3.el6 https://bugzilla.redhat.com/show_bug.cgi?id=1444535 -------------------------------------------------------------------------------- ================================================================================ php-pear-Text-Diff-1.2.2-1.el6 (FEDORA-EPEL-2017-b67c0d4a7e) Engine for performing and rendering text diffs -------------------------------------------------------------------------------- Update Information: Update to 1.2.2 : - Fully use PHP5 constructors - Make statically called method static -------------------------------------------------------------------------------- References: [ 1 ] Bug #1430568 - php-pear-Text-Diff-1.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1430568 -------------------------------------------------------------------------------- ================================================================================ qpid-proton-0.17.0-2.el6 (FEDORA-EPEL-2017-5a9ea6e5a6) A high performance, lightweight messaging library -------------------------------------------------------------------------------- Update Information: Added a fix for PROTON-1466. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427918 - qpid-proton: FTBFS - error: -Wformat-security ignored without -Wformat [-Werror=format-security] https://bugzilla.redhat.com/show_bug.cgi?id=1427918 -------------------------------------------------------------------------------- ================================================================================ xrootd-4.6.1-1.el6 (FEDORA-EPEL-2017-cf02a2de1d) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: **Version 4.6.1:** The upstream release notes can be seen below. Note that many of the changes were already applied in Fedora and EPEL as patches to version 4.6.0 in order to address reported bugs. **Major bug fixes** * **[Server/Proxy]** Avoid SEGV when close(), closedir() returns an error. * **[cmsd]** Fix feature interaction causing improper file existence to be sent. * **[XrdCrypto/XrdSecgsi]** Make sure the CRL is loaded for the right CA. * **[XrdCrypto]** Support for OpenSSL 1.1 * **[XrdSecgsi]** do not build/package libXrdSecgsiGMAPLDAP-4.so. * **[XrdSecgsi]** Improve detection of errors when loading CRL. * **[XrdSecgsi]** Fix for valid legacy proxy detection (PR #469) * **[XrdSecgsi]** Absent CRLs not an error (#465) * **[XrdSecgsi]** Fix for CA chain verification segfault (issue #463) * **[XrdSecgsi]** Two memory leaks (PR #503) * **[XrdCl]** Make sure there is no request/response mismatch, when the retry logics tries to recover from an error. * **[XrdCl/Server]** Be case insensitive when it comes to checksum names. * **[XrdCeph]** Fix ability to read back a file written with O_RDWR flags. * **[XrdCeph]** Disable logging of every read and write operation. A proper debug-level logging would be needed instead. * **[XrdCeph]** Added statistics about read/write operations in the close log. **Minor bug fixes** * **[XrdHttp]** Make the XrdHttpSecXtractor API backwards compatible. * **[XrdFileCache]** Make caching proxy configuration backwards compatible. * **[XrdFileCache]** Fix cache v1 to cache v2 bridge after introducing cache v2. * **[XrdSec]** Use CommonCrypto header instead of openssl for SHA on OSX. * **[XrdSeckrb5]** Fix memory leaks in client context and cache. * **[Server/Logrotate]** Make sure XRootD logrotate does not interfire with system logrotate, fixes #490 * ** [Server]** Avoid std::ABORT should a naked logfile path be specified. * **[XrdCl]** Make sure ForkHandler doesn't segv if PostMaster is null, fixes #489 * **[Packaging]** Set the working dir to /var/spool/xrootd on CC7, fixes #365 * **[Packaging]** On platforms where systemd is available, manage files in /var/run with tmpfiles.d, fixes #485 **Miscellaneous** * **[XrdPosix]** Add new minpages option to pss.cache to support large pages. * **[XrdPosix]** Make XrdPosix.hh a public header; closes #479 * **[XrdApps]** Remove XrdClient dependency from xrdadler32. * **[Server]** Add XrdCksAssist functions to help handle XRootD checksums. * **[Server/Proxy]** Move disk sync operations out of IO::ioActive() call. * **[Server/Proxy]** Change severity IO::initLocalStat() log message. * **[XrdFileCache]** Ease development of decision plugins. -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
