The following Fedora EPEL 7 Security updates need testing: Age URL 686 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 428 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 425 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 135 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6 python-waitress-1.4.3-1.el7 75 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-19d171a465 python34-3.4.10-5.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f33a36b2c4 python-httplib2-0.18.1-3.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c438b9fb89 lynis-3.0.0-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d749373a67 znc-1.8.1-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-af9b2ac861 alpine-2.23-2.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6ad4894c0c jbig2dec-0.12-5.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0078f6abc1 xpdf-3.04-10.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-af9c6001d1 ngircd-26-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5d348316dd chromium-83.0.4103.116-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
coturn-4.5.1.3-1.el7 php-composer-semver3-3.0.0-1.el7 putty-0.74-1.el7 python-ifcfg-0.21-1.el7 xrdp-0.9.13.1-1.el7
Details about builds:
================================================================================ coturn-4.5.1.3-1.el7 (FEDORA-EPEL-2020-afd5c42fd6) TURN/STUN & ICE Server -------------------------------------------------------------------------------- Update Information:
Coturn 4.5.1.3 ============== * merge PR #575: Fix rpm packaging * merge PR #576: Tell tar to not include the metadata into release * merge PR #574: Change Docker `turnserver.conf` to latest `turnserver.conf` * merge PR #566: Remove reference to SSLv3 * merge PR #579: Ignore MD5 for BoringSSL * merge PR #577: Build RPM from local folder instead of Git repo * Fix for CVE-2020-4067: STUN response buffer not initialized properly (issue found and reported #583 by Felix D��rre) -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 30 2020 Robert Scheck robert@fedoraproject.org - 4.5.1.3-1 - Update to 4.5.1.3 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1852362 - CVE-2020-4067 coturn: STUN response buffer not initialized properly https://bugzilla.redhat.com/show_bug.cgi?id=1852362 --------------------------------------------------------------------------------
================================================================================ php-composer-semver3-3.0.0-1.el7 (FEDORA-EPEL-2020-d8053bd3a2) Semver library version 3 -------------------------------------------------------------------------------- Update Information:
Semver library version 3 that offers utilities, version constraint parsing and validation. Originally written as part of composer/composer, now extracted and made available as a stand-alone library. Autoloader: /usr/share/php/Composer/Semver3/autoload.php -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1843516 - Review Request: php-composer-semver3 - Semver library version 3 https://bugzilla.redhat.com/show_bug.cgi?id=1843516 --------------------------------------------------------------------------------
================================================================================ putty-0.74-1.el7 (FEDORA-EPEL-2020-2f70f49092) SSH, Telnet and Rlogin client -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2020-14002. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 30 2020 Jaroslav ��karvada jskarvad@redhat.com - 0.74-1 - New version - Fixed possible information leak in the algorithm negotiation Resolves: rhbz#1852418 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1852415 - CVE-2020-14002 putty: Observable Discrepancy leading to an information leak in the algorithm negotiation https://bugzilla.redhat.com/show_bug.cgi?id=1852415 --------------------------------------------------------------------------------
================================================================================ python-ifcfg-0.21-1.el7 (FEDORA-EPEL-2020-780bf90285) Python cross-platform network interface discovery (ifconfig/ipconfig/ip) -------------------------------------------------------------------------------- Update Information:
Update to the latest `python-ifcfg` release -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 30 2020 Scott K Logan logans@cottsay.net - 0.21-1 - Update to 0.21 (rhbz#1852561) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1852561 - python-ifcfg-0.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1852561 --------------------------------------------------------------------------------
================================================================================ xrdp-0.9.13.1-1.el7 (FEDORA-EPEL-2020-6949cf3502) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information:
This is a security fix release that includes fixes for the following local buffer overflow vulnerability. - CVE-2022-4044: Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it This update is recommended for all xrdp users. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 30 2020 Bojan Smojver bojan@rexurive.com - 1:0.9.13.1-1 - Bump up to 0.9.13.1 - CVE-2022-4044 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org