The following Fedora EPEL 6 Security updates need testing: Age URL 28 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-5aca1d385d remctl-3.14-1.el6 25 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-dd6e4a3f0b python34-3.4.8-1.el6 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e3b98be78a qpdf-5.1.1-6.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-db4f42f11d drupal7-7.59-1.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing csdiff-1.4.0-1.el6 csmock-2.1.1-1.el6 globus-net-manager-0.18-1.el6 kstart-4.2-7.el6 myproxy-6.1.29-1.el6 mysql-mmm-2.2.1-3.el6 nordugrid-arc-5.4.2-5.el6 pcc-1.1.0-1.1.20180504cvs.el6 seamonkey-2.49.3-1.el6 tomcat-7.0.86-1.el6 Details about builds: ================================================================================ csdiff-1.4.0-1.el6 (FEDORA-EPEL-2018-0925416250) Non-interactive tools for processing code scan results in plain-text -------------------------------------------------------------------------------- Update Information: - update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Kamil Dudka <kdudka@xxxxxxxxxx> 1.4.0-1 - update to latest upstream release - make both python2 and python3 optional * Mon Feb 19 2018 Kamil Dudka <kdudka@xxxxxxxxxx> 1.3.3-4 - add explicit BR for the gcc-c++ compiler -------------------------------------------------------------------------------- ================================================================================ csmock-2.1.1-1.el6 (FEDORA-EPEL-2018-0925416250) A mock wrapper for Static Analysis tools -------------------------------------------------------------------------------- Update Information: - update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Kamil Dudka <kdudka@xxxxxxxxxx> 2.1.1-1 - update to latest upstream release - introduce the experimental bandit plug-in -------------------------------------------------------------------------------- ================================================================================ globus-net-manager-0.18-1.el6 (FEDORA-EPEL-2018-e852ebea3f) Globus Toolkit - Network Manager -------------------------------------------------------------------------------- Update Information: globus-net-manager * Fix pre-connect not using changed remote contact myproxy * Fix -Werror=format-security errors -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 0.18-1 - GT6 update: Fix pre-connect not using changed remote contact * Wed Feb 7 2018 Iryna Shcherbina <ishcherb@xxxxxxxxxx> - 0.17-5 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Aug 2 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ kstart-4.2-7.el6 (FEDORA-EPEL-2018-5ea126964e) Daemon version of kinit for Kerberos v5 -------------------------------------------------------------------------------- Update Information: Update to upstream version 4.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Sun Jan 8 2017 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 4.2-3 - Drop EL5 compatibility - Package LICENSE file * Thu Feb 4 2016 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Mon Dec 28 2015 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 4.2-1 - Upgrade to 4.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558664 - Please update package to version 4.2 (matching EPEL7) https://bugzilla.redhat.com/show_bug.cgi?id=1558664 -------------------------------------------------------------------------------- ================================================================================ myproxy-6.1.29-1.el6 (FEDORA-EPEL-2018-e852ebea3f) Manage X.509 Public Key Infrastructure (PKI) security credentials -------------------------------------------------------------------------------- Update Information: globus-net-manager * Fix pre-connect not using changed remote contact myproxy * Fix -Werror=format-security errors -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 6.1.29-1 - Update to 6.1.29: Fix -Werror=format-security errors * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 6.1.28-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 6.1.28-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 6.1.28-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ mysql-mmm-2.2.1-3.el6 (FEDORA-EPEL-2018-228dbec48f) Multi-Master Replication Manager for MySQL -------------------------------------------------------------------------------- Update Information: # Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger these vulnerabilities. The impact of these vulnerabilities can be lessened by configuring mmm_agentd to require TLS mutual authentication and by using network ACLs to prevent hosts other than legitimate mmm_mond hosts from accessing mmm_agentd. For example on Linux iptables rules can be used to block access to the port mmm_agent is listening on from all hosts except the mmm_monitor. The configuration of ssl can be used where firewall rules are not practical. See Socket Documentation