The following Fedora EPEL 7 Security updates need testing:
Age URL
960
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
722
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
304
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
202
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
199
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
33
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23
libmspack-0.6-0.1.alpha.el7
31
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b8147c68
openvpn-auth-ldap-2.0.3-15.el7
17
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3c06a7eecf
nagios-4.3.4-3.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-853d71e01b
tnef-1.4.15-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f1c70fdfbd
cacti-1.1.26-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1e541e27e9
nginx-1.12.2-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-37b21f1a51
seamonkey-2.49.1-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ce0091d73
lame-3.100-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-21fb9891af
modulemd-1.3.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
RackTables-0.20.14-1.el7
ansible-lint-3.4.17-1.el7
carbon-c-relay-3.2-1.el7
globus-common-17.2-1.el7
globus-ftp-control-8.2-1.el7
globus-gram-job-manager-scripts-6.10-1.el7
globus-gss-assist-11.1-1.el7
globus-gssapi-gsi-13.2-1.el7
imapfilter-2.6.10-2.el7
lame-3.100-1.el7
lighttpd-1.4.47-1.el7
modulemd-1.3.2-1.el7
perl-Lingua-Translit-0.28-1.el7
php-justinrainbow-json-schema5-5.2.6-1.el7
php-phpseclib-2.0.7-1.el7
python-certifi-2016.9.26-6.el7
python-tinydb-3.6.0-1.el7
seamonkey-2.49.1-1.el7
Details about builds:
================================================================================
RackTables-0.20.14-1.el7 (FEDORA-EPEL-2017-7a30c12c58)
A data-center asset management system
--------------------------------------------------------------------------------
Update Information:
Rebase to v0.20.14 Address BZ1492171
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1492171 - PHP parse error with RackTables-0.20.13-1.el7.noarch
https://bugzilla.redhat.com/show_bug.cgi?id=1492171
--------------------------------------------------------------------------------
================================================================================
ansible-lint-3.4.17-1.el7 (FEDORA-EPEL-2017-cfd6c1802b)
Best practices checker for Ansible
--------------------------------------------------------------------------------
Update Information:
Update to 3.4.17 version (#1505124)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1505124 - ansible-lint-3.4.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1505124
--------------------------------------------------------------------------------
================================================================================
carbon-c-relay-3.2-1.el7 (FEDORA-EPEL-2017-126740aaf2)
Enhanced C implementation of Carbon relay, aggregator and rewriter
--------------------------------------------------------------------------------
Update Information:
Update to 3.2 ---- Update to 3.1 ---- Update to 3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1442052 - carbon-c-relay-3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1442052
--------------------------------------------------------------------------------
================================================================================
globus-common-17.2-1.el7 (FEDORA-EPEL-2017-b1990eed4f)
Globus Toolkit - Common Library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
globus-ftp-control-8.2-1.el7 (FEDORA-EPEL-2017-b1990eed4f)
Globus Toolkit - GridFTP Control Library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-scripts-6.10-1.el7 (FEDORA-EPEL-2017-b1990eed4f)
Globus Toolkit - GRAM Job ManagerScripts
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
globus-gss-assist-11.1-1.el7 (FEDORA-EPEL-2017-b1990eed4f)
Globus Toolkit - GSSAPI Assist library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
globus-gssapi-gsi-13.2-1.el7 (FEDORA-EPEL-2017-b1990eed4f)
Globus Toolkit - GSSAPI library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
imapfilter-2.6.10-2.el7 (FEDORA-EPEL-2017-bb8a828061)
A flexible client side mail filtering utility for IMAP servers
