The following Fedora EPEL 7 Security updates need testing:
Age URL
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-01179f6b9f suricata-4.1.9-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e6c7b4cbec tcpreplay-4.3.3-3.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-284f18e5de lout-3.40-18.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
python-pyspf-2.0.14-11.el7
Details about builds:
================================================================================
python-pyspf-2.0.14-11.el7 (FEDORA-EPEL-2020-59c598230b)
Python module and programs for SPF (Sender Policy Framework)
--------------------------------------------------------------------------------
Update Information:
Add an explicit conflict with python3-dns.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 25 2020 Bojan Smojver <bojan(a)rexursive.com> - 2.0.14-6
- Add conflicts with python3-dns (bug #1891225)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1891225 - python3-pyspf breaks if python3-dns is installed
https://bugzilla.redhat.com/show_bug.cgi?id=1891225
--------------------------------------------------------------------------------
The following Fedora EPEL 8 Security updates need testing:
Age URL
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-69c0102261 singularity-3.6.4-1.el8
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b7912a8edb suricata-5.0.4-1.el8
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e85de73cdb pdns-recursor-4.3.5-1.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6ef54b7a2d tcpreplay-4.3.3-3.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
bitlbee-facebook-1.2.1-1.el8
bpytop-1.0.44-1.el8
firebird-3.0.7.33374-1.el8
lnav-0.9.0-1.el8
nwchem-7.0.2-1.el8
perl-BDB-1.92-12.el8
perl-Business-ISBN-3.005-4.el8
perl-Business-ISBN-Data-20191107-4.el8
perl-EV-4.22-3.el8
perl-Exception-Base-0.2501-1.el8
perl-GD-Barcode-1.15-36.el8
perl-Guard-1.023-19.el8
perl-IO-AIO-4.72-1.el8
perl-Lexical-Persistence-1.023-17.el8
perl-Net-Daemon-0.49-2.el8
perl-PAR-Dist-0.49-23.el8
perl-Package-Constants-0.06-19.el8
perl-Prima-1.59-3.el8
perl-Spiffy-0.46-19.el8
perl-Symbol-Util-0.0203-24.el8
perl-Test-Net-LDAP-0.07-2.el8
perl-Test-Unit-Lite-0.12-33.el8
puppet-6.19.0-1.el8
retrace-server-1.22.2-1.el8
tmt-1.1-1.el8
Details about builds:
================================================================================
bitlbee-facebook-1.2.1-1.el8 (FEDORA-EPEL-2020-c61ba19c17)
Facebook protocol plugin for BitlBee
--------------------------------------------------------------------------------
Update Information:
bitlbee-facebook 1.2.1 ====================== * Fix "Parse error: unexpected
identifier 'taNewMessage'" * Fix "Failed to read thrift: facebook-api.c:1929
fb_api_cb_publish_pt: assertion 'fb_thrift_read_stop(thft)' failed"
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 22 2020 Robert Scheck <robert(a)fedoraproject.org> 1.2.1-1
- Upgrade to 1.2.1 (#1889850)
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889850 - bitlbee-facebook-1.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1889850
--------------------------------------------------------------------------------
================================================================================
bpytop-1.0.44-1.el8 (FEDORA-EPEL-2020-ca2b678a20)
Linux/OSX/FreeBSD resource monitor
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 19 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.44-1
- build(update): 1.0.44
* Sun Oct 18 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.43-1
- build(update): 1.0.43
* Thu Oct 8 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.42-1
- build(update): 1.0.42
--------------------------------------------------------------------------------
================================================================================
firebird-3.0.7.33374-1.el8 (FEDORA-EPEL-2020-d49ed14482)
SQL relational database management system
--------------------------------------------------------------------------------
Update Information:
new upstream release fix #1887991
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 23 2020 Philippe Makowski <makowski(a)fedoraproject.org> - 3.0.7.33374-1
- new upstream release fix #1887991
--------------------------------------------------------------------------------
================================================================================
lnav-0.9.0-1.el8 (FEDORA-EPEL-2020-7c2730115a)
Curses-based tool for viewing and analyzing log files
--------------------------------------------------------------------------------
Update Information:
Changelog: https://github.com/tstack/lnav/releases/tag/v0.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 23 2020 Peter Schiffer <peter+fedora(a)pschiffer.eu> - 0.9.0-1
