The following Fedora EPEL 7 Security updates need testing: Age URL 485 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 227 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 224 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-72ead04703 proftpd-1.3.5e-8.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-cd462a69ad python3-requests-2.14.2-2.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-eb770d67f7 knot-resolver-4.3.0-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-de07c8591e cacti-1.2.8-1.el7 cacti-spine-1.2.8-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing chromium-79.0.3945.79-1.el7 hitch-1.5.2-1.el7 libuv-1.34.0-1.el7 nsd-4.2.4-1.el7 perl-Lchown-1.01-14.el7 rsnapshot-1.4.3-1.el7 spectre-meltdown-checker-0.43-1.el7 Details about builds: ================================================================================ chromium-79.0.3945.79-1.el7 (FEDORA-EPEL-2019-ad1ffea646) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is: CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 10 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 79.0.3945.79-1 - update to 79.0.3945.79 * Wed Dec 4 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 79.0.3945.56-2 - fix lib provides filtering * Tue Dec 3 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 79.0.3945.56-1 - update to current beta (rawhide only) - switch to upstream patch for clock_nanosleep fix -------------------------------------------------------------------------------- References: [ 1 ] Bug #1782008 - CVE-2019-13763 chromium-browser: Insufficient policy enforcement in payments https://bugzilla.redhat.com/show_bug.cgi?id=1782008 [ 2 ] Bug #1782004 - CVE-2019-13757 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1782004 [ 3 ] Bug #1782007 - CVE-2019-13762 chromium-browser: Insufficient policy enforcement in downloads https://bugzilla.redhat.com/show_bug.cgi?id=1782007 [ 4 ] Bug #1782006 - CVE-2019-13761 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1782006 [ 5 ] Bug #1782005 - CVE-2019-13759 chromium-browser: Incorrect security UI in interstitials https://bugzilla.redhat.com/show_bug.cgi?id=1782005 [ 6 ] Bug #1782003 - CVE-2019-13756 chromium-browser: Incorrect security UI in printing https://bugzilla.redhat.com/show_bug.cgi?id=1782003 [ 7 ] Bug #1781999 - CVE-2019-13752 chromium-browser: Out of bounds read in SQLite https://bugzilla.redhat.com/show_bug.cgi?id=1781999 [ 8 ] Bug #1782002 - CVE-2019-13755 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1782002 [ 9 ] Bug #1782000 - CVE-2019-13753 chromium-browser: Out of bounds read in SQLite https://bugzilla.redhat.com/show_bug.cgi?id=1782000 [ 10 ] Bug #1782001 - CVE-2019-13754 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1782001 [ 11 ] Bug #1781998 - CVE-2019-13751 chromium-browser: Uninitialized Use in SQLite https://bugzilla.redhat.com/show_bug.cgi?id=1781998 [ 12 ] Bug #1781997 - CVE-2019-13750 chromium-browser: Insufficient data validation in SQLite https://bugzilla.redhat.com/show_bug.cgi?id=1781997 [ 13 ] Bug #1781992 - CVE-2019-13746 chromium-browser: Insufficient policy enforcement in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781992 [ 14 ] Bug #1781995 - CVE-2019-13749 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781995 [ 15 ] Bug #1781991 - CVE-2019-13745 chromium-browser: Insufficient policy enforcement in audio https://bugzilla.redhat.com/show_bug.cgi?id=1781991 [ 16 ] Bug #1781994 - CVE-2019-13748 chromium-browser: Insufficient policy enforcement in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1781994 [ 17 ] Bug #1781993 - CVE-2019-13747 chromium-browser: Uninitialized Use in rendering https://bugzilla.redhat.com/show_bug.cgi?id=1781993 [ 18 ] Bug #1781989 - CVE-2019-13742 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781989 [ 19 ] Bug #1781987 - CVE-2019-13740 chromium-browser: Incorrect security UI in sharing https://bugzilla.redhat.com/show_bug.cgi?id=1781987 [ 20 ] Bug #1781990 - CVE-2019-13743 chromium-browser: Incorrect security UI in external protocol handling https://bugzilla.redhat.com/show_bug.cgi?id=1781990 [ 21 ] Bug #1781985 - CVE-2019-13738 chromium-browser: Insufficient policy enforcement in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1781985 [ 22 ] Bug #1781988 - CVE-2019-13741 chromium-browser: Insufficient validation of untrusted input in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1781988 [ 23 ] Bug #1781986 - CVE-2019-13739 chromium-browser: Incorrect security UI in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1781986 [ 24 ] Bug #1781984 - CVE-2019-13737 chromium-browser: Insufficient policy enforcement in autocomplete https://bugzilla.redhat.com/show_bug.cgi?id=1781984 [ 25 ] Bug #1781983 - CVE-2019-13736 chromium-browser: Integer overflow in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1781983 [ 26 ] Bug #1781982 - CVE-2019-13764 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781982 [ 27 ] Bug #1781981 - CVE-2019-13735 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781981 [ 28 ] Bug #1781980 - CVE-2019-13734 chromium-browser: Out of bounds