The following Fedora EPEL 6 Security updates need testing:
Age URL
948 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
838 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6
809 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6
420 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6
149 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92 libmspack-0.6-0.1.alpha.el6
68 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e optipng-0.7.6-6.el6
40 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462 heimdal-7.5.0-1.el6
35 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4 rootsh-1.5.3-17.el6
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fc6e2820ab tomcat-7.0.84-1.el6
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bc1949f307 p7zip-16.02-10.el6
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f742513635 jhead-3.00-9.el6
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-be69c94866 clamav-0.99.3-8.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
epel-rpm-macros-6-18
fts-3.7.8-1.el6
getmail-5.5-1.el6
lcgdm-1.10.0-4.el6
phoronix-test-suite-7.8.0-1.el6
python2-dateutil-1.4.1-0.el6
python2-docutils-0.6-0.el6
python2-requests-2.6.0-0.el6
rho-0.0.32-6.el6
vim-jellybeans-1.6-1.el6
Details about builds:
================================================================================
epel-rpm-macros-6-18 (FEDORA-EPEL-2018-01df21cc94)
Extra Packages for Enterprise Linux RPM macros
--------------------------------------------------------------------------------
Update Information:
Add %vimfiles_root macro.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1545901 - [epel-rpm-macros] please add %vimfiles_root
https://bugzilla.redhat.com/show_bug.cgi?id=1545901
--------------------------------------------------------------------------------
================================================================================
fts-3.7.8-1.el6 (FEDORA-EPEL-2018-92b53fb199)
File Transfer Service V3
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
================================================================================
getmail-5.5-1.el6 (FEDORA-EPEL-2018-19cba41d0c)
POP3, IMAP4 and SDPS mail retriever with Maildir delivery
--------------------------------------------------------------------------------
Update Information:
update to upstream version 5.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1471495 - getmail-5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1471495
--------------------------------------------------------------------------------
================================================================================
lcgdm-1.10.0-4.el6 (FEDORA-EPEL-2018-1da3df0cfd)
LHC Computing Grid Data Management
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
================================================================================
phoronix-test-suite-7.8.0-1.el6 (FEDORA-EPEL-2018-0ef15e7158)
An Automated, Open-Source Testing Framework
--------------------------------------------------------------------------------
Update Information:
update to 7.8.0
--------------------------------------------------------------------------------
================================================================================
python2-dateutil-1.4.1-0.el6 (FEDORA-EPEL-2018-a83593f8e5)
Dummy package depending on python-dateutil
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend upon
python2-dateutil.
--------------------------------------------------------------------------------
================================================================================
python2-docutils-0.6-0.el6 (FEDORA-EPEL-2018-aa82b4cb51)
Dummy package depending on python-docutils
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend upon
python2-docutils.
--------------------------------------------------------------------------------
================================================================================
python2-requests-2.6.0-0.el6 (FEDORA-EPEL-2018-24586067d3)
Dummy package depending on python-requests
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend upon
python2-requests.
--------------------------------------------------------------------------------
================================================================================
rho-0.0.32-6.el6 (FEDORA-EPEL-2018-fff405ac16)
An SSH system profiler
--------------------------------------------------------------------------------
Update Information:
# Testing Rho To set up Rho, you create profiles that control how to run each
scan. - Authentication profiles contain user credentials for a user with
sufficient authority to complete the scan (for example, a root user or one with
root-level access obtained through -sudo privilege escalation). - Network
profiles contain network identifiers (for example, a hostname, IP address, or
range of IP addresses) and the authentication profiles to be used for a scan.
Complete the following steps, repeating them as necessary to access all parts of
your environment that you want to scan: 1. Create at least one authentication
profile with root-level access to Rho: ``` rho auth add --name auth_name
--username root_name(--sshkeyfile key_file | --password) ``` a. At the Rho
vault password prompt, create a new Rho vault password. This password is
required to access the encrypted Rho data, such as authentication and network
profiles, scan data, and other information. b. If you did not use the
sshkeyfile option to provide an SSH key for the username value, enter the
password of the user with root-level access at the connection password prompt.
For example, for an authentication profile where the authentication profile name
is roothost1, the user with root-level access is root, and the SSH key for the
user is in the path ~/.ssh/id_rsa, you would enter the following command: ```
rho auth add --name roothost1 --username root --sshkeyfile ~/.ssh/id_rsa ``` You
can also use the sudo-password option to create an authentication profile for a
user with root-level access who requires a password to obtain this privilege.
You can use the sudo-password option with either the sshkeyfile or the password
option. For example, for an authentication profile where the authentication
profile name is sudouser1, the user with root-level access is sysadmin, and the
access is obtained through the password option, you would enter the following
command: ``` rho auth add --name sudouser1 --username sysadmin --password
--sudo-password ``` After you enter this command, you are prompted to enter two
passwords. First, you would enter the connection password for the username user,
and then you would enter the password for the sudo command. 2. Create at least
one network profile that specifies one or more network identifiers, such as a
host name, an IP address, a list of IP addresses, or an IP range, and one or
more authentication profiles to be used for the scan: ``` rho profile add --name
profile_name --hosts host_name_or_file --auth auth_name ``` For example, for a
network profile where the name of the network profile is mynetwork, the network
to be scanned is the 192.0.2.0/24 subnet, and the authentication profiles that
are used to run the scan are roothost1 and roothost2, you would enter the
following command: ``` rho profile add --name mynetwork --hosts 192.0.2.[1:254]
--auth roothost1 roothost2 ``` You can also use a file to pass in the network
identifiers. If you use a file to enter multiple network identifiers, such as
multiple individual IP addresses, enter each on a single line. For example, for
a network profile where the path to this file is /home/user1/hosts_file, you
would enter the following command: ``` rho profile add --name mynetwork --hosts
/home/user1/hosts_file --auth roothost1 roothost2 ``` # Running a scan Run the
scan by using the scan command, specifying a network profile for the profile
option and a location to store the output as a file in the comma-separated
variables (CSV) format for the reportfile option: ``` rho scan --profile
profile_name --reportfile filename.csv ``` For example, if you want to use the
network profile mynetwork and save the report as mynetwork_scan1.csv, you would
enter the following command: ``` rho scan --profile mynetwork --reportfile
mynetwork_scan1.csv ```
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1545730 - Stop throwing away changes made in Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=1545730
--------------------------------------------------------------------------------
================================================================================
vim-jellybeans-1.6-1.el6 (FEDORA-EPEL-2018-ccbdcb40c2)
A colorful, dark color scheme for Vim
--------------------------------------------------------------------------------
Update Information:
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1545941 - Review Request: vim-jellybeans - A colorful, dark color scheme for Vim
https://bugzilla.redhat.com/show_bug.cgi?id=1545941