- resolves: #1791451 #1822427
updated to 0.9.0
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1791451 - lnav-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1791451
[ 2 ] Bug #1822427 - lnav is aborted
https://bugzilla.redhat.com/show_bug.cgi?id=1822427
--------------------------------------------------------------------------------
================================================================================
nwchem-7.0.2-1.el8 (FEDORA-EPEL-2020-69058d49bf)
Delivering High-Performance Computational Chemistry to Science
--------------------------------------------------------------------------------
Update Information:
Set OMP_NUM_THREADS=1
https://github.com/edoapra/fedpkg/issues/10#issuecomment-699276160
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 19 2020 Marcin Dulak <Marcin.Dulak(a)gmail.com> - 7.0.2-2
- Set OMP_NUM_THREADS=1 https://github.com/edoapra/fedpkg/issues/10#issuecomment-699276160
- Fix hostname br for el6
* Thu Oct 15 2020 Edoardo Apr�� <edoardo.apra(a)gmail.com> - 7.0.2-1
- new 7.0.2 release
* Fri Aug 28 2020 I��aki ��car <iucar(a)fedoraproject.org> - 7.0.0-11
- https://fedoraproject.org/wiki/Changes/FlexiBLAS_as_BLAS/LAPACK_manager
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.0.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 26 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 7.0.0-9
- Rebuilt for Python 3.9
* Thu Apr 2 2020 Bj��rn Esser <besser82(a)fedoraproject.org> - 7.0.0-8
- Fix string quoting for rpm >= 4.16
* Sat Mar 28 2020 Edoardo Apr�� <edoardo.apra(a)gmail.com> - 7.0.0-7
- nproc=1 for mpich/ppc64le
--------------------------------------------------------------------------------
================================================================================
perl-BDB-1.92-12.el8 (FEDORA-EPEL-2020-7b5148e957)
Asynchronous Berkeley DB access
--------------------------------------------------------------------------------
Update Information:
Added the package to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890588 - EPEL8 Request: perl-BDB
https://bugzilla.redhat.com/show_bug.cgi?id=1890588
--------------------------------------------------------------------------------
================================================================================
perl-Business-ISBN-3.005-4.el8 (FEDORA-EPEL-2020-739d2f2e2b)
Perl module to work with International Standard Book Numbers
--------------------------------------------------------------------------------
Update Information:
Added new package to EPEL8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890310 - EPEL8 Request: perl-Business-ISBN
https://bugzilla.redhat.com/show_bug.cgi?id=1890310
--------------------------------------------------------------------------------
================================================================================
perl-Business-ISBN-Data-20191107-4.el8 (FEDORA-EPEL-2020-1ee82ccd95)
The data pack for Business::ISBN
--------------------------------------------------------------------------------
Update Information:
Added new packages to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890315 - EPEL8 Request: perl-Business-ISBN-Data
https://bugzilla.redhat.com/show_bug.cgi?id=1890315
--------------------------------------------------------------------------------
================================================================================
perl-EV-4.22-3.el8 (FEDORA-EPEL-2020-def41e7f99)
Wrapper for the libev high-performance event loop library
--------------------------------------------------------------------------------
Update Information:
Improvements in the spec file. ---- This package provides the Perl module EV,
a wrapper for the libev high-performance event loop library.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1888288 - perl-EV in epel8
https://bugzilla.redhat.com/show_bug.cgi?id=1888288
--------------------------------------------------------------------------------
================================================================================
perl-Exception-Base-0.2501-1.el8 (FEDORA-EPEL-2020-f0645b905b)
Lightweight exceptions
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL-8 build of perl-Exception-Base.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890591 - EPEL8 Request: perl-Exception-Base
https://bugzilla.redhat.com/show_bug.cgi?id=1890591
--------------------------------------------------------------------------------
================================================================================
perl-GD-Barcode-1.15-36.el8 (FEDORA-EPEL-2020-1ee82ccd95)
Create barcode image with GD
--------------------------------------------------------------------------------