write in SQLite https://bugzilla.redhat.com/show_bug.cgi?id=1781980 [ 29 ] Bug #1781979 - CVE-2019-13732 chromium-browser: Use after free in WebAudio https://bugzilla.redhat.com/show_bug.cgi?id=1781979 [ 30 ] Bug #1781978 - CVE-2019-13730 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781978 [ 31 ] Bug #1781975 - CVE-2019-13727 chromium-browser: Insufficient policy enforcement in WebSockets https://bugzilla.redhat.com/show_bug.cgi?id=1781975 [ 32 ] Bug #1781977 - CVE-2019-13729 chromium-browser: Use after free in WebSockets https://bugzilla.redhat.com/show_bug.cgi?id=1781977 [ 33 ] Bug #1781976 - CVE-2019-13728 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1781976 [ 34 ] Bug #1781974 - CVE-2019-13726 chromium-browser: Heap buffer overflow in password manager https://bugzilla.redhat.com/show_bug.cgi?id=1781974 [ 35 ] Bug #1782021 - CVE-2019-13744 chromium-browser: Insufficient policy enforcement in cookies https://bugzilla.redhat.com/show_bug.cgi?id=1782021 [ 36 ] Bug #1782017 - CVE-2019-13758 chromium-browser: Insufficient policy enforcement in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1782017 [ 37 ] Bug #1781973 - CVE-2019-13725 chromium-browser: Use after free in Bluetooth https://bugzilla.redhat.com/show_bug.cgi?id=1781973 -------------------------------------------------------------------------------- ================================================================================ hitch-1.5.2-1.el7 (FEDORA-EPEL-2019-0be7890e83) Network proxy that terminates TLS/SSL connections -------------------------------------------------------------------------------- Update Information: New upstream releases 1.5.1 and 1.5.2. From the upstream changelog: * Support for TCP Fast Open. It is disabled by default * Various code cleanups and minor bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 27 2019 Ingvar Hagelund <ingvar@xxxxxxxxxxxxxxxxxx> - 1.5.2-1 - New upstream release - Removed patches merged upstream * Tue Nov 26 2019 Ingvar Hagelund <ingvar@xxxxxxxxxxxxxxxxxx> - 1.5.1-1 - New upstream release - Added a patch working around upstream bug #322 - Example config now sets debug-level=1 and logs to syslog -------------------------------------------------------------------------------- ================================================================================ libuv-1.34.0-1.el7 (FEDORA-EPEL-2019-39eb4afe6e) Platform layer for node.js -------------------------------------------------------------------------------- Update Information: Update to libuv 1.34.0 https://github.com/libuv/libuv/blob/v1.34.0/ChangeLog ---- Update to Node.js upstream release 12.13.1 https://nodejs.org/en/blog/release/v12.13.1/ Also fixes an issue where running `npm -g` was risky on RPM-installed systems. Fedora's packaged NPM will now install global content in /usr/local instead of /usr where it could conflict with RPM-provided versions. -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 6 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.34.0-1 - Update to 1.34.0 - https://github.com/libuv/libuv/blob/v1.34.0/ChangeLog * Mon Dec 2 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.33.1-1 - Update to 1.33.1 - Drop upstreamed patch - https://github.com/libuv/libuv/blob/v1.33.1/ChangeLog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1779518 - libuv-1.34.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1779518 [ 2 ] Bug #1690818 - nodejs-12.3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1690818 [ 3 ] Bug #1565256 - NPM permanently breaks after "npm update -g" https://bugzilla.redhat.com/show_bug.cgi?id=1565256 -------------------------------------------------------------------------------- ================================================================================ nsd-4.2.4-1.el7 (FEDORA-EPEL-2019-de62919a55) Fast and lean authoritative DNS Name Server -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1772468 nsd-4.2.4 is available -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 11 2019 Paul Wouters <pwouters@xxxxxxxxxx> - 4.2.4-1 - Resolves: rhbz#1772468 nsd-4.2.4 is available - Updated nsd.conf page for new upstream option(s) - Properly mark license file. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1772468 - nsd-4.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1772468 -------------------------------------------------------------------------------- ================================================================================ perl-Lchown-1.01-14.el7 (FEDORA-EPEL-2019-eb06b4c644) Use the lchown(2) system call from Perl -------------------------------------------------------------------------------- Update Information: Added the package to EPEL branches -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 26 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.01-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri May 31 2019 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.01-13 - Perl 5.30 rebuild * Fri Feb 1 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.01-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.01-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Jun 