http://mysql-mmm.org/mysql-mmm.html#SEC58 Add to mmm_common.conf <socket> type ssl cert_file /etc/ssl/certs/www.example.com.bundle.crt key_file /etc/ssl/certs/www.example.com.key ca_file /etc/ssl/certs/ca-bundle.crt # or ca-certificates.crt </socket> Now only those with access to the private key can send commands. Whilst your web server certificate will do the job, you may consider registering a dedicated certificate just for this task. NOTE: By now there are a some good alternatives to MySQL-MMM. Maybe you want to check out Galera Cluster which is part of MariaDB Galera Cluster and Percona XtraDB Cluster. - http://mysql-mmm.org - http://galeracluster.com/ - https://mariadb.com/kb/en/library/what-is-mariadb-galera-cluster/ - https://www.percona.com/software/mysql-database/percona-xtradb-cluster -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 David Beveridge <dave@xxxxxxxxxxx> 2.2.1-3 - Patch fix for Newer perl-Net-ARP (Bug 1169914) - Patch for mmm_agentd Remote Command Injection Vulnerabilities - TALOS-2017-0501, CVE-2017-14474 - CVE-2017-14481 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1575161 https://bugzilla.redhat.com/show_bug.cgi?id=1575161 -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-5.4.2-5.el6 (FEDORA-EPEL-2018-b9969ee396) Advanced Resource Connector Grid Middleware -------------------------------------------------------------------------------- Update Information: * Minor packaging tweaks * Backport a few out-of-bounds compiler warning fixes * python34-nordugrid-arc package for EPEL 7 -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 5.4.2-5 - Create python34-nordugrid-arc package on EPEL 7 - Add BuildRequires on gcc-c++ - Use pylint in EPEL 7 (it's back) - Adjust python dependencies for old releases * Tue Feb 20 2018 Iryna Shcherbina <ishcherb@xxxxxxxxxx> - 5.4.2-4 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 5.4.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Fri Jan 26 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 5.4.2-2 - Fix out-of-bounds errors causing test failures -------------------------------------------------------------------------------- ================================================================================ pcc-1.1.0-1.1.20180504cvs.el6 (FEDORA-EPEL-2018-6d2d6699f3) The Portable C Compiler -------------------------------------------------------------------------------- Update Information: Update to 20180504 snapshot, which fixes crash when stdlib.h was included. -------------------------------------------------------------------------------- ChangeLog: * Fri May 4 2018 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.1.0-1.1.20180504cvs - Update to 20180504 snapshot, fixing BZ #1551537. * Wed Feb 28 2018 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.1.0-1.1.20180228cvs - Update to 20180228 snapshot. - Added gcc buildrequires. * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.1.0-1.1.20161201cvs.4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.1.0-1.1.20161201cvs.3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.1.0-1.1.20161201cvs.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sat Feb 11 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.1.0-1.1.20161201cvs.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1551537 - Compilation fails when including <stdlib.h> https://bugzilla.redhat.com/show_bug.cgi?id=1551537 -------------------------------------------------------------------------------- ================================================================================ seamonkey-2.49.3-1.el6 (FEDORA-EPEL-2018-db2f6088bd) Web browser, e-mail, news, IRC client, HTML editor -------------------------------------------------------------------------------- Update Information: Based on the Firefox/Thunderbird ESR (extension support release) code version 52.7.3 Fixes various security issues, see https://www.mozilla.org/en- US/security/known-vulnerabilities/firefox-esr/ and https://www.mozilla.org/en- US/security/known-vulnerabilities/thunderbird/ for more info. -------------------------------------------------------------------------------- ChangeLog: * Fri May 4 2018 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> 2.49.3-1 - update to 2.49.3 -------------------------------------------------------------------------------- ================================================================================ tomcat-7.0.86-1.el6 (FEDORA-EPEL-2018-d53a865fe3) Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API -------------------------------------------------------------------------------- Update Information: This update includes a rebase from 7.0.85 up to 7.0.86. -------------------------------------------------------------------------------- ChangeLog: * Tue May 1 2018 Coty Sutherland <csutherl@xxxxxxxxxx> - 1:7.0.86-1 - Update to 7.0.86 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
