The following Fedora EPEL 5 Security updates need testing:
Age URL
685 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5
534 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5
177 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516 mcollective-2.8.4-1.el5
149 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6 thttpd-2.25b-24.el5
41 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bafacd5846 proftpd-1.3.3g-5.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
certmaster-0.28-12.el5
Details about builds:
================================================================================
certmaster-0.28-12.el5 (FEDORA-EPEL-2016-a17c338e0e)
Remote certificate distribution framework
--------------------------------------------------------------------------------
Update Information:
- Fix daemon restarts via logrotate for initscripts and systemd - Avoid creating
log files ending with .rpmnew or .rpmsave (#695428) - Add macro conditionals for
Red Hat Enterprise Linux 7 (#1164784) - Apply upstream patch to add missing
--hostname option (#1069262) - Introduce new systemd-rpm macros in certmaster
spec file (#850055)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1069262 - certmaster is missing the --hostname option
https://bugzilla.redhat.com/show_bug.cgi?id=1069262
[ 2 ] Bug #695428 - warning: /var/log/certmaster/audit.log created as /var/log/certmaster/audit.log.rpmnew
https://bugzilla.redhat.com/show_bug.cgi?id=695428
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
414 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
176 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-785fc9a2ea dropbear-2016.72-1.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-34b85c63ee drupal7-block_class-2.3-1.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1036441cdb ReviewBoard-2.5.4-1.el7 python-djblets-0.9.3-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-caf6ebac81 ansible1.9-1.9.6-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-56e02a47c7 ansible-2.0.2.0-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d398cc4c6c roundcubemail-1.1.5-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-017aadcc97 php-getid3-1.9.12-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-aad55a428b w3m-0.5.3-20.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c731bc5ec0 cacti-0.8.8g-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
Lmod-6.3.1-1.el7
cacti-0.8.8g-1.el7
engauge-digitizer-7.2-1.el7
epson-inkjet-printer-escpr-1.5.2-3.1lsb3.2.el7
epson-inkjet-printer-escpr-1.6.5-1.1lsb3.2.el7
goaccess-0.9.8-1.el7
osbs-client-0.22-1.el7
quassel-0.12.4-1.el7
Details about builds:
================================================================================
Lmod-6.3.1-1.el7 (FEDORA-EPEL-2016-4cbda99dcc)
Environmental Modules System in Lua
--------------------------------------------------------------------------------
Update Information:
Update to 6.3.1 - protects it from user changes to LUA_PATH and LUA_CPATH by
using these values at configuration time. - Fixed bug with Capital Letters in a
version string. - Do not overwrite MODULEPATH (bug #1326075)
--------------------------------------------------------------------------------
================================================================================
cacti-0.8.8g-1.el7 (FEDORA-EPEL-2016-c731bc5ec0)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 0.8.8g Release notes:
http://www.cacti.net/release_notes_0_8_8g.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1259276 - Version of cacti in repos' is pretty old for EL6 and EL7
https://bugzilla.redhat.com/show_bug.cgi?id=1259276
[ 2 ] Bug #1082936 - CVE-2014-2327 CVE-2014-2326 CVE-2014-2328 cacti: multiple flaws reported by Deutsche Telekom [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1082936
[ 3 ] Bug #1004548 - Tree not collapsing in graph mode in version 0.8.8b
https://bugzilla.redhat.com/show_bug.cgi?id=1004548
[ 4 ] Bug #1323943 - CVE-2016-3659 cacti: SQL injection vulnerability in graph_view.php [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1323943
[ 5 ] Bug #1317550 - CVE-2016-3172 cacti: SQL injection vulnerability in /cacti/tree.php [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1317550
[ 6 ] Bug #1306530 - CVE-2016-2313 cacti: authentication bypass [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1306530
[ 7 ] Bug #1295782 - CVE-2015-8604 cacti: SQL injection in graps_new.php via cg_g parameter [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1295782