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
1075 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
837 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
420 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
317 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7
149 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7
86 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7
36 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65 rootsh-1.5.3-17.el7
22 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-24ac4ff7df knot-resolver-1.5.3-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f09712d924 pdns-3.4.11-4.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7134fc92a1 jhead-3.00-7.el7
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-069884a87f p7zip-16.02-10.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-097b4381c7 exim-4.90.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
blueberry-1.1.20-6.el7
cinnamon-settings-daemon-3.6.2-1.el7
ddupdate-0.5.2-1.el7
epel-rpm-macros-7-15
fts-3.7.8-1.el7
getmail-5.5-1.el7
lcgdm-1.10.0-4.el7
lightdm-settings-1.1.4-1.el7
phoronix-test-suite-7.8.0-1.el7
python-PyMySQL-0.8.0-4.el7
python-biopython-1.70-8.el7
python-digitalocean-1.13.2-2.el7
python-tldextract-2.2.0-1.el7
python2-dateutil-1.5-0.el7
python2-docutils-0.11-0.el7
python2-requests-2.6.0-0.el7
rdopkg-0.46.3-1.el7
rho-0.0.32-6.el7
stlink-1.5.0-1.el7
suricata-4.0.4-1.el7
vim-fugitive-2.2-8.el7
vim-jellybeans-1.6-1.el7
vim-vimoutliner-0.4.0-7.el7
vncpwd-0.0-3.20170607git596854c.el7
Details about builds:
================================================================================
blueberry-1.1.20-6.el7 (FEDORA-EPEL-2018-598aa5ea7f)
Bluetooth configuration tool
--------------------------------------------------------------------------------
Update Information:
- Add some upstream fixes - Remove the python3 dep - Update Python 2 dependency
declarations to new packaging standards (See
https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1530218 - blueberry: blueberry requires both Python 2 and Python 3
https://bugzilla.redhat.com/show_bug.cgi?id=1530218
--------------------------------------------------------------------------------
================================================================================
cinnamon-settings-daemon-3.6.2-1.el7 (FEDORA-EPEL-2018-28f1c4d089)
The daemon sharing settings from CINNAMON to GTK+/KDE applications
--------------------------------------------------------------------------------
Update Information:
Update to cinnamon-settings-daemon-3.6.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1515254 - [abrt] cinnamon-settings-daemon: csd_smartcard_get_name(): csd-smartcard killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1515254
[ 2 ] Bug #1477255 - [abrt] cinnamon-settings-daemon: csd_smartcard_get_name(): csd-smartcard killed by signal 11
https://bugzilla.redhat.com/show_bug.cgi?id=1477255
[ 3 ] Bug #1474166 - [abrt] cinnamon-settings-daemon: PK11_FreeSlot(): csd-smartcard killed by signal 11
https://bugzilla.redhat.com/show_bug.cgi?id=1474166
--------------------------------------------------------------------------------
================================================================================
ddupdate-0.5.2-1.el7 (FEDORA-EPEL-2018-cae620ac17)
Tool updating DNS data for dynamic IP addresses
--------------------------------------------------------------------------------
Update Information:
Setting up the epel7 branch from current master/rawhide
--------------------------------------------------------------------------------
================================================================================
epel-rpm-macros-7-15 (FEDORA-EPEL-2018-7c8f403cdc)
Extra Packages for Enterprise Linux RPM macros
--------------------------------------------------------------------------------
Update Information:
Add %vimfiles_root macro.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1545901 - [epel-rpm-macros] please add %vimfiles_root
https://bugzilla.redhat.com/show_bug.cgi?id=1545901
--------------------------------------------------------------------------------
================================================================================
fts-3.7.8-1.el7 (FEDORA-EPEL-2018-c916aee4d7)
File Transfer Service V3
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
================================================================================
getmail-5.5-1.el7 (FEDORA-EPEL-2018-1f8fb8482e)
POP3, IMAP4 and SDPS mail retriever with Maildir delivery
--------------------------------------------------------------------------------
Update Information:
update to upstream version 5.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1471495 - getmail-5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1471495
--------------------------------------------------------------------------------
================================================================================
lcgdm-1.10.0-4.el7 (FEDORA-EPEL-2018-1c0f3fd846)
LHC Computing Grid Data Management
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
================================================================================
lightdm-settings-1.1.4-1.el7 (FEDORA-EPEL-2018-84e1e4cbf1)
Configuration tool for the LightDM display manager
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.4
--------------------------------------------------------------------------------
================================================================================
phoronix-test-suite-7.8.0-1.el7 (FEDORA-EPEL-2018-8fe6d68398)
An Automated, Open-Source Testing Framework
--------------------------------------------------------------------------------
Update Information:
update to 7.8.0
--------------------------------------------------------------------------------
================================================================================
python-PyMySQL-0.8.0-4.el7 (FEDORA-EPEL-2018-807485c1ec)
Pure-Python MySQL client library
--------------------------------------------------------------------------------
Update Information:
make spec file compatible with epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1545488 - python-PyMySQL for epel-7
https://bugzilla.redhat.com/show_bug.cgi?id=1545488
--------------------------------------------------------------------------------
================================================================================
python-biopython-1.70-8.el7 (FEDORA-EPEL-2018-f62482c5ae)
Python tools for computational molecular biology
--------------------------------------------------------------------------------
Update Information:
- Remove %sum macro - Use %py2_prefix - Required 'numpy' on rhel (without
prefix)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1546089 - python2-biopython-1.70-2.el7: Summary is shown as %{sum}
https://bugzilla.redhat.com/show_bug.cgi?id=1546089
--------------------------------------------------------------------------------
================================================================================
python-digitalocean-1.13.2-2.el7 (FEDORA-EPEL-2018-17b1e7df7e)
Easy access to Digital Ocean APIs to deploy droplets, images and more
--------------------------------------------------------------------------------
Update Information:
Fix requires
--------------------------------------------------------------------------------
================================================================================
python-tldextract-2.2.0-1.el7 (FEDORA-EPEL-2018-16e075e225)
Accurately separate the TLD from the registered domain and subdomains of a URL
--------------------------------------------------------------------------------
Update Information:
Initial package (#1545951)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1545951 - Review Request: python-tldextract - Accurately separate the TLD from the registered domain and subdomains of a URL
https://bugzilla.redhat.com/show_bug.cgi?id=1545951
--------------------------------------------------------------------------------
================================================================================
python2-dateutil-1.5-0.el7 (FEDORA-EPEL-2018-96dc31df60)
Dummy package depending on python-dateutil
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend upon
python2-dateutil.
--------------------------------------------------------------------------------
================================================================================
python2-docutils-0.11-0.el7 (FEDORA-EPEL-2018-b80060f45f)
Dummy package depending on python-docutils
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend upon
python2-docutils.
--------------------------------------------------------------------------------
================================================================================
python2-requests-2.6.0-0.el7 (FEDORA-EPEL-2018-348279fada)
Dummy package depending on python-requests
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend upon
python2-requests.
