The following Fedora EPEL 7 Security updates need testing: Age URL 172 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7 156 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 30 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6fa6cebc3 game-music-emu-0.6.2-1.el7 27 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b43fdd19c3 vcftools-0.1.16-1.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6c3fb8b090 chromium-71.0.3578.98-2.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8e5fe375cf php-horde-Horde-Form-2.0.19-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-01cf520c0b python-django-1.11.18-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-4d365dad3c gitolite3-3.6.11-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-7c5121f71d golang-1.11.4-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-a6100f3df6 nodejs-6.16.0-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing R-3.5.2-2.el7 cacti-1.2.0-1.el7 cacti-spine-1.2.0-2.el7 htop-2.2.0-3.el7 java-openjdk-11.0.1.13-11.rolling.el7 nagios-4.4.3-1.el7 python-kubernetes-8.0.0-6.el7 Details about builds: ================================================================================ R-3.5.2-2.el7 (FEDORA-EPEL-2019-5d7bdd9b62) A language for data analysis and graphics -------------------------------------------------------------------------------- Update Information: Update R to 3.5.2, update rpy to 2.9.5, rebuild rkward. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 8 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.5.2-2 - handle pcre2 use/detection * Mon Jan 7 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.5.2-1 - update to 3.5.2 * Fri Dec 7 2018 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.5.1-2 - use absolute path in symlink for latex dir (bz1594102) -------------------------------------------------------------------------------- ================================================================================ cacti-1.2.0-1.el7 (FEDORA-EPEL-2019-17b3c81533) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Rebase to 1.2.0 Release notes: https://www.cacti.net/release_notes.php?version=1.2.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 17 2019 Morten Stevens <mstevens@xxxxxxxxxxxxxxxxx> - 1.2.0-1 - Rebase to 1.2.0 - Multiple cross-site scripting vulnerabilities fixed in 1.2.0 - CVE-2018-20723, CVE-2018-20724, CVE-2018-20725, CVE-2018-20726 (#1667024) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1667024 - CVE-2018-20723 CVE-2018-20724 CVE-2018-20725 CVE-2018-20726 cacti: Multiple cross-site scripting vulnerabilities fixed in 1.2.0 version [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1667024 -------------------------------------------------------------------------------- ================================================================================ cacti-spine-1.2.0-2.el7 (FEDORA-EPEL-2019-17b3c81533) Threaded poller for Cacti written in C -------------------------------------------------------------------------------- Update Information: - Rebase to 1.2.0 Release notes: https://www.cacti.net/release_notes.php?version=1.2.0 -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 6 2019 Morten Stevens <mstevens@xxxxxxxxxxxxxxxxx> - 1.2.0-2 - Use spine.conf as default * Thu Jan 3 2019 Morten Stevens <mstevens@xxxxxxxxxxxxxxxxx> - 1.2.0-1 - Update to 1.2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1667024 - CVE-2018-20723 CVE-2018-20724 CVE-2018-20725 CVE-2018-20726 cacti: Multiple cross-site scripting vulnerabilities fixed in 1.2.0 version [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1667024 -------------------------------------------------------------------------------- ================================================================================ htop-2.2.0-3.el7 (FEDORA-EPEL-2019-daaed9cb91) Interactive process viewer -------------------------------------------------------------------------------- Update Information: fix crash when launched with '-s' flag -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 16 2019 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 2.2.0-3 - Fix crash when launched with "-s" flag (bug# 1666551) * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1666551 - htop -s is causing segmentation fault https://bugzilla.redhat.com/show_bug.cgi?id=1666551 -------------------------------------------------------------------------------- ================================================================================ java-openjdk-11.0.1.13-11.rolling.el7 (FEDORA-EPEL-2019-6f43979cd7) OpenJDK Runtime Environment 11 -------------------------------------------------------------------------------- Update Information: This is first release of java-openjdk rolling package for short-term releases of openjdk for EPEL7. Our goal is now get it to the testing, auto karma is turned off. It still needs a lot of testing before it can surely reach stable, most likely, this release will never reach stable repos, since we will want to do this after we update sources to JDK12. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1557371 - Review Request: java-openjdk - rolling release for short term support OpenJDK https://bugzilla.redhat.com/show_bug.cgi?id=1557371 -------------------------------------------------------------------------------- ================================================================================ nagios-4.4.3-1.el7 (FEDORA-EPEL-2019-d661b588d2) Host/service/network monitoring program -------------------------------------------------------------------------------- Update Information: Incorporate many fixes from Justin Paulsen <petaris@xxxxxxxxx> THANKS!!! ---- Updates to nagios-4.4.2 which is a major update. Fixes CVE's CVE-2018-13441 CVE-2016-8641 ---- Remove section which unset nagios Fix BZ#1568273 ---- Fix systemd failures due to old versioning. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 16 2019 Stephen Smoogen <smooge@xxxxxxxxxxxxxxxxx> - 4.4.3-1 - Incorporate many fixes from Justin Paulsen <petaris@xxxxxxxxx> THANKS!!! - Update to 4.4.3 for CVE fixes - BZ#1661479 - BZ#1661480 - BZ#1665200 - BZ#1665201 - BZ#1665206 - BZ#1665207 - BZ#1665209 - BZ#1665210 - Fix BZ#1666209 Add RuntimeDirectory too systemd * Fri Nov 30 2018 Stephen Smoogen <smooge@xxxxxxxxxxxxxxxxx> - 4.4.2-3 - Remove systemd startup since built in works properly - Incorporate fixes from patch14 into patch9 * Thu Nov 29 2018 Stephen Smoogen <smooge@xxxxxxxxxxxxxxxxx> - 4.4.2-2 - Fix init-type and initdir for systemd and sysv * Wed Nov 28 2018 Justin Paulsen <petaris@xxxxxxxxx> 4.4.2-1 - Bumped to version 4.4.2 - Updated patches 0001,0002,0003,0006,0009,0010,0011 to reflect upstream changes - Updates to nagios.spec (this file) to cleanup un-needed elements and adjust/fix as required - As a result of the cleanup I have added a patch nagios-0014-fix-resource.cfg-path.patch * Tue Jul 24 2018 Stephen Smoogen <smooge@xxxxxxxxxxxxxxxxx> - 4.3.4-13 - Remove section which unset nagios Fix BZ#1568273 - Remove /etc/nagios/conf.d Fix BZ#1504306 - Change perms on dir Fix BZ#1579935 - Close BZ#1273154 - Hopefully Fix BZ#1201849 - Hopefully Fix BZ#1476238 - Hopefully Fix BZ#1494292 * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.3.4-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Jun 28 2018 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.3.4-11 - Perl 5.28 rebuild * Thu Apr 26 2018 Stephen Smoogen <smooge@xxxxxxxxxxxxxxxxx> - 4.3.4-10 - Fix systemd failures due to old versioning. * Tue Feb 20 2018 Stephen Smoogen <smooge@xxxxxxxxxxxxxxxxx> - 4.3.4-9 - Add buildrequires for gcc * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.3.4-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Fri Nov 24 2017 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 4.3.4-7 - Fix initscript stop action for RHEL/CentOS 6 (#1515445 #c11) * Fri Nov 24 2017 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 4.3.4-6 - Fix shell syntax error in initscript for RHEL/CentOS 6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1661479 - CVE-2018-18245 nagios: Stored XSS via Plugin Output [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1661479 [ 2 ] Bug #1661480 - CVE-2018-18245 nagios: Stored XSS via Plugin Output [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1661480 [ 3 ] Bug #1665200 - CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1665200 [ 4 ] Bug #1665201 - CVE-2018-13441 nagios: NULL pointer dereference in qh_help in base/query-handler.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1665201 [ 5 ] Bug #1665206 - CVE-2018-13457 nagios: NULL pointer dereference in qh_echo in base/query-handler.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1665206 [ 6 ] Bug #1665207 - CVE-2018-13457 nagios: NULL pointer dereference in qh_echo in base/query-handler.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1665207 [ 7 ] Bug #1665209 - CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1665209 [ 8 ] Bug #1665210 - CVE-2018-13458 nagios: NULL pointer dereference in qh_core in base/query-handler.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1665210 [ 9 ] Bug #1666209 - Nagios cannot start after system reboot because of missing directory https://bugzilla.redhat.com/show_bug.cgi?id=1666209 [ 10 ] Bug #1593048 - nagios-4.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1593048 [ 11 ] Bug #1647765 - Memory leak in nagios https://bugzilla.redhat.com/show_bug.cgi?id=1647765 [ 12 ] Bug #1482407 - nagios-4.3.2-8.el7 crash caused by (potential) result size issue in wproc https://bugzilla.redhat.com/show_bug.cgi?id=1482407 [ 13 ] Bug #1506423 - Nagios regularly crashes with SIGSEGV after couple of weeks of starting. https://bugzilla.redhat.com/show_bug.cgi?id=1506423 [ 14 ] Bug #1592594 - nagios spool files in wrong location by default, causing SELinux violations https://bugzilla.redhat.com/show_bug.cgi?id=1592594 [ 15 ] Bug #1568273 - Nagios service disabled after each update https://bugzilla.redhat.com/show_bug.cgi?id=1568273 [ 16 ] Bug #1504306 - minor packaging improvements https://bugzilla.redhat.com/show_bug.cgi?id=1504306 [ 17 ] Bug #1579935 - nagios-common permissions issue with /usr/lib64/nagios/plugins directory https://bugzilla.redhat.com/show_bug.cgi?id=1579935 [ 18 ] Bug #1273154 - RFE: Remove Nagios version check warning messages https://bugzilla.redhat.com/show_bug.cgi?id=1273154 [ 19 ] Bug #1201849 - Support an environment file in the systemd unit file https://bugzilla.redhat.com/show_bug.cgi?id=1201849 [ 20 ] Bug #1476238 - EPEL6 update to 4.3.2 causes information leak to google via embedded youtube https://bugzilla.redhat.com/show_bug.cgi?id=1476238 [ 21 ] Bug #1494292 - file ownership problem between nagios and nagios-contrib https://bugzilla.redhat.com/show_bug.cgi?id=1494292 [ 22 ] Bug #1517925 - Updating nagios package causes nagios service to be disabled. https://bugzilla.redhat.com/show_bug.cgi?id=1517925 -------------------------------------------------------------------------------- ================================================================================ python-kubernetes-8.0.0-6.el7 (FEDORA-EPEL-2019-2a28713541) Python client for the kubernetes API. -------------------------------------------------------------------------------- Update Information: Initial release of python-kubernetes for EPEL -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
