The following Fedora EPEL 6 Security updates need testing: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-972f57ea6d drupal7-7.72-1.el6 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b425525e83 mbedtls-2.7.17-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
aha-0.5.1-1.el6 amavisd-milter-1.7.1-1.el6 golang-1.15.2-1.el6 proftpd-1.3.3g-15.el6
Details about builds:
================================================================================ aha-0.5.1-1.el6 (FEDORA-EPEL-2020-0271d6f7f6) Convert terminal output to HTML -------------------------------------------------------------------------------- Update Information:
Update to latest upstream release (v0.5.1) -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 14 2020 Artur Frenszek-Iwicki fedora@svgames.pl - 0.5.1-1 - Update to latest upstream release --------------------------------------------------------------------------------
================================================================================ amavisd-milter-1.7.1-1.el6 (FEDORA-EPEL-2020-8ac4c5df36) Sendmail milter for amavisd-new using the AM.PDP protocol -------------------------------------------------------------------------------- Update Information:
# amavisd-milter ## Bug and compatibility fixes - An empty sender must always be enclosed in angle brackets -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 14 2020 Robert Scheck robert@fedoraproject.org 1.7.1-1 - Upgrade to 1.7.1 (#1878910) * Mon Jul 27 2020 Fedora Release Engineering releng@fedoraproject.org - 1.7.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1878910 - amavisd-milter-1.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1878910 --------------------------------------------------------------------------------
================================================================================ golang-1.15.2-1.el6 (FEDORA-EPEL-2020-54aaef4451) The Go Programming Language -------------------------------------------------------------------------------- Update Information:
* Rebase to go1.15.2 * Security fix for CVE-2020-24553 -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 10 2020 Jakub ��ajka jcajka@redhat.com - 1.15.2-1 - Rebase to go1.15.2 - Security fix for CVE-2020-24553 - Resolves: BZ#1874859 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS https://bugzilla.redhat.com/show_bug.cgi?id=1874857 --------------------------------------------------------------------------------
================================================================================ proftpd-1.3.3g-15.el6 (FEDORA-EPEL-2020-83b080a694) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information:
This update fixes a NULL pointer dereference in SCP options processing. An authenticated remote attacker could issue invalid SCP commands, possibly resulting in a Denial of Service condition. Note: the sftp/scp server is not enabled by the default configuration. -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 14 2020 Paul Howarth paul@city-fan.org - 1.3.3g-15 - Fix null pointer dereference for invalid SCP command by passing the correct argument count to getopt(3) https://github.com/proftpd/proftpd/issues/1043 https://github.com/proftpd/proftpd/pull/1044 https://bugzilla.redhat.com/show_bug.cgi?id=1878869 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1878869 - proftpd: NULL pointer dereference via invalid SCP command leads to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1878869 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org