--------------------------------------------------------------------------------
================================================================================
rdopkg-0.46.3-1.el7 (FEDORA-EPEL-2018-51b64b0fde)
RPM packaging automation tool CLI
--------------------------------------------------------------------------------
Update Information:
- distgit: Add -R/--release-bump-index argument - distgit: Support DLRN
0.date.hash and 0.1.date.hash Release formats - distgit: Preserve Change-Id when
amending a commit - distgit: normalize commit messages - new-version: ensure -H
and -B work together - new-version: don't display redundant message on -b - new-
version: enable `fedpkg new-sources` for Fedora by default - new-version: fix
`fedpkg new-sources` getting wrong tarball - patch: return 0 on no new patches -
pkgenv: show patches base and base git ref information - rdoinfo: Fix error on
info-tags-diff for packages without buildsys-tags - rdoinfo: Use "project" as
package primary key to compare tags - reqcheck: normalize python2/python3
package names - spec: better detection of multiple changelog entries - spec:
don't get confused by changelog mentions in the changelog - spec: don't
duplicate %%{?dist} - core: action alias support - core: fix new action check
for old state - refactor: Remove legacy coprbuild action - refactor: nice error
messages on invalid Version/patches_base - refactor: split utils.cmd, create
separate utils.git module - refactor: unify patch and update-patches - tests:
Add Zuul v3 jobs - tests: Add newversion.feature scenario using --bug - tests:
Add topy to tox as a linting check - tests: Extend newversion.feature for
coverage of -H - tests: add topy to whitelist_externals - tests: expand
fix.feature scenarios - tests: improved reporting and test names - tests: make
spec file Then assert more descriptive - doc: Trailing whitespace cleanup in doc
files - doc: Typo fixes from topy - doc: include feature scenarios in the
documentation - doc: make file naming consistent - doc: remove obsolete building
doc - doc: update README.md with Fedora/EPEL install instructions - doc: update
README.md with current information - doc: update bug tracker information in the
manual
--------------------------------------------------------------------------------
================================================================================
rho-0.0.32-6.el7 (FEDORA-EPEL-2018-81eed61d56)
An SSH system profiler
--------------------------------------------------------------------------------
Update Information:
# Testing Rho To set up Rho, you create profiles that control how to run each
scan. - Authentication profiles contain user credentials for a user with
sufficient authority to complete the scan (for example, a root user or one with
root-level access obtained through -sudo privilege escalation). - Network
profiles contain network identifiers (for example, a hostname, IP address, or
range of IP addresses) and the authentication profiles to be used for a scan.
Complete the following steps, repeating them as necessary to access all parts of
your environment that you want to scan: 1. Create at least one authentication
profile with root-level access to Rho: ``` rho auth add --name auth_name
--username root_name(--sshkeyfile key_file | --password) ``` a. At the Rho
vault password prompt, create a new Rho vault password. This password is
required to access the encrypted Rho data, such as authentication and network
profiles, scan data, and other information. b. If you did not use the
sshkeyfile option to provide an SSH key for the username value, enter the
password of the user with root-level access at the connection password prompt.
For example, for an authentication profile where the authentication profile name
is roothost1, the user with root-level access is root, and the SSH key for the
user is in the path ~/.ssh/id_rsa, you would enter the following command: ```
rho auth add --name roothost1 --username root --sshkeyfile ~/.ssh/id_rsa ``` You
can also use the sudo-password option to create an authentication profile for a
user with root-level access who requires a password to obtain this privilege.
You can use the sudo-password option with either the sshkeyfile or the password
option. For example, for an authentication profile where the authentication
profile name is sudouser1, the user with root-level access is sysadmin, and the
access is obtained through the password option, you would enter the following
command: ``` rho auth add --name sudouser1 --username sysadmin --password
--sudo-password ``` After you enter this command, you are prompted to enter two
passwords. First, you would enter the connection password for the username user,
and then you would enter the password for the sudo command. 2. Create at least
one network profile that specifies one or more network identifiers, such as a
host name, an IP address, a list of IP addresses, or an IP range, and one or
more authentication profiles to be used for the scan: ``` rho profile add --name
profile_name --hosts host_name_or_file --auth auth_name ``` For example, for a
network profile where the name of the network profile is mynetwork, the network
to be scanned is the 192.0.2.0/24 subnet, and the authentication profiles that
are used to run the scan are roothost1 and roothost2, you would enter the
following command: ``` rho profile add --name mynetwork --hosts 192.0.2.[1:254]
--auth roothost1 roothost2 ``` You can also use a file to pass in the network
identifiers. If you use a file to enter multiple network identifiers, such as
multiple individual IP addresses, enter each on a single line. For example, for
a network profile where the path to this file is /home/user1/hosts_file, you
would enter the following command: ``` rho profile add --name mynetwork --hosts
/home/user1/hosts_file --auth roothost1 roothost2 ``` # Running a scan Run the
scan by using the scan command, specifying a network profile for the profile
option and a location to store the output as a file in the comma-separated
variables (CSV) format for the reportfile option: ``` rho scan --profile
profile_name --reportfile filename.csv ``` For example, if you want to use the
network profile mynetwork and save the report as mynetwork_scan1.csv, you would
enter the following command: ``` rho scan --profile mynetwork --reportfile
mynetwork_scan1.csv ```
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1545730 - Stop throwing away changes made in Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=1545730
--------------------------------------------------------------------------------
================================================================================
stlink-1.5.0-1.el7 (FEDORA-EPEL-2018-c9a5bbad05)
STM32 discovery line Linux programmer
--------------------------------------------------------------------------------
Update Information:
Update to 1.5.0.
--------------------------------------------------------------------------------
================================================================================
suricata-4.0.4-1.el7 (FEDORA-EPEL-2018-72e5d3ef89)
Intrusion Detection System
--------------------------------------------------------------------------------
Update Information:
fixes bz#1543250 and bz#1543251
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1543250 - CVE-2018-6794 suricata: HTTP detection bypass in detect.c and stream-tcp.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1543250
[ 2 ] Bug #1543251 - CVE-2018-6794 suricata: HTTP detection bypass in detect.c and stream-tcp.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1543251
--------------------------------------------------------------------------------
================================================================================
vim-fugitive-2.2-8.el7 (FEDORA-EPEL-2018-24d16cfe5d)
A Git wrapper so awesome, it should be illegal
--------------------------------------------------------------------------------
Update Information:
First build of vim-fugitive for EPEL7.
--------------------------------------------------------------------------------
================================================================================
vim-jellybeans-1.6-1.el7 (FEDORA-EPEL-2018-9bc0c7d0f7)
A colorful, dark color scheme for Vim
--------------------------------------------------------------------------------
Update Information:
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1545941 - Review Request: vim-jellybeans - A colorful, dark color scheme for Vim
https://bugzilla.redhat.com/show_bug.cgi?id=1545941
--------------------------------------------------------------------------------
================================================================================
vim-vimoutliner-0.4.0-7.el7 (FEDORA-EPEL-2018-594372cc2e)
Script for building an outline editor on top of Vim
--------------------------------------------------------------------------------
Update Information:
Just rebuild upon clean-up and taking over the maintenance of the package.
