The following Fedora EPEL 7 Security updates need testing:
Age URL
208
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a
unrtf-0.21.9-8.el7
158
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a
bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7
142
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
33
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-0346a55d0f
nagios-4.4.2-3.el7
16
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6fa6cebc3
game-music-emu-0.6.2-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b43fdd19c3
vcftools-0.1.16-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f4bd5f5674
wordpress-5.0.2-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-25ef4c914f
tcpreplay-4.3.1-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b96164478d
php-horde-Horde-Image-2.5.4-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-71.0.3578.98-2.el7
golang-github-cpuguy83-go-md2man-1.0.4-4.el7
nagios-plugins-2.2.1-16.20180725git3429dad.el7
nmstate-0.0.3-1.el7
Details about builds:
================================================================================
chromium-71.0.3578.98-2.el7 (FEDORA-EPEL-2019-6c3fb8b090)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Finally, a new chromium build for EL7. Hold on to your butts, this fixes so many
CVEs. Fixes CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068
CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16073 CVE-2018-16074
CVE-2018-16075 CVE-2018-16076 CVE-2018-16077 CVE-2018-16078 CVE-2018-16079
CVE-2018-16080 CVE-2018-16081 CVE-2018-16082 CVE-2018-16083 CVE-2018-16084
CVE-2018-16085 CVE-2018-16088 CVE-2018-16087 CVE-2018-16086 CVE-2018-17458
CVE-2018-17459 CVE-2018-6119 CVE-2018-6055 CVE-2018-16435 CVE-2018-17462
CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467
CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473
CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-5179 CVE-2018-17477
CVE-2018-17478 CVE-2018-17479 CVE-2018-17480 CVE-2018-17481 CVE-2018-18335
CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340
CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345
CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350
CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355
CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 19 2018 Tom Callaway <spot(a)fedoraproject.org> - 71.0.3578.98-2
- need to use devtoolset-8-*. I love hardcoded versions in package names.
* Fri Dec 14 2018 Tom Callaway <spot(a)fedoraproject.org> - 71.0.3578.98-1
- update to 71.0.3578.98
* Tue Nov 27 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.110-2
- enable vaapi support (thanks to Akarshan Biswas for doing the hard work here)
* Mon Nov 26 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.110-1
- update to .110
* Wed Nov 7 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.77-4
- fix library requires filtering
* Tue Nov 6 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.77-3
- fix build with harfbuzz2 in rawhide
* Mon Nov 5 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.77-2
- drop jumbo_file_merge_limit to 8 to (hopefully) avoid OOMs on aarch64
* Fri Nov 2 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.77-1
- .77 came out while I was working on this. :/
* Fri Nov 2 2018 Tom Callaway <spot(a)fedoraproject.org> - 70.0.3538.67-1
- update to 70
* Tue Oct 16 2018 Tom Callaway <spot(a)fedoraproject.org> - 69.0.3497.100-2
- do not play with fonts on freeworld builds
* Thu Oct 4 2018 Tom Callaway <spot(a)fedoraproject.org> - 69.0.3497.100-1
- update to 69.0.3497.100
* Wed Sep 12 2018 Tom Callaway <spot(a)fedoraproject.org> - 69.0.3497.92-1
- update to 69.0.3497.92
* Wed Sep 5 2018 Tom Callaway <spot(a)fedoraproject.org> - 69.0.3497.81-1
- update to 69.0.3497.81
* Tue Aug 28 2018 Patrik Novotn�� <panovotn(a)redhat.com> - 68.0.3440.106-4
- change requires to minizip-compat(-devel), rhbz#1609830, rhbz#1615381
