Fedora EPEL 8 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora EPEL 8 Security updates need testing:
 Age  URL
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-13c6cbc484   python-gnupg-0.4.6-1.el8
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-2f1d845c76   python-rsa-3.4.2-15.el8
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-9239b6fa50   botan2-2.12.1-2.el8
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ff58160b15   libslirp-4.3.1-1.el8
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-672e6676c7   seamonkey-2.53.3-1.el8
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-12d0e14fab   cacti-1.2.13-1.el8 cacti-spine-1.2.13-1.el8
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-1c906e59bb   mbedtls-2.16.7-1.el8
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-442e619b4a   singularity-3.6.0-1.el8
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-31b5963358   tor-0.4.3.6-1.el8
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a0f28fffcf   bashtop-0.9.24-1.el8


The following builds have been pushed to Fedora EPEL 8 updates-testing

    clamav-0.102.4-1.el8
    hxtools-20150304-10.el8
    libHX-3.22-12.el8
    pam_mount-2.16-10.el8
    python-pytest-arraydiff-0.3-6.el8
    python-pytest-astropy-0.5.0-4.el8
    python-pytest-doctestplus-0.5.0-1.el8
    python-pytest-openfiles-0.4.0-1.el8
    python-pytest-remotedata-0.3.2-1.el8

Details about builds:


================================================================================
 clamav-0.102.4-1.el8 (FEDORA-EPEL-2020-cf34e230c7)
 End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:

ClamAV 0.102.4 is a bug patch release to address the following issues:
CVE-2020-3350 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350>
Fixed a vulnerability a malicious user could exploit to replace a scan target's
directory with a symlink to another path to trick clamscan, clamdscan, or
clamonacc into removing or moving a different file (such as a critical system
file). The issue would affect users that use the --move or --remove options for
clamscan, clamdscan and clamonacc.  For more information about AV quarantine
attacks using links, see RACK911 Lab's report
<https://www.rack911labs.com/research/exploiting-almost-every-antivirus-
software>.  CVE-2020-3327 <https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2020-3327> Fixed a vulnerability in the ARJ archive-
parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS)
condition. Improper bounds checking resulted in an out-of-bounds read that could
cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete.
This fix correctly resolves the issue.  CVE-2020-3481
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481> Fixed a
vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could
cause a denial-of-service (DoS) condition. Improper error handling could cause a
crash due to a NULL pointer dereference. This vulnerability is mitigated for
those using the official ClamAV signature databases because the file type
signatures in daily.cvd will not enable the EGG archive parser in affected
versions.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 17 2020 Orion Poplawski <orion@xxxxxxxx> - 0.102.4-1
- Update to 0.102.4 (bz#1857867,1858262,1858263,1858265,1858266)
- Security fixes CVE-2020-3327 CVE-2020-3350 CVE-2020-3481
* Thu May 28 2020 Orion Poplawski <orion@xxxxxxxx> - 0.102.3-2
- Update clamd README file (bz#1798369)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1858261 - CVE-2020-3350 clamav: malicious user exploit to replace scan target's directory with symlink
        https://bugzilla.redhat.com/show_bug.cgi?id=1858261
  [ 2 ] Bug #1858264 - CVE-2020-3481 clamav: improper error handling causing crash due to NULL pointer dereference
        https://bugzilla.redhat.com/show_bug.cgi?id=1858264
--------------------------------------------------------------------------------


================================================================================
 hxtools-20150304-10.el8 (FEDORA-EPEL-2020-3a77a398c3)
 A collection of several tools
--------------------------------------------------------------------------------
Update Information:

Add pam_mount and its dependencies hxtools and libHX to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1831692 - Please build pam_mount for epel 8
        https://bugzilla.redhat.com/show_bug.cgi?id=1831692
--------------------------------------------------------------------------------


================================================================================
 libHX-3.22-12.el8 (FEDORA-EPEL-2020-3a77a398c3)
 Useful collection of routines for C and C++ programming
--------------------------------------------------------------------------------
Update Information:

Add pam_mount and its dependencies hxtools and libHX to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1831692 - Please build pam_mount for epel 8
        https://bugzilla.redhat.com/show_bug.cgi?id=1831692
--------------------------------------------------------------------------------


================================================================================
 pam_mount-2.16-10.el8 (FEDORA-EPEL-2020-3a77a398c3)
 A PAM module that can mount volumes for a user session
--------------------------------------------------------------------------------
Update Information:

Add pam_mount and its dependencies hxtools and libHX to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1831692 - Please build pam_mount for epel 8
        https://bugzilla.redhat.com/show_bug.cgi?id=1831692
--------------------------------------------------------------------------------


================================================================================
 python-pytest-arraydiff-0.3-6.el8 (FEDORA-EPEL-2020-852f880a42)
 The py.test arraydiff plugin
--------------------------------------------------------------------------------
Update Information:

Initial EPEL8 package for pytest-arraydiff
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1839559 - Please build python-pytest-arraydiff for EPEL8
        https://bugzilla.redhat.com/show_bug.cgi?id=1839559
--------------------------------------------------------------------------------


================================================================================
 python-pytest-astropy-0.5.0-4.el8 (FEDORA-EPEL-2020-e98f78af82)
 The py.test astropy plugin
--------------------------------------------------------------------------------
Update Information:

Initial EPEL8 package
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1839558 - Please build python-pytest-astropy for EPEL8
        https://bugzilla.redhat.com/show_bug.cgi?id=1839558
--------------------------------------------------------------------------------


================================================================================
 python-pytest-doctestplus-0.5.0-1.el8 (FEDORA-EPEL-2020-6e520b544d)
 The py.test doctestplus plugin
--------------------------------------------------------------------------------
Update Information:

Initial EPEL8 package
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1839560 - Please build python-pytest-doctestplus for EPEL8
        https://bugzilla.redhat.com/show_bug.cgi?id=1839560
--------------------------------------------------------------------------------


================================================================================
 python-pytest-openfiles-0.4.0-1.el8 (FEDORA-EPEL-2020-a9d4555e51)
 The py.test openfiles plugin
--------------------------------------------------------------------------------
Update Information:

Initial EPEL8 package
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1839561 - Please build python-pytest-openfiles for EPEL8
        https://bugzilla.redhat.com/show_bug.cgi?id=1839561
--------------------------------------------------------------------------------


================================================================================
 python-pytest-remotedata-0.3.2-1.el8 (FEDORA-EPEL-2020-3ae64ea8b6)
 The py.test remotedata plugin
--------------------------------------------------------------------------------
Update Information:

Initial EPEL8 package for pytest-remotedata
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1839562 - Please build python-pytest-remotedata for EPEL8
        https://bugzilla.redhat.com/show_bug.cgi?id=1839562
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux