The following Fedora EPEL 7 Security updates need testing:
Age URL
35 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3621/php-Smarty-3.…
20 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binutil…
13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4152/lsyncd-2.1.5-…
13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4154/nodejs-0.10.3…
12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4174/python-eyed3-…
12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4170/clamav-0.98.5…
11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4208/drupal7-7.34-…
11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4197/wordpress-4.0…
5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4302/hexchat-2.10.…
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4409/erlang-R16B-0…
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4390/mingw-flac-1.…
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4406/perl-YAML-Lib…
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4380/pkcs11-helper…
The following builds have been pushed to Fedora EPEL 7 updates-testing
compat-lua-5.1.5-3.el7
cpanspec-1.78-19.el7
erlang-R16B-03.10.el7
libfli-1.7-14.el7
libnova-0.15.0-4.el7
mingw-flac-1.3.1-1.el7
nodejs-normalize-path-0.3.0-1.el7
nodejs-strip-path-1.0.0-2.el7
openvpn-2.3.6-1.el7
perl-Cache-Memcached-1.30-8.el7
perl-YAML-LibYAML-0.54-1.el7
php-aws-sdk-2.7.6-1.el7
pkcs11-helper-1.11-3.el7
pyhoca-gui-0.5.0.3-1.el7
python-x2go-0.5.0.2-1.el7
scotch-6.0.3-2.el7
statsd-0.7.2-3.el7
sword-1.7.3-9.el7
Details about builds:
================================================================================
compat-lua-5.1.5-3.el7 (FEDORA-EPEL-2014-4385)
Powerful light-weight programming language (compat version)
--------------------------------------------------------------------------------
Update Information:
PORTING TO EPEL7
Powerful light-weight programming language (compat version) - 5.1.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #991666 - Review Request: compat-lua - Powerful light-weight programming language (compat version)
https://bugzilla.redhat.com/show_bug.cgi?id=991666
--------------------------------------------------------------------------------
================================================================================
cpanspec-1.78-19.el7 (FEDORA-EPEL-2014-4394)
RPM spec file generation utility
--------------------------------------------------------------------------------
Update Information:
cpanspec generates spec files (and, optionally, source or even binary packages) for Perl modules from CPAN for Fedora. The quality of the spec file is our primary concern. It is assumed that maintainers will need to do some (hopefully small) amount of work to clean up the generated spec file to make the package build and to verify that all of the information contained in the spec file is correct.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #168838 - Review Request: cpanspec
https://bugzilla.redhat.com/show_bug.cgi?id=168838
--------------------------------------------------------------------------------
================================================================================
erlang-R16B-03.10.el7 (FEDORA-EPEL-2014-4409)
General-purpose programming language and runtime environment
--------------------------------------------------------------------------------
Update Information:
* Disable SSLv3
* Backport useful os:getenv/2 from master. See this GitHub pull request for further details - https://github.com/erlang/otp/pull/535
* Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Trimmed dependency chain
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Peter Lemenkov <lemenkov(a)gmail.com> - R16B-03.10
- Disable SSLv3 (see rhbz #1169375)
- Backport useful os:getenv/2 from master (see https://github.com/erlang/otp/pull/535 )
* Mon Nov 17 2014 Peter Lemenkov <lemenkov(a)gmail.com> - R16B-03.9
- Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Tue Nov 11 2014 Peter Lemenkov <lemenkov(a)gmail.com> - R16B-03.8
- Trimmed dependency chain
- Cleaned up spec-file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1059331 - CVE-2014-1693 erlang-inets: command injection flaw in FTP module
https://bugzilla.redhat.com/show_bug.cgi?id=1059331
--------------------------------------------------------------------------------
================================================================================
libfli-1.7-14.el7 (FEDORA-EPEL-2014-4392)
Library for FLI CCD Camera & Filter Wheels
--------------------------------------------------------------------------------
Update Information:
Add libfli to epel7
--------------------------------------------------------------------------------
================================================================================
libnova-0.15.0-4.el7 (FEDORA-EPEL-2014-4386)
Libnova is a general purpose astronomy & astrodynamics library
--------------------------------------------------------------------------------
Update Information:
Add libnova to EPEL7
--------------------------------------------------------------------------------
================================================================================
mingw-flac-1.3.1-1.el7 (FEDORA-EPEL-2014-4390)
Encoder/decoder for the Free Lossless Audio Codec
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-9028, CVE-2014-8962
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 David King <amigadave(a)amigadave.com> - 1.3.1-1
