The following Fedora EPEL 6 Security updates need testing:
Age URL
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d2ea82902e python-httplib2-0.18.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
putty-0.74-1.el6
Details about builds:
================================================================================
putty-0.74-1.el6 (FEDORA-EPEL-2020-b1a8a3c29a)
SSH, Telnet and Rlogin client
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-14002.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 30 2020 Jaroslav ��karvada <jskarvad(a)redhat.com> - 0.74-1
- New version
- Fixed possible information leak in the algorithm negotiation
Resolves: rhbz#1852417
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852415 - CVE-2020-14002 putty: Observable Discrepancy leading to an information leak in the algorithm negotiation
https://bugzilla.redhat.com/show_bug.cgi?id=1852415
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
686 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7
428 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7
425 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7
135 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6 python-waitress-1.4.3-1.el7
75 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-19d171a465 python34-3.4.10-5.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f33a36b2c4 python-httplib2-0.18.1-3.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c438b9fb89 lynis-3.0.0-1.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d749373a67 znc-1.8.1-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-af9b2ac861 alpine-2.23-2.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6ad4894c0c jbig2dec-0.12-5.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0078f6abc1 xpdf-3.04-10.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-af9c6001d1 ngircd-26-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5d348316dd chromium-83.0.4103.116-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
coturn-4.5.1.3-1.el7
php-composer-semver3-3.0.0-1.el7
putty-0.74-1.el7
python-ifcfg-0.21-1.el7
xrdp-0.9.13.1-1.el7
Details about builds:
================================================================================
coturn-4.5.1.3-1.el7 (FEDORA-EPEL-2020-afd5c42fd6)
TURN/STUN & ICE Server
--------------------------------------------------------------------------------
Update Information:
Coturn 4.5.1.3 ============== * merge PR #575: Fix rpm packaging * merge PR
#576: Tell tar to not include the metadata into release * merge PR #574:
Change Docker `turnserver.conf` to latest `turnserver.conf` * merge PR #566:
Remove reference to SSLv3 * merge PR #579: Ignore MD5 for BoringSSL * merge
PR #577: Build RPM from local folder instead of Git repo * Fix for
CVE-2020-4067: STUN response buffer not initialized properly (issue found and
reported #583 by Felix D��rre)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 30 2020 Robert Scheck <robert(a)fedoraproject.org> - 4.5.1.3-1
- Update to 4.5.1.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852362 - CVE-2020-4067 coturn: STUN response buffer not initialized properly
https://bugzilla.redhat.com/show_bug.cgi?id=1852362
--------------------------------------------------------------------------------
================================================================================
php-composer-semver3-3.0.0-1.el7 (FEDORA-EPEL-2020-d8053bd3a2)
Semver library version 3
--------------------------------------------------------------------------------
Update Information:
Semver library version 3 that offers utilities, version constraint parsing and
validation. Originally written as part of composer/composer, now extracted and
made available as a stand-alone library. Autoloader:
/usr/share/php/Composer/Semver3/autoload.php
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1843516 - Review Request: php-composer-semver3 - Semver library version 3
https://bugzilla.redhat.com/show_bug.cgi?id=1843516
--------------------------------------------------------------------------------
================================================================================
putty-0.74-1.el7 (FEDORA-EPEL-2020-2f70f49092)
SSH, Telnet and Rlogin client
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-14002.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 30 2020 Jaroslav ��karvada <jskarvad(a)redhat.com> - 0.74-1
- New version
- Fixed possible information leak in the algorithm negotiation
Resolves: rhbz#1852418
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852415 - CVE-2020-14002 putty: Observable Discrepancy leading to an information leak in the algorithm negotiation
https://bugzilla.redhat.com/show_bug.cgi?id=1852415
--------------------------------------------------------------------------------
================================================================================
python-ifcfg-0.21-1.el7 (FEDORA-EPEL-2020-780bf90285)
Python cross-platform network interface discovery (ifconfig/ipconfig/ip)
--------------------------------------------------------------------------------
Update Information:
Update to the latest `python-ifcfg` release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 30 2020 Scott K Logan <logans(a)cottsay.net> - 0.21-1
- Update to 0.21 (rhbz#1852561)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852561 - python-ifcfg-0.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1852561
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.13.1-1.el7 (FEDORA-EPEL-2020-6949cf3502)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
This is a security fix release that includes fixes for the following local
buffer overflow vulnerability. - CVE-2022-4044: Local users can perform a
buffer overflow attack against the xrdp-sesman service and then impersonate it
This update is recommended for all xrdp users.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 30 2020 Bojan Smojver <bojan(a)rexurive.com> - 1:0.9.13.1-1
- Bump up to 0.9.13.1
- CVE-2022-4044
--------------------------------------------------------------------------------