--------------------------------------------------------------------------------
================================================================================
vncpwd-0.0-3.20170607git596854c.el7 (FEDORA-EPEL-2018-391af85d0a)
VNC Password Decrypter
--------------------------------------------------------------------------------
Update Information:
New Package - vncpwd The vncpwd decrypts the VNC password.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433657 - Review Request: vncpwd - VNC Password Decrypter
https://bugzilla.redhat.com/show_bug.cgi?id=1433657
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
1074 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
837 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
419 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
316 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7
148 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7
85 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7
49 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8d57a2487b monit-5.25.1-1.el7
35 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65 rootsh-1.5.3-17.el7
21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-24ac4ff7df knot-resolver-1.5.3-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-18ea640f19 tomcat-native-1.2.16-1.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f09712d924 pdns-3.4.11-4.el7
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7134fc92a1 jhead-3.00-7.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-069884a87f p7zip-16.02-10.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-097b4381c7 exim-4.90.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
fedpkg-1.31-5.el7
htop-2.1.0-1.el7
microdns-0.0.8-1.el7
nwipe-0.24-2.el7
pan-0.144-1.el7
perl-Convert-ASCII-Armour-1.4-32.el7
php-justinrainbow-json-schema5-5.2.7-1.el7
python-hexdump-3.4-0.2.20160818hg66325cb5fed8.el7
Details about builds:
================================================================================
fedpkg-1.31-5.el7 (FEDORA-EPEL-2018-f41cd20be2)
Fedora utility for working with dist-git
--------------------------------------------------------------------------------
Update Information:
fix broken syntax in bash completion ---- - Include missing conf file in test
(cqi) - Add more document to request-repo and request-branch (cqi) - Stop
allowing EPEL branches on official EL packages (mprahl) - Port fedrepo-req and
fedrepo-req-branch to fedpkg (mprahl) - Fix test for unsupported Bodhi version
(lsedlar) - Work with Bodhi 3 - rhbz#1507410 (lsedlar) - Allow any parameters in
construct_build_url (cqi) - Fix the anongiturl (patrick)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1544133 - fedpkg update from 1.30-4 to 1.31-1 broke bash completion
https://bugzilla.redhat.com/show_bug.cgi?id=1544133
[ 2 ] Bug #1507410 - fedpkg update fails with: "This system has bodhi v3, which is unsupported"
https://bugzilla.redhat.com/show_bug.cgi?id=1507410
--------------------------------------------------------------------------------
================================================================================
htop-2.1.0-1.el7 (FEDORA-EPEL-2018-e6eca7cd53)
Interactive process viewer
--------------------------------------------------------------------------------
Update Information:
- Update to 2.1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1541785 - Fedora does not install a ".desktop" file for htop.
https://bugzilla.redhat.com/show_bug.cgi?id=1541785
--------------------------------------------------------------------------------
================================================================================
microdns-0.0.8-1.el7 (FEDORA-EPEL-2018-0b2cfbc4a9)
Minimal mDNS resolver and announcer library
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1545347 - Review Request: microdns - Minimal mDNS resolver and announcer library
https://bugzilla.redhat.com/show_bug.cgi?id=1545347
--------------------------------------------------------------------------------
================================================================================
nwipe-0.24-2.el7 (FEDORA-EPEL-2018-0bda25f2be)
Securely erase disks using a variety of recognized methods
--------------------------------------------------------------------------------
Update Information:
bugfix update to upstream release 0.24
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1523430 - nwipe-0.24 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1523430
--------------------------------------------------------------------------------
================================================================================
pan-0.144-1.el7 (FEDORA-EPEL-2018-73bafd172a)
A Usenet newsreader for GNOME/GTK+
--------------------------------------------------------------------------------
Update Information:
Initial packaging for EPEL.
--------------------------------------------------------------------------------
================================================================================
perl-Convert-ASCII-Armour-1.4-32.el7 (FEDORA-EPEL-2018-6369327005)
Convert binary octets into ASCII armoured messages
--------------------------------------------------------------------------------
Update Information:
Add new package to EPEL 7
--------------------------------------------------------------------------------
================================================================================
php-justinrainbow-json-schema5-5.2.7-1.el7 (FEDORA-EPEL-2018-ab8576f358)
A library to validate a json schema
--------------------------------------------------------------------------------
Update Information:
**Version 5.2.7** * 495 Backports from 6.0 * 462 Typo fix * 465
override new phpcs rule (#465) * 466 Use PHPUnit\Framework\TestCase instead
of PHPUnit_Framework_TestCase * 489 Remove unused parameter * 488 Remove
unused private method * 479 No need to specify path to bin directory *
487 Use more appropriate assertions * 486 Remove unused argument from method
call * 485 Case mismatch * 483 Consistently indent with 2 spaces *
481 Add PHP 7.2 to build matrix * 480 No need to update composer itself
* 477 Implicitly enable no_unused_imports fixer * 478 Remove unused argument
* 490 Keep rules sorted in .php_cs.dist * 494 Apply defaults in $ref'ed
property / item definitions
--------------------------------------------------------------------------------
================================================================================
python-hexdump-3.4-0.2.20160818hg66325cb5fed8.el7 (FEDORA-EPEL-2018-eb03b4ac26)
Dump binary data to hex format and restore from there
--------------------------------------------------------------------------------
Update Information:
New package description: Python library to dump binary data to hex format and
restore from there
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1516117 - Review Request: python-hexdump - Dump binary data to hex format and restore from there
https://bugzilla.redhat.com/show_bug.cgi?id=1516117
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
946 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
836 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6
808 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6
419 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6
148 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92 libmspack-0.6-0.1.alpha.el6
67 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e optipng-0.7.6-6.el6
49 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6e4ce19598 monit-5.25.1-1.el6
39 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462 heimdal-7.5.0-1.el6
34 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4 rootsh-1.5.3-17.el6
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fc6e2820ab tomcat-7.0.84-1.el6
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bc1949f307 p7zip-16.02-10.el6
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f742513635 jhead-3.00-9.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
clamav-0.99.3-8.el6
exim-4.90.1-1.el6
fedpkg-1.31-5.el6
Details about builds:
================================================================================
clamav-0.99.3-8.el6 (FEDORA-EPEL-2018-be69c94866)
Anti-virus software
--------------------------------------------------------------------------------
Update Information:
reverting clamav el6 to old state and update to 0.99.3 ---- ClamAV 0.99.3
============= This release is a security release and is recommended for all
ClamAV users. Please see details below: 1. ClamAV UAF (use-after-free)
Vulnerabilities (CVE-2017-12374)
--------------------------------------------------------------- The ClamAV
AntiVirus software versions 0.99.2 and prior contain a vulnerability that could
allow an unauthenticated, remote attacker to cause a denial of service (DoS)
condition on an affected device. The vulnerability is due to a lack of input
validation checking mechanisms during certain mail parsing operations. If
successfully exploited, the ClamAV software could allow a variable pointing to
the mail body which could cause a used after being free (use-after-free)
instance which may lead to a disruption of services on an affected device to
include a denial of service condition. *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H *
https://bugzilla.clamav.net/show_bug.cgi?id=11939 2. ClamAV Buffer Overflow
Vulnerability (CVE-2017-12375)
-------------------------------------------------------- The ClamAV AntiVirus
software versions 0.99.2 and prior contain a vulnerability that could allow an
unauthenticated, remote attacker to cause a denial of service (DoS) condition on
an affected device. The vulnerability is due to a lack of input validation
checking mechanisms during certain mail parsing functions. An unauthenticated,
remote attacker could exploit this vulnerability by sending a crafted email to
the affected device. This action could cause a buffer overflow condition when
ClamAV scans the malicious email, allowing the attacker to potentially cause a
DoS condition on an affected device. *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L *
https://bugzilla.clamav.net/show_bug.cgi?id=11940 3. ClamAV Buffer Overflow in
handle_pdfname Vulnerability (CVE-2017-12376)
--------------------------------------------------------------------------
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that
could allow an unauthenticated, remote attacker to cause a denial of service
(DoS) condition or potentially execute arbitrary code on an affected device.
