The following Fedora EPEL 6 Security updates need testing:
Age URL
929 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
819 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6
791 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6
401 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6
130 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92 libmspack-0.6-0.1.alpha.el6
50 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e optipng-0.7.6-6.el6
32 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6e4ce19598 monit-5.25.1-1.el6
22 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462 heimdal-7.5.0-1.el6
16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4 rootsh-1.5.3-17.el6
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2ba6bfc5d8 wordpress-4.9.2-1.el6
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1049ca4872 GraphicsMagick-1.3.28-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
R-Rcpp-0.12.15-1.el6
beakerlib-1.17-7.el6
clamav-0.99.3-1.el6
icecast-2.4.3-1.el6
paho-c-1.2.0-10.el6
python2-pytest-2.4.2-0.el6
python2-six-1.9.0-0.el6
python2-sphinx-0.6.6-0.el6
Details about builds:
================================================================================
R-Rcpp-0.12.15-1.el6 (FEDORA-EPEL-2018-55ad61ac2a)
Seamless R and C++ Integration
--------------------------------------------------------------------------------
Update Information:
Rcpp 0.12.15.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1536947 - Version 0.12.15 was released
https://bugzilla.redhat.com/show_bug.cgi?id=1536947
--------------------------------------------------------------------------------
================================================================================
beakerlib-1.17-7.el6 (FEDORA-EPEL-2018-2bdcc1e792)
A shell-level integration testing library
--------------------------------------------------------------------------------
Update Information:
- phase name sanitization (remove all weird characters) - allow debug message to
to only to console (speeds execution up in debug) - allow to reboot inside of
phase and continue there - fixed persistent data loading
--------------------------------------------------------------------------------
================================================================================
clamav-0.99.3-1.el6 (FEDORA-EPEL-2018-369a48191f)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.99.3 ============= This release is a security release and is
recommended for all ClamAV users. Please see details below: 1. ClamAV UAF
(use-after-free) Vulnerabilities (CVE-2017-12374)
--------------------------------------------------------------- The ClamAV
AntiVirus software versions 0.99.2 and prior contain a vulnerability that could
allow an unauthenticated, remote attacker to cause a denial of service (DoS)
condition on an affected device. The vulnerability is due to a lack of input
validation checking mechanisms during certain mail parsing operations. If
successfully exploited, the ClamAV software could allow a variable pointing to
the mail body which could cause a used after being free (use-after-free)
instance which may lead to a disruption of services on an affected device to
include a denial of service condition. *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H *
https://bugzilla.clamav.net/show_bug.cgi?id=11939 2. ClamAV Buffer Overflow
Vulnerability (CVE-2017-12375)
-------------------------------------------------------- The ClamAV AntiVirus
software versions 0.99.2 and prior contain a vulnerability that could allow an
unauthenticated, remote attacker to cause a denial of service (DoS) condition on
an affected device. The vulnerability is due to a lack of input validation
checking mechanisms during certain mail parsing functions. An unauthenticated,
remote attacker could exploit this vulnerability by sending a crafted email to
the affected device. This action could cause a buffer overflow condition when
ClamAV scans the malicious email, allowing the attacker to potentially cause a
DoS condition on an affected device. *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L *
https://bugzilla.clamav.net/show_bug.cgi?id=11940 3. ClamAV Buffer Overflow in
handle_pdfname Vulnerability (CVE-2017-12376)
--------------------------------------------------------------------------
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that
could allow an unauthenticated, remote attacker to cause a denial of service
(DoS) condition or potentially execute arbitrary code on an affected device.