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1656573 - CVE-2018-18359 chromium-browser: Out of bounds read in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1656573
[ 2 ] Bug #1656572 - CVE-2018-18358 chromium-browser: Insufficient policy enforcement in
Proxy
https://bugzilla.redhat.com/show_bug.cgi?id=1656572
[ 3 ] Bug #1656571 - CVE-2018-18357 chromium-browser: Insufficient policy enforcement in
URL Formatter
https://bugzilla.redhat.com/show_bug.cgi?id=1656571
[ 4 ] Bug #1656570 - CVE-2018-18356 chromium-browser: Use after free in Skia
https://bugzilla.redhat.com/show_bug.cgi?id=1656570
[ 5 ] Bug #1656569 - CVE-2018-18355 chromium-browser: Insufficient policy enforcement in
URL Formatter
https://bugzilla.redhat.com/show_bug.cgi?id=1656569
[ 6 ] Bug #1656568 - CVE-2018-18354 chromium-browser: Insufficient data validation in
Shell Integration
https://bugzilla.redhat.com/show_bug.cgi?id=1656568
[ 7 ] Bug #1656567 - CVE-2018-18353 chromium-browser: Inappropriate implementation in
Network Authentication
https://bugzilla.redhat.com/show_bug.cgi?id=1656567
[ 8 ] Bug #1656566 - CVE-2018-18352 chromium-browser: Inappropriate implementation in
Media
https://bugzilla.redhat.com/show_bug.cgi?id=1656566
[ 9 ] Bug #1656565 - CVE-2018-18351 chromium-browser: Insufficient policy enforcement in
Navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1656565
[ 10 ] Bug #1656564 - CVE-2018-18350 chromium-browser: Insufficient policy enforcement
in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1656564
[ 11 ] Bug #1656563 - CVE-2018-18349 chromium-browser: Insufficient policy enforcement
in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1656563
[ 12 ] Bug #1656562 - CVE-2018-18348 chromium-browser: Inappropriate implementation in
Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1656562
[ 13 ] Bug #1656561 - CVE-2018-18347 chromium-browser: Inappropriate implementation in
Navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1656561
[ 14 ] Bug #1656560 - CVE-2018-18346 chromium-browser: Incorrect security UI in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1656560
[ 15 ] Bug #1656559 - CVE-2018-18345 chromium-browser: Inappropriate implementation in
Site Isolation
https://bugzilla.redhat.com/show_bug.cgi?id=1656559
[ 16 ] Bug #1656558 - CVE-2018-18344 chromium-browser: Inappropriate implementation in
Extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1656558
[ 17 ] Bug #1656557 - CVE-2018-18343 chromium-browser: Use after free in Skia
https://bugzilla.redhat.com/show_bug.cgi?id=1656557
[ 18 ] Bug #1656556 - CVE-2018-18342 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1656556
[ 19 ] Bug #1656555 - CVE-2018-18341 chromium-browser: Heap buffer overflow in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1656555
[ 20 ] Bug #1656554 - CVE-2018-18340 chromium-browser: Use after free in MediaRecorder
https://bugzilla.redhat.com/show_bug.cgi?id=1656554
[ 21 ] Bug #1656553 - CVE-2018-18339 chromium-browser: Use after free in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1656553
[ 22 ] Bug #1656552 - CVE-2018-18338 chromium-browser: Heap buffer overflow in Canvas
https://bugzilla.redhat.com/show_bug.cgi?id=1656552
[ 23 ] Bug #1656551 - CVE-2018-18337 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1656551
[ 24 ] Bug #1656550 - CVE-2018-18336 chromium-browser: Use after free in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1656550
[ 25 ] Bug #1656549 - CVE-2018-18335 chromium-browser: Heap buffer overflow in Skia
https://bugzilla.redhat.com/show_bug.cgi?id=1656549
[ 26 ] Bug #1656548 - CVE-2018-17481 chromium-browser: Use after frees in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1656548
[ 27 ] Bug #1656547 - CVE-2018-17480 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1656547
[ 28 ] Bug #1651487 - CVE-2018-17479 chromium-browser: Use-after-free in GPU
https://bugzilla.redhat.com/show_bug.cgi?id=1651487