Update Information:
Added new packages to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890315 - EPEL8 Request: perl-Business-ISBN-Data
https://bugzilla.redhat.com/show_bug.cgi?id=1890315
--------------------------------------------------------------------------------
================================================================================
perl-Guard-1.023-19.el8 (FEDORA-EPEL-2020-0bd5163a4b)
Safe cleanup blocks
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL-8 build of perl-Guard.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890592 - EPEL8 Request: perl-Guard
https://bugzilla.redhat.com/show_bug.cgi?id=1890592
--------------------------------------------------------------------------------
================================================================================
perl-IO-AIO-4.72-1.el8 (FEDORA-EPEL-2020-3efb4ab588)
Asynchronous Input/Output
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL-8 build of perl-IO-AIO.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890593 - EPEL8 Request: perl-IO-AIO
https://bugzilla.redhat.com/show_bug.cgi?id=1890593
--------------------------------------------------------------------------------
================================================================================
perl-Lexical-Persistence-1.023-17.el8 (FEDORA-EPEL-2020-d3ffdde734)
Persistent lexical variable values for arbitrary calls
--------------------------------------------------------------------------------
Update Information:
Added the package to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890594 - EPEL8 Request: perl-Lexical-Persistence
https://bugzilla.redhat.com/show_bug.cgi?id=1890594
--------------------------------------------------------------------------------
================================================================================
perl-Net-Daemon-0.49-2.el8 (FEDORA-EPEL-2020-2acb3ca907)
Perl extension for portable daemons
--------------------------------------------------------------------------------
Update Information:
This package contains the Perl module Net::Daemon, which is an abstract base
class for implementing portable server applications in a very simple way.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890326 - EPEL8 Request: perl-Net-Daemon
https://bugzilla.redhat.com/show_bug.cgi?id=1890326
--------------------------------------------------------------------------------
================================================================================
perl-PAR-Dist-0.49-23.el8 (FEDORA-EPEL-2020-3e00933657)
Toolkit for creating and manipulating Perl PAR distributions
--------------------------------------------------------------------------------
Update Information:
Added new package to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890317 - EPEL8 Request: perl-PAR-Dist
https://bugzilla.redhat.com/show_bug.cgi?id=1890317
--------------------------------------------------------------------------------
================================================================================
perl-Package-Constants-0.06-19.el8 (FEDORA-EPEL-2020-bb9ad1916b)
List all constants declared in a package
--------------------------------------------------------------------------------
Update Information:
This updates delivers a new perl-Package-Constants package which enables you to
list all constants declared in a Perl package.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890318 - EPEL8 Request: perl-Package-Constants
https://bugzilla.redhat.com/show_bug.cgi?id=1890318
--------------------------------------------------------------------------------
================================================================================
perl-Prima-1.59-3.el8 (FEDORA-EPEL-2020-8a996b01dc)
Perl graphic toolkit
--------------------------------------------------------------------------------
Update Information:
This updates brings a new perl-Prima package which provides a graphic toolkit
for Perl programs.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890598 - EPEL8 Request: perl-Prima
https://bugzilla.redhat.com/show_bug.cgi?id=1890598
--------------------------------------------------------------------------------
================================================================================
perl-Spiffy-0.46-19.el8 (FEDORA-EPEL-2020-9543cdd8b2)
Framework for doing object oriented (OO) programming in Perl
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL-8 build of perl-Spiffy.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890929 - Add perl-Spiffy to EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=1890929
--------------------------------------------------------------------------------
================================================================================