The vulnerability is due to improper input validation checking mechanisms when
handling Portable Document Format (.pdf) files sent to an affected device. An
unauthenticated, remote attacker could exploit this vulnerability by sending a
crafted .pdf file to an affected device. This action could cause a buffer
overflow when ClamAV scans the malicious file, allowing the attacker to cause a
DoS condition or potentially execute arbitrary code. *
https://bugzilla.clamav.net/show_bug.cgi?id=11942 *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 4. ClamAV Mew Packet Heap
Overflow Vulnerability (CVE-2017-12377)
----------------------------------------------------------------- ClamAV
AntiVirus software versions 0.99.2 and prior contain a vulnerability that could
allow an unauthenticated, remote attacker to cause a denial of service (DoS)
condition or potentially execute arbitrary code on an affected device. The
vulnerability is due to improper input validation checking mechanisms in mew
packet files sent to an affected device. A successful exploit could cause a heap
overflow condition when ClamAV scans the malicious file, allowing the attacker
to cause a DoS condition or potentially execute arbitrary code on the affected
device. * https://bugzilla.clamav.net/show_bug.cgi?id=11943 *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L 5. ClamAV Buffer Over Read
Vulnerability (CVE-2017-12378)
--------------------------------------------------------- ClamAV AntiVirus
software versions 0.99.2 and prior contain a vulnerability that could allow an
unauthenticated, remote attacker to cause a denial of service (DoS) condition on
an affected device. The vulnerability is due to improper input validation
checking mechanisms of .tar (Tape Archive) files sent to an affected device. A
successful exploit could cause a buffer over-read condition when ClamAV scans
the malicious .tar file, potentially allowing the attacker to cause a DoS
condition on the affected device. *
https://bugzilla.clamav.net/show_bug.cgi?id=11946 *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L 6. ClamAV Buffer Overflow in
messageAddArgument Vulnerability (CVE-2017-12379)
------------------------------------------------------------------------------
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that
could allow an unauthenticated, remote attacker to cause a denial of service
(DoS) condition or potentially execute arbitrary code on an affected device.
The vulnerability is due to improper input validation checking mechanisms in the
message parsing function on an affected system. An unauthenticated, remote
attacker could exploit this vulnerability by sending a crafted email to the
affected device. This action could cause a buffer overflow condition when ClamAV
scans the malicious email, allowing the attacker to potentially cause a DoS
condition or execute arbitrary code on an affected device. *
https://bugzilla.clamav.net/show_bug.cgi?id=11944 *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L 7. ClamAV Null Dereference
Vulnerability (CVE-2017-12380)
--------------------------------------------------------- ClamAV AntiVirus
software versions 0.99.2 and prior contain a vulnerability that could allow an
unauthenticated, remote attacker to cause a denial of service (DoS) condition on
an affected device. The vulnerability is due to improper input validation
checking mechanisms during certain mail parsing functions of the ClamAV
software. An unauthenticated, remote attacker could exploit this vulnerability
by sending a crafted email to the affected device. An exploit could trigger a
NULL pointer dereference condition when ClamAV scans the malicious email, which
may result in a DoS condition. *
https://bugzilla.clamav.net/show_bug.cgi?id=11945 *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Further fixes/changes
--------------------- Also included are 2 minor fixes to properly detect
openssl install locations on FreeBSD 11, and prevent false warnings about zlib
1.2.1# version numbers.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1483910 - CVE-2017-6420 clamav: use-after-free in wwunpack function
https://bugzilla.redhat.com/show_bug.cgi?id=1483910
[ 2 ] Bug #1483909 - CVE-2017-6419 libmspack, clamav: heap-based buffer overflow in mspack/lzxd.c
https://bugzilla.redhat.com/show_bug.cgi?id=1483909
[ 3 ] Bug #1483908 - CVE-2017-6418 clamav: out-of-bounds read in libclamav/message.c
https://bugzilla.redhat.com/show_bug.cgi?id=1483908
--------------------------------------------------------------------------------
================================================================================
icecast-2.4.3-1.el6 (FEDORA-EPEL-2018-c61d94595e)
ShoutCast compatible streaming media server
--------------------------------------------------------------------------------
Update Information:
- New upstream release - Add `Requires: mailcap` - Remove lots of old cruft from
spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1519830 - Missing dependency for /etc/mime.types
https://bugzilla.redhat.com/show_bug.cgi?id=1519830
[ 2 ] Bug #1303784 - icecast-2.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1303784
--------------------------------------------------------------------------------
================================================================================
paho-c-1.2.0-10.el6 (FEDORA-EPEL-2018-f9bab306e7)
MQTT C Client
--------------------------------------------------------------------------------
Update Information:
This is the initial release for the Eclipse Paho C. A MQTT client written in C.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1476458 - Review Request: paho-c - MQTT client library in C
https://bugzilla.redhat.com/show_bug.cgi?id=1476458
--------------------------------------------------------------------------------
================================================================================
python2-pytest-2.4.2-0.el6 (FEDORA-EPEL-2018-f83cf6f9db)
Dummy package depending on pytest
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend upon
python2-pytest.
--------------------------------------------------------------------------------
================================================================================
python2-six-1.9.0-0.el6 (FEDORA-EPEL-2018-2aea417445)
Dummy package depending on python-six
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend upon
python2-six.