28 2018 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.01-10 - Perl 5.28 rebuild * Fri Mar 2 2018 Petr Pisar <ppisar@xxxxxxxxxx> - 1.01-9 - Adapt to removing GCC from a build root (bug #1547165) * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.01-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.01-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.01-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sun Jun 4 2017 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.01-5 - Perl 5.26 rebuild * Sat Feb 11 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.01-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Sun May 15 2016 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.01-3 - Perl 5.24 rebuild * Thu Feb 4 2016 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.01-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Mon Feb 1 2016 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.01-1 - Initial release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1781826 - Please build perl-Lchown for EPEL 6, 7 and 8 https://bugzilla.redhat.com/show_bug.cgi?id=1781826 -------------------------------------------------------------------------------- ================================================================================ rsnapshot-1.4.3-1.el7 (FEDORA-EPEL-2019-6f33b901f5) Local and remote filesystem snapshot utility -------------------------------------------------------------------------------- Update Information: - Upgrade to 1.4.3 (#1443553, #1646191, #1741427) - Extend spec file compatibility to cover RHEL/CentOS 6 - Add run-time requirement for perl(Lchown) (#1494775) -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 11 2019 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 1.4.3-1 - Upgrade to 1.4.3 (#1443553, #1646191, #1741427) - Extend spec file compatibility to cover RHEL/CentOS 6 - Add run-time requirement for perl(Lchown) (#1494775) * Fri Jul 26 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Sat Feb 2 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Sat Jul 14 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Feb 9 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sat Feb 11 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1782091 - rsnapshot 1.4.3 available. Please build for EL7 (and EL8) https://bugzilla.redhat.com/show_bug.cgi?id=1782091 [ 2 ] Bug #1646191 - Please include latest rsnapshot version (with PR #179 merged) https://bugzilla.redhat.com/show_bug.cgi?id=1646191 [ 3 ] Bug #1741427 - Restore rsync error code 23 as an important warning https://bugzilla.redhat.com/show_bug.cgi?id=1741427 [ 4 ] Bug #1443553 - Backups fail when configuration has mixed lvm and non-lvm backup points https://bugzilla.redhat.com/show_bug.cgi?id=1443553 [ 5 ] Bug #1494775 - rsnapshot seems to require perl-Lchown https://bugzilla.redhat.com/show_bug.cgi?id=1494775 -------------------------------------------------------------------------------- ================================================================================ spectre-meltdown-checker-0.43-1.el7 (FEDORA-EPEL-2019-0e780ac343) Spectre & Meltdown vulnerability/mitigation checker for Linux -------------------------------------------------------------------------------- Update Information: Update to 0.43. Changes: * feat: implement TAA detection (CVE-2019-11135) * feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207) * feat: taa: add TSX_CTRL MSR detection in hardware info * feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database * feat: use `--live` with `--kernel`/`--config`/`--map` to override file detection in live mode * enh: rework the vuln logic of MDS with `--paranoid` (fixes [#307](https://github.com/speed47/spectre-meltdown-checker/issues/307)) * enh: explain that Enhanced IBRS is better for performance than classic IBRS * enh: kernel: autodetect customized arch kernels from cmdline * enh: kernel decompression: better tolerance against missing tools * enh: mock: implement reading from `/proc/cmdline` * fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a * fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes) * fix: lockdown: detect locked down mode in vanilla 5.4+ kernels * fix: sgx: on locked down kernels, fallback to CPUID bit for detection * fix: fwdb: builtin version takes precedence if the local cached version is older * fix: pteinv: don't check kernel image if not available * fix: silence useless error from grep (fixes [#322](https://github.com/speed47/spectre- meltdown-checker/issues/322)) * fix: msr: fix msr module detection under Ubuntu 19.10 (fixes [#316](https://github.com/speed47/spectre-meltdown- checker/issues/316)) * fix: mocking value for read_msr * chore: rename mcedb cmdline parameters to fwdb, and change db version scheme * chore: fwdb: update to v130.20191104+i20191027 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 11 2019 Reto Gantenbein <reto.gantenbein@xxxxxxxxxxxx> - 0.43-1 - Update to 0.43 * Fri Jul 26 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.42-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