perl-Symbol-Util-0.0203-24.el8 (FEDORA-EPEL-2020-036280771d)
Additional utilities for Perl symbols manipulation
--------------------------------------------------------------------------------
Update Information:
This package contains the Perl module Symbol::Util, which provides a set of
additional functions useful for Perl symbols manipulation.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1890599 - EPEL8 Request: perl-Symbol-Util
https://bugzilla.redhat.com/show_bug.cgi?id=1890599
--------------------------------------------------------------------------------
================================================================================
perl-Test-Net-LDAP-0.07-2.el8 (FEDORA-EPEL-2020-2d6db5dae3)
Net::LDAP subclass for testing
--------------------------------------------------------------------------------
Update Information:
First build
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
perl-Test-Unit-Lite-0.12-33.el8 (FEDORA-EPEL-2020-0e1cd555bd)
Unit testing without external dependencies
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL-8 build of perl-Test-Unit-Lite.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
puppet-6.19.0-1.el8 (FEDORA-EPEL-2020-7a42069fff)
Network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
Update to 6.19
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 22 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 6.19.0-1
- Update to 6.19.0
--------------------------------------------------------------------------------
================================================================================
retrace-server-1.22.2-1.el8 (FEDORA-EPEL-2020-8ce79a55d1)
Application for remote coredump analysis
--------------------------------------------------------------------------------
Update Information:
New upstream release 1.22.2 - Fix path to coredump in generated dockerfile when
using Podman backend - Fix "not writable" error when retracing coredumps -
Improve log messages ---- New upstream release 1.22.1 ---- New upstream
release 1.22.0 - Add support for virtual memory files for vmcores - Add option
to restart an existing task in retrace-server-task and on task manager page -
Disallow users other than `retrace` to call retrace-server-worker - Improve
error message in case of Kerberos authentication failure - Revamp task manager
web UI - Revamp GPG verification of package signatures; use keys from
distribution-gpg-keys - Accommodate for multiple debug directories in Fedora 27
and later - Fix FTP submissions on task manager page - Fix permissions on dmesg
file in task results directory - Migrate build process to Meson; completely drop
Autotools - Add Tito configuration - Update translations - Drop python3-six
dependency - Add build dependencies on gzip, lsof, tar and xz - Rewrite
Dockerfile - Use `pathlib.Path` instead of strings and `os.path` methods in some
places - Add kernel-only config options `KernelDebuggerPath` and
`RetraceEnvironment=native` - Introduce type annotations - Address issues
reported by Pylint - Other minor code refactoring and cleanup operations
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 23 2020 Packit Service <user-cont-team+packit-service(a)redhat.com> - 1.22.2-1
- new upstream release: 1.22.2
* Wed Oct 21 2020 Mat��j Grabovsk�� <mgrabovs(a)redhat.com> 1.22.0-1
- Add support for virtual memory files for vmcores
- Add option to restart an existing task in retrace-server-task and on task manager page
- Disallow users other than 'retrace' to call retrace-server-worker
- Improve error message in case of Kerberos authentication failure
- Revamp task manager web UI
- Revamp GPG verification of package signatures; use keys from distribution-gpg-keys
- Accommodate for multiple debug directories in Fedora 27 and later
- Fix FTP submissions on task manager page
- Fix permissions on dmesg file in task results directory
- Migrate build process to Meson; completely drop Autotools
- Add Tito configuration
- Update translations
- Drop python3-six dependency
- Add build dependencies on gzip, lsof, tar and xz
- Rewrite Dockerfile
- Migrate to calling subprocess.run() in place of s.Popen() and s.call()
- Use pathlib.Path instead of strings and os.path methods in some places
- Add kernel-only config options 'KernelDebuggerPath' and 'RetraceEnvironment=native'
- Introduce type annotations
- Address issues reported by Pylint
- Other minor code refactoring and cleanup operations
* Wed Oct 21 2020 Mat��j Grabovsk�� <mgrabovs(a)redhat.com> 1.22.0-1
- Add support for virtual memory files for vmcores
- Add option to restart an existing task in retrace-server-task and on task manager page
- Disallow users other than 'retrace' to call retrace-server-worker