--------------------------------------------------------------------------------
================================================================================
python2-sphinx-0.6.6-0.el6 (FEDORA-EPEL-2018-9fbfd4e49a)
Dummy package depending on python-sphinx
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend upon
python2-sphinx.
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
1054 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
817 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
399 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
296 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7
128 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7
66 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7
29 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8d57a2487b monit-5.25.1-1.el7
15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65 rootsh-1.5.3-17.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73feedd767 wordpress-4.9.2-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ce6223e559 GraphicsMagick-1.3.28-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9eb18da891 moodle-3.1.10-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c0d5d190b0 transmission-2.92-12.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-24ac4ff7df knot-resolver-1.5.3-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-dd0bc449d7 konversation-1.5.1-4.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
module-build-service-1.6.3-2.el7
nodejs-rhea-0.2.9-1.el7
php-horde-Horde-Ldap-2.4.1-1.el7
php-horde-Horde-Socket-Client-2.1.2-1.el7
python-betamax-0.7.1-1.el7
python-requests-toolbelt-0.8.0-1.el7
python2-pytest-2.7.0-0.el7
python2-six-1.9.0-0.el7
python2-sphinx-1.1.3-0.el7
sscg-2.3.2-1.el7
waiverdb-0.5.0-2.el7
Details about builds:
================================================================================
module-build-service-1.6.3-2.el7 (FEDORA-EPEL-2018-e4e74e197f)
The Module Build Service for Modularity
--------------------------------------------------------------------------------
Update Information:
Changes ------- * Fix a bug that caused a module build to fail when it was
cancelled during the module-build-macros phase and then resumed * Reset the
"state_reason" field on all components after a module build is resumed * Cancel
new repo tasks on module build failures in Koji * Use available Koji repos
during local builds instead of building them locally * Add an incrementing
prefix to module components' releases * Add a "context" field on component and
module releases in Koji for uniqueness for when Module Stream Expansion is
implemented * Remove urlgrabber as a dependency * Set an explicit log level on
our per-build file handler * Set the timeout on git operations to 60 seconds to
help alleviate client tooling timeouts * Improve the efficiency of the stale
module builds poller * Fix situations where module-build-macros builds in Koji
but fails in MBS and the build is resumed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1487065 - module-build-service-1.3.26-3.fc26: local build always disables tests
https://bugzilla.redhat.com/show_bug.cgi?id=1487065
[ 2 ] Bug #1514631 - module-build-service-1.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1514631
--------------------------------------------------------------------------------
================================================================================
nodejs-rhea-0.2.9-1.el7 (FEDORA-EPEL-2018-5693a3c6dd)
A reactive messaging library based on the AMQP protocol
--------------------------------------------------------------------------------
Update Information:
Rebased to 0.2.9.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1523897 - nodejs-rhea-0.2.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1523897
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Ldap-2.4.1-1.el7 (FEDORA-EPEL-2018-3f829ad0df)
Horde LDAP libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Ldap 2.4.1** * [jan] Avoid unnecessary binds.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Socket-Client-2.1.2-1.el7 (FEDORA-EPEL-2018-270736ac72)
Horde Socket Client
--------------------------------------------------------------------------------
Update Information:
**Horde_Socket_Client 2.1.2** * [mjr] Fix issues when retrying a failed
connection (PR #1, Antoine Desch��nes).
--------------------------------------------------------------------------------
================================================================================
python-betamax-0.7.1-1.el7 (FEDORA-EPEL-2018-9c4bf5b9c7)
VCR imitation for python-requests
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
================================================================================
python-requests-toolbelt-0.8.0-1.el7 (FEDORA-EPEL-2018-9c4bf5b9c7)
Utility belt for advanced users of python-requests
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
================================================================================
python2-pytest-2.7.0-0.el7 (FEDORA-EPEL-2018-a878cfb2c5)
Dummy package depending on pytest
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend on
python2-pytest.
--------------------------------------------------------------------------------
================================================================================
python2-six-1.9.0-0.el7 (FEDORA-EPEL-2018-92c3e1b0e4)
Dummy package depending on python-six
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend upon
python2-six.
--------------------------------------------------------------------------------
================================================================================
python2-sphinx-1.1.3-0.el7 (FEDORA-EPEL-2018-9cd64dfc3c)
Dummy package depending on python-sphinx
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend on
python2-sphinx.
