The following Fedora EPEL 7 Security updates need testing: Age URL 938 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 700 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 282 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 180 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 178 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4 tnef-1.4.14-1.el7 177 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7 44 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-17b77b3268 botan-1.10.16-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9f88067c22 mpg123-1.25.6-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2795d59fcc python3-numpy-1.10.4-5.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30a9c74908 php-horde-Horde-Image-2.5.2-1.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5b07cc6958 wordpress-4.8.2-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8da6477f0a moodle-3.1.8-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3a2abe4898 php-horde-passwd-5.0.7-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a3ae700da7 php-horde-wicked-2.0.8-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d49c1ef800 php-horde-nag-4.2.17-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b8147c68 openvpn-auth-ldap-2.0.3-15.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e3436f7a95 libbson-1.3.5-4.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9179bc1cf5 chromium-61.0.3163.100-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3dcce634cb MySQL-zrm-3.0-17.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-afdcf119f4 freexl-1.0.4-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4826761f5d openvpn-2.4.4-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-abe6f98ebf tor-0.2.9.12-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0f92580f68 yadifa-2.2.6-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing bgpq3-0.1.31-1.el7 fedmsg-1.0.1-4.el7 fedora-easy-karma-0-0.32.20170930git0c81432c.el7 nova-agent-2.1.6-1.el7 odcs-0.0.7-1.el7 openboardview-7.3-5.el7 openscap-daemon-0.1.8-1.el7 opensmtpd-6.0.2p1-6.el7 openvpn-2.4.4-1.el7 petsc-3.7.7-1.el7 php-phpmyadmin-sql-parser-4.2.2-1.el7 python-sync2jira-1.4-1.el7 sysbench-1.0.9-2.el7 tor-0.2.9.12-1.el7 tsung-1.7.0-1.el7 yadifa-2.2.6-1.el7 Details about builds: ================================================================================ bgpq3-0.1.31-1.el7 (FEDORA-EPEL-2017-666fc07261) Automate BGP filter generation based on routing database information -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1495004 - Review Request: bgpq3 - Automate BGP filter generation based on routing database information https://bugzilla.redhat.com/show_bug.cgi?id=1495004 -------------------------------------------------------------------------------- ================================================================================ fedmsg-1.0.1-4.el7 (FEDORA-EPEL-2017-57b6bb1261) Tools for Fedora Infrastructure real-time messaging -------------------------------------------------------------------------------- Update Information: * Refactor subpackages so that python2-fedmsg contains everything * Update to the latest upstream release -------------------------------------------------------------------------------- ================================================================================ fedora-easy-karma-0-0.32.20170930git0c81432c.el7 (FEDORA-EPEL-2017-35e7efea31) Fedora update feedback made easy -------------------------------------------------------------------------------- Update Information: Add support for new bodhi client bindings and add hard dependencies for yum or python2-dnf -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494644 - fedora.client.bodhi.BodhiClientException: You must provide a captcha_key https://bugzilla.redhat.com/show_bug.cgi?id=1494644 [ 2 ] Bug #1270600 - fedora-easy-karma can not execute without yum or python2-dnf (missing dependency) https://bugzilla.redhat.com/show_bug.cgi?id=1270600 -------------------------------------------------------------------------------- ================================================================================ nova-agent-2.1.6-1.el7 (FEDORA-EPEL-2017-3fb011c248) Agent for setting up clean servers on Xen -------------------------------------------------------------------------------- Update Information: This is a new package. -------------------------------------------------------------------------------- ================================================================================ odcs-0.0.7-1.el7 (FEDORA-EPEL-2017-45f7d47d2a) The On Demand Compose Service -------------------------------------------------------------------------------- Update Information: Now with fedmsg support. ---- Fixes from @puiterwijk's security audit. -------------------------------------------------------------------------------- ================================================================================ openboardview-7.3-5.el7 (FEDORA-EPEL-2017-dced3e892c) Viewer for PCB layouts -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- ================================================================================ openscap-daemon-0.1.8-1.el7 (FEDORA-EPEL-2017-f033be17d0) Manages continuous SCAP scans of your infrastructure -------------------------------------------------------------------------------- Update