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream release, fixing some ancient RHBZ bugs.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1423737 - imapfilter: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1423737
[ 2 ] Bug #1331652 - [PATCH] Disable sslv3 in imapfilter
https://bugzilla.redhat.com/show_bug.cgi?id=1331652
--------------------------------------------------------------------------------
================================================================================
lame-3.100-1.el7 (FEDORA-EPEL-2017-7ce0091d73)
Free MP3 audio compressor
--------------------------------------------------------------------------------
Update Information:
LAME 3.100 - October 13 2017 ============================ * Rog��rio Brito
* Don't include the debian directory as one that is needed during builds. Patch
taken from Debian's packaging of lame. * Resurrect Owen Taylor's code
dated from 97-11-3 to properly deal with GTK1. This was transplanted back from
aclocal.m4 with a patch provided by Andres Mejia. This change makes it easy to
regenerate autotools' files with a simple invocation of autoconf -vfi. *
Fix possible race condition causing build failures in libmp3lame. Discovered in
automated builds by the Debian project with patch provided by Andres Mejia. *
Robert Hegemann * Improved detection of MPEG audio data in RIFF WAVE
files. Tracker item [ 3545112 ] Invalid sampling detection * New switch
--gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain
adjustment in decibels, than the use of --scale <factor>. * Fix for
tracker item [ 3558466 ] Bug in path handling * Fix for tracker item [
3567844 ] problem with Tag genre * Fix for tracker item [ 3565659 ] no
progress indication with pipe input * Fix for tracker item [ 3544957 ]
scale (empty) silent encode without warning * Fix for tracker item [
3580176 ] environment variable LAMEOPT doesn't work anymore * Fix for
tracker item [ 3608583 ] input file name displayed with wrong character encoding
(on windows console with CP_UTF8) * Fix for bug ticket [ #447 ] Fix
dereference NULL and Buffer not NULL terminated issues. Thanks to Surabhi Mishra
* Fix for bug ticket [ #445 ] dereference of a null pointer possible in loop.
Thanks to Renu Tyagi * Fix for bug ticket [ #449 ] Make sure functions
with SSE instructions maintain their own properly aligned stack. Thanks to
Fabian Greffrath * Fix for bug ticket [ #458 ] Multiple Stack and Heap
Corruptions from Malicious File. Thanks to Gareth Evans and Elio Blanca *
Fix for bug ticket [ #460 ] A division by zero vulnerability. Thanks to Wang
Shiyang, Liu Bingchang * Fix for bug ticket [ #461 ] CVE-2017-9410
fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read
and ap * Fix for bug ticket [ #462 ] CVE-2017-9411 fill_buffer_resample
function in libmp3lame/util.c invalid memory read and application crash *
Fix for bug ticket [ #463 ] CVE-2017-9412 unpack_read_samples function in
frontend/get_audio.c invalid memory read and application crash * Fix for
bug ticket [ #434 ] clip detect scale suggestion unaware of scale input value
* HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3
data resulted in internal buffer overflow (write). Thanks to Henri Salo *
Alexander Leidinger * Feature request, patch ticket [ #27 ] Add
lame_encode_buffer_interleaved_int() by Michael Fink
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1470199 - CVE-2015-9099 CVE-2015-9100 CVE-2017-11720 CVE-2017-13712
CVE-2017-15018 CVE-2017-15019 CVE-2017-15045 CVE-2017-15046 CVE-2017-9410 CVE-2017-9411
CVE-2017-9412 CVE-2017-8419 lame: Multiple vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1470199
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.47-1.el7 (FEDORA-EPEL-2017-36c02b1e4f)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
https://www.lighttpd.net/2017/10/22/1.4.47/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1505128 - lighttpd-1.4.47 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1505128
--------------------------------------------------------------------------------
================================================================================
modulemd-1.3.2-1.el7 (FEDORA-EPEL-2017-21fb9891af)
Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2017-1002157 -- possible arbitrary code execution when
loading multiple documents with `load_all` / `loads_all`.