--------------------------------------------------------------------------------
================================================================================
sscg-2.3.2-1.el7 (FEDORA-EPEL-2018-7aa08b322e)
Simple SSL certificate generator
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.3 Properly support hostnames up to 64 characters
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1535537 - httpd-init.service fails with long hostname (>=42)
https://bugzilla.redhat.com/show_bug.cgi?id=1535537
--------------------------------------------------------------------------------
================================================================================
waiverdb-0.5.0-2.el7 (FEDORA-EPEL-2018-8c03cf5953)
Service for waiving results in ResultsDB
--------------------------------------------------------------------------------
Update Information:
Update to waiverdb 0.5.0, including command-line interface for submitting
waivers. (Note that the server component is known not to work on EPEL7, this
build is intended to provide the CLI only.)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1537752 - EPEL 7 version lacks: waiverdb-cli
https://bugzilla.redhat.com/show_bug.cgi?id=1537752
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
1053 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
815 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
397 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
295 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7
127 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7
64 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7
28 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8d57a2487b monit-5.25.1-1.el7
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-28611aa33f python-bottle-0.12.13-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65 rootsh-1.5.3-17.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73feedd767 wordpress-4.9.2-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-11ba3bced1 clamav-0.99.2-18.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ce6223e559 GraphicsMagick-1.3.28-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9eb18da891 moodle-3.1.10-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c0d5d190b0 transmission-2.92-12.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
cacti-1.1.33-1.el7
gnome-shell-extension-freon-33-1.el7
knot-resolver-1.5.3-1.el7
konversation-1.5.1-4.el7
lcov-1.13-1.el7
purple-discord-0-15.20171227git9b7c3ad.el7
purple-libsteam-1.6.1-19.20171225git7f761df.el7
python-betamax-0.7.1-1.el7
rpkg-1.51-3.el7
youtube-dl-2018.01.21-1.el7
Details about builds:
================================================================================
cacti-1.1.33-1.el7 (FEDORA-EPEL-2018-b40716c230)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 1.1.33 Release notes:
https://www.cacti.net/release_notes.php?version=1.1.29https://www.cacti.net/release_notes.php?version=1.1.30https://www.cacti.net/release_notes.php?version=1.1.31https://www.cacti.net/release_notes.php?version=1.1.32https://www.cacti.net/release_notes.php?version=1.1.33
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-freon-33-1.el7 (FEDORA-EPEL-2018-fb1a11b7a5)
GNOME Shell extension to display system temperature, voltage, and fan speed
--------------------------------------------------------------------------------
Update Information:
Bump to upstream version 33, which fixes typos in the Russian and Ukrainian
locales, and fixes an instability issue that could cause GNOME Shell to crash.
--------------------------------------------------------------------------------
================================================================================
knot-resolver-1.5.3-1.el7 (FEDORA-EPEL-2018-24ac4ff7df)
Caching full DNS Resolver
--------------------------------------------------------------------------------
Update Information:
Knot Resolver 1.5.3 (2018-01-23) ================================ Bugfixes
-------- - fix the hints module on some systems, e.g. Fedora. Symptom:
`undefined symbol: engine_hint_root_file` Knot Resolver 1.5.2 (2018-01-22)
================================ Security -------- - fix CVE-2018-1000002:
insufficient DNSSEC validation, allowing attackers to deny existence of some
data by forging packets. Some combinations pointed out in RFC 6840 sections
4.1 and 4.3 were not taken into account. Bugfixes -------- - memcached: fix
fallout from module rename in 1.5.1 Knot Resolver 1.5.1 (2017-12-12)
================================ Incompatible changes -------------------- -
script supervisor.py was removed, please migrate to a real process manager -
module ketcd was renamed to etcd for consistency - module kmemcached was renamed
to memcached for consistency Bugfixes -------- - fix SIGPIPE crashes (#271) -
tests: work around out-of-space for platforms with larger memory pages - lua:
fix mistakes in bindings affecting 1.4.0 and 1.5.0 (and 1.99.1-alpha),
potentially causing problems in dns64 and workarounds modules - predict module:
various fixes (!399) Improvements ------------ - add priming module to
implement RFC 8109, enabled by default (#220) - add modules helping with system
time problems, enabled by default; for details see documentation of
detect_time_skew and detect_time_jump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1537462 - CVE-2018-1000002 knot-resolver: Insufficient DNSSEC validation
https://bugzilla.redhat.com/show_bug.cgi?id=1537462
--------------------------------------------------------------------------------
================================================================================
konversation-1.5.1-4.el7 (FEDORA-EPEL-2018-dd0bc449d7)
A user friendly IRC client
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2017-15923
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1516531 - CVE-2017-15923 konversation: Denial of service while parsing IRC color formatting codes
https://bugzilla.redhat.com/show_bug.cgi?id=1516531
--------------------------------------------------------------------------------
================================================================================
lcov-1.13-1.el7 (FEDORA-EPEL-2018-13f813e4ee)
LTP GCOV extension code coverage tool
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1537958 - lcov update
https://bugzilla.redhat.com/show_bug.cgi?id=1537958
--------------------------------------------------------------------------------
================================================================================
purple-discord-0-15.20171227git9b7c3ad.el7 (FEDORA-EPEL-2018-1162756b5b)
Discord plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated plugins to latest Git snapshots.