[ 29 ] Bug #1648855 - CVE-2018-17478 chromium-browser: Out of bounds memory access in
V8
https://bugzilla.redhat.com/show_bug.cgi?id=1648855
[ 30 ] Bug #1640118 - chromium-browser: Heap buffer overflow in lcms in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1640118
[ 31 ] Bug #1640115 - CVE-2018-17477 chromium-browser: UI spoof in Extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1640115
[ 32 ] Bug #1640114 - CVE-2018-5179 chromium-browser: Lack of limits on update() in
ServiceWorker
https://bugzilla.redhat.com/show_bug.cgi?id=1640114
[ 33 ] Bug #1640113 - CVE-2018-17476 chromium-browser: Security UI occlusion in full
screen mode
https://bugzilla.redhat.com/show_bug.cgi?id=1640113
[ 34 ] Bug #1640112 - CVE-2018-17475 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1640112
[ 35 ] Bug #1640111 - CVE-2018-17474 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1640111
[ 36 ] Bug #1640110 - CVE-2018-17473 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1640110
[ 37 ] Bug #1640108 - CVE-2018-17472 chromium-browser: iframe sandbox escape on iOS
https://bugzilla.redhat.com/show_bug.cgi?id=1640108
[ 38 ] Bug #1640107 - CVE-2018-17471 chromium-browser: Security UI occlusion in full
screen mode
https://bugzilla.redhat.com/show_bug.cgi?id=1640107
[ 39 ] Bug #1640106 - CVE-2018-17470 chromium-browser: Memory corruption in GPU
Internals
https://bugzilla.redhat.com/show_bug.cgi?id=1640106
[ 40 ] Bug #1640105 - CVE-2018-17469 chromium-browser: Heap buffer overflow in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1640105
[ 41 ] Bug #1640104 - CVE-2018-17468 chromium-browser: Cross-origin URL disclosure in
Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1640104
[ 42 ] Bug #1640103 - CVE-2018-17467 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1640103
[ 43 ] Bug #1640102 - CVE-2018-17466 chromium-browser, firefox: Memory corruption in
Angle
https://bugzilla.redhat.com/show_bug.cgi?id=1640102
[ 44 ] Bug #1640101 - CVE-2018-17465 chromium-browser: Use after free in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1640101
[ 45 ] Bug #1640100 - CVE-2018-17464 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1640100
[ 46 ] Bug #1640099 - CVE-2018-17463 chromium-browser: Remote code execution in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1640099
[ 47 ] Bug #1640098 - CVE-2018-17462 chromium-browser: Sandbox escape in AppCache
https://bugzilla.redhat.com/show_bug.cgi?id=1640098
[ 48 ] Bug #1633393 - CVE-2018-6055 chromium-browser: Insufficient policy enforcement in
Catalog Service
https://bugzilla.redhat.com/show_bug.cgi?id=1633393
[ 49 ] Bug #1633390 - CVE-2018-6119 chromium-browser: Spoof of contents of the Omnibox
(URL bar) via a crafted HTML page
https://bugzilla.redhat.com/show_bug.cgi?id=1633390
[ 50 ] Bug #1628080 - CVE-2018-17459 chromium-browser: URL Spoofing in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1628080
[ 51 ] Bug #1628078 - CVE-2018-17458 chromium-browser: Function signature mismatch in
WebAssembly
https://bugzilla.redhat.com/show_bug.cgi?id=1628078
[ 52 ] Bug #1625488 - CVE-2018-16085 chromium-browser: Use after free in Memory
Instrumentation
https://bugzilla.redhat.com/show_bug.cgi?id=1625488
[ 53 ] Bug #1625487 - CVE-2018-16084 chromium-browser: User confirmation bypass in
external protocol handling
https://bugzilla.redhat.com/show_bug.cgi?id=1625487
[ 54 ] Bug #1625486 - CVE-2018-16083 chromium-browser: Out of bounds read in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1625486
[ 55 ] Bug #1625485 - CVE-2018-16082 chromium-browser: Stack buffer overflow in
SwiftShader
https://bugzilla.redhat.com/show_bug.cgi?id=1625485
[ 56 ] Bug #1625484 - CVE-2018-16081 chromium-browser: Local file access in DevTools
https://bugzilla.redhat.com/show_bug.cgi?id=1625484
[ 57 ] Bug #1625482 - CVE-2018-16080 chromium-browser: URL spoof in full screen mode
https://bugzilla.redhat.com/show_bug.cgi?id=1625482
