The following Fedora EPEL 5 Security updates need testing: Age URL 831 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893 libguestfs-1.20.12-1.el5 596 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5 445 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5 88 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516 mcollective-2.8.4-1.el5 60 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6 thttpd-2.25b-24.el5 41 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2 libsndfile-1.0.17-8.el5 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5a2146a2dd prosody-0.9.10-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
cobbler-2.4.9-1.el5 globus-gssapi-gsi-11.26-1.el5 prosody-0.9.10-1.el5
Details about builds:
================================================================================ cobbler-2.4.9-1.el5 (FEDORA-EPEL-2016-9a2ae37ccd) Boot server configurator -------------------------------------------------------------------------------- Update Information:
Update to 2.4.9: This release works around the DNS issues we are having with the cobblerd.org domain. We have moved back to using hosted files on GitHub URLs. If you are using online features like get-loaders and signature update you will have to upgrade to this release! Also: - Fix for a yaml.parser.ParserError in cobbler-web - Make packages arch specific to handle arch conditional dependencies - Require python-virtinst on EL5 (bug #1107474) ---- Bugfixes * Add missing _validate_ks_template_path function so that kickstarts for systems can now be changed again (#1156) Feature improvements * Make kickstart selectable from a pulldown list in cobbler-web (#991) * Minor adjustment to the error_page template (cobbler-web) Bugfixes * Exit with an error if cobblerd executable cant be found (#1108 #1135) * Fix cobbler sync bug through xmlrpc api (NoneType object has no attribute info) * Add strict kickstart check in the API (again for #939) * Do not allow kickstarts in /etc/cobbler * Fix broken gitdate, gitstamp values in version file (cobbler version) * Prevent disappearing profiles after cobblerd restart (#1030) Upgrade notes This release makes the use of --parent and --distro mutually exclusive. The consequence is that subprofiles always have the same distro as the parent profile. This has been the intended behaviour ever since subprofiles got introduced. Please check if you have subprofiles with different distros than the parent profile and reconsider and adjust your configuration. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1107474 - koan-2.4.4-1.el5 Missing Dependency https://bugzilla.redhat.com/show_bug.cgi?id=1107474 --------------------------------------------------------------------------------
================================================================================ globus-gssapi-gsi-11.26-1.el5 (FEDORA-EPEL-2016-360ad6c8bd) Globus Toolkit - GSSAPI library -------------------------------------------------------------------------------- Update Information:
ix FORCE_TLS setting to allow TLSv1.1 and TLS1.2, not just TLSv1.0 --------------------------------------------------------------------------------
================================================================================ prosody-0.9.10-1.el5 (FEDORA-EPEL-2016-5a2146a2dd) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information:
Prosody 0.9.10 ============== A summary of changes in this release: Security -------- * mod_dialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks (CVE-2016-0756) Fixes and improvements ---------------------- * Startup: Open /dev/urandom read-only, to fix a failure to start on some systems (fixes #585) * Networking: Improve handling of the 'select' network backend running out of file descriptors Minor changes ------------- * Networking: Increase default internal read size to prevent connections stalling with LuaEvent (see #583) * DNS: Discard queries that failed to send due to connection errors (fixes #598) * c2s, s2s: Lower priority of shutdown handler, so that modules such as MUC can always send shutdown notifications to (remote) users (fixes #601) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1302463 - CVE-2016-0756 prosody: mod_dialback allows impersonation attacks https://bugzilla.redhat.com/show_bug.cgi?id=1302463 --------------------------------------------------------------------------------