[ 8 ] Bug #1291779 - CVE-2015-8369 cacti: SQL injection in graph.php [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1291779
[ 9 ] Bug #1291223 - CVE-2015-8377 cacti: SQL injection in graphs_new.php [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1291223
[ 10 ] Bug #1242868 - CVE-2015-4634 cacti: multiple SQL injection flaws fixed in Cacti 0.8.8e [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1242868
[ 11 ] Bug #1233833 - CVE-2015-4454 CVE-2015-2665 cacti: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1233833
[ 12 ] Bug #1230297 - CVE-2015-4342 cacti: SQL Injection and Location header injection from cdef id [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1230297
[ 13 ] Bug #1129764 - cacti: remote code execution and SQL injection [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1129764
[ 14 ] Bug #1121468 - cacti: cross-site scripting issues [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1121468
[ 15 ] Bug #1128298 - cacti-spine not available
https://bugzilla.redhat.com/show_bug.cgi?id=1128298
[ 16 ] Bug #1123884 - %post scriptlet error on install
https://bugzilla.redhat.com/show_bug.cgi?id=1123884
--------------------------------------------------------------------------------
================================================================================
engauge-digitizer-7.2-1.el7 (FEDORA-EPEL-2016-8cc7dc8e14)
Convert graphs or map files into numbers
--------------------------------------------------------------------------------
Update Information:
- Update to 7.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1279184 - engauge on el6: not built for missing BR package, log4cpp.
https://bugzilla.redhat.com/show_bug.cgi?id=1279184
--------------------------------------------------------------------------------
================================================================================
epson-inkjet-printer-escpr-1.5.2-3.1lsb3.2.el7 (FEDORA-EPEL-2016-c66c4cdeec)
Drivers for Epson inkjet printers
--------------------------------------------------------------------------------
Update Information:
Roll back to earlier version due to segfaults in the 1.6.x series.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1327002 - Printer prints only half of the page, epson-escpr crashes
https://bugzilla.redhat.com/show_bug.cgi?id=1327002
[ 2 ] Bug #1326572 - [abrt] epson-inkjet-printer-escpr: XFIFOClose(): epson-escpr killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1326572
[ 3 ] Bug #1252376 - [abrt] epson-inkjet-printer-escpr: set_pips_parameter(): epson-escpr killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1252376
--------------------------------------------------------------------------------
================================================================================
epson-inkjet-printer-escpr-1.6.5-1.1lsb3.2.el7 (FEDORA-EPEL-2016-2b83caa4e1)
Drivers for Epson inkjet printers
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.5. ---- Update to 1.6.4. Make sure drivers are properly detected
on Fedora platform.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1327002 - Printer prints only half of the page, epson-escpr crashes
https://bugzilla.redhat.com/show_bug.cgi?id=1327002
[ 2 ] Bug #1326572 - [abrt] epson-inkjet-printer-escpr: XFIFOClose(): epson-escpr killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1326572
[ 3 ] Bug #1252376 - [abrt] epson-inkjet-printer-escpr: set_pips_parameter(): epson-escpr killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1252376
[ 4 ] Bug #1323033 - Epson inkjet driver RPM does not advertise the printers it supports
https://bugzilla.redhat.com/show_bug.cgi?id=1323033
--------------------------------------------------------------------------------
================================================================================
goaccess-0.9.8-1.el7 (FEDORA-EPEL-2016-e7474e15f3)
Real-time web log analyzer and interactive viewer
--------------------------------------------------------------------------------
Update Information:
== Changes to GoAccess 0.9.8 - Monday, February 29, 2016 == - Added a more
complete list of static extensions to the config file. - Added Android 6.0
Marshmallow to the list of OSs. - Added the ability to scroll through panels
on TAB with option to disable it --no-tab-scroll. - Added the first and
last log dates to the overall statistics panel. - Ensure GoAccess links
correctly against libtinfo. - Ensure static content is case-insensitive
verified. - Fixed bandwidth overflow issue (numbers > 2GB on non-x86_64 arch).
- Fixed broken HTML layout when html-method/protocol is missing in config file.
