The following Fedora EPEL 5 Security updates need testing: Age URL 955 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 409 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.... 174 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-... 69 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki119-1... 28 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3784/mantis-1.2.17-... 23 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3... 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4147/lsyncd-2.1.4-4... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4221/wordpress-4.0.... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4228/drupal6-6.34-1... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4231/perltidy-20070... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4205/drupal7-7.34-1... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4219/phpMyAdmin4-4.... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4275/hivex-1.3.5-6.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4408/libyaml-0.1.2-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4402/antiword-0.37-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4403/pkcs11-helper-...
The following builds have been pushed to Fedora EPEL 5 updates-testing
antiword-0.37-17.el5 libyaml-0.1.2-8.el5 openvpn-2.3.6-1.el5 pkcs11-helper-1.11-3.el5 xpdf-3.04-6.el5
Details about builds:
================================================================================ antiword-0.37-17.el5 (FEDORA-EPEL-2014-4402) MS Word to ASCII/Postscript converter -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2014-8123 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169665 - CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[] https://bugzilla.redhat.com/show_bug.cgi?id=1169665 --------------------------------------------------------------------------------
================================================================================ libyaml-0.1.2-8.el5 (FEDORA-EPEL-2014-4408) YAML 1.1 parser and emitter written in C -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2014-9130 -------------------------------------------------------------------------------- ChangeLog:
* Mon Dec 1 2014 John Eckersberg eck@redhat.com - 0.1.2-8 - Add patch for CVE-2014-9130 (RHBZ#1169372) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169369 - CVE-2014-9130 libyaml: assert failure when processing wrapped strings https://bugzilla.redhat.com/show_bug.cgi?id=1169369 --------------------------------------------------------------------------------
================================================================================ openvpn-2.3.6-1.el5 (FEDORA-EPEL-2014-4403) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 2 2014 Jon Ciesla limburgher@gmail.com 2.3.6-1 - 2.3.6. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1169487 [ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1169488 --------------------------------------------------------------------------------
================================================================================ pkcs11-helper-1.11-3.el5 (FEDORA-EPEL-2014-4403) A library for using PKCS#11 providers -------------------------------------------------------------------------------- Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b -------------------------------------------------------------------------------- ChangeLog:
* Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.11-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Apr 11 2014 Jon Ciesla limburgher@gmail.com - 1.11-1 - Latest upstream, required for openvpn 2.3.3. * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Apr 2 2013 Kalev Lember kalevlember@gmail.com - 1.10-1 - Update to 1.10 * Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.09-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Sat Jul 21 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.09-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sat Jan 14 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.09-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Wed Aug 17 2011 Kalev Lember kalevlember@gmail.com - 1.09-1 - Update to 1.09 * Sun Jun 19 2011 Kalev Lember kalev@smartlink.ee - 1.08-1 - Update to 1.08 - Clean up the spec file for modern rpmbuild * Wed Feb 9 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.07-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Jul 1 2010 Kalev Lember kalev@smartlink.ee - 1.07-5 - use System Environment/Libraries group for main package - removed R: pkgconfig from devel subpackage * Fri Aug 21 2009 Tomas Mraz tmraz@redhat.com - 1.07-4 - rebuilt with new openssl * Sun Jul 26 2009 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.07-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1169487 [ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1169488 --------------------------------------------------------------------------------
================================================================================ xpdf-3.04-6.el5 (FEDORA-EPEL-2014-4388) A PDF file viewer for the X Window System -------------------------------------------------------------------------------- Update Information:
fix proper display of international strings in the title -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 2 2014 Tom Callaway spot@fedoraproject.org - 1:3.04-6 - fix proper display of international strings in the title (bz 1169301) * Fri Sep 12 2014 Tom Callaway spot@fedoraproject.org - 1:3.04-5 - fix .desktop file * Mon Aug 18 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1:3.04-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1:3.04-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169301 - xpdf does not show non-ASCII paths correctly https://bugzilla.redhat.com/show_bug.cgi?id=1169301 --------------------------------------------------------------------------------