--------------------------------------------------------------------------------
================================================================================
purple-libsteam-1.6.1-19.20171225git7f761df.el7 (FEDORA-EPEL-2018-1162756b5b)
Steam plugin for Pidgin/Adium/libpurple
--------------------------------------------------------------------------------
Update Information:
Updated plugins to latest Git snapshots.
--------------------------------------------------------------------------------
================================================================================
python-betamax-0.7.1-1.el7 (FEDORA-EPEL-2018-9c4bf5b9c7)
VCR imitation for python-requests
--------------------------------------------------------------------------------
Update Information:
Initial packaging
--------------------------------------------------------------------------------
================================================================================
rpkg-1.51-3.el7 (FEDORA-EPEL-2018-389d1e9c76)
Python library for interacting with rpm+git
--------------------------------------------------------------------------------
Update Information:
- Add compose-id and signing-intent arguments - Change type of compose id from
string to int
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2018.01.21-1.el7 (FEDORA-EPEL-2018-0a5b4a3d5a)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1529821 - youtube-dl-2018.01.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1529821
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
924 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
814 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6
786 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6
396 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6
125 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92 libmspack-0.6-0.1.alpha.el6
45 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e optipng-0.7.6-6.el6
27 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6e4ce19598 monit-5.25.1-1.el6
17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462 heimdal-7.5.0-1.el6
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fde8252ab7 python-bottle-0.12.13-1.el6
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4 rootsh-1.5.3-17.el6
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2ba6bfc5d8 wordpress-4.9.2-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
GraphicsMagick-1.3.28-1.el6
distribution-gpg-keys-1.18-1.el6
fedfind-4.0.0-1.el6
mozilla-https-everywhere-2018.1.11-1.el6
Details about builds:
================================================================================
GraphicsMagick-1.3.28-1.el6 (FEDORA-EPEL-2018-1049ca4872)
An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:
Latest stable release, includes many bug and security fixes. See also
http://www.graphicsmagick.org/NEWS.html#january-20-2017
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1473729 - CVE-2017-11102 GraphicsMagick: Input validation failure in ReadOneJNGImage function may cause denial of service [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473729
[ 2 ] Bug #1473741 - CVE-2017-11139 GraphicsMagick: double free vulnerabilities in the [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473741
[ 3 ] Bug #1473752 - CVE-2017-11140 GraphicsMagick: Resource exhaustion denial of service in ReadJPEGImage function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473752
[ 4 ] Bug #1475454 - CVE-2017-11637 GraphicsMagick: NULL pointer dereference in WritePCLImage() in coders/pcl.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475454
[ 5 ] Bug #1475458 - CVE-2017-11636 GraphicsMagick: Heap based buffer over-write in WriteRGBImage in coders/rgb.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475458
[ 6 ] Bug #1475490 - CVE-2017-11641 GraphicsMagick: Memory Leak in the PersistCache in magick/pixel_cache.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475490
[ 7 ] Bug #1475498 - CVE-2017-11643 GraphicsMagick: Heap based over-write in WriteCMYKImagefunction in coders/cmyk.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475498
[ 8 ] Bug #1484483 - CVE-2017-13147 GraphicsMagick: Allocation failure in ReadMNGImage function in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1484483
[ 9 ] Bug #1512038 - CVE-2017-16669 GraphicsMagick: Heap buffer over-write in AcquireCacheNexus function in magick/pixel_cache.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1512038
[ 10 ] Bug #1512049 - CVE-2017-16353 GraphicsMagick: ImageMagick, GraphicsMagick: memory information disclosure in DescribeImage function in magick/describe.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1512049
[ 11 ] Bug #1528037 - CVE-2017-17782 GraphicsMagick: heap-based buffer over-read in ReadOneJNGImage function in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528037
[ 12 ] Bug #1528051 - CVE-2017-17783 GraphicsMagick: heap based buffer over-read in ReadPALMImage in coders/palm.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528051
[ 13 ] Bug #1529535 - CVE-2017-17915 GraphicsMagick: Memory leak in the function ReadMNGImage in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529535
[ 14 ] Bug #1529557 - CVE-2017-17913 GraphicsMagick: stack-based buffer over-read in WriteWEBPImage in coders/webp.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529557