- Refactored parsing and display of available modules/panels. == Changes to
GoAccess 0.9.7 - Monday, December 21, 2015 == - Added Squid native log format
to the config file. - Fixed int overflow when getting total bandwidth using
the on-disk storage. - Fixed issue where a timestamp was stored as date under
the visitors panel. - Fixed issue where config dialog fields were not cleared
out on select. - Fixed issue where "Virtual Hosts" menu item wasn't shown in
the HTML sidebar.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1293320 - goaccess-0.9.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1293320
--------------------------------------------------------------------------------
================================================================================
osbs-client-0.22-1.el7 (FEDORA-EPEL-2016-472acd2ac0)
Python command line client for OpenShift Build Service
--------------------------------------------------------------------------------
Update Information:
New upstream release. ---- New upstream release. ---- New upstream release.
---- New upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329027 - osbs-client-0.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1329027
--------------------------------------------------------------------------------
================================================================================
quassel-0.12.4-1.el7 (FEDORA-EPEL-2016-7436010ccd)
A modern distributed IRC system
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
The following Fedora EPEL 5 Security updates need testing:
Age URL
917 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893 libguestfs-1.20.12-1.el5
682 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5
531 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5
174 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516 mcollective-2.8.4-1.el5
146 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6 thttpd-2.25b-24.el5
39 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bafacd5846 proftpd-1.3.3g-5.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
clearsilver-0.10.5-16.el5
holland-1.0.12-6.el5
pidgin-sipe-1.21.0-1.el5
Details about builds:
================================================================================
clearsilver-0.10.5-16.el5 (FEDORA-EPEL-2016-f8a9b29360)
Fast and powerful HTML templating system
--------------------------------------------------------------------------------
Update Information:
Fix perl symbol issue, add EL-7 build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329524 - perl-clearsilver has symbol lookup error: undefined symbol: hdf_init because of wrong command order in %build
https://bugzilla.redhat.com/show_bug.cgi?id=1329524
--------------------------------------------------------------------------------
================================================================================
holland-1.0.12-6.el5 (FEDORA-EPEL-2016-17362800df)
Pluggable Backup Framework
--------------------------------------------------------------------------------
Update Information:
Integrate commvault plugin
--------------------------------------------------------------------------------
================================================================================
pidgin-sipe-1.21.0-1.el5 (FEDORA-EPEL-2016-6be5127ed8)
Pidgin protocol plugin to connect to MS Office Communicator
--------------------------------------------------------------------------------
Update Information:
New upstream release: * add support for Lync File Transfer * support embedded
XML as buddy photo URL * improve "Join scheduled conference" dialog * add
AppStream metadata file * add support for another type of ADFS response *
improve configure check for back-ported features
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
412 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
174 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
41 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-785fc9a2ea dropbear-2016.72-1.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-34b85c63ee drupal7-block_class-2.3-1.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1036441cdb ReviewBoard-2.5.4-1.el7 python-djblets-0.9.3-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-caf6ebac81 ansible1.9-1.9.6-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-56e02a47c7 ansible-2.0.2.0-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-017aadcc97 php-getid3-1.9.12-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-aad55a428b w3m-0.5.3-20.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
clearsilver-0.10.5-16.el7
grub-customizer-5.0.6-1.el7
holland-1.0.12-6.el7
jsoncpp-0.10.5-2.el7
koschei-1.6-1.el7
mingw-wavpack-4.80.0-1.el7
php-getid3-1.9.12-1.el7
php-league-flysystem-1.0.21-1.el7
pidgin-sipe-1.21.0-1.el7
trac-1.0.10-1.el7
w3m-0.5.3-20.el7
Details about builds:
================================================================================
clearsilver-0.10.5-16.el7 (FEDORA-EPEL-2016-1c0b404966)
Fast and powerful HTML templating system
--------------------------------------------------------------------------------
Update Information:
Fix perl symbol issue, add EL-7 build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329524 - perl-clearsilver has symbol lookup error: undefined symbol: hdf_init because of wrong command order in %build
https://bugzilla.redhat.com/show_bug.cgi?id=1329524
