The following Fedora EPEL 5 Security updates need testing: Age URL 751 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5 394 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516 mcollective-2.8.4-1.el5 366 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6 thttpd-2.25b-24.el5 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6cd7f05048 drupal7-7.52-1.el5 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e172bd9393 phpMyAdmin4-4.0.10.18-1.el5 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d99f990696 php-php-gettext-1.0.12-1.el5 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-88041bbead php53-php-gettext-1.0.12-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
lrzip-0.616-5.el5 mimedefang-2.79-1.el5 pam_mapi-0.3.0-1.el5 php-php-gettext-1.0.12-1.el5 php53-php-gettext-1.0.12-1.el5 phpMyAdmin4-4.0.10.18-1.el5 zarafa-7.1.14-3.el5
Details about builds:
================================================================================ lrzip-0.616-5.el5 (FEDORA-EPEL-2016-e327d033b8) Compression program optimized for large files -------------------------------------------------------------------------------- Update Information:
lrzip 0.616 =========== * Making things more homogeneous in checks, some space removed * Simplifying and refactoring logic, alignment edits, empty semantic rewire * Target directories must always exist and -f should not create them * Deferring output directory after -f check has taken place * Preserve extraction semantics without resorting to tar stripping * Making sure last forward slash is removed from input path * Removing pointless forced overwrite point check lrzip 0.615 =========== * Adjusting -O flag semantics, options help update * Making -O flag operative for lrztar, whitespace path fix, lrzuntar fix, other minor * Further tighten up ram restrictions with stdin/stdout to prevent running out of memory with all the buffers involved * Massive files fail with -U due to trying to allocate the whole lot in ram while doing checksums. Do it piecemeal to avoid the problem. Patch and debugging courtesy of Adam Tk���� * We have to run through the clear buffer function even for empty buffers or corrupt archives with empty match streams * MD5 code uses little endian so remove arbitrary SWAP macro and explicitly use htole32 * Rewrite the magic if we receive lzma properties and have not yet written them yet during stdout operation * Set the control lzma properties only once * Add a control lock mutex for protecting certain control variables * Fix stdin fake mremap creating null bytes on osx, patch courtesy of John Boyle * Cache frequently used indirectly referenced variables in the sliding mmap code * Micro-optimise sliding_get_sb_range * A fix for a bug where large files containing the same non-zero bytes which requires a sliding window, courtesy of Serge Belyshev * Put vchar should take a 64 bit integer and is used from more than one call site so uninline it * Microoptimise in hash_search * Inline rzip functions used from only one caller * Check for successful calloc of hash table only after performing it * stdin_eof is just a bool * hash_bits can only be up to 64 so use a char type * Check endianness of build with autotools to enable md5 support on more platforms -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1154614 - Please update lrzip to 0.616 (current 0.614 fails to compress large files with -U) https://bugzilla.redhat.com/show_bug.cgi?id=1154614 --------------------------------------------------------------------------------
================================================================================ mimedefang-2.79-1.el5 (FEDORA-EPEL-2016-0829fb3f3a) E-Mail filtering framework using Sendmail's Milter interface -------------------------------------------------------------------------------- Update Information:
MIMEDefang 2.79 =============== * Add the --data-dump option to scripts /mimedefang-util * Improve Postfix compatibility by trying to get QueueID after first RCPT command, and if not found, at the EOH milter phase * Make mimedefang-multiplexor exit with a successful return code upon receipt of SIGTERM * Use 64-bit variables where supported for some statstics counters that could overflow with only 32-bit variables, yielding incorrect statistics * Fix configure.in to correctly detect that an embedded Perl interpreter can be destroyed/recreated on systems that need the -pthread GCC flag -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1380052 - mimedefang-2.79 is available https://bugzilla.redhat.com/show_bug.cgi?id=1380052 --------------------------------------------------------------------------------
================================================================================ pam_mapi-0.3.0-1.el5 (FEDORA-EPEL-2016-a5fc837c8b) PAM module for authentication via MAPI against a Zarafa server -------------------------------------------------------------------------------- Update Information:
Update to pam_mapi 0.3.0 --------------------------------------------------------------------------------
================================================================================ php-php-gettext-1.0.12-1.el5 (FEDORA-EPEL-2016-d99f990696) Gettext emulation in PHP -------------------------------------------------------------------------------- Update Information:
php-gettext 1.0.12 ================== * Security fix for potential code injection bug (LP#1515334) * Do not assume mbstring functions are always there, pass text through if they aren't (LP#734494) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1367462 - php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter https://bugzilla.redhat.com/show_bug.cgi?id=1367462 --------------------------------------------------------------------------------
================================================================================ php53-php-gettext-1.0.12-1.el5 (FEDORA-EPEL-2016-88041bbead) Gettext emulation in PHP -------------------------------------------------------------------------------- Update Information:
php-gettext 1.0.12 ================== * Security fix for potential code injection bug (LP#1515334) * Do not assume mbstring functions are always there, pass text through if they aren't (LP#734494) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1367462 - php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter https://bugzilla.redhat.com/show_bug.cgi?id=1367462 --------------------------------------------------------------------------------
================================================================================ phpMyAdmin4-4.0.10.18-1.el5 (FEDORA-EPEL-2016-e172bd9393) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
phpMyAdmin 4.0.10.18 (2016-11-25) ================================= This release includes many security fixes of various levels of severity. For full information on the vulnerabilities fixed and mitigation factors for users who are unable to upgrade, refer to the ChangeLog file included with this release and the security announcements at https://www.phpmyadmin.net/security/ -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1399197 - CVE-2016-4412 phpMyAdmin: Multiple vulnerabilities fixed in 4.0.10.18, 4.4.15.9 and 4.6.5 versions https://bugzilla.redhat.com/show_bug.cgi?id=1399197 --------------------------------------------------------------------------------
================================================================================ zarafa-7.1.14-3.el5 (FEDORA-EPEL-2016-4c8287f6e3) Open Source Edition of the Zarafa Collaboration Platform -------------------------------------------------------------------------------- Update Information:
- Added upstream patch to fix broken group expansion (ZCP-12148) --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org