[ 15 ] Bug #1529580 - CVE-2017-17912 GraphicsMagick: GraphicsMagick: heap-based buffer over-read in ReadNewsProfile in coders/tiff.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529580
[ 16 ] Bug #1536951 - GraphicsMagick: 2018-5685 GraphicsMagick: Infinite loop and application hang in coders/bmp.c:ReadBMPImage [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1536951
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.18-1.el6 (FEDORA-EPEL-2018-4c19ea99da)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
- updated Copr keys - add UnitedRPMs - add remi 2018 key
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1536804 - distribution-gpg-keys-1.18-1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1536804
--------------------------------------------------------------------------------
================================================================================
fedfind-4.0.0-1.el6 (FEDORA-EPEL-2018-a79242a0ec)
Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:
This update provides a new major release of fedfind. It is going out to stable
releases as fedfind is used quite extensively in Fedora QA infrastructure, and
we prefer to keep all those deployments on the latest code. The new release also
provides some significant enhancements in correctness checking that will be
useful in these cases. See [the upstream changelog](https://pagure.io/fedora-
qa/fedfind/blob/5713f806517a358a5761aaaff9cfd276f8aeb862/f/CHANGELOG.md) for
more details on the specific changes in this release. Most uses of fedfind (both
CLI and as a Python library) should continue to work unchanged, or with only
minimal changes (mainly because `get_release` can raise some different
exceptions now).
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-2018.1.11-1.el6 (FEDORA-EPEL-2018-1e59402c3f)
HTTPS enforcement extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
* More ruleset updates
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
1051 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
814 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
396 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
294 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7
125 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7
63 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7
26 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8d57a2487b monit-5.25.1-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-28611aa33f python-bottle-0.12.13-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-885bb5ec89 poco-1.6.1-3.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65 rootsh-1.5.3-17.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73feedd767 wordpress-4.9.2-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-11ba3bced1 clamav-0.99.2-18.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
GraphicsMagick-1.3.28-1.el7
distribution-gpg-keys-1.18-1.el7
fedfind-4.0.0-1.el7
freeciv-2.5.10-1.el7
freshmaker-0.0.10-1.el7
knot-2.6.4-1.el7
mock-core-configs-28.2-1.el7
module-build-service-1.6.3-1.el7
modulemd-1.3.3-1.el7
moodle-3.1.10-1.el7
mozilla-https-everywhere-2018.1.11-1.el7
python-fdb-1.8-1.el7
python3-docker-2.6.1-1.el7
radcli-1.2.9-1.el7
standard-test-roles-2.6-2.el7
transmission-2.92-12.el7
Details about builds:
================================================================================
GraphicsMagick-1.3.28-1.el7 (FEDORA-EPEL-2018-ce6223e559)
An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:
Latest stable release, includes many bug and security fixes. See also
http://www.graphicsmagick.org/NEWS.html#january-20-2017
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1473729 - CVE-2017-11102 GraphicsMagick: Input validation failure in ReadOneJNGImage function may cause denial of service [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473729
[ 2 ] Bug #1473741 - CVE-2017-11139 GraphicsMagick: double free vulnerabilities in the [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473741
[ 3 ] Bug #1473752 - CVE-2017-11140 GraphicsMagick: Resource exhaustion denial of service in ReadJPEGImage function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473752
[ 4 ] Bug #1475454 - CVE-2017-11637 GraphicsMagick: NULL pointer dereference in WritePCLImage() in coders/pcl.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475454
[ 5 ] Bug #1475458 - CVE-2017-11636 GraphicsMagick: Heap based buffer over-write in WriteRGBImage in coders/rgb.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475458
[ 6 ] Bug #1475490 - CVE-2017-11641 GraphicsMagick: Memory Leak in the PersistCache in magick/pixel_cache.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475490
[ 7 ] Bug #1475498 - CVE-2017-11643 GraphicsMagick: Heap based over-write in WriteCMYKImagefunction in coders/cmyk.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475498
[ 8 ] Bug #1484483 - CVE-2017-13147 GraphicsMagick: Allocation failure in ReadMNGImage function in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1484483
[ 9 ] Bug #1512038 - CVE-2017-16669 GraphicsMagick: Heap buffer over-write in AcquireCacheNexus function in magick/pixel_cache.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1512038