- Improve error message in case of Kerberos authentication failure
- Revamp task manager web UI
- Revamp GPG verification of package signatures; use keys from distribution-gpg-keys
- Accommodate for multiple debug directories in Fedora 27 and later
- Fix FTP submissions on task manager page
- Fix permissions on dmesg file in task results directory
- Update translations
- Drop python3-six dependency
- Add build dependencies on gzip, lsof, tar and xz
- Rewrite Dockerfile
- Migrate to calling subprocess.run() in place of s.Popen() and s.call()
- Use pathlib.Path instead of strings and os.path methods in some places
- Add kernel-only config options 'KernelDebuggerPath' and 'RetraceEnvironment=native'
- Introduce type annotations
- Address issues reported by Pylint
- Other minor code refactoring and cleanup operations
--------------------------------------------------------------------------------
================================================================================
tmt-1.1-1.el8 (FEDORA-EPEL-2020-0e4580873d)
Test Management Tool
--------------------------------------------------------------------------------
Update Information:
Warnings, symlinks, metadata, login...
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 22 2020 Petr ��pl��chal <psplicha(a)redhat.com> - 1.1-1
- Convert adds extra-summary as well
- Simplify test directory copy with enabled symlinks
- Select latest minute image only from released images
- Allow specifying exact RHEL version using a short name
- Preserve symlinks during discover, pull and push
- Always run Login plugin even if step is done
- Suggest some useful aliases for common use cases
- Correct type of Tier attribute in examples
- Define basic hardware environment specification
- Import manual data for automated tests
- Tag tests which can be run under container/virtual
- Give hints to install provision plugins [fix #405]
- Handle nicely missing library metadata [fix #397]
- Update the test data directory name in the spec
- Extend duration for tests using virtualization
- Use a better name for the test data path method
- Provide aggregated test metadata for execution
- Send warnings to stderr, introduce a fail() method
--------------------------------------------------------------------------------
Dear all,
You are kindly invited to the meeting:
EPEL Steering Committee on 2020-10-23 from 21:00:00 to 22:00:00 UTC
At fedora-meeting(a)irc.freenode.net
The meeting will be about:
This is the weekly EPEL Steering Committee Meeting.
A general agenda is the following:
#meetingname EPEL
#topic Intros
#topic Old Business
#topic EPEL-6
#topic EPEL-7
#topic EPEL-8
#topic Openfloor
#endmeeting
Source: https://apps.fedoraproject.org/calendar/meeting/9722/
The following Fedora EPEL 6 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-2dbce134fd singularity-3.6.4-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
tcpreplay-4.3.3-3.el6
Details about builds:
================================================================================
tcpreplay-4.3.3-3.el6 (FEDORA-EPEL-2020-b21ed088ad)
Replay captured network traffic
--------------------------------------------------------------------------------
Update Information:
Patch CVE-2020-24265 and CVE-2020-24266.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 21 2020 Bojan Smojver <bojan@rexursive com> - 4.3.3-2
- CVE-2020-24265
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889806 - CVE-2020-24265 tcpreplay: heap buffer overflow could result in a crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889806
[ 2 ] Bug #1889807 - CVE-2020-24265 tcpreplay: heap buffer overflow could result in a crash [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889807
[ 3 ] Bug #1889809 - CVE-2020-24266 tcpreplay: heap buffer overflow in get_l2len() could result in a crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889809
[ 4 ] Bug #1889810 - CVE-2020-24266 tcpreplay: heap buffer overflow in get_l2len() could result in a crash [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889810
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-01179f6b9f suricata-4.1.9-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
inxi-3.1.08-1.el7
openbgpd-6.8p0-1.el7
rpki-client-6.8p0-1.el7
tcpreplay-4.3.3-3.el7
Details about builds:
================================================================================
inxi-3.1.08-1.el7 (FEDORA-EPEL-2020-b6467c15d0)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.08.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 21 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 3.1.08-1
- Update to 3.1.08
--------------------------------------------------------------------------------