The vulnerability is due to improper input validation checking mechanisms when
handling Portable Document Format (.pdf) files sent to an affected device. An
unauthenticated, remote attacker could exploit this vulnerability by sending a
crafted .pdf file to an affected device. This action could cause a buffer
overflow when ClamAV scans the malicious file, allowing the attacker to cause a
DoS condition or potentially execute arbitrary code. *
https://bugzilla.clamav.net/show_bug.cgi?id=11942 *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 4. ClamAV Mew Packet Heap
Overflow Vulnerability (CVE-2017-12377)
----------------------------------------------------------------- ClamAV
AntiVirus software versions 0.99.2 and prior contain a vulnerability that could
allow an unauthenticated, remote attacker to cause a denial of service (DoS)
condition or potentially execute arbitrary code on an affected device. The
vulnerability is due to improper input validation checking mechanisms in mew
packet files sent to an affected device. A successful exploit could cause a heap
overflow condition when ClamAV scans the malicious file, allowing the attacker
to cause a DoS condition or potentially execute arbitrary code on the affected
device. * https://bugzilla.clamav.net/show_bug.cgi?id=11943 *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L 5. ClamAV Buffer Over Read
Vulnerability (CVE-2017-12378)
--------------------------------------------------------- ClamAV AntiVirus
software versions 0.99.2 and prior contain a vulnerability that could allow an
unauthenticated, remote attacker to cause a denial of service (DoS) condition on
an affected device. The vulnerability is due to improper input validation
checking mechanisms of .tar (Tape Archive) files sent to an affected device. A
successful exploit could cause a buffer over-read condition when ClamAV scans
the malicious .tar file, potentially allowing the attacker to cause a DoS
condition on the affected device. *
https://bugzilla.clamav.net/show_bug.cgi?id=11946 *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L 6. ClamAV Buffer Overflow in
messageAddArgument Vulnerability (CVE-2017-12379)
------------------------------------------------------------------------------
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that
could allow an unauthenticated, remote attacker to cause a denial of service
(DoS) condition or potentially execute arbitrary code on an affected device.
The vulnerability is due to improper input validation checking mechanisms in the
message parsing function on an affected system. An unauthenticated, remote
attacker could exploit this vulnerability by sending a crafted email to the
affected device. This action could cause a buffer overflow condition when ClamAV
scans the malicious email, allowing the attacker to potentially cause a DoS
condition or execute arbitrary code on an affected device. *
https://bugzilla.clamav.net/show_bug.cgi?id=11944 *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L 7. ClamAV Null Dereference
Vulnerability (CVE-2017-12380)
--------------------------------------------------------- ClamAV AntiVirus
software versions 0.99.2 and prior contain a vulnerability that could allow an
unauthenticated, remote attacker to cause a denial of service (DoS) condition on
an affected device. The vulnerability is due to improper input validation
checking mechanisms during certain mail parsing functions of the ClamAV
software. An unauthenticated, remote attacker could exploit this vulnerability
by sending a crafted email to the affected device. An exploit could trigger a
NULL pointer dereference condition when ClamAV scans the malicious email, which
may result in a DoS condition. *
https://bugzilla.clamav.net/show_bug.cgi?id=11945 *
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Further fixes/changes
--------------------- Also included are 2 minor fixes to properly detect
openssl install locations on FreeBSD 11, and prevent false warnings about zlib
1.2.1# version numbers.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1483910 - CVE-2017-6420 clamav: use-after-free in wwunpack function
https://bugzilla.redhat.com/show_bug.cgi?id=1483910
[ 2 ] Bug #1483909 - CVE-2017-6419 libmspack, clamav: heap-based buffer overflow in mspack/lzxd.c
https://bugzilla.redhat.com/show_bug.cgi?id=1483909
[ 3 ] Bug #1483908 - CVE-2017-6418 clamav: out-of-bounds read in libclamav/message.c
https://bugzilla.redhat.com/show_bug.cgi?id=1483908
[ 4 ] Bug #1539863 - CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 clamav: Multiple vulnerabilities fixed in 0.99.3
https://bugzilla.redhat.com/show_bug.cgi?id=1539863
--------------------------------------------------------------------------------
================================================================================
exim-4.90.1-1.el6 (FEDORA-EPEL-2018-d04c4b7f23)
The exim mail transfer agent
--------------------------------------------------------------------------------
Update Information:
This is new version fixing CVE-2018-6789.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1543268 - CVE-2018-6789 exim: buffer overflow in b64decode() function, possibly leading to remote code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1543268
--------------------------------------------------------------------------------
================================================================================
fedpkg-1.31-5.el6 (FEDORA-EPEL-2018-d3d5bf1124)
Fedora utility for working with dist-git
--------------------------------------------------------------------------------
Update Information:
fix broken syntax in bash completion ---- - Include missing conf file in test
(cqi) - Add more document to request-repo and request-branch (cqi) - Stop
allowing EPEL branches on official EL packages (mprahl) - Port fedrepo-req and
fedrepo-req-branch to fedpkg (mprahl) - Fix test for unsupported Bodhi version
(lsedlar) - Work with Bodhi 3 - rhbz#1507410 (lsedlar) - Allow any parameters in
construct_build_url (cqi) - Fix the anongiturl (patrick)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1544133 - fedpkg update from 1.30-4 to 1.31-1 broke bash completion
https://bugzilla.redhat.com/show_bug.cgi?id=1544133
[ 2 ] Bug #1507410 - fedpkg update fails with: "This system has bodhi v3, which is unsupported"
https://bugzilla.redhat.com/show_bug.cgi?id=1507410
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
946 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
836 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6
807 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6
418 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6
147 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92 libmspack-0.6-0.1.alpha.el6
66 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e optipng-0.7.6-6.el6
48 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6e4ce19598 monit-5.25.1-1.el6
38 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462 heimdal-7.5.0-1.el6
33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4 rootsh-1.5.3-17.el6
16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-369a48191f clamav-0.99.3-1.el6
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fc6e2820ab tomcat-7.0.84-1.el6
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bc1949f307 p7zip-16.02-10.el6
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f742513635 jhead-3.00-9.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
is-interface-1.15.0-1.el6
python-regex-2018.02.08-1.el6
rho-0.0.32-1.el6
Details about builds:
================================================================================
is-interface-1.15.0-1.el6 (FEDORA-EPEL-2018-91a43d9dc7)
Information service library for the lcg bdii system
--------------------------------------------------------------------------------
Update Information:
Fix requires for -devel package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1545190 - is-interface is using arch-dependent BuildRequires
https://bugzilla.redhat.com/show_bug.cgi?id=1545190
--------------------------------------------------------------------------------
================================================================================
python-regex-2018.02.08-1.el6 (FEDORA-EPEL-2018-a832561459)
Alternative regular expression module, to replace re
--------------------------------------------------------------------------------
Update Information:
Update to the latest released version. ---- Update to the latest released
version.
--------------------------------------------------------------------------------
================================================================================
rho-0.0.32-1.el6 (FEDORA-EPEL-2018-c93f12eaa7)
An SSH system profiler
--------------------------------------------------------------------------------
Update Information:
# Testing Rho To set up Rho, you create profiles that control how to run each
scan. - Authentication profiles contain user credentials for a user with
sufficient authority to complete the scan (for example, a root user or one with
root-level access obtained through -sudo privilege escalation). - Network
profiles contain network identifiers (for example, a hostname, IP address, or
range of IP addresses) and the authentication profiles to be used for a scan.
Complete the following steps, repeating them as necessary to access all parts of
your environment that you want to scan: 1. Create at least one authentication
profile with root-level access to Rho: ``` rho auth add --name auth_name
--username root_name(--sshkeyfile key_file | --password) ``` a. At the Rho
vault password prompt, create a new Rho vault password. This password is
required to access the encrypted Rho data, such as authentication and network
profiles, scan data, and other information. b. If you did not use the
sshkeyfile option to provide an SSH key for the username value, enter the
password of the user with root-level access at the connection password prompt.
For example, for an authentication profile where the authentication profile name
is roothost1, the user with root-level access is root, and the SSH key for the
user is in the path ~/.ssh/id_rsa, you would enter the following command: ```
rho auth add --name roothost1 --username root --sshkeyfile ~/.ssh/id_rsa ``` You
can also use the sudo-password option to create an authentication profile for a
user with root-level access who requires a password to obtain this privilege.
You can use the sudo-password option with either the sshkeyfile or the password
option. For example, for an authentication profile where the authentication
profile name is sudouser1, the user with root-level access is sysadmin, and the
access is obtained through the password option, you would enter the following
command: ``` rho auth add --name sudouser1 --username sysadmin --password
--sudo-password ``` After you enter this command, you are prompted to enter two
passwords. First, you would enter the connection password for the username user,
and then you would enter the password for the sudo command. 2. Create at least
one network profile that specifies one or more network identifiers, such as a
host name, an IP address, a list of IP addresses, or an IP range, and one or
more authentication profiles to be used for the scan: ``` rho profile add --name
profile_name --hosts host_name_or_file --auth auth_name ``` For example, for a
network profile where the name of the network profile is mynetwork, the network
to be scanned is the 192.0.2.0/24 subnet, and the authentication profiles that
are used to run the scan are roothost1 and roothost2, you would enter the
following command: ``` rho profile add --name mynetwork --hosts 192.0.2.[1:254]
--auth roothost1 roothost2 ``` You can also use a file to pass in the network
identifiers. If you use a file to enter multiple network identifiers, such as
multiple individual IP addresses, enter each on a single line. For example, for
a network profile where the path to this file is /home/user1/hosts_file, you
would enter the following command: ``` rho profile add --name mynetwork --hosts
/home/user1/hosts_file --auth roothost1 roothost2 ``` # Running a scan Run the
scan by using the scan command, specifying a network profile for the profile
option and a location to store the output as a file in the comma-separated
variables (CSV) format for the reportfile option: ``` rho scan --profile
profile_name --reportfile filename.csv ``` For example, if you want to use the
network profile mynetwork and save the report as mynetwork_scan1.csv, you would
enter the following command: ``` rho scan --profile mynetwork --reportfile
mynetwork_scan1.csv ```
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
1073 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
836 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
418 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
315 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7
147 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7
84 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7
48 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8d57a2487b monit-5.25.1-1.el7
34 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65 rootsh-1.5.3-17.el7
20 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-24ac4ff7df knot-resolver-1.5.3-1.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-18ea640f19 tomcat-native-1.2.16-1.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f09712d924 pdns-3.4.11-4.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7134fc92a1 jhead-3.00-7.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-069884a87f p7zip-16.02-10.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
bluez-tools-0.2.0-0.7.git20170912.7cb788c.el7
exim-4.90.1-1.el7
perl-Net-SSH-0.09-26.el7
perl-Term-ReadPassword-0.11-27.el7
pwkickstart-1.0.2-1.el7
python-execnet-1.2.0-5.el7
python-pytest-xdist-1.17.1-2.el7
python-regex-2018.02.08-1.el7
rho-0.0.32-1.el7
standard-test-roles-2.8-1.el7
Details about builds:
================================================================================
bluez-tools-0.2.0-0.7.git20170912.7cb788c.el7 (FEDORA-EPEL-2018-36e3e1fcc2)
A set of tools to manage Bluetooth devices for Linux
--------------------------------------------------------------------------------
Update Information:
- New snapshot
--------------------------------------------------------------------------------
================================================================================
exim-4.90.1-1.el7 (FEDORA-EPEL-2018-097b4381c7)
The exim mail transfer agent
--------------------------------------------------------------------------------
Update Information:
This is new version fixing CVE-2018-6789.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1543268 - CVE-2018-6789 exim: Buffer overflow in utility function, when pre-conditions are met, can lead to remote code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1543268
--------------------------------------------------------------------------------
================================================================================
perl-Net-SSH-0.09-26.el7 (FEDORA-EPEL-2018-e3d95da142)
Perl extension for secure shell
--------------------------------------------------------------------------------
Update Information:
Add new package to EPEL 7
--------------------------------------------------------------------------------
================================================================================
perl-Term-ReadPassword-0.11-27.el7 (FEDORA-EPEL-2018-de208fcb1d)
Asking the user for a password
--------------------------------------------------------------------------------
Update Information:
Add new package to EPEL 7
--------------------------------------------------------------------------------
================================================================================
pwkickstart-1.0.2-1.el7 (FEDORA-EPEL-2018-0b09e66084)
Helps to generate kickstart passwords
--------------------------------------------------------------------------------
Update Information:
Initial version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1543813 - Review Request: pwkickstart - generate kickstart passwords
https://bugzilla.redhat.com/show_bug.cgi?id=1543813
--------------------------------------------------------------------------------
================================================================================
python-execnet-1.2.0-5.el7 (FEDORA-EPEL-2018-5d7309bdb9)
Elastic Python Deployment
--------------------------------------------------------------------------------
Update Information:
Enable python3 build on EPEL7.
--------------------------------------------------------------------------------
================================================================================
python-pytest-xdist-1.17.1-2.el7 (FEDORA-EPEL-2018-59c93d3504)
py.test plugin for distributed testing and loop-on-failing modes
--------------------------------------------------------------------------------
Update Information:
Build for EPEL7 (#1542647)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1542647 - Please include pytest-xdist in EPEL.
https://bugzilla.redhat.com/show_bug.cgi?id=1542647
--------------------------------------------------------------------------------
================================================================================
python-regex-2018.02.08-1.el7 (FEDORA-EPEL-2018-bceb19dc68)
Alternative regular expression module, to replace re
--------------------------------------------------------------------------------
Update Information:
Update to the latest released version. ---- Update to the latest released
version.