[ 10 ] Bug #1512049 - CVE-2017-16353 GraphicsMagick: ImageMagick, GraphicsMagick: memory information disclosure in DescribeImage function in magick/describe.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1512049
[ 11 ] Bug #1528037 - CVE-2017-17782 GraphicsMagick: heap-based buffer over-read in ReadOneJNGImage function in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528037
[ 12 ] Bug #1528051 - CVE-2017-17783 GraphicsMagick: heap based buffer over-read in ReadPALMImage in coders/palm.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528051
[ 13 ] Bug #1529535 - CVE-2017-17915 GraphicsMagick: Memory leak in the function ReadMNGImage in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529535
[ 14 ] Bug #1529557 - CVE-2017-17913 GraphicsMagick: stack-based buffer over-read in WriteWEBPImage in coders/webp.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529557
[ 15 ] Bug #1529580 - CVE-2017-17912 GraphicsMagick: GraphicsMagick: heap-based buffer over-read in ReadNewsProfile in coders/tiff.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529580
[ 16 ] Bug #1536951 - GraphicsMagick: 2018-5685 GraphicsMagick: Infinite loop and application hang in coders/bmp.c:ReadBMPImage [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1536951
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.18-1.el7 (FEDORA-EPEL-2018-5d1486ae23)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
- updated Copr keys - add UnitedRPMs - add remi 2018 key
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1536804 - distribution-gpg-keys-1.18-1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1536804
--------------------------------------------------------------------------------
================================================================================
fedfind-4.0.0-1.el7 (FEDORA-EPEL-2018-a292395242)
Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:
This update provides a new major release of fedfind. It is going out to stable
releases as fedfind is used quite extensively in Fedora QA infrastructure, and
we prefer to keep all those deployments on the latest code. The new release also
provides some significant enhancements in correctness checking that will be
useful in these cases. See [the upstream changelog](https://pagure.io/fedora-
qa/fedfind/blob/5713f806517a358a5761aaaff9cfd276f8aeb862/f/CHANGELOG.md) for
more details on the specific changes in this release. Most uses of fedfind (both
CLI and as a Python library) should continue to work unchanged, or with only
minimal changes (mainly because `get_release` can raise some different
exceptions now).
--------------------------------------------------------------------------------
================================================================================
freeciv-2.5.10-1.el7 (FEDORA-EPEL-2018-9092e4f094)
A multi-player strategy game
--------------------------------------------------------------------------------
Update Information:
2.5.10
--------------------------------------------------------------------------------
================================================================================
freshmaker-0.0.10-1.el7 (FEDORA-EPEL-2018-688fb40278)
Freshmaker is a service scheduling rebuilds of artifacts as new content becomes available.
--------------------------------------------------------------------------------
Update Information:
New version 0.0.10.
--------------------------------------------------------------------------------
================================================================================
knot-2.6.4-1.el7 (FEDORA-EPEL-2018-d0d50ca69d)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Knot DNS 2.6.4 (2018-01-02) =========================== Features: ---------- -
Module synthrecord allows multiple 'network' specification - New CSK handling
support in keymgr Improvements: ------------- - Allowed configuration for
infinite zsk lifetime - Increased performance and security of the module
synthrecord - Signing changeset is stored into journal even if 'zonefile-load'
is whole Bugfixes: --------- - Unintentional zone re-sign during reload if
empty NSEC3 salt - Inconsistent zone names in journald structured logs -
Malformed outgoing transfer for big zone with TSIG - Some minor DNSSEC-related
issues Knot DNS 2.6.3 (2017-11-24) =========================== Bugfixes:
--------- - Wrong detection of signing scheme rollover Knot DNS 2.6.2
(2017-11-23) =========================== Features: --------- - CSK algorithm
rollover and (KSK, ZSK) <-> CSK rollover support Improvements: ------------- -
Allowed explicit configuration for infinite ksk lifetime - Proper error
messages instead of unclear error codes in server log - Better support for old
compilers Bugfixes: --------- - Unexpected reply for DS query with an owner
below a delegation point - Old dependencies in the pkg-config file
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-28.2-1.el7 (FEDORA-EPEL-2018-d64efdfb20)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
- add fedora 28 configs - remove failovermethod=priority for repos which use dnf
- remove fedora 24 configs - set skip_if_unavailable=False for all repos
--------------------------------------------------------------------------------
================================================================================
