The following Fedora EPEL 6 Security updates need testing: Age URL 35 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-06b243cced guacamole-server-1.0.0-1.el6 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-62f9745b71 drupal7-7.65-1.el6 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-13e2a65b5e wordpress-5.1.1-4.el6 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8d5207833a ntfs-3g-2017.3.23-11.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing ansible-2.6.16-1.el6 clamav-0.100.3-1.el6 ninja-build-1.7.2-2.el6 singularity-3.1.1-1.el6 Details about builds: ================================================================================ ansible-2.6.16-1.el6 (FEDORA-EPEL-2019-c78aa6fc8b) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Update to 2.6.16 bugfix release. See https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst for more information. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 4 2019 Kevin Fenzi <kevin@xxxxxxxxx> - 2.6.16-1 - Update to 2.6.16. -------------------------------------------------------------------------------- ================================================================================ clamav-0.100.3-1.el6 (FEDORA-EPEL-2019-9c8cf7e4be) Anti-virus software -------------------------------------------------------------------------------- Update Information: ClamAV 0.100.3 ============== ClamAV 0.100.3 is a patch release to address a few security related bugs. This patch release is being released alongside the 0.101.2 patch so that users who are unable to upgrade to 0.101 due to libclamav API changes are protected. The bug fixes in this release are limited to security-related bugs only. Users are encouraged to upgrade to 0.101.2 for additional improvements. - Fixes for the following vulnerabilities: - CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. - CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. - CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. Thank you to the Google OSS-Fuzz project for identifying and reporting the bugs patched in this release. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 5 2019 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 0.100.3-1 - Upgrade to 0.100.3 (#1696106, #1696110, #1696116) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1696116 - CVE-2019-1788 clamav: out-of-bounds heap write when scanning OLE2 files https://bugzilla.redhat.com/show_bug.cgi?id=1696116 [ 2 ] Bug #1696110 - CVE-2019-1789 clamav: out-of-bounds heap read when scanning PE files https://bugzilla.redhat.com/show_bug.cgi?id=1696110 [ 3 ] Bug #1696106 - CVE-2019-1787 clamav: out-of-bounds heap read when scanning PDF documents https://bugzilla.redhat.com/show_bug.cgi?id=1696106 -------------------------------------------------------------------------------- ================================================================================ ninja-build-1.7.2-2.el6 (FEDORA-EPEL-2019-76763433e3) A small build system with a focus on speed -------------------------------------------------------------------------------- Update Information: Initial EL6 package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1695759 - ninja-build: build for EPEL6 https://bugzilla.redhat.com/show_bug.cgi?id=1695759 -------------------------------------------------------------------------------- ================================================================================ singularity-3.1.1-1.el6 (FEDORA-EPEL-2019-1069e1d162) Application and environment virtualization -------------------------------------------------------------------------------- Update Information: Update to upstream 3.1.1-1 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 2 2019 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 3.1.1-1 - Update to upstream 3.1.1-1 * Mon Feb 25 2019 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 3.1.0-1 - Update to upstream 3.1.0-1 * Tue Jan 22 2019 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 3.0.3-1 - Update to upstream 3.0.3-1 release. * Fri Jan 18 2019 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 3.0.3-rc2 - Update to upstream 3.0.3-rc2 * Wed Jan 16 2019 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 3.0.3-rc1 - Update to upstream 3.0.3-rc1 * Wed Jan 9 2019 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 3.0.2-1.2 - Add patch for PR 2531 * Mon Jan 7 2019 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 3.0.2-1.1 - Update to upstream 3.0.2 - Added patches for PRs 2472, 2478, 2481 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1693909 - singularity-3.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1693909 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
