The following Fedora EPEL 7 Security updates need testing: Age URL 40 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a unrtf-0.21.9-8.el7 35 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-15b7dc35af pass-1.7.2-1.el7 16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ccbe8e3c4d knot-resolver-2.4.0-1.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3f114dff22 wordpress-4.9.7-1.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-6b0fdd8b40 guacamole-server-0.9.14-1.el7 libvncserver-0.9.9-0.12.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d2e0971e9b uwsgi-2.0.17.1-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-755a438aca libgit2-0.26.5-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-86150d9653 rust-1.27.1-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3f07844689 znc-1.7.1-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d8d62b4f6c suricata-4.0.5-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing NetworkManager-vpnc-1.2.6-1.el7 ctstream-28-1.el7 gnudos-1.11-5.el7 needrestart-3.3-1.el7 python-certbot-dns-gehirn-0.26.1-1.el7 python-certbot-dns-linode-0.26.1-1.el7 python-certbot-dns-ovh-0.26.1-1.el7 python-certbot-dns-sakuracloud-0.26.1-1.el7 redis-3.2.12-1.el7 Details about builds: ================================================================================ NetworkManager-vpnc-1.2.6-1.el7 (FEDORA-EPEL-2018-e603289e79) NetworkManager VPN plugin for vpnc -------------------------------------------------------------------------------- Update Information: Update to 1.2.6 to fix a local authenticated privilege escalation bug (CVE-2018-10900). The issue has been discovered and responsibly disclosed by Denis Andzakovic: https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 20 2018 Lubomir Rintel <lkundrak@xxxxx> - 1.2.6-1 - Update to 1.2.6 release - Fix a local authenticated privilege escalation bug (CVE-2018-10900) * Thu Jul 12 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:1.2.4-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:1.2.4-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Jan 31 2018 Igor Gnatenko <ignatenkobrain@xxxxxxxxxxxxxxxxx> - 1:1.2.4-6 - Remove obsolete scriptlets * Thu Nov 30 2017 Lubomir Rintel <lkundrak@xxxxx> - 1.2.4-5 - Drop libnm-glib for Fedora 28 -------------------------------------------------------------------------------- ================================================================================ ctstream-28-1.el7 (FEDORA-EPEL-2018-7bc03ad3c3) Get URLs of Czech Television video streams -------------------------------------------------------------------------------- Update Information: This release adapts to server changes effective since 2018-07-17. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 20 2018 Petr Pisar <ppisar@xxxxxxxxxx> - 28-1 - Version 28 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1604727 - ctstream-28 is available https://bugzilla.redhat.com/show_bug.cgi?id=1604727 -------------------------------------------------------------------------------- ================================================================================ gnudos-1.11-5.el7 (FEDORA-EPEL-2018-d0fddd566e) The GnuDOS library for GNU/Linux -------------------------------------------------------------------------------- Update Information: Added BuildRequires: gcc -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 20 2018 Mohammed Isam <mohammed_isam1984@xxxxxxxxx> 1.11-5 - Added BuildRequires: gcc * Sat May 12 2018 Mohammed Isam <mohammed_isam1984@xxxxxxxxx> 1.11-4 - Bugfixes * Sat May 12 2018 Mohammed Isam <mohammed_isam1984@xxxxxxxxx> 1.11-3 - Added missing copyright notice for ChangeLog file * Fri May 11 2018 Mohammed Isam <mohammed_isam1984@xxxxxxxxx> 1.11-2 - Added THANKS file and fixed missing copyright notices -------------------------------------------------------------------------------- References: [ 1 ] Bug #1604166 - gnudos: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1604166 -------------------------------------------------------------------------------- ================================================================================ needrestart-3.3-1.el7 (FEDORA-EPEL-2018-8d246c1178) Restart daemons after library updates -------------------------------------------------------------------------------- Update Information: This package has been introduced in Fedora a bit before F28 after having being worked on for quite some time in Copr and there are no bugs since then. We've been using it in production in OSAS with automatic restart of service for months. This new version fixes a few bugs and I believe it is time to make it available to EPEL now. -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-gehirn-0.26.1-1.el7 (FEDORA-EPEL-2018-d84efb5475) Gehirn Infrastructure Service DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1602080 - Review Request: python-certbot-dns-gehirn - Gehirn Infrastructure Service DNS Authenticator plugin for Certbot https://bugzilla.redhat.com/show_bug.cgi?id=1602080 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-linode-0.26.1-1.el7 (FEDORA-EPEL-2018-42ce8bfab3) Linode DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1602091 - Review Request: python-certbot-dns-linode - Linode DNS Authenticator plugin for Certbot https://bugzilla.redhat.com/show_bug.cgi?id=1602091 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-ovh-0.26.1-1.el7 (FEDORA-EPEL-2018-961c0ed2ac) OVH DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1602109 - Review Request: python-certbot-dns-ovh - OVH DNS Authenticator plugin for Certbot https://bugzilla.redhat.com/show_bug.cgi?id=1602109 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-sakuracloud-0.26.1-1.el7 (FEDORA-EPEL-2018-2edc9b4586) Sakura Cloud DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1602111 - Review Request: python-certbot-dns-sakuracloud - Sakura Cloud DNS Authenticator plugin for Certbot https://bugzilla.redhat.com/show_bug.cgi?id=1602111 -------------------------------------------------------------------------------- ================================================================================ redis-3.2.12-1.el7 (FEDORA-EPEL-2018-8de40d24ca) A persistent key-value database -------------------------------------------------------------------------------- Update Information: Upstream 3.2.12 security fix release. ---- Upstream 3.2.11 bug-fix-only release -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 20 2018 Nathan Scott <nathans@xxxxxxxxxx> - 3.2.12-1 - Upstream 3.2.12 security fix release. - Fixes CVE-2017-15047: Lack clusterLoadConfig input validation (RHBZ #1499153) - Fixes CVE-2018-11218: Heap corruption in lua_cmsgpack.c (RHBZ #1591537) - Fixes CVE-2018-11219: Integer overflow in lua_struct.c b_unpack (RHBZ #1591538) - Fixes CVE-2018-12326: code execution via a crafted command line (RHBZ #1594294) * Tue Sep 26 2017 Nathan Scott <nathans@xxxxxxxxxx> - 3.2.11-1 - Upstream 3.2.11 bug-fix-only release - Switch to using Type=notify for Redis systemd services (RHBZ #1172841) - Add Provides:bundled hiredis, linenoise, lua-libs clauses (RHBZ #788500) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1594294 - CVE-2018-12326 redis: code execution via a crafted command line [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1594294 [ 2 ] Bug #1592931 - /var/run/redis directory not created by RPM (redis-3.2.11-1.el6.x86_64.rpm) https://bugzilla.redhat.com/show_bug.cgi?id=1592931 [ 3 ] Bug #1591538 - CVE-2018-11219 redis: Integer overflow in lua_struct.c:b_unpack() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1591538 [ 4 ] Bug #1591537 - CVE-2018-11218 redis: Heap corruption in lua_cmsgpack.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1591537 [ 5 ] Bug #1499153 - CVE-2017-15047 redis: Insufficient input validation in the clusterLoadConfig function [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1499153 [ 6 ] Bug #1172841 - Service start returns success even when service fails to start https://bugzilla.redhat.com/show_bug.cgi?id=1172841 [ 7 ] Bug #788500 - redis bundles jemalloc and hiredis and lua https://bugzilla.redhat.com/show_bug.cgi?id=788500 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx/message/R6O577IUIMI3GOOQIGDC3ZJEAFNAEWOH/