module-build-service-1.6.3-1.el7 (FEDORA-EPEL-2018-e4e74e197f)
The Module Build Service for Modularity
--------------------------------------------------------------------------------
Update Information:
Changes ------- * Fix a bug that caused a module build to fail when it was
cancelled during the module-build-macros phase and then resumed * Reset the
"state_reason" field on all components after a module build is resumed * Cancel
new repo tasks on module build failures in Koji * Use available Koji repos
during local builds instead of building them locally * Add an incrementing
prefix to module components' releases * Add a "context" field on component and
module releases in Koji for uniqueness for when Module Stream Expansion is
implemented * Remove urlgrabber as a dependency * Set an explicit log level on
our per-build file handler * Set the timeout on git operations to 60 seconds to
help alleviate client tooling timeouts * Improve the efficiency of the stale
module builds poller * Fix situations where module-build-macros builds in Koji
but fails in MBS and the build is resumed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1487065 - module-build-service-1.3.26-3.fc26: local build always disables tests
https://bugzilla.redhat.com/show_bug.cgi?id=1487065
[ 2 ] Bug #1514631 - module-build-service-1.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1514631
--------------------------------------------------------------------------------
================================================================================
modulemd-1.3.3-1.el7 (FEDORA-EPEL-2018-701ce7a3d5)
Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
moodle-3.1.10-1.el7 (FEDORA-EPEL-2018-9eb18da891)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
CVE-2018-1042/CVE-2018-1043/CVE-2018-1044/CVE-2018-1045 fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1537469 - CVE-2018-1042 CVE-2018-1043 CVE-2018-1044 CVE-2018-1045 moodle: Four security issues fixed in the latest release [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1537469
[ 2 ] Bug #1537470 - CVE-2018-1042 CVE-2018-1043 CVE-2018-1044 CVE-2018-1045 moodle: Four security issues fixed in the latest release [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1537470
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-2018.1.11-1.el7 (FEDORA-EPEL-2018-c9726806a3)
HTTPS enforcement extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
* More ruleset updates
--------------------------------------------------------------------------------
================================================================================
python-fdb-1.8-1.el7 (FEDORA-EPEL-2018-e752d34c99)
Firebird RDBMS bindings for Python
--------------------------------------------------------------------------------
Update Information:
New upstream 1.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1525032 - '403 SSL is required' while trying to download Source0 with spectool
https://bugzilla.redhat.com/show_bug.cgi?id=1525032
--------------------------------------------------------------------------------
================================================================================
python3-docker-2.6.1-1.el7 (FEDORA-EPEL-2018-b5d2d52b39)
A Python library for the Docker Engine API
--------------------------------------------------------------------------------
Update Information:
- Initial EPEL7 package
--------------------------------------------------------------------------------
================================================================================
radcli-1.2.9-1.el7 (FEDORA-EPEL-2018-4a215d352d)
RADIUS protocol client library
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1266675 - radcli-1.2.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1266675
--------------------------------------------------------------------------------
================================================================================
standard-test-roles-2.6-2.el7 (FEDORA-EPEL-2018-fa163f5366)
Standard Test Interface Ansible roles
--------------------------------------------------------------------------------
Update Information:
Build with the latest merged PRs.
--------------------------------------------------------------------------------
================================================================================
transmission-2.92-12.el7 (FEDORA-EPEL-2018-c0d5d190b0)
A lightweight GTK+ BitTorrent client
--------------------------------------------------------------------------------
Update Information:
CVE patch fix. ---- Security fix for CVE-2018-5702 (Mitigate dns rebinding
attacks against daemon)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1534061 - CVE-2018-5702 transmission: Remote code execution (RCE) in rpc session-id via dns rebinding attack
https://bugzilla.redhat.com/show_bug.cgi?id=1534061
--------------------------------------------------------------------------------
Dear all,
You are kindly invited to the meeting:
EPEL Steering Committee on 2018-01-24 from 18:00:00 to 19:00:00 GMT
At fedora-meeting(a)irc.freenode.net
The meeting will be about:
The EPEL Steering Committee will have a weekly meeting to cover current tasks and problems needed to keep EPEL going.
Source: https://apps.fedoraproject.org/calendar/meeting/8724/