Information: upgrade to the latest upstream release -------------------------------------------------------------------------------- ================================================================================ opensmtpd-6.0.2p1-6.el7 (FEDORA-EPEL-2017-8f47a3c83f) Free implementation of the server-side SMTP protocol as defined by RFC 5321 -------------------------------------------------------------------------------- Update Information: Fixing HAVE_REALLOCARRAY in portable -------------------------------------------------------------------------------- References: [ 1 ] Bug #1480303 - opensmptd: Accidentally interposes reallocarray https://bugzilla.redhat.com/show_bug.cgi?id=1480303 -------------------------------------------------------------------------------- ================================================================================ openvpn-2.4.4-1.el7 (FEDORA-EPEL-2017-4826761f5d) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information: Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166](https://community.openvpn.net/openvpn/wiki/CVE-2017-12166)). >From this update of, OpenVPN will use the lz4 compression library from Fedora EPEL instead of the upstream bundled library. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1497109 - CVE-2017-12166 openvpn: Incorrect bounds check in read_key() with 'key-method 1' https://bugzilla.redhat.com/show_bug.cgi?id=1497109 -------------------------------------------------------------------------------- ================================================================================ petsc-3.7.7-1.el7 (FEDORA-EPEL-2017-95cf1c696b) Portable Extensible Toolkit for Scientific Computation -------------------------------------------------------------------------------- Update Information: - Update to 3.7.7 - Move petscvariables/petscrules under a private directory of libdir -------------------------------------------------------------------------------- ================================================================================ php-phpmyadmin-sql-parser-4.2.2-1.el7 (FEDORA-EPEL-2017-3a8700adef) A validating SQL lexer and parser with a focus on MySQL dialect -------------------------------------------------------------------------------- Update Information: **Version 4.2.2** - 2017-09-28 * Added support for binding parameters. -------------------------------------------------------------------------------- ================================================================================ python-sync2jira-1.4-1.el7 (FEDORA-EPEL-2017-b1ccb3cb7a) Sync pagure and github issues to jira, via fedmsg -------------------------------------------------------------------------------- Update Information: Now with support for spaces! ---- Latest upstream. Supports labels. Thanks @pingou! -------------------------------------------------------------------------------- ================================================================================ sysbench-1.0.9-2.el7 (FEDORA-EPEL-2017-b96ffec815) System performance benchmark -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1488694 - sysbench-1.0.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1488694 -------------------------------------------------------------------------------- ================================================================================ tor-0.2.9.12-1.el7 (FEDORA-EPEL-2017-abe6f98ebf) Anonymizing overlay network for TCP -------------------------------------------------------------------------------- Update Information: update to upstream release 0.2.9.12 (SECURITY) (#1494860) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494860 - tor-0.2.9.10-1.el7.x86_64 is unsecure and out of date https://bugzilla.redhat.com/show_bug.cgi?id=1494860 [ 2 ] Bug #1493512 - CVE-2017-0380 tor: Stack disclosure in hidden services logs when SafeLogging disabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1493512 [ 3 ] Bug #1493513 - CVE-2017-0380 tor: Stack disclosure in hidden services logs when SafeLogging disabled [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1493513 -------------------------------------------------------------------------------- ================================================================================ tsung-1.7.0-1.el7 (FEDORA-EPEL-2017-6cf6da0e9a) A distributed multi-protocol load testing tool -------------------------------------------------------------------------------- Update Information: Update to 1.7.0 (#1486744) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1486744 - tsung-1.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1486744 -------------------------------------------------------------------------------- ================================================================================ yadifa-2.2.6-1.el7 (FEDORA-EPEL-2017-0f92580f68) Lightweight authoritative Name Server with DNSSEC capabilities -------------------------------------------------------------------------------- Update Information: 20170912: YADIFA 2.2.6 --- Fixes an issue where a maliciously crafted message may block the server. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494005 - CVE-2017-14339 yadifa: Infinite loop due to insufficient checks in the DNS packet parser https://bugzilla.redhat.com/show_bug.cgi?id=1494005 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
