The following Fedora EPEL 7 Security updates need testing: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-568a1eb67d btrbk-0.31.3-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-2d515d4692 binaryen-104-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-673d6fb241 libmetalink-0.1.3-5.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4dd661d32b prosody-0.11.12-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-04da0327c7 clamav-0.103.5-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-f37ca1b24a guacamole-server-1.4.0-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing R-Rcpp-1.0.8-1.el7 zabbix40-4.0.37-1.el7 zabbix50-5.0.19-1.el7 Details about builds: ================================================================================ R-Rcpp-1.0.8-1.el7 (FEDORA-EPEL-2022-b960664faa) Seamless R and C++ Integration -------------------------------------------------------------------------------- Update Information: Rcpp 1.0.8 -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 17 2022 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1.0.8-1 - Update to 1.0.8 * Wed Jul 21 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jul 21 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.7-2 - rebuild for R 4.1.0 (epel8) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2041330 - Version 1.0.8 was released, please update it. https://bugzilla.redhat.com/show_bug.cgi?id=2041330 -------------------------------------------------------------------------------- ================================================================================ zabbix40-4.0.37-1.el7 (FEDORA-EPEL-2022-92a697e332) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: Update to 4.0.37 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134) -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 17 2022 Orion Poplawski <orion@xxxxxxxx> - 4.0.37-1 - Update to 4.0.37 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2040749 - CVE-2022-23131 zabbix: Unsafe client-side session storage leading to authentication bypass / instance takeover via Zabbix Frontend with configured SAML https://bugzilla.redhat.com/show_bug.cgi?id=2040749 -------------------------------------------------------------------------------- ================================================================================ zabbix50-5.0.19-1.el7 (FEDORA-EPEL-2022-c99f63fce9) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: Update to 5.0.19 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134) -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 17 2022 Orion Poplawski <orion@xxxxxxxx> - 5.0.19-1 - Update to 5.0.19 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2040748 - CVE-2022-23134 zabbix50: zabbix: Possible view of the setup pages by unauthenticated users if config file already exists [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2040748 [ 2 ] Bug #2040752 - CVE-2022-23131 zabbix50: zabbix: Unsafe client-side session storage leading to authentication bypass / instance takeover via Zabbix Frontend with configured SAML [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2040752 [ 3 ] Bug #2040757 - CVE-2022-23132 zabbix50: zabbix: Incorrect permissions of [/var/run/zabbix] forces dac_override [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2040757 [ 4 ] Bug #2040761 - CVE-2022-23133 zabbix50: zabbix: Stored XSS in host groups configuration window in Zabbix Frontend [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2040761 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
