The following Fedora EPEL 7 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-ce8d5824ad halibut-1.3-3.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-aaaeae50ce rubygem-jmespath-1.3.1-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-0286a0e93a python-bottle-0.12.21-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
knot-resolver-5.5.1-1.el7 oniguruma-6.8.2-2.el7 openbgpd-7.4-1.el7
Details about builds:
================================================================================ knot-resolver-5.5.1-1.el7 (FEDORA-EPEL-2022-d01e9003db) Caching full DNS Resolver -------------------------------------------------------------------------------- Update Information:
update to latest upstream version 5.5.1 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 14 2022 Jakub Ru��i��ka jakub.ruzicka@nic.cz - 5.5.1-1 - update to upstream version 5.5.1 --------------------------------------------------------------------------------
================================================================================ oniguruma-6.8.2-2.el7 (FEDORA-EPEL-2022-a9236c0113) Regular expressions library -------------------------------------------------------------------------------- Update Information:
Backport fix for CVE-2019-13225 from RHEL8. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 14 2022 Carl George carl@george.computer - 6.8.2-2 - Backport fix for CVE-2019-13225 from RHEL8, resolves: rhbz#1728967 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1728967 - CVE-2019-13225 oniguruma: null-pointer dereference in match_at() in regexec.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1728967 --------------------------------------------------------------------------------
================================================================================ openbgpd-7.4-1.el7 (FEDORA-EPEL-2022-c7652251bd) OpenBGPD Routing Daemon -------------------------------------------------------------------------------- Update Information:
# OpenBGPD 7.4 This release includes the following changes to the previous release: * Implement max-communities filter to limit the number of allowed communities, ext-communities and large-communities. * Fix TCP-MD5 support on Linux systems. The TCP-MD5 keys were not correctly loaded on the listening sockets, which allowed unprotected connections in. * Fix insertion of additional non-transitive extended communities when sending out prefixes. * Relax IP address limitation by allowing prefixes in 240/4. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 14 2022 Robert Scheck robert@fedoraproject.org 7.4-1 - Upgrade to 7.4 (#2096896) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2096896 - openbgpd-7.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2096896 --------------------------------------------------------------------------------