Fedora EPEL 7 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 1110  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087   dokuwiki-0-0.24.20140929c.el7
 873  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f   mcollective-2.8.4-1.el7
 455  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d   libbsd-0.8.3-1.el7
 352  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe   mod_cluster-1.3.3-10.el7
 184  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23   libmspack-0.6-0.1.alpha.el7
 121  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece   nagios-4.3.4-5.el7
  26  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3e70a38ad4   drupal7-7.57-1.el7
  11  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-635348eab4   php-simplesamlphp-saml2_1-1.10.6-1.el7
  11  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7150fa5dce   php-simplesamlphp-saml2-2.3.8-1.el7
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-673b3314a1   exim-4.90.1-3.el7
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3f41541339   monitorix-3.10.1-1.el7
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ae3a1eae7e   glpi-0.90.5-2.el7
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-add4fc19d8   mosquitto-1.4.15-1.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    chromium-65.0.3325.181-1.el7
    fleet-commander-admin-0.10.6-3.el7
    openblas-0.2.20-6.el7
    purple-facebook-0.9.5-4.9ff9acf9fa14.el7
    python-recaptcha-client-2.0.1-1.el7
    python-testing.postgresql-1.1.0-3.el7
    python34-3.4.8-1.el7

Details about builds:


================================================================================
 chromium-65.0.3325.181-1.el7 (FEDORA-EPEL-2018-1fbdf7f103)
 A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:

Update to Chromium 65. For EPEL7, it has been a long time since a successful
build has been possible, so this will fix a LOT of CVEs.  CVE-2017-15396
CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411
CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417
CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422  CVE-2018-6056
CVE-2018-6406 CVE-2018-6057 CVE-2018-6058 CVE-2018-6059 CVE-2018-6060
CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065
CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069 CVE-2018-6070
CVE-2018-6071
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1552500 - CVE-2018-6083 chromium-browser: incorrect processing of appmanifests
        https://bugzilla.redhat.com/show_bug.cgi?id=1552500
  [ 2 ] Bug #1552499 - CVE-2018-6082 chromium-browser: circumvention of port blocking
        https://bugzilla.redhat.com/show_bug.cgi?id=1552499
  [ 3 ] Bug #1552498 - CVE-2018-6081 chromium-browser: xss in interstitials
        https://bugzilla.redhat.com/show_bug.cgi?id=1552498
  [ 4 ] Bug #1552497 - CVE-2018-6080 chromium-browser: information disclosure in ipc call
        https://bugzilla.redhat.com/show_bug.cgi?id=1552497
  [ 5 ] Bug #1552496 - CVE-2018-6079 chromium-browser: information disclosure via texture data in webgl
        https://bugzilla.redhat.com/show_bug.cgi?id=1552496
  [ 6 ] Bug #1552495 - CVE-2018-6078 chromium-browser: url spoof in omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1552495
  [ 7 ] Bug #1552494 - CVE-2018-6077 chromium-browser: timing attack using svg filters
        https://bugzilla.redhat.com/show_bug.cgi?id=1552494
  [ 8 ] Bug #1552493 - CVE-2018-6076 chromium-browser: incorrect handling of url fragment identifiers in blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1552493
  [ 9 ] Bug #1552492 - CVE-2018-6075 chromium-browser: overly permissive cross origin downloads
        https://bugzilla.redhat.com/show_bug.cgi?id=1552492
  [ 10 ] Bug #1552491 - CVE-2018-6074 chromium-browser: mark-of-the-web bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1552491
  [ 11 ] Bug #1552490 - CVE-2018-6073 chromium-browser: heap bufffer overflow in webgl
        https://bugzilla.redhat.com/show_bug.cgi?id=1552490
  [ 12 ] Bug #1552489 - CVE-2018-6072 chromium-browser: integer overflow in pdfium
        https://bugzilla.redhat.com/show_bug.cgi?id=1552489
  [ 13 ] Bug #1552488 - CVE-2018-6071 chromium-browser: heap bufffer overflow in skia
        https://bugzilla.redhat.com/show_bug.cgi?id=1552488
  [ 14 ] Bug #1552487 - CVE-2018-6070 chromium-browser: csp bypass through extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1552487
  [ 15 ] Bug #1552486 - CVE-2018-6069 chromium-browser: stack buffer overflow in skia
        https://bugzilla.redhat.com/show_bug.cgi?id=1552486
  [ 16 ] Bug #1552485 - CVE-2018-6068 chromium-browser: object lifecycle issues in chrome custom tab
        https://bugzilla.redhat.com/show_bug.cgi?id=1552485
  [ 17 ] Bug #1552484 - CVE-2018-6067 chromium-browser: buffer overflow in skia
        https://bugzilla.redhat.com/show_bug.cgi?id=1552484
  [ 18 ] Bug #1552483 - CVE-2018-6066 chromium-browser: same origin bypass via canvas
        https://bugzilla.redhat.com/show_bug.cgi?id=1552483
  [ 19 ] Bug #1552482 - CVE-2018-6065 chromium-browser: integer overflow in v8
        https://bugzilla.redhat.com/show_bug.cgi?id=1552482
  [ 20 ] Bug #1552481 - CVE-2018-6064 chromium-browser: type confusion in v8
        https://bugzilla.redhat.com/show_bug.cgi?id=1552481
  [ 21 ] Bug #1552480 - CVE-2018-6063 chromium-browser: incorrect permissions on shared memory
        https://bugzilla.redhat.com/show_bug.cgi?id=1552480
  [ 22 ] Bug #1552479 - CVE-2018-6057 chromium-browser: incorrect permissions on shared memory
        https://bugzilla.redhat.com/show_bug.cgi?id=1552479
  [ 23 ] Bug #1552478 - CVE-2018-6062 chromium-browser: heap buffer overflow in skia
        https://bugzilla.redhat.com/show_bug.cgi?id=1552478
  [ 24 ] Bug #1552477 - CVE-2018-6061 chromium-browser: race condition in v8
        https://bugzilla.redhat.com/show_bug.cgi?id=1552477
  [ 25 ] Bug #1552476 - CVE-2018-6060 chromium-browser: use-after-free in blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1552476
  [ 26 ] Bug #1552475 - CVE-2018-6059 chromium-browser: use-after-free in flash
        https://bugzilla.redhat.com/show_bug.cgi?id=1552475
  [ 27 ] Bug #1552474 - CVE-2018-6058 chromium-browser: use-after-free in flash
        https://bugzilla.redhat.com/show_bug.cgi?id=1552474
  [ 28 ] Bug #1547349 - CVE-2018-6406 libwebm: Out of bounds read in libwebm_util.cc:ParseVP9SuperFrameIndex() can lead to information leak or potential denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=1547349
  [ 29 ] Bug #1545062 - CVE-2018-6056 chromium-browser: incorrect derived class instantiation in v8
        https://bugzilla.redhat.com/show_bug.cgi?id=1545062
  [ 30 ] Bug #1523141 - CVE-2017-15427 chromium-browser: insufficient blocking of javascript in omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1523141
  [ 31 ] Bug #1523140 - CVE-2017-15426 chromium-browser: url spoof in omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1523140
  [ 32 ] Bug #1523139 - CVE-2017-15425 chromium-browser: url spoof in omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1523139
  [ 33 ] Bug #1523138 - CVE-2017-15424 chromium-browser: url spoof in omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1523138
  [ 34 ] Bug #1523137 - CVE-2017-15423 chromium-browser: issue with spake implementation in boringssl
        https://bugzilla.redhat.com/show_bug.cgi?id=1523137
  [ 35 ] Bug #1523136 - CVE-2017-15422 chromium-browser: integer overflow in icu
        https://bugzilla.redhat.com/show_bug.cgi?id=1523136
  [ 36 ] Bug #1523135 - CVE-2017-15420 chromium-browser: url spoofing in omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1523135
  [ 37 ] Bug #1523134 - CVE-2017-15419 chromium-browser: cross origin leak of redirect url in blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1523134
  [ 38 ] Bug #1523133 - CVE-2017-15418 chromium-browser: use of uninitialized value in skia
        https://bugzilla.redhat.com/show_bug.cgi?id=1523133
  [ 39 ] Bug #1523132 - CVE-2017-15417 chromium-browser: cross origin information disclosure in skia
        https://bugzilla.redhat.com/show_bug.cgi?id=1523132
  [ 40 ] Bug #1523131 - CVE-2017-15416 chromium-browser: out of bounds read in blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1523131
  [ 41 ] Bug #1523130 - CVE-2017-15415 chromium-browser: pointer information disclosure in ipc call
        https://bugzilla.redhat.com/show_bug.cgi?id=1523130
  [ 42 ] Bug #1523129 - CVE-2017-15413 chromium-browser: type confusion in webassembly
        https://bugzilla.redhat.com/show_bug.cgi?id=1523129
  [ 43 ] Bug #1523128 - CVE-2017-15412 chromium-browser: use after free in libxml
        https://bugzilla.redhat.com/show_bug.cgi?id=1523128
  [ 44 ] Bug #1523127 - CVE-2017-15411 chromium-browser: use after free in pdfium
        https://bugzilla.redhat.com/show_bug.cgi?id=1523127
  [ 45 ] Bug #1523126 - CVE-2017-15410 chromium-browser: use after free in pdfium
        https://bugzilla.redhat.com/show_bug.cgi?id=1523126
  [ 46 ] Bug #1523125 - CVE-2017-15409 chromium-browser: out of bounds write in skia
        https://bugzilla.redhat.com/show_bug.cgi?id=1523125
  [ 47 ] Bug #1523124 - CVE-2017-15408 chromium-browser: heap buffer overflow in pdfium
        https://bugzilla.redhat.com/show_bug.cgi?id=1523124
  [ 48 ] Bug #1523123 - CVE-2017-15407 chromium-browser: out of bounds write in quic
        https://bugzilla.redhat.com/show_bug.cgi?id=1523123
--------------------------------------------------------------------------------


