The following Fedora EPEL 6 Security updates need testing: Age URL 952 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 842 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 813 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 424 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6 153 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92 libmspack-0.6-0.1.alpha.el6 72 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e optipng-0.7.6-6.el6 44 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462 heimdal-7.5.0-1.el6 39 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4 rootsh-1.5.3-17.el6 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bc1949f307 p7zip-16.02-10.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f742513635 jhead-3.00-9.el6 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-be69c94866 clamav-0.99.3-8.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-87b20f1b26 exim-4.90.1-2.el6 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-76121890f9 seamonkey-2.49.2-2.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c8346d8e5 mbedtls-2.7.0-1.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing dislocker-0.7.1-7.el6 dpm-contrib-admintools-0.2.4-1.el6 openjpeg2-2.3.0-6.el6 php-phpseclib-2.0.10-2.el6 zerofree-1.1.1-1.el6 Details about builds: ================================================================================ dislocker-0.7.1-7.el6 (FEDORA-EPEL-2018-3f5982aa74) Utility to access BitLocker encrypted volumes -------------------------------------------------------------------------------- Update Information: - Rebuilt for mbed TLS 2.7.0 -------------------------------------------------------------------------------- ================================================================================ dpm-contrib-admintools-0.2.4-1.el6 (FEDORA-EPEL-2018-afd955e947) DPM administration toolkit (contrib from GridPP) -------------------------------------------------------------------------------- Update Information: * new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1545172 - dpm-contrib-admintools is using arch-dependent BuildRequires https://bugzilla.redhat.com/show_bug.cgi?id=1545172 -------------------------------------------------------------------------------- ================================================================================ openjpeg2-2.3.0-6.el6 (FEDORA-EPEL-2018-6ac908eac8) C-Library for JPEG 2000 -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 and many others. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487393 - CVE-2017-14151 CVE-2017-14152 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1487393 [ 2 ] Bug #1487381 - CVE-2016-10504 CVE-2016-10505 CVE-2016-10506 CVE-2016-10507 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1487381 [ 3 ] Bug #1418152 - CVE-2016-9112 openjpeg2: Floating point exception vulnerability in openjpeg2 when processing untrusted images [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1418152 [ 4 ] Bug #1335486 - CVE-2016-4796 CVE-2016-4797 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1335486 [ 5 ] Bug #1487769 - CVE-2017-14039 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1487769 [ 6 ] Bug #1487366 - CVE-2017-14040 CVE-2017-14041 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1487366 [ 7 ] Bug #1435069 - CVE-2016-9573 openjpeg2: openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm() [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1435069 [ 8 ] Bug #1422754 - CVE-2016-5139 CVE-2016-5158 CVE-2016-5159 openjpeg2: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1422754 [ 9 ] Bug #1422753 - CVE-2016-5139 CVE-2016-5158 CVE-2016-5159 openjpeg2: various flaws [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1422753 [ 10 ] Bug #1405140 - CVE-2016-9580 CVE-2016-9581 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1405140 [ 11 ] Bug #1402722 - CVE-2016-9573 CVE-2016-9572 openjpeg2: various flaws [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1402722 [ 12 ] Bug #1377771 - CVE-2016-1923 CVE-2016-1924 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1377771 [ 13 ] Bug #1381271 - CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1381271 [ 14 ] Bug #1377348 - CVE-2016-7445 openjpeg2: Null pointer dereference in convert.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1377348 [ 15 ] Bug #1374343 - CVE-2016-7163 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1374343 [ 16 ] Bug #1335773 - CVE-2015-8871 openjpeg2: openjpeg: Use-after-free in opj_j2k_write_mco function [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1335773 [ 17 ] Bug #1317832 - CVE-2016-3181 openjpeg2: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1317832 -------------------------------------------------------------------------------- ================================================================================ php-phpseclib-2.0.10-2.el6 (FEDORA-EPEL-2018-0c0daea4e3) PHP Secure Communications Library -------------------------------------------------------------------------------- Update Information: **Version 2.0.10** - 2018-02-08 - BigInteger: fix issue with bitwise_xor (#1245) - Crypt: some of the minimum lengths were off - SFTP: update stat cache accordingly when file becomes a directory (#1235) - SFTP: fix issue with extended attributes on 64-bit PHP installs (#1248) - SSH2: more channel handling updates (#1200) - X509: use anonymous functions in PHP >= 5.3.0 - X509: revise logic for validateLogic (#1213) - X509: fix 7.2 error when extensions were removed and new ones added (#1243) - fix float to int conversions on ARM CPU's (#1220) -------------------------------------------------------------------------------- ================================================================================ zerofree-1.1.1-1.el6 (FEDORA-EPEL-2018-c164420664) Utility to force unused ext2/3/4 inodes and blocks to zero -------------------------------------------------------------------------------- Update Information: zerofree 1.1.1 ============== * 2017-02-22: Lift call to ext2fs_free_blocks_count out of loop. Suggested by Thanassis Tsiodras. zerofree 1.1.0 ============== * 2016-02-18: Add support for 64-bit block numbers. * 2015-10-18: Use memcmp. Suggested by Damien Clark. -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
