The following Fedora EPEL 7 Security updates need testing: Age URL 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e816cf1fbc containerd-1.2.14-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a5abe545c6 wordpress-5.1.8-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-aeaf0b9bc0 pngcheck-2.4.0-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing IP2Location-8.3.1-3.el7 anope-2.0.9-2.el7 chromium-86.0.4240.183-1.el7 ipv6calc-3.0.0-47.el7 python-pyghmi-1.0.44-1.el7 python-pyspf-2.0.14-12.el7 unrealircd-5.0.7-2.el7 Details about builds: ================================================================================ IP2Location-8.3.1-3.el7 (FEDORA-EPEL-2020-788aca744e) C library for mapping IP address to geolocation information -------------------------------------------------------------------------------- Update Information: update to 8.3.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 9 2020 Peter Bieringer <pb@xxxxxxxxxxxx> - 8.3.1-1 - update to 8.3.1 * Sat Nov 7 2020 Peter Bieringer <pb@xxxxxxxxxxxx> - 8.3.0-2 - update to commit 7b074becd59cf8c574190e49ce097640a2cfefd7 - add new 'ip2location' binary * Fri Oct 30 2020 Remi Collet <remi@xxxxxxxxxxxx> - 8.3.0-1 - update to 8.3.0 -------------------------------------------------------------------------------- ================================================================================ anope-2.0.9-2.el7 (FEDORA-EPEL-2020-effe7b6243) IRC services designed for flexibility and ease of use -------------------------------------------------------------------------------- Update Information: Anope is a set of IRC services forked from Epona early 2003 to pick up where Epona had been abandoned. It offers various services clients to maintain an IRC network: NickServ, ChanServ, MemoServ, OperServ, BotServ and HostServ as well as less often used services clients like HelpServ, DevNull and Global. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1890821 - Review Request: anope - IRC services designed for flexibility and ease of use https://bugzilla.redhat.com/show_bug.cgi?id=1890821 -------------------------------------------------------------------------------- ================================================================================ chromium-86.0.4240.183-1.el7 (FEDORA-EPEL-2020-f16789146a) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Update to 86.0.4240.183. Fixes the following security issues: CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009 Also disables the very verbose output going to stdout. ---- Update to Chromium 86. A few big things here: 1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium: chrome://flags/#enable-accelerated-video-decode Be sure it is turned on. Note that not all GPUs are supported. 2. All the security fixes you expect with a major release: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 3. The EPEL-7 build no longer requires minizip, because Red Hat removed that package in RHEL 7.9. 4. Without bats acting as pollinators, agave and cacao plants would struggle. That means that bats are responsible for tequila and chocolate. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 4 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.183-1 - update to 86.0.4240.183 * Mon Nov 2 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.111-2 - fix conditional typo that was causing console logging to be turned on * Wed Oct 21 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.111-1 - update to 86.0.4240.111 * Tue Oct 20 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.75-2 - use bundled zlib/minizip on el7 (thanks Red Hat. :P) * Wed Oct 14 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.75-1 - update to 86.0.4240.75 * Mon Sep 28 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 85.0.4183.121-2 - rebuild for libevent -------------------------------------------------------------------------------- References: [ 1 ] Bug #1885883 - CVE-2020-15967 chromium-browser: Use after free in payments https://bugzilla.redhat.com/show_bug.cgi?id=1885883 [ 2 ] Bug #1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885884 [ 3 ] Bug #1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1885885 [ 4 ] Bug #1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC https://bugzilla.redhat.com/show_bug.cgi?id=1885886 [ 5 ] Bug #1885887 - CVE-2020-15971 chromium-browser: Use after free in printing https://bugzilla.redhat.com/show_bug.cgi?id=1885887 [ 6 ] Bug #1885888 - CVE-2020-15972 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1885888 [ 7 ] Bug #1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=1885889 [ 8 ] Bug #1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager https://bugzilla.redhat.com/show_bug.cgi?id=1885890 [ 9 ] Bug #1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1885891 [ 10 ] Bug #1885892 - CVE-2020-15974 chromium-browser: Integer overflow in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885892 [ 11 ] Bug #1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=1885893 [ 12 ] Bug #1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR https://bugzilla.redhat.com/show_bug.cgi?id=1885894 [ 13 ] Bug #1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking https://bugzilla.redhat.com/show_bug.cgi?id=1885896 [ 14 ] Bug #1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs https://bugzilla.redhat.com/show_bug.cgi?id=1885897 [ 15 ] Bug #1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1885899 [ 16 ] Bug #1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1885901 [ 17 ] Bug #1885902 - CVE-2020-15980 chromium-browser: Insufficient policy enforcement in Intents https://bugzilla.redhat.com/show_bug.cgi?id=1885902 [ 18 ] Bug #1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in audio https://bugzilla.redhat.com/show_bug.cgi?id=1885903 [ 19 ] Bug #1885904 - CVE-2020-15982 chromium-browser: Side-channel information leakage in cache https://bugzilla.redhat.com/show_bug.cgi?id=1885904 [ 20 ] Bug #1885905 - CVE-2020-15983 chromium-browser: Insufficient data validation in webUI https://bugzilla.redhat.com/show_bug.cgi?id=1885905 [ 21 ] Bug #1885906 - CVE-2020-15984 chromium-browser: Insufficient policy enforcement in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1885906 [ 22 ] Bug #1885907 - CVE-2020-15985 chromium-browser: Inappropriate implementation in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885907 [ 23 ] Bug #1885908 - CVE-2020-15986 chromium-browser: Integer overflow in media https://bugzilla.redhat.com/show_bug.cgi?id=1885908 [ 24 ] Bug #1885909 - CVE-2020-15987 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1885909 [ 25 ] Bug #1885910 - CVE-2020-15992 chromium-browser: Insufficient policy enforcement in networking https://bugzilla.redhat.com/show_bug.cgi?id=1885910 [ 26 ] Bug #1885911 - CVE-2020-15988 chromium-browser: Insufficient policy enforcement in downloads https://bugzilla.redhat.com/show_bug.cgi?id=1885911 [ 27 ] Bug #1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1885912 [ 28 ] Bug #1890266 - CVE-2020-16000 chromium-browser: Inappropriate implementation in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1890266 [ 29 ] Bug #1890267 - CVE-2020-16001 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1890267 [ 30 ] Bug #1890268 - CVE-2020-16002 chromium-browser: Use after free in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1890268 [ 31 ] Bug #1890269 - CVE-2020-16003 chromium-browser: Use after free in printing https://bugzilla.redhat.com/show_bug.cgi?id=1890269 [ 32 ] Bug #1894197 - CVE-2020-16004 chromium-browser: Use after free in user interface https://bugzilla.redhat.com/show_bug.cgi?id=1894197 [ 33 ] Bug #1894198 - CVE-2020-16005 chromium-browser: Insufficient policy enforcement in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=1894198 [ 34 ] Bug #1894199 - CVE-2020-16006 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1894199 [ 35 ] Bug #1894201 - CVE-2020-16008 chromium-browser: Stack buffer overflow in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1894201 [ 36 ] Bug #1894202 - CVE-2020-16009 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1894202 -------------------------------------------------------------------------------- ================================================================================ ipv6calc-3.0.0-47.el7 (FEDORA-EPEL-2020-a605b1bd41) IPv6 address format change and calculation utility -------------------------------------------------------------------------------- Update Information: Final release 3.0.0 -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 8 2020 Peter Bieringer <pb@xxxxxxxxxxxx> - 3.0.0-47 - Final release 3.0.0 -------------------------------------------------------------------------------- ================================================================================ python-pyghmi-1.0.44-1.el7 (FEDORA-EPEL-2020-eccf76c2a2) Python General Hardware Management Initiative (IPMI and others) -------------------------------------------------------------------------------- Update Information: Update to 1.0.44. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ python-pyspf-2.0.14-12.el7 (FEDORA-EPEL-2020-206fa89bfd) Python module and programs for SPF (Sender Policy Framework) -------------------------------------------------------------------------------- Update Information: Add conflicts with python3-dns (bug #1891225) directly to pypolicyd-spf, EPEL8 only. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 10 2020 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 2.0.14-12 - Revert conflicts with python3-dns (bug #1891225) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1891225 - python3-pyspf breaks if python3-dns is installed https://bugzilla.redhat.com/show_bug.cgi?id=1891225 -------------------------------------------------------------------------------- ================================================================================ unrealircd-5.0.7-2.el7 (FEDORA-EPEL-2020-ba5f43d4c6) Open Source IRC server -------------------------------------------------------------------------------- Update Information: UnrealIRCd is an Open Source IRC server based on the branch of IRCu called Dreamforge, formerly used by the DALnet IRC network. Since the beginning of development on UnrealIRCd in May of 1999, it has become a highly advanced IRCd with a strong focus on modularity, an advanced and highly configurable configuration file. Key features include SSL/TLS, cloaking, advanced anti- flood and anti-spam systems, swear filtering and module support. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1891370 - Review Request: unrealircd - Open Source IRC server https://bugzilla.redhat.com/show_bug.cgi?id=1891370 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