--------------------------------------------------------------------------------
================================================================================
rho-0.0.32-1.el7 (FEDORA-EPEL-2018-af22b2af39)
An SSH system profiler
--------------------------------------------------------------------------------
Update Information:
# Testing Rho To set up Rho, you create profiles that control how to run each
scan. - Authentication profiles contain user credentials for a user with
sufficient authority to complete the scan (for example, a root user or one with
root-level access obtained through -sudo privilege escalation). - Network
profiles contain network identifiers (for example, a hostname, IP address, or
range of IP addresses) and the authentication profiles to be used for a scan.
Complete the following steps, repeating them as necessary to access all parts of
your environment that you want to scan: 1. Create at least one authentication
profile with root-level access to Rho: ``` rho auth add --name auth_name
--username root_name(--sshkeyfile key_file | --password) ``` a. At the Rho
vault password prompt, create a new Rho vault password. This password is
required to access the encrypted Rho data, such as authentication and network
profiles, scan data, and other information. b. If you did not use the
sshkeyfile option to provide an SSH key for the username value, enter the
password of the user with root-level access at the connection password prompt.
For example, for an authentication profile where the authentication profile name
is roothost1, the user with root-level access is root, and the SSH key for the
user is in the path ~/.ssh/id_rsa, you would enter the following command: ```
rho auth add --name roothost1 --username root --sshkeyfile ~/.ssh/id_rsa ``` You
can also use the sudo-password option to create an authentication profile for a
user with root-level access who requires a password to obtain this privilege.
You can use the sudo-password option with either the sshkeyfile or the password
option. For example, for an authentication profile where the authentication
profile name is sudouser1, the user with root-level access is sysadmin, and the
access is obtained through the password option, you would enter the following
command: ``` rho auth add --name sudouser1 --username sysadmin --password
--sudo-password ``` After you enter this command, you are prompted to enter two
passwords. First, you would enter the connection password for the username user,
and then you would enter the password for the sudo command. 2. Create at least
one network profile that specifies one or more network identifiers, such as a
host name, an IP address, a list of IP addresses, or an IP range, and one or
more authentication profiles to be used for the scan: ``` rho profile add --name
profile_name --hosts host_name_or_file --auth auth_name ``` For example, for a
network profile where the name of the network profile is mynetwork, the network
to be scanned is the 192.0.2.0/24 subnet, and the authentication profiles that
are used to run the scan are roothost1 and roothost2, you would enter the
following command: ``` rho profile add --name mynetwork --hosts 192.0.2.[1:254]
--auth roothost1 roothost2 ``` You can also use a file to pass in the network
identifiers. If you use a file to enter multiple network identifiers, such as
multiple individual IP addresses, enter each on a single line. For example, for
a network profile where the path to this file is /home/user1/hosts_file, you
would enter the following command: ``` rho profile add --name mynetwork --hosts
/home/user1/hosts_file --auth roothost1 roothost2 ``` # Running a scan Run the
scan by using the scan command, specifying a network profile for the profile
option and a location to store the output as a file in the comma-separated
variables (CSV) format for the reportfile option: ``` rho scan --profile
profile_name --reportfile filename.csv ``` For example, if you want to use the
network profile mynetwork and save the report as mynetwork_scan1.csv, you would
enter the following command: ``` rho scan --profile mynetwork --reportfile
mynetwork_scan1.csv ```
--------------------------------------------------------------------------------
================================================================================
standard-test-roles-2.8-1.el7 (FEDORA-EPEL-2018-5782a128bd)
Standard Test Interface Ansible roles
--------------------------------------------------------------------------------
Update Information:
Update to 2.8 ---- Update to 2.7 ---- Build with the latest merged PRs.
--------------------------------------------------------------------------------
Dear all,
You are kindly invited to the meeting:
EPEL Steering Committee on 2018-02-14 from 18:00:00 to 19:00:00 GMT
At fedora-meeting(a)irc.freenode.net
The meeting will be about:
The EPEL Steering Committee will have a weekly meeting to cover current tasks and problems needed to keep EPEL going.
Source: https://apps.fedoraproject.org/calendar/meeting/8724/
The initial set of stub python2-* packages I created have now made their
way to EPEL6 and EPEL7 stable, so packages can now depend on
python2-setuptools, python2-six, python2-pytest and python2-sphinx
in all releases without having to add conditionals for EPEL.
Feel free to suggest additional packages; I will be happy to create
them.
See https://fedoraproject.org/wiki/User:Tibbs/EPELPythonStubPackages for
more information.
- J<
The following Fedora EPEL 7 Security updates need testing:
Age URL
1068 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
831 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
413 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
310 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7
142 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7
79 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7
43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8d57a2487b monit-5.25.1-1.el7
29 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65 rootsh-1.5.3-17.el7
15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-24ac4ff7df knot-resolver-1.5.3-1.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fb68becde7 w3m-0.5.3-36.git20180125.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-18ea640f19 tomcat-native-1.2.16-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f09712d924 pdns-3.4.11-4.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7134fc92a1 jhead-3.00-7.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-069884a87f p7zip-16.02-10.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
bouncycastle-1.58-1.el7
canl-java-2.5.0-1.el7
pdc-updater-0.7.1-1.el7
python-parsedatetime-2.4-5.el7
python-requests-file-1.4.3-3.el7
python-resultsdb_api-2.0.0-9.el7
tint2-16.2-2.el7
voms-api-java-3.3.0-1.el7
voms-clients-java-3.3.0-1.el7
Details about builds:
================================================================================
bouncycastle-1.58-1.el7 (FEDORA-EPEL-2018-50d69f64bd)
Bouncy Castle Cryptography APIs for Java
--------------------------------------------------------------------------------
Update Information:
Update bouncycastle - all subpackages now built from the same source package.
Some are new in EPEL 7. Update canl-java to latest version.
--------------------------------------------------------------------------------
================================================================================
canl-java-2.5.0-1.el7 (FEDORA-EPEL-2018-50d69f64bd)
EMI Common Authentication library - bindings for Java
--------------------------------------------------------------------------------
Update Information:
Update bouncycastle - all subpackages now built from the same source package.
Some are new in EPEL 7. Update canl-java to latest version.
--------------------------------------------------------------------------------
================================================================================
pdc-updater-0.7.1-1.el7 (FEDORA-EPEL-2018-6b19b02c74)
Update the product definition center in response to fedmsg
--------------------------------------------------------------------------------
Update Information:
Latest upstream. /cc @mprahl
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1501369 - pdc-updater-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1501369
--------------------------------------------------------------------------------
================================================================================
python-parsedatetime-2.4-5.el7 (FEDORA-EPEL-2018-aca6d25917)
Parse human-readable date/time strings in Python
--------------------------------------------------------------------------------
Update Information:
Add missing python-future dependency
--------------------------------------------------------------------------------
================================================================================
python-requests-file-1.4.3-3.el7 (FEDORA-EPEL-2018-238781ae89)
Transport adapter for using file:// URLs with python-requests
--------------------------------------------------------------------------------
Update Information:
Package for EPEL7
--------------------------------------------------------------------------------
================================================================================
python-resultsdb_api-2.0.0-9.el7 (FEDORA-EPEL-2018-d20fad7b78)
Interface api to ResultsDB
--------------------------------------------------------------------------------
Update Information:
Python 2 binary package renamed to python2-resultsdb_api
--------------------------------------------------------------------------------
================================================================================
tint2-16.2-2.el7 (FEDORA-EPEL-2018-cd35ee3419)
A lightweight X11 desktop panel and task manager
--------------------------------------------------------------------------------
Update Information:
Update to 16.2
--------------------------------------------------------------------------------
================================================================================
voms-api-java-3.3.0-1.el7 (FEDORA-EPEL-2018-50d69f64bd)
Virtual Organization Membership Service Java API
--------------------------------------------------------------------------------
Update Information:
Update bouncycastle - all subpackages now built from the same source package.
Some are new in EPEL 7. Update canl-java to latest version.
--------------------------------------------------------------------------------
================================================================================
voms-clients-java-3.3.0-1.el7 (FEDORA-EPEL-2018-50d69f64bd)
Virtual Organization Membership Service Java clients
--------------------------------------------------------------------------------
Update Information:
Update bouncycastle - all subpackages now built from the same source package.
Some are new in EPEL 7. Update canl-java to latest version.
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
941 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
831 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6
802 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6
413 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6
142 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92 libmspack-0.6-0.1.alpha.el6
61 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e optipng-0.7.6-6.el6
43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6e4ce19598 monit-5.25.1-1.el6
33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462 heimdal-7.5.0-1.el6
28 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4 rootsh-1.5.3-17.el6
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-369a48191f clamav-0.99.3-1.el6
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fc6e2820ab tomcat-7.0.84-1.el6
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bc1949f307 p7zip-16.02-10.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ansible-lint-3.4.19-1.el6
bouncycastle1.58-1.58-1.el6
canl-java-2.5.0-2.el6
jglobus-2.1.0-5.el6
voms-api-java-3.3.0-1.el6
voms-clients-java-3.3.0-1.el6
Details about builds:
================================================================================
ansible-lint-3.4.19-1.el6 (FEDORA-EPEL-2018-7924d05c6f)
Best practices checker for Ansible
--------------------------------------------------------------------------------
Update Information:
Update to 3.4.19 (rh#1543005)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1543005 - Python SyntaxError: invalid syntax
https://bugzilla.redhat.com/show_bug.cgi?id=1543005
--------------------------------------------------------------------------------
================================================================================
bouncycastle1.58-1.58-1.el6 (FEDORA-EPEL-2018-71db8f6f28)
Bouncy Castle Cryptography APIs for Java
--------------------------------------------------------------------------------
Update Information:
This update provides a parallel installable bouncycastle1.58 package. Like the
Fedora bouncycastle package. this package provides all bouncycastle subpackages
built from the same source package. Some of them were previously not available
in EPEL 6. The update also updates some packages to build against this new
bouncycastle version, and adds canl-java and voms-clients-java to EPEL 6 which
were previously not buildable due to missing dependencies.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1233527 - bouncycastle-mail in EPEL 6
https://bugzilla.redhat.com/show_bug.cgi?id=1233527
[ 2 ] Bug #1539134 - Review Request: bouncycastle1.58 - Bouncy Castle Cryptography APIs for Java
https://bugzilla.redhat.com/show_bug.cgi?id=1539134
--------------------------------------------------------------------------------
================================================================================
canl-java-2.5.0-2.el6 (FEDORA-EPEL-2018-71db8f6f28)
EMI Common Authentication library - bindings for Java
--------------------------------------------------------------------------------
Update Information:
This update provides a parallel installable bouncycastle1.58 package. Like the
Fedora bouncycastle package. this package provides all bouncycastle subpackages
built from the same source package. Some of them were previously not available
in EPEL 6. The update also updates some packages to build against this new
bouncycastle version, and adds canl-java and voms-clients-java to EPEL 6 which
were previously not buildable due to missing dependencies.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1233527 - bouncycastle-mail in EPEL 6
https://bugzilla.redhat.com/show_bug.cgi?id=1233527
[ 2 ] Bug #1539134 - Review Request: bouncycastle1.58 - Bouncy Castle Cryptography APIs for Java
https://bugzilla.redhat.com/show_bug.cgi?id=1539134
--------------------------------------------------------------------------------
================================================================================
jglobus-2.1.0-5.el6 (FEDORA-EPEL-2018-71db8f6f28)
Globus Java client libraries
--------------------------------------------------------------------------------
Update Information:
This update provides a parallel installable bouncycastle1.58 package. Like the
Fedora bouncycastle package. this package provides all bouncycastle subpackages
built from the same source package. Some of them were previously not available
in EPEL 6. The update also updates some packages to build against this new
bouncycastle version, and adds canl-java and voms-clients-java to EPEL 6 which
were previously not buildable due to missing dependencies.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1233527 - bouncycastle-mail in EPEL 6
https://bugzilla.redhat.com/show_bug.cgi?id=1233527
[ 2 ] Bug #1539134 - Review Request: bouncycastle1.58 - Bouncy Castle Cryptography APIs for Java
https://bugzilla.redhat.com/show_bug.cgi?id=1539134
--------------------------------------------------------------------------------
================================================================================
voms-api-java-3.3.0-1.el6 (FEDORA-EPEL-2018-71db8f6f28)
Virtual Organization Membership Service Java API
--------------------------------------------------------------------------------
Update Information:
This update provides a parallel installable bouncycastle1.58 package. Like the
Fedora bouncycastle package. this package provides all bouncycastle subpackages
built from the same source package. Some of them were previously not available
in EPEL 6. The update also updates some packages to build against this new
bouncycastle version, and adds canl-java and voms-clients-java to EPEL 6 which
were previously not buildable due to missing dependencies.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1233527 - bouncycastle-mail in EPEL 6
https://bugzilla.redhat.com/show_bug.cgi?id=1233527
[ 2 ] Bug #1539134 - Review Request: bouncycastle1.58 - Bouncy Castle Cryptography APIs for Java
https://bugzilla.redhat.com/show_bug.cgi?id=1539134
--------------------------------------------------------------------------------
================================================================================
voms-clients-java-3.3.0-1.el6 (FEDORA-EPEL-2018-71db8f6f28)
Virtual Organization Membership Service Java clients
--------------------------------------------------------------------------------
Update Information:
This update provides a parallel installable bouncycastle1.58 package. Like the
Fedora bouncycastle package. this package provides all bouncycastle subpackages
built from the same source package. Some of them were previously not available
in EPEL 6. The update also updates some packages to build against this new
bouncycastle version, and adds canl-java and voms-clients-java to EPEL 6 which
were previously not buildable due to missing dependencies.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1233527 - bouncycastle-mail in EPEL 6
https://bugzilla.redhat.com/show_bug.cgi?id=1233527
[ 2 ] Bug #1539134 - Review Request: bouncycastle1.58 - Bouncy Castle Cryptography APIs for Java
https://bugzilla.redhat.com/show_bug.cgi?id=1539134
--------------------------------------------------------------------------------