--------------------------------------------------------------------------------
================================================================================
grub-customizer-5.0.6-1.el7 (FEDORA-EPEL-2016-07913edec3)
Graphical GRUB2 settings manager
--------------------------------------------------------------------------------
Update Information:
Update to 5.0.6. ---- Remove warning from POSTIN scriptlet. ---- Update to
5.0.5. Correct EFI systems support. ---- Update to 5.0.4. Add EFI systems
support. ---- Update to 5.0.3.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1324979 - warning on upgrade
https://bugzilla.redhat.com/show_bug.cgi?id=1324979
[ 2 ] Bug #1270361 - Changes are not applied on EFI systems
https://bugzilla.redhat.com/show_bug.cgi?id=1270361
--------------------------------------------------------------------------------
================================================================================
holland-1.0.12-6.el7 (FEDORA-EPEL-2016-25e8b059d8)
Pluggable Backup Framework
--------------------------------------------------------------------------------
Update Information:
Integrate commvault plugin
--------------------------------------------------------------------------------
================================================================================
jsoncpp-0.10.5-2.el7 (FEDORA-EPEL-2016-39689fb267)
JSON library implemented in C++
--------------------------------------------------------------------------------
Update Information:
Fix a file conflict with json-c
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1326158 - headers conflict
https://bugzilla.redhat.com/show_bug.cgi?id=1326158
[ 2 ] Bug #1326092 - clash with json-c
https://bugzilla.redhat.com/show_bug.cgi?id=1326092
--------------------------------------------------------------------------------
================================================================================
koschei-1.6-1.el7 (FEDORA-EPEL-2016-90b7647122)
Continuous integration for Fedora packages
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 1.6
--------------------------------------------------------------------------------
================================================================================
mingw-wavpack-4.80.0-1.el7 (FEDORA-EPEL-2016-945b6563ce)
Completely open audiocodec
--------------------------------------------------------------------------------
Update Information:
New release 4.80.0 with fixes and improvements. It contains also full Unicode
support for Windows platform.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329173 - Update to 4.80.0
https://bugzilla.redhat.com/show_bug.cgi?id=1329173
--------------------------------------------------------------------------------
================================================================================
php-getid3-1.9.12-1.el7 (FEDORA-EPEL-2016-017aadcc97)
The PHP media file parser
--------------------------------------------------------------------------------
Update Information:
* Update to upstream version 1.9.12 * Add a simple autoloader
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1319676 - Please add an autoloader and update to latest version 1.9.12
https://bugzilla.redhat.com/show_bug.cgi?id=1319676
--------------------------------------------------------------------------------
================================================================================
php-league-flysystem-1.0.21-1.el7 (FEDORA-EPEL-2016-7f786e1578)
Filesystem abstraction: Many filesystems, one API
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.21** - 2016-04-22 * Explicitly return false when a has call
receives an empty filename. * MounManager copy and move operators now comply
to the Filesystem's signature.
--------------------------------------------------------------------------------
================================================================================
pidgin-sipe-1.21.0-1.el7 (FEDORA-EPEL-2016-85f2953ab3)
Pidgin protocol plugin to connect to MS Office Communicator
--------------------------------------------------------------------------------
Update Information:
New upstream release: * add support for Lync File Transfer * support embedded
XML as buddy photo URL * improve "Join scheduled conference" dialog * add
AppStream metadata file * add support for another type of ADFS response *
improve configure check for back-ported features
--------------------------------------------------------------------------------
================================================================================
trac-1.0.10-1.el7 (FEDORA-EPEL-2016-f69479aeef)
Enhanced wiki and issue tracking system
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.10
--------------------------------------------------------------------------------
================================================================================
w3m-0.5.3-20.el7 (FEDORA-EPEL-2016-aad55a428b)
A pager with Web browsing abilities
--------------------------------------------------------------------------------
Update Information:
Resolves:rh#1324350 - denial of service with crafted html files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1324350 - w3m: denial of service with crafted html files [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1324350
--------------------------------------------------------------------------------