[ 58 ] Bug #1625481 - CVE-2018-16079 chromium-browser: URL spoof in permission dialogs
https://bugzilla.redhat.com/show_bug.cgi?id=1625481
[ 59 ] Bug #1625480 - CVE-2018-16078 chromium-browser: Credit card information leak in
Autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1625480
[ 60 ] Bug #1625479 - CVE-2018-16077 chromium-browser: Content security policy bypass in
Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1625479
[ 61 ] Bug #1625478 - CVE-2018-16076 chromium-browser: Out of bounds read in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1625478
[ 62 ] Bug #1625477 - CVE-2018-16075 chromium-browser: Local file access in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1625477
[ 63 ] Bug #1625476 - CVE-2018-16074 chromium-browser: Site Isolation bypass using Blob
URLS
https://bugzilla.redhat.com/show_bug.cgi?id=1625476
[ 64 ] Bug #1625475 - CVE-2018-16073 chromium-browser: Site Isolation bypass after tab
restore
https://bugzilla.redhat.com/show_bug.cgi?id=1625475
[ 65 ] Bug #1625474 - CVE-2018-16072 chromium-browser: Cross origin pixel leak in
Chrome's interaction with Android's MediaPlayer
https://bugzilla.redhat.com/show_bug.cgi?id=1625474
[ 66 ] Bug #1625473 - CVE-2018-16071 chromium-browser: Use after free in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1625473
[ 67 ] Bug #1625472 - CVE-2018-16070 chromium-browser: Integer overflow in Skia
https://bugzilla.redhat.com/show_bug.cgi?id=1625472
[ 68 ] Bug #1625471 - CVE-2018-16069 chromium-browser: Out of bounds read in
SwiftShader
https://bugzilla.redhat.com/show_bug.cgi?id=1625471
[ 69 ] Bug #1625470 - CVE-2018-16068 chromium-browser: Out of bounds write in Mojo
https://bugzilla.redhat.com/show_bug.cgi?id=1625470
[ 70 ] Bug #1625469 - CVE-2018-16067 chromium-browser: Out of bounds read in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1625469
[ 71 ] Bug #1625467 - CVE-2018-16066 chromium-browser: Out of bounds read in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1625467
[ 72 ] Bug #1625466 - CVE-2018-16065 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1625466
--------------------------------------------------------------------------------
================================================================================
golang-github-cpuguy83-go-md2man-1.0.4-4.el7 (FEDORA-EPEL-2019-00644c5733)
Process markdown into manpages
--------------------------------------------------------------------------------
Update Information:
RHEL 7 has deprecated it's golang stack, which has resulted in golang-github-
cpuguy83-go-md2man no longer being available in CentOS. Since golang has been
added back to EPEL, it should be ok to add golang-github-cpuguy83-go-md2man now
as well.
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-2.2.1-16.20180725git3429dad.el7 (FEDORA-EPEL-2019-0a4389d486)
Host/service/network monitoring program plugins for Nagios
--------------------------------------------------------------------------------
Update Information:
Fix issue in upstream bug that lead to -D flag for check_smtp no longer working.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 3 2019 Patrick Uiterwijk <puiterwijk(a)redhat.com> -
2.2.1-16.20180725git3429dad
- Fix check_smtp certificate verification
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1662677 - check_smtp plugin fails to properly detect availability of
STARTTLS
https://bugzilla.redhat.com/show_bug.cgi?id=1662677
--------------------------------------------------------------------------------
================================================================================
nmstate-0.0.3-1.el7 (FEDORA-EPEL-2019-03f72e3369)
Declarative network manager API
--------------------------------------------------------------------------------
Update Information:
Initial release nmstate to EPEL7-testing.
--------------------------------------------------------------------------------