================================================================================
openbgpd-6.8p0-1.el7 (FEDORA-EPEL-2020-725bd5179b)
OpenBGPD Routing Daemon
--------------------------------------------------------------------------------
Update Information:
OpenBGPD 6.8p0 ============== Portable release based on OpenBSD 6.8. It
includes the following changes to the previous release: * In `bgpctl(8)`, the
`reload` command now takes a 'reason' argument to use as Administrative Shutdown
Communication to its neighbors. * Added `bgpctl(8)` support for VPNv6 in the
family option of the `show rib` command. * Added `bgpctl(8)` support for JSON
formatted output in various `show` commands. * Support to build OpenBGPD on
Alpine Linux added.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 20 2020 Robert Scheck <robert(a)fedoraproject.org> 6.8p0-1
- Upgrade to 6.8p0 (#1889826)
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.7p0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889826 - openbgpd-6.8p0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1889826
--------------------------------------------------------------------------------
================================================================================
rpki-client-6.8p0-1.el7 (FEDORA-EPEL-2020-ead590bb76)
RPKI validator to support BGP Origin Validation
--------------------------------------------------------------------------------
Update Information:
rpki-client 6.8p0 ================= Portable release based on OpenBSD 6.8. It
includes the following changes to the previous release: * Improve how
repositories are downloaded: do not fetch symlinks and clean extraneous files in
the repositories after download using the cryptographically signed RPKI manifest
listings. * Fix a bug where `rpki-client` could hang after calling `rsync`.
* Remove the `-f` option, no longer needed. * Improved validation of the trust
anchors. * Add new option `-s timeout` to make `rpki-client` automatically
terminate after a timeout (default 1 hour). This helps when `rpki-client` is run
via `cron` to prevent a hanging process to cause problems. Portability
improvements: * Replace `warnc()` with `warnx()` + `strerror()` * Replace
`b64_pton()` with code using the `libcrypto EVP_Decode*` functionality. *
Adjust for OpenSSL 1.1.x compatible use of the `EVP_ENCODE_CTX` struct.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 20 2020 Robert Scheck <robert(a)fedoraproject.org> 6.8p0-1
- Upgrade to 6.8p0 (#1889618)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889618 - rpki-client-6.8p0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1889618
--------------------------------------------------------------------------------
================================================================================
tcpreplay-4.3.3-3.el7 (FEDORA-EPEL-2020-e6c7b4cbec)
Replay captured network traffic
--------------------------------------------------------------------------------
Update Information:
Patch CVE-2020-24265 and CVE-2020-24266.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 21 2020 Bojan Smojver <bojan@rexursive com> - 4.3.3-2
- CVE-2020-24265
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889806 - CVE-2020-24265 tcpreplay: heap buffer overflow could result in a crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889806
[ 2 ] Bug #1889807 - CVE-2020-24265 tcpreplay: heap buffer overflow could result in a crash [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889807
[ 3 ] Bug #1889809 - CVE-2020-24266 tcpreplay: heap buffer overflow in get_l2len() could result in a crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889809
[ 4 ] Bug #1889810 - CVE-2020-24266 tcpreplay: heap buffer overflow in get_l2len() could result in a crash [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889810
--------------------------------------------------------------------------------
The following Fedora EPEL 8 Security updates need testing:
Age URL
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b15161810d pdns-4.3.1-1.el8
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-69c0102261 singularity-3.6.4-1.el8
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b7912a8edb suricata-5.0.4-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e85de73cdb pdns-recursor-4.3.5-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
gnome-shell-extension-topicons-plus-25-1.el8
inxi-3.1.08-1.el8
openbgpd-6.8p0-1.el8
rpki-client-6.8p0-1.el8
tcpreplay-4.3.3-3.el8
Details about builds:
================================================================================
gnome-shell-extension-topicons-plus-25-1.el8 (FEDORA-EPEL-2020-5a3f87696b)
Move all legacy tray icons to the top panel