- Update to 1.3.1 (#1168768)
- Fixes CVE-2014-8962 and CVE-2014-9028
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1167236 - CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
https://bugzilla.redhat.com/show_bug.cgi?id=1167236
[ 2 ] Bug #1167741 - CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_
https://bugzilla.redhat.com/show_bug.cgi?id=1167741
--------------------------------------------------------------------------------
================================================================================
nodejs-normalize-path-0.3.0-1.el7 (FEDORA-EPEL-2014-4397)
Nodejs library for normalizing filesystem paths
--------------------------------------------------------------------------------
Update Information:
Nodejs library for normalizing filesystem paths
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1162952 - Review Request: nodejs-normalize-path - Nodejs library for normalizing filesystem paths
https://bugzilla.redhat.com/show_bug.cgi?id=1162952
--------------------------------------------------------------------------------
================================================================================
nodejs-strip-path-1.0.0-2.el7 (FEDORA-EPEL-2014-4398)
Strip a path from a path
--------------------------------------------------------------------------------
Update Information:
Declare noarch, fixes rhbz#1123624
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1123624 - nodejs-strip-path-debuginfo is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1123624
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.6-1.el7 (FEDORA-EPEL-2014-4380)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Jon Ciesla <limburgher(a)gmail.com> 2.3.6-1
- Undo docdir stuff for epel7.
- 2.3.6, CVE-2014-8104.
* Fri Nov 21 2014 Ralf Corsépius <corsepiu(a)fedoraproject.org> - 2.3.5-2
- Rework package doc handling (RHBZ #1165004).
* Tue Oct 28 2014 Jon Ciesla <limburgher(a)gmail.com> 2.3.5-1
- 2.3.5.
* Tue Aug 26 2014 Jan Vcelak <jvcelak(a)fedoraproject.org> 2.3.4-4
- Enable systemd support.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May 2 2014 Jon Ciesla <limburgher(a)gmail.com> 2.3.4-1
- 2.3.4.
- Disable make check until upstream provides non-md5 sample keys.
- Filed upstream https://community.openvpn.net/openvpn/ticket/400#ticket
* Fri Apr 11 2014 Jon Ciesla <limburgher(a)gmail.com> 2.3.3-1
- Latest uptream, needs pkcs11-helper >= 1.11
* Sun Jan 19 2014 Ville Skyttä <ville.skytta(a)iki.fi> - 2.3.2-5
- Don't order service after syslog.target.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169487
[ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------
================================================================================
perl-Cache-Memcached-1.30-8.el7 (FEDORA-EPEL-2014-4395)
Perl client for memcached
--------------------------------------------------------------------------------
Update Information:
perl-Cache-Memcached was provided in base EL6 but was dropped before EL7.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1168181 - Please package perl-Cache-Memcached into EL7
https://bugzilla.redhat.com/show_bug.cgi?id=1168181
--------------------------------------------------------------------------------
================================================================================
perl-YAML-LibYAML-0.54-1.el7 (FEDORA-EPEL-2014-4406)
Perl YAML Serialization using XS and libyaml
--------------------------------------------------------------------------------
Update Information:
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 30 2014 Paul Howarth <paul(a)city-fan.org> - 0.54-1
- Update to 0.54
- Fix for an edge case in scanner that results in an assert() failing
(https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-fail…)
(CVE-2014-9130)
- Drop upstreamed patches for CVE-2013-6393 and CVE-2014-2525
* Tue Nov 18 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.52-3
- Update BRs (bz#1165198)
* Wed Aug 27 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.52-2
- Perl 5.20 rebuild
* Sun Aug 24 2014 Paul Howarth <paul(a)city-fan.org> - 0.52-1
- Update to 0.52
- Fix e1 test failure on 5.21.4
* Mon Aug 18 2014 Paul Howarth <paul(a)city-fan.org> - 0.51-1
- Update to 0.51 (various minor tidy-ups, no functional changes)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.47-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Aug 9 2014 Paul Howarth <paul(a)city-fan.org> - 0.47-1
- Update to 0.47:
- Fix swim errors
- Include upstream license file
* Wed Aug 6 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.46-1
- 0.46 bump
* Tue Aug 5 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.45-1
- 0.45 bump
* Mon Jul 14 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.44-1
- 0.44 bump
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.41-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169369 - CVE-2014-9130 libyaml: assert failure when processing wrapped strings
https://bugzilla.redhat.com/show_bug.cgi?id=1169369
--------------------------------------------------------------------------------
================================================================================
php-aws-sdk-2.7.6-1.el7 (FEDORA-EPEL-2014-4382)
Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:
## 2.7.6 - 2014-11-20
* Added support for AWS KMS integration to the Amazon Redshift Client.