================================================================================
 fleet-commander-admin-0.10.6-3.el7 (FEDORA-EPEL-2018-fb6e8afa1c)
 Fleet Commander
--------------------------------------------------------------------------------
Update Information:

Fixed EPEL specfile conditionals  ----  Updated package for 0.10.5 release
--------------------------------------------------------------------------------


================================================================================
 openblas-0.2.20-6.el7 (FEDORA-EPEL-2018-a981a0cbd7)
 An optimized BLAS library based on GotoBLAS2
--------------------------------------------------------------------------------
Update Information:

Disables CPU affinity that had been enabled upstream by mistake.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1558091 - Different processor affinity for Fedora and julialang.org builds
        https://bugzilla.redhat.com/show_bug.cgi?id=1558091
--------------------------------------------------------------------------------


================================================================================
 purple-facebook-0.9.5-4.9ff9acf9fa14.el7 (FEDORA-EPEL-2018-f2b04c3e7e)
 Facebook protocol plugin for purple2
--------------------------------------------------------------------------------
Update Information:

This fixes a [crash in Pidgin after Facebook login](https://github.com/dequis
/purple-facebook/issues/403) and ["Failed to read fixed header" due to TLS
1.3](https://github.com/dequis/purple-facebook/issues/410).  Read [this notice
about Pidgin <= 2.12.0](https://github.com/dequis/purple-facebook/issues/408)
and connecting to Facebook using TLS 1.3.
--------------------------------------------------------------------------------


================================================================================
 python-recaptcha-client-2.0.1-1.el7 (FEDORA-EPEL-2018-d17b94259e)
 Python module for reCAPTCHA and reCAPTCHA Mailhide
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------


================================================================================
 python-testing.postgresql-1.1.0-3.el7 (FEDORA-EPEL-2018-47efa4e0c5)
 Automatically setup a PostgreSQL testing instance
--------------------------------------------------------------------------------
Update Information:

Fix missing requirements
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1455201 - Missing requirement for which in spec file
        https://bugzilla.redhat.com/show_bug.cgi?id=1455201
  [ 2 ] Bug #1455202 - Missing requirement for which in spec file
        https://bugzilla.redhat.com/show_bug.cgi?id=1455202
--------------------------------------------------------------------------------


================================================================================
 python34-3.4.8-1.el7 (FEDORA-EPEL-2018-ea4cf5dbc5)
 Version 3 of the Python programming language aka Python 3000
--------------------------------------------------------------------------------
Update Information:

Latest upstream
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux