The following Fedora EPEL 7 Security updates need testing: Age URL 1007 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 770 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 352 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 250 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 247 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7 81 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7 79 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b8147c68 openvpn-auth-ldap-2.0.3-15.el7 19 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-71f816e116 collectd-5.8.0-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-12e12a6bff borgbackup-1.1.3-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-08f3522912 wordpress-4.9.1-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f58e92e860 exim-4.89-4.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d704442ae7 qpid-cpp-1.37.0-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-97efaab7e7 tor-0.2.9.14-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f2055d3f62 shellinabox-2.20-5.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-77cc9084cb nodejs-6.12.2-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30026fdcc1 hostapd-2.6-7.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing argon2-20161029-2.el7 golang-github-SAP-go-hdb-0.9.5-1.el7 hostapd-2.6-7.el7 jargs-1.0-15.el7 pulledpork-0.7.3-1.el7 rootfs-resize-2.0-10.el7 Details about builds: ================================================================================ argon2-20161029-2.el7 (FEDORA-EPEL-2017-3ad252c475) The password-hashing tools -------------------------------------------------------------------------------- Update Information: Argon2 is a password-hashing function that summarizes the state of the art in the design of memory-hard functions and can be used to hash passwords for credential storage, key derivation, or other applications. It has a simple design aimed at the highest memory filling rate and effective use of multiple computing units, while still providing defense against tradeoff attacks (by exploiting the cache and memory organization of the recent processors). Argon2 has three variants: Argon2i, Argon2d, and Argon2id. * Argon2d is faster and uses data-depending memory access, which makes it highly resistant against GPU cracking attacks and suitable for applications with no threats from side- channel timing attacks (eg. cryptocurrencies). * Argon2i instead uses data- independent memory access, which is preferred for password hashing and password-based key derivation, but it is slower as it makes more passes over the memory to protect from tradeoff attacks. * Argon2id is a hybrid of Argon2i and Argon2d, using a combination of data-depending and data-independent memory accesses, which gives some of Argon2i's resistance to side-channel cache timing attacks and much of Argon2d's resistance to GPU cracking attacks. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1523340 - argon2 for EPEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1523340 -------------------------------------------------------------------------------- ================================================================================ golang-github-SAP-go-hdb-0.9.5-1.el7 (FEDORA-EPEL-2017-843f468ea7) SAP HANA Database Client for Go (Golang) -------------------------------------------------------------------------------- Update Information: Update to 0.9.5. (#1523964) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1523964 - golang-github-SAP-go-hdb-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1523964 -------------------------------------------------------------------------------- ================================================================================ hostapd-2.6-7.el7 (FEDORA-EPEL-2017-30026fdcc1) IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator -------------------------------------------------------------------------------- Update Information: Latest hostapd release with KRACK patches applied. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1503874 - KRACK affects hostapd https://bugzilla.redhat.com/show_bug.cgi?id=1503874 [ 2 ] Bug #1502588 - CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 hostapd: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1502588 [ 3 ] Bug #1468942 - attempting to create Access Point overrides modprobe for wifi and crashes https://bugzilla.redhat.com/show_bug.cgi?id=1468942 -------------------------------------------------------------------------------- ================================================================================ jargs-1.0-15.el7 (FEDORA-EPEL-2017-3bffb73a8c) Java command line option parsing suite -------------------------------------------------------------------------------- Update Information: jargs for EPEL. -------------------------------------------------------------------------------- ================================================================================ pulledpork-0.7.3-1.el7 (FEDORA-EPEL-2017-6c65968907) Pulled Pork for Snort and Suricata rule management -------------------------------------------------------------------------------- Update Information: version 0.7.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1523896 - pulledpork-v0.7.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1523896 -------------------------------------------------------------------------------- ================================================================================ rootfs-resize-2.0-10.el7 (FEDORA-EPEL-2017-a7da43ae6f) Root partition re-sizing service (typically for SD cards) -------------------------------------------------------------------------------- Update Information: Correct copy & paste error in %postun scriptlet (#1524031) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1524031 - rootfs-resize has copy-pasto in scriptlet https://bugzilla.redhat.com/show_bug.cgi?id=1524031 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
