The following Fedora EPEL 6 Security updates need testing: Age URL 820 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 814 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 704 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 676 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 286 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6 182 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c0d33ae70f tnef-1.4.14-1.el6 16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92 libmspack-0.6-0.1.alpha.el6 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5b8684c487 php-horde-passwd-5.0.7-1.el6 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e6c88309c0 php-horde-wicked-2.0.8-1.el6 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a981889220 php-horde-nag-4.2.17-1.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-be95216c3a MySQL-zrm-3.0-6.el6.2 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-ad63a060a6 freexl-1.0.4-1.el6 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a437fba22e openvpn-2.4.4-1.el6 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e4d447e97c tor-0.2.9.12-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-170150faa2 nagios-4.3.4-3.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1f4bfd5d1d botan-1.8.15-2.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing bitlbee-facebook-1.1.2-2.el6 botan-1.8.15-2.el6 clustershell-1.7.82-1.el6 golang-github-xeipuuv-gojsonschema-0-0.5.20171003git6b67b3f.el6 inxi-2.3.40-1.el6 koji-1.14.0-1.el6 nagios-4.3.4-3.el6 nagios-4.3.4-4.el6 prosody-0.10.0-1.el6 rho-0.0.28-2.el6 Details about builds: ================================================================================ bitlbee-facebook-1.1.2-2.el6 (FEDORA-EPEL-2017-8fc2ba4a15) Facebook protocol plugin for BitlBee -------------------------------------------------------------------------------- Update Information: The Facebook protocol plugin for BitlBee. This plugin uses the Facebook Mobile API. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1290235 - Review Request: bitlbee-facebook - Facebook protocol plugin for BitlBee https://bugzilla.redhat.com/show_bug.cgi?id=1290235 -------------------------------------------------------------------------------- ================================================================================ botan-1.8.15-2.el6 (FEDORA-EPEL-2017-1f4bfd5d1d) Crypto library written in C++ -------------------------------------------------------------------------------- Update Information: Fix a bug in X509 DN string comparisons that could result in out of bound reads. This could result in information leakage, denial of service, or potentially incorrect certificate validation results. (CVE-2017-2801) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441126 - CVE-2017-2801 botan: Incorrect comparison in X.509 DN strings https://bugzilla.redhat.com/show_bug.cgi?id=1441126 -------------------------------------------------------------------------------- ================================================================================ clustershell-1.7.82-1.el6 (FEDORA-EPEL-2017-99d9805c54) Python framework for efficient cluster administration -------------------------------------------------------------------------------- Update Information: ClusterShell 1.8 beta2 targeted for updates-testing only. ---- ClusterShell 1.8 beta1 targeted for updates-testing only. Release #4 removes the vim- clustershell subpackage as it was confusing for the users. VIM extensions are just provided by the main clustershell subpackage, which now requires vim- filesystem instead of vim-common if available (only not on el6). ---- ClusterShell 1.8 beta1 targeted for updates-testing only. ---- ClusterShell 1.8 beta1 targeted for updates-testing only. Release 3 should fix some packaging issues reported by taskotron. ---- ClusterShell 1.8 beta1 targeted for updates-testing only. This is release 2 with added Python 3 support. -------------------------------------------------------------------------------- ================================================================================ golang-github-xeipuuv-gojsonschema-0-0.5.20171003git6b67b3f.el6 (FEDORA-EPEL-2017-798b4d509c) An implementation of JSON Schema, draft v4 -------------------------------------------------------------------------------- Update Information: Bump to upstream 6b67b3fab74d992bd07f72550006ab2c6907c416 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1493960 - Please update the package to a more recent version https://bugzilla.redhat.com/show_bug.cgi?id=1493960 [ 2 ] Bug #1498057 - Tracker for golang-github-xeipuuv-gojsonschema https://bugzilla.redhat.com/show_bug.cgi?id=1498057 -------------------------------------------------------------------------------- ================================================================================ inxi-2.3.40-1.el6 (FEDORA-EPEL-2017-6c9bb1b4bd) A full featured system information script -------------------------------------------------------------------------------- Update Information: Update to 2.3.40. -------------------------------------------------------------------------------- ================================================================================ koji-1.14.0-1.el6 (FEDORA-EPEL-2017-c4528f8770) Build system tools -------------------------------------------------------------------------------- Update Information: update to upstream 1.14.0 -------------------------------------------------------------------------------- ================================================================================ nagios-4.3.4-3.el6 (FEDORA-EPEL-2017-170150faa2) Host/service/network monitoring program -------------------------------------------------------------------------------- Update Information: Try to fix error on update with systemctl ---- Fix a service problem again. Lost patch ---- Fix fix ---- Fix RHBZ#1475447 ---- Fix the systemd service file reload and other issues ---- Update initd patch to move mktemp from /tmp to /var/log/nagios where it has permission to write -------------------------------------------------------------------------------- References: [ 1 ] Bug #1490860 - CVE-2017-14312 nagios: Incorrect file permissions leading to possible privilege escalation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1490860 [ 2 ] Bug #1475447 - SELinux Policy module won't install. https://bugzilla.redhat.com/show_bug.cgi?id=1475447 -------------------------------------------------------------------------------- ================================================================================ nagios-4.3.4-4.el6 (FEDORA-EPEL-2017-164cc614ff) Host/service/network monitoring program -------------------------------------------------------------------------------- Update Information: Fix nagios su lines to work on rhel6 -------------------------------------------------------------------------------- ================================================================================ prosody-0.10.0-1.el6 (FEDORA-EPEL-2017-ac625d9dfe) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information: Prosody 0.10.0 ============== See upstream's blog post at https://blog.prosody.im/prosody-0-10-0-released/ for a full overview of the release features. * Rewritten SQL storage module with archive support * SCRAM-SHA-1-PLUS * prosodyctl check * Statistics * Improved TLS configuration * Lua 5.2 support * mod_blocklist (XEP-0191) * mod_carbons (XEP-0280) * Pluggable connection timeout handling * mod_websocket (RFC 7395) * mod_mam (XEP-0313) Please also read the upgrade notes at https://prosody.im/doc/release/0.10.0#upgrade_notes for some specific corner cases. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1497877 - prosody-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1497877 -------------------------------------------------------------------------------- ================================================================================ rho-0.0.28-2.el6 (FEDORA-EPEL-2017-889421226b) An SSH system profiler -------------------------------------------------------------------------------- Update Information: # Testing Rho To set up Rho, you create profiles that control how to run each scan. - Authentication profiles contain user credentials for a user with sufficient authority to complete the scan (for example, a root user or one with root-level access obtained through -sudo privilege escalation). - Network profiles contain network identifiers (for example, a hostname, IP address, or range of IP addresses) and the authentication profiles to be used for a scan. Complete the following steps, repeating them as necessary to access all parts of your environment that you want to scan: 1. Create at least one authentication profile with root-level access to Rho: ``` rho auth add --name auth_name --username root_name(--sshkeyfile key_file | --password) ``` a. At the Rho vault password prompt, create a new Rho vault password. This password is required to access the encrypted Rho data, such as authentication and network profiles, scan data, and other information. b. If you did not use the sshkeyfile option to provide an SSH key for the username value, enter the password of the user with root-level access at the connection password prompt. For example, for an authentication profile where the authentication profile name is roothost1, the user with root-level access is root, and the SSH key for the user is in the path ~/.ssh/id_rsa, you would enter the following command: ``` rho auth add --name roothost1 --username root --sshkeyfile ~/.ssh/id_rsa ``` You can also use the sudo-password option to create an authentication profile for a user with root-level access who requires a password to obtain this privilege. You can use the sudo-password option with either the sshkeyfile or the password option. For example, for an authentication profile where the authentication profile name is sudouser1, the user with root-level access is sysadmin, and the access is obtained through the password option, you would enter the following command: ``` rho auth add --name sudouser1 --username sysadmin --password --sudo-password ``` After you enter this command, you are prompted to enter two passwords. First, you would enter the connection password for the username user, and then you would enter the password for the sudo command. 2. Create at least one network profile that specifies one or more network identifiers, such as a host name, an IP address, a list of IP addresses, or an IP range, and one or more authentication profiles to be used for the scan: ``` rho profile add --name profile_name --hosts host_name_or_file --auth auth_name ``` For example, for a network profile where the name of the network profile is mynetwork, the network to be scanned is the 192.0.2.0/24 subnet, and the authentication profiles that are used to run the scan are roothost1 and roothost2, you would enter the following command: ``` rho profile add --name mynetwork --hosts 192.0.2.[1:254] --auth roothost1 roothost2 ``` You can also use a file to pass in the network identifiers. If you use a file to enter multiple network identifiers, such as multiple individual IP addresses, enter each on a single line. For example, for a network profile where the path to this file is /home/user1/hosts_file, you would enter the following command: ``` rho profile add --name mynetwork --hosts /home/user1/hosts_file --auth roothost1 roothost2 ``` # Running a scan Run the scan by using the scan command, specifying a network profile for the profile option and a location to store the output as a file in the comma-separated variables (CSV) format for the reportfile option: ``` rho scan --profile profile_name --reportfile filename.csv ``` For example, if you want to use the network profile mynetwork and save the report as mynetwork_scan1.csv, you would enter the following command: ``` rho scan --profile mynetwork --reportfile mynetwork_scan1.csv ``` -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