* Fixed cn-north-1 endpoint for AWS Identity and Access Management.
* Updated `S3Client::getBucketLocation` method to work cross-region regardless of the region's signature requirements.
* Fixed an issue with the DynamoDbClient that allows it to work better with with DynamoDB Local.
## 2.7.5 - 2014-11-13
* Added support for AWS Lambda.
* Added support for event notifications to the Amazon S3 client.
* Fixed an issue with S3 pre-signed URLs when using Signature V4.
## 2.7.4 - 2014-11-12
* Added support for the AWS Key Management Service (AWS KMS).
* Added support for AWS CodeDeploy.
* Added support for AWS Config.
* Added support for AWS KMS encryption to the Amazon S3 client.
* Added support for AWS KMS encryption to the Amazon EC2 client.
* Added support for Amazon CloudWatch Logs delivery to the AWS CloudTrail client.
* Added the GetTemplateSummary operation to the AWS CloudFormation client.
* Fixed an issue with sending signature version 4 Amazon S3 requests that contained a 0 length body.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 25 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.7.6-1
- Updated to 2.7.6 (BZ #1164158)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164158 - php-aws-sdk-2.7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1164158
--------------------------------------------------------------------------------
================================================================================
pkcs11-helper-1.11-3.el7 (FEDORA-EPEL-2014-4380)
A library for using PKCS#11 providers
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Apr 11 2014 Jon Ciesla <limburgher(a)gmail.com> - 1.11-1
- Latest upstream, required for openvpn 2.3.3.
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169487
[ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------
================================================================================
pyhoca-gui-0.5.0.3-1.el7 (FEDORA-EPEL-2014-4400)
Graphical X2Go client written in (wx)Python
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Orion Poplawski <orion(a)cora.nwra.com> - 0.5.0.3-1
- Update to 0.5.0.3
--------------------------------------------------------------------------------
================================================================================
python-x2go-0.5.0.2-1.el7 (FEDORA-EPEL-2014-4400)
Python module providing X2Go client API
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Orion Poplawski <orion(a)cora.nwra.com> - 0.5.0.2-1
- Update to 0.5.0.2
--------------------------------------------------------------------------------
================================================================================
scotch-6.0.3-2.el7 (FEDORA-EPEL-2014-4393)
Graph, mesh and hypergraph partitioning library
--------------------------------------------------------------------------------
Update Information:
New package for el7.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1112738 - please build for EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=1112738
--------------------------------------------------------------------------------
================================================================================
statsd-0.7.2-3.el7 (FEDORA-EPEL-2014-4389)
A simple, lightweight network daemon to collect metrics over UDP
--------------------------------------------------------------------------------
Update Information:
fix end of line encodings
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164496 - Review Request: statsd - A simple, lightweight network daemon to collect metrics over UDP
https://bugzilla.redhat.com/show_bug.cgi?id=1164496
--------------------------------------------------------------------------------
================================================================================
sword-1.7.3-9.el7 (FEDORA-EPEL-2014-4387)
Free Bible Software Project
--------------------------------------------------------------------------------
Update Information:
Release for EPEL7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1159791 - Please add EPEL7 branch
https://bugzilla.redhat.com/show_bug.cgi?id=1159791
--------------------------------------------------------------------------------