--------------------------------------------------------------------------------
================================================================================
perl-Lingua-Translit-0.28-1.el7 (FEDORA-EPEL-2017-beac2c4b27)
Transliterates text between writing systems
--------------------------------------------------------------------------------
Update Information:
0.28 -- 2017-10-16 --- * Fixed wrong capitalised Cyrillic A in several
context rules of both "BGN/PCGN RUS Standard" and "BGN/PCGN RUS
Strict" - thanks
to Nikola Le��i�� for providing the fix! * Spelling corrections in man page -
thanks to Lucas Kanashiro for providing a patch! * Updated copyright (Netzum
Sorglos Software GmbH).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1503228 - perl-Lingua-Translit-0.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1503228
--------------------------------------------------------------------------------
================================================================================
php-justinrainbow-json-schema5-5.2.6-1.el7 (FEDORA-EPEL-2017-9e9d4a04e3)
A library to validate a json schema
--------------------------------------------------------------------------------
Update Information:
**Version 5.2.6** * 460 Backports for 5.2.6 * 459 (Add a path to the
default internal URI - fixes #458) ---- **Version 5.2.5** * Backports for
5.2.5 * 452 (Don't add a file:// prefix to URI that already have a scheme)
---- **Version 5.2.4** * Fresh tag to rectify 5.2.3 mistag. ----- **Version
5.2.3** * 453 Backports for 5.2.3 * 452 (bugfix for id double-resolution
introduced in 5.2.2) ---- **Version 5.2.2** * 431 Backports for 5.2.2
(Part 1) * 425 (bugfix for #424 - make uri splitting reversable) * 429
(adjust hhvm platform for Travis, remove phpdocumentor dependency) * 432 Added
property name in draft-3 required error * 433 Backports for 5.2.2 (Part 2) *
432 (fix missing property in boolean required error) * 450 Backports for 5.2.2
(Part 3) * 449 (Update config for php-cs-fixer & travis) * 448 (add
proper recursive handling for $ref - fixes #447)
--------------------------------------------------------------------------------
================================================================================
php-phpseclib-2.0.7-1.el7 (FEDORA-EPEL-2017-daa70bdac5)
PHP Secure Communications Library
--------------------------------------------------------------------------------
Update Information:
**Version 2.0.7** - 2017-10-22 * **SSH2:** - add new READ_NEXT mode
(#1140) - add sendIdentificationStringFirst() - add sendKEXINITFirst()
- add sendIdentificationStringLast() - add sendKEXINITLast() (#1162) -
assume any SSH server >= 1.99 supports SSH2 (#1170) - workaround for bad
arcfour256 implementations (#1171) - don't choke when getting response from
diff channel in exec() (#1167) * **SFTP:** - add
enablePathCanonicalization() - add disablePathCanonicalization() (#1137)
- fix put() with remote file stream resource (#1177) * ANSI: misc fixes (#1150,
#1161) * X509: use DateTime instead of unix time (#1166) * Ciphers: use eval()
instead of create_function() for >= 5.3
--------------------------------------------------------------------------------
================================================================================
python-certifi-2016.9.26-6.el7 (FEDORA-EPEL-2017-a59d8920c8)
Python package for providing Mozilla's CA Bundle
--------------------------------------------------------------------------------
Update Information:
Fix path of .pem file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1411586 - Please build to epel7
https://bugzilla.redhat.com/show_bug.cgi?id=1411586
--------------------------------------------------------------------------------
================================================================================
python-tinydb-3.6.0-1.el7 (FEDORA-EPEL-2017-de9158c8f3)
TinyDB is a tiny, document oriented database
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1504430 - python-tinydb-3.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1504430
--------------------------------------------------------------------------------
================================================================================
seamonkey-2.49.1-1.el7 (FEDORA-EPEL-2017-37b21f1a51)
Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:
Update to 2.49.1 Based on the Firefox/Thunderbird ESR (extension support
release) code version 52.4.0 Fixes various security issues, see
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ and
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ for
more info. Since the version of 2.48, SeaMonkey uses another disk cache
implementation. It is preferable to clear the cache (even before the update) to
avoid extra disk space usage by the old cache data.
--------------------------------------------------------------------------------