--------------------------------------------------------------------------------
Update Information:
Create EPEL 8 branch for TopIcons Plus.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1886815 - Please build gnome-shell-extension-topicons-plus for EPEL 8
https://bugzilla.redhat.com/show_bug.cgi?id=1886815
--------------------------------------------------------------------------------
================================================================================
inxi-3.1.08-1.el8 (FEDORA-EPEL-2020-601ae5fd2c)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.08.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 21 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 3.1.08-1
- Update to 3.1.08
--------------------------------------------------------------------------------
================================================================================
openbgpd-6.8p0-1.el8 (FEDORA-EPEL-2020-85fe8d4e17)
OpenBGPD Routing Daemon
--------------------------------------------------------------------------------
Update Information:
OpenBGPD 6.8p0 ============== Portable release based on OpenBSD 6.8. It
includes the following changes to the previous release: * In `bgpctl(8)`, the
`reload` command now takes a 'reason' argument to use as Administrative Shutdown
Communication to its neighbors. * Added `bgpctl(8)` support for VPNv6 in the
family option of the `show rib` command. * Added `bgpctl(8)` support for JSON
formatted output in various `show` commands. * Support to build OpenBGPD on
Alpine Linux added.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 20 2020 Robert Scheck <robert(a)fedoraproject.org> 6.8p0-1
- Upgrade to 6.8p0 (#1889826)
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.7p0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889826 - openbgpd-6.8p0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1889826
--------------------------------------------------------------------------------
================================================================================
rpki-client-6.8p0-1.el8 (FEDORA-EPEL-2020-d96758b687)
RPKI validator to support BGP Origin Validation
--------------------------------------------------------------------------------
Update Information:
rpki-client 6.8p0 ================= Portable release based on OpenBSD 6.8. It
includes the following changes to the previous release: * Improve how
repositories are downloaded: do not fetch symlinks and clean extraneous files in
the repositories after download using the cryptographically signed RPKI manifest
listings. * Fix a bug where `rpki-client` could hang after calling `rsync`.
* Remove the `-f` option, no longer needed. * Improved validation of the trust
anchors. * Add new option `-s timeout` to make `rpki-client` automatically
terminate after a timeout (default 1 hour). This helps when `rpki-client` is run
via `cron` to prevent a hanging process to cause problems. Portability
improvements: * Replace `warnc()` with `warnx()` + `strerror()` * Replace
`b64_pton()` with code using the `libcrypto EVP_Decode*` functionality. *
Adjust for OpenSSL 1.1.x compatible use of the `EVP_ENCODE_CTX` struct.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 20 2020 Robert Scheck <robert(a)fedoraproject.org> 6.8p0-1
- Upgrade to 6.8p0 (#1889618)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889618 - rpki-client-6.8p0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1889618
--------------------------------------------------------------------------------
================================================================================
tcpreplay-4.3.3-3.el8 (FEDORA-EPEL-2020-6ef54b7a2d)
Replay captured network traffic
--------------------------------------------------------------------------------
Update Information:
Patch CVE-2020-24265 and CVE-2020-24266.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 21 2020 Bojan Smojver <bojan@rexursive com> - 4.3.3-2
- CVE-2020-24265
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889806 - CVE-2020-24265 tcpreplay: heap buffer overflow could result in a crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889806
[ 2 ] Bug #1889807 - CVE-2020-24265 tcpreplay: heap buffer overflow could result in a crash [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889807
[ 3 ] Bug #1889809 - CVE-2020-24266 tcpreplay: heap buffer overflow in get_l2len() could result in a crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889809
[ 4 ] Bug #1889810 - CVE-2020-24266 tcpreplay: heap buffer overflow in get_l2len() could result in a crash [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1889810
--------------------------------------------------------------------------------