The following Fedora EPEL 8 Security updates need testing: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-13c6cbc484 python-gnupg-0.4.6-1.el8 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-2f1d845c76 python-rsa-3.4.2-15.el8 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-9239b6fa50 botan2-2.12.1-2.el8 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ff58160b15 libslirp-4.3.1-1.el8 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-672e6676c7 seamonkey-2.53.3-1.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-12d0e14fab cacti-1.2.13-1.el8 cacti-spine-1.2.13-1.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-1c906e59bb mbedtls-2.16.7-1.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-442e619b4a singularity-3.6.0-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-31b5963358 tor-0.4.3.6-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a0f28fffcf bashtop-0.9.24-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing clamav-0.102.4-1.el8 hxtools-20150304-10.el8 libHX-3.22-12.el8 pam_mount-2.16-10.el8 python-pytest-arraydiff-0.3-6.el8 python-pytest-astropy-0.5.0-4.el8 python-pytest-doctestplus-0.5.0-1.el8 python-pytest-openfiles-0.4.0-1.el8 python-pytest-remotedata-0.3.2-1.el8 Details about builds: ================================================================================ clamav-0.102.4-1.el8 (FEDORA-EPEL-2020-cf34e230c7) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information: ClamAV 0.102.4 is a bug patch release to address the following issues: CVE-2020-3350 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350> Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc. For more information about AV quarantine attacks using links, see RACK911 Lab's report <https://www.rack911labs.com/research/exploiting-almost-every-antivirus- software>. CVE-2020-3327 <https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2020-3327> Fixed a vulnerability in the ARJ archive- parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue. CVE-2020-3481 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481> Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 17 2020 Orion Poplawski <orion@xxxxxxxx> - 0.102.4-1 - Update to 0.102.4 (bz#1857867,1858262,1858263,1858265,1858266) - Security fixes CVE-2020-3327 CVE-2020-3350 CVE-2020-3481 * Thu May 28 2020 Orion Poplawski <orion@xxxxxxxx> - 0.102.3-2 - Update clamd README file (bz#1798369) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1858261 - CVE-2020-3350 clamav: malicious user exploit to replace scan target's directory with symlink https://bugzilla.redhat.com/show_bug.cgi?id=1858261 [ 2 ] Bug #1858264 - CVE-2020-3481 clamav: improper error handling causing crash due to NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1858264 -------------------------------------------------------------------------------- ================================================================================ hxtools-20150304-10.el8 (FEDORA-EPEL-2020-3a77a398c3) A collection of several tools -------------------------------------------------------------------------------- Update Information: Add pam_mount and its dependencies hxtools and libHX to EPEL 8 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1831692 - Please build pam_mount for epel 8 https://bugzilla.redhat.com/show_bug.cgi?id=1831692 -------------------------------------------------------------------------------- ================================================================================ libHX-3.22-12.el8 (FEDORA-EPEL-2020-3a77a398c3) Useful collection of routines for C and C++ programming -------------------------------------------------------------------------------- Update Information: Add pam_mount and its dependencies hxtools and libHX to EPEL 8 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1831692 - Please build pam_mount for epel 8 https://bugzilla.redhat.com/show_bug.cgi?id=1831692 -------------------------------------------------------------------------------- ================================================================================ pam_mount-2.16-10.el8 (FEDORA-EPEL-2020-3a77a398c3) A PAM module that can mount volumes for a user session -------------------------------------------------------------------------------- Update Information: Add pam_mount and its dependencies hxtools and libHX to EPEL 8 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1831692 - Please build pam_mount for epel 8 https://bugzilla.redhat.com/show_bug.cgi?id=1831692 -------------------------------------------------------------------------------- ================================================================================ python-pytest-arraydiff-0.3-6.el8 (FEDORA-EPEL-2020-852f880a42) The py.test arraydiff plugin -------------------------------------------------------------------------------- Update Information: Initial EPEL8 package for pytest-arraydiff -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1839559 - Please build python-pytest-arraydiff for EPEL8 https://bugzilla.redhat.com/show_bug.cgi?id=1839559 -------------------------------------------------------------------------------- ================================================================================ python-pytest-astropy-0.5.0-4.el8 (FEDORA-EPEL-2020-e98f78af82) The py.test astropy plugin -------------------------------------------------------------------------------- Update Information: Initial EPEL8 package -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1839558 - Please build python-pytest-astropy for EPEL8 https://bugzilla.redhat.com/show_bug.cgi?id=1839558 -------------------------------------------------------------------------------- ================================================================================ python-pytest-doctestplus-0.5.0-1.el8 (FEDORA-EPEL-2020-6e520b544d) The py.test doctestplus plugin -------------------------------------------------------------------------------- Update Information: Initial EPEL8 package -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1839560 - Please build python-pytest-doctestplus for EPEL8 https://bugzilla.redhat.com/show_bug.cgi?id=1839560 -------------------------------------------------------------------------------- ================================================================================ python-pytest-openfiles-0.4.0-1.el8 (FEDORA-EPEL-2020-a9d4555e51) The py.test openfiles plugin -------------------------------------------------------------------------------- Update Information: Initial EPEL8 package -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1839561 - Please build python-pytest-openfiles for EPEL8 https://bugzilla.redhat.com/show_bug.cgi?id=1839561 -------------------------------------------------------------------------------- ================================================================================ python-pytest-remotedata-0.3.2-1.el8 (FEDORA-EPEL-2020-3ae64ea8b6) The py.test remotedata plugin -------------------------------------------------------------------------------- Update Information: Initial EPEL8 package for pytest-remotedata -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1839562 - Please build python-pytest-remotedata for EPEL8 https://bugzilla.redhat.com/show_bug.cgi?id=1839562 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
