The following Fedora EPEL 7 Security updates need testing:
Age URL
485
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
227
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
224
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-72ead04703
proftpd-1.3.5e-8.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-cd462a69ad
python3-requests-2.14.2-2.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-eb770d67f7
knot-resolver-4.3.0-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-de07c8591e
cacti-1.2.8-1.el7 cacti-spine-1.2.8-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-79.0.3945.79-1.el7
hitch-1.5.2-1.el7
libuv-1.34.0-1.el7
nsd-4.2.4-1.el7
perl-Lchown-1.01-14.el7
rsnapshot-1.4.3-1.el7
spectre-meltdown-checker-0.43-1.el7
Details about builds:
================================================================================
chromium-79.0.3945.79-1.el7 (FEDORA-EPEL-2019-ad1ffea646)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Update to Chromium 79. Fixes the usual giant pile of bugs and security issues.
This time, the list is: CVE-2019-13725 CVE-2019-13726 CVE-2019-13727
CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734
CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739
CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744
CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749
CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754
CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759
CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 10 2019 Tom Callaway <spot(a)fedoraproject.org> - 79.0.3945.79-1
- update to 79.0.3945.79
* Wed Dec 4 2019 Tom Callaway <spot(a)fedoraproject.org> - 79.0.3945.56-2
- fix lib provides filtering
* Tue Dec 3 2019 Tom Callaway <spot(a)fedoraproject.org> - 79.0.3945.56-1
- update to current beta (rawhide only)
- switch to upstream patch for clock_nanosleep fix
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1782008 - CVE-2019-13763 chromium-browser: Insufficient policy enforcement in
payments
https://bugzilla.redhat.com/show_bug.cgi?id=1782008
[ 2 ] Bug #1782004 - CVE-2019-13757 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1782004
[ 3 ] Bug #1782007 - CVE-2019-13762 chromium-browser: Insufficient policy enforcement in
downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1782007
[ 4 ] Bug #1782006 - CVE-2019-13761 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1782006
[ 5 ] Bug #1782005 - CVE-2019-13759 chromium-browser: Incorrect security UI in
interstitials
https://bugzilla.redhat.com/show_bug.cgi?id=1782005
[ 6 ] Bug #1782003 - CVE-2019-13756 chromium-browser: Incorrect security UI in printing
https://bugzilla.redhat.com/show_bug.cgi?id=1782003
[ 7 ] Bug #1781999 - CVE-2019-13752 chromium-browser: Out of bounds read in SQLite
https://bugzilla.redhat.com/show_bug.cgi?id=1781999
[ 8 ] Bug #1782002 - CVE-2019-13755 chromium-browser: Insufficient policy enforcement in
extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1782002
[ 9 ] Bug #1782000 - CVE-2019-13753 chromium-browser: Out of bounds read in SQLite
https://bugzilla.redhat.com/show_bug.cgi?id=1782000
[ 10 ] Bug #1782001 - CVE-2019-13754 chromium-browser: Insufficient policy enforcement
in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1782001
[ 11 ] Bug #1781998 - CVE-2019-13751 chromium-browser: Uninitialized Use in SQLite
https://bugzilla.redhat.com/show_bug.cgi?id=1781998
[ 12 ] Bug #1781997 - CVE-2019-13750 chromium-browser: Insufficient data validation in
SQLite
https://bugzilla.redhat.com/show_bug.cgi?id=1781997
[ 13 ] Bug #1781992 - CVE-2019-13746 chromium-browser: Insufficient policy enforcement
in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781992
[ 14 ] Bug #1781995 - CVE-2019-13749 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781995
[ 15 ] Bug #1781991 - CVE-2019-13745 chromium-browser: Insufficient policy enforcement
in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1781991
[ 16 ] Bug #1781994 - CVE-2019-13748 chromium-browser: Insufficient policy enforcement
in developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1781994
[ 17 ] Bug #1781993 - CVE-2019-13747 chromium-browser: Uninitialized Use in rendering
https://bugzilla.redhat.com/show_bug.cgi?id=1781993
[ 18 ] Bug #1781989 - CVE-2019-13742 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781989
[ 19 ] Bug #1781987 - CVE-2019-13740 chromium-browser: Incorrect security UI in sharing
https://bugzilla.redhat.com/show_bug.cgi?id=1781987
[ 20 ] Bug #1781990 - CVE-2019-13743 chromium-browser: Incorrect security UI in external
protocol handling
https://bugzilla.redhat.com/show_bug.cgi?id=1781990
[ 21 ] Bug #1781985 - CVE-2019-13738 chromium-browser: Insufficient policy enforcement
in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1781985
[ 22 ] Bug #1781988 - CVE-2019-13741 chromium-browser: Insufficient validation of
untrusted input in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1781988
[ 23 ] Bug #1781986 - CVE-2019-13739 chromium-browser: Incorrect security UI in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1781986
[ 24 ] Bug #1781984 - CVE-2019-13737 chromium-browser: Insufficient policy enforcement
in autocomplete
https://bugzilla.redhat.com/show_bug.cgi?id=1781984
[ 25 ] Bug #1781983 - CVE-2019-13736 chromium-browser: Integer overflow in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1781983
[ 26 ] Bug #1781982 - CVE-2019-13764 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781982
[ 27 ] Bug #1781981 - CVE-2019-13735 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781981
[ 28 ] Bug #1781980 - CVE-2019-13734 chromium-browser: Out of bounds write in SQLite
https://bugzilla.redhat.com/show_bug.cgi?id=1781980
[ 29 ] Bug #1781979 - CVE-2019-13732 chromium-browser: Use after free in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1781979
[ 30 ] Bug #1781978 - CVE-2019-13730 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781978
[ 31 ] Bug #1781975 - CVE-2019-13727 chromium-browser: Insufficient policy enforcement
in WebSockets
https://bugzilla.redhat.com/show_bug.cgi?id=1781975
[ 32 ] Bug #1781977 - CVE-2019-13729 chromium-browser: Use after free in WebSockets
https://bugzilla.redhat.com/show_bug.cgi?id=1781977
[ 33 ] Bug #1781976 - CVE-2019-13728 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1781976
[ 34 ] Bug #1781974 - CVE-2019-13726 chromium-browser: Heap buffer overflow in password
manager
https://bugzilla.redhat.com/show_bug.cgi?id=1781974
[ 35 ] Bug #1782021 - CVE-2019-13744 chromium-browser: Insufficient policy enforcement
in cookies
https://bugzilla.redhat.com/show_bug.cgi?id=1782021
[ 36 ] Bug #1782017 - CVE-2019-13758 chromium-browser: Insufficient policy enforcement
in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1782017
[ 37 ] Bug #1781973 - CVE-2019-13725 chromium-browser: Use after free in Bluetooth
https://bugzilla.redhat.com/show_bug.cgi?id=1781973
--------------------------------------------------------------------------------
================================================================================
hitch-1.5.2-1.el7 (FEDORA-EPEL-2019-0be7890e83)
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
Update Information:
New upstream releases 1.5.1 and 1.5.2. From the upstream changelog: * Support
for TCP Fast Open. It is disabled by default * Various code cleanups and minor
bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 27 2019 Ingvar Hagelund <ingvar(a)redpill-linpro.com> - 1.5.2-1
- New upstream release
- Removed patches merged upstream
* Tue Nov 26 2019 Ingvar Hagelund <ingvar(a)redpill-linpro.com> - 1.5.1-1
- New upstream release
- Added a patch working around upstream bug #322
- Example config now sets debug-level=1 and logs to syslog
--------------------------------------------------------------------------------
================================================================================
libuv-1.34.0-1.el7 (FEDORA-EPEL-2019-39eb4afe6e)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
Update to libuv 1.34.0
https://github.com/libuv/libuv/blob/v1.34.0/ChangeLog
---- Update to Node.js upstream release 12.13.1
https://nodejs.org/en/blog/release/v12.13.1/ Also fixes an issue where running
`npm -g` was risky on RPM-installed systems. Fedora's packaged NPM will now
install global content in /usr/local instead of /usr where it could conflict
with RPM-provided versions.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 6 2019 Stephen Gallagher <sgallagh(a)redhat.com> - 1.34.0-1
- Update to 1.34.0
-
https://github.com/libuv/libuv/blob/v1.34.0/ChangeLog
* Mon Dec 2 2019 Stephen Gallagher <sgallagh(a)redhat.com> - 1.33.1-1
- Update to 1.33.1
- Drop upstreamed patch
-
https://github.com/libuv/libuv/blob/v1.33.1/ChangeLog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1779518 - libuv-1.34.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1779518
[ 2 ] Bug #1690818 - nodejs-12.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1690818
[ 3 ] Bug #1565256 - NPM permanently breaks after "npm update -g"
https://bugzilla.redhat.com/show_bug.cgi?id=1565256
--------------------------------------------------------------------------------
================================================================================
nsd-4.2.4-1.el7 (FEDORA-EPEL-2019-de62919a55)
Fast and lean authoritative DNS Name Server
--------------------------------------------------------------------------------
Update Information:
Resolves: rhbz#1772468 nsd-4.2.4 is available
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 11 2019 Paul Wouters <pwouters(a)redhat.com> - 4.2.4-1
- Resolves: rhbz#1772468 nsd-4.2.4 is available
- Updated nsd.conf page for new upstream option(s)
- Properly mark license file.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1772468 - nsd-4.2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1772468
--------------------------------------------------------------------------------
================================================================================
perl-Lchown-1.01-14.el7 (FEDORA-EPEL-2019-eb06b4c644)
Use the lchown(2) system call from Perl
--------------------------------------------------------------------------------
Update Information:
Added the package to EPEL branches
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.01-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri May 31 2019 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.01-13
- Perl 5.30 rebuild
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.01-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.01-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.01-10
- Perl 5.28 rebuild
* Fri Mar 2 2018 Petr Pisar <ppisar(a)redhat.com> - 1.01-9
- Adapt to removing GCC from a build root (bug #1547165)
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.01-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.01-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.01-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sun Jun 4 2017 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.01-5
- Perl 5.26 rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.01-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Sun May 15 2016 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.01-3
- Perl 5.24 rebuild
* Thu Feb 4 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.01-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Mon Feb 1 2016 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.01-1
- Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1781826 - Please build perl-Lchown for EPEL 6, 7 and 8
https://bugzilla.redhat.com/show_bug.cgi?id=1781826
--------------------------------------------------------------------------------
================================================================================
rsnapshot-1.4.3-1.el7 (FEDORA-EPEL-2019-6f33b901f5)
Local and remote filesystem snapshot utility
--------------------------------------------------------------------------------
Update Information:
- Upgrade to 1.4.3 (#1443553, #1646191, #1741427) - Extend spec file
compatibility to cover RHEL/CentOS 6 - Add run-time requirement for perl(Lchown)
(#1494775)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 11 2019 Robert Scheck <robert(a)fedoraproject.org> - 1.4.3-1
- Upgrade to 1.4.3 (#1443553, #1646191, #1741427)
- Extend spec file compatibility to cover RHEL/CentOS 6
- Add run-time requirement for perl(Lchown) (#1494775)
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1782091 - rsnapshot 1.4.3 available. Please build for EL7 (and EL8)
https://bugzilla.redhat.com/show_bug.cgi?id=1782091
[ 2 ] Bug #1646191 - Please include latest rsnapshot version (with PR #179 merged)
https://bugzilla.redhat.com/show_bug.cgi?id=1646191
[ 3 ] Bug #1741427 - Restore rsync error code 23 as an important warning
https://bugzilla.redhat.com/show_bug.cgi?id=1741427
[ 4 ] Bug #1443553 - Backups fail when configuration has mixed lvm and non-lvm backup
points
https://bugzilla.redhat.com/show_bug.cgi?id=1443553
[ 5 ] Bug #1494775 - rsnapshot seems to require perl-Lchown
https://bugzilla.redhat.com/show_bug.cgi?id=1494775
--------------------------------------------------------------------------------
================================================================================
spectre-meltdown-checker-0.43-1.el7 (FEDORA-EPEL-2019-0e780ac343)
Spectre & Meltdown vulnerability/mitigation checker for Linux
--------------------------------------------------------------------------------
Update Information:
Update to 0.43. Changes: * feat: implement TAA detection (CVE-2019-11135) *
feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207) * feat: taa:
add TSX_CTRL MSR detection in hardware info * feat: fwdb: use both Intel GitHub
repo and MCEdb to build our firmware version database * feat: use `--live` with
`--kernel`/`--config`/`--map` to override file detection in live mode * enh:
rework the vuln logic of MDS with `--paranoid` (fixes
[#307](https://github.com/speed47/spectre-meltdown-checker/issues/307)) * enh:
explain that Enhanced IBRS is better for performance than classic IBRS * enh:
kernel: autodetect customized arch kernels from cmdline * enh: kernel
decompression: better tolerance against missing tools * enh: mock: implement
reading from `/proc/cmdline` * fix: variant3a: Silvermont CPUs are not
vulnerable to variant 3a * fix: lockdown: detect Red Hat locked down kernels
(impacts MSR writes) * fix: lockdown: detect locked down mode in vanilla 5.4+
kernels * fix: sgx: on locked down kernels, fallback to CPUID bit for detection
* fix: fwdb: builtin version takes precedence if the local cached version is
older * fix: pteinv: don't check kernel image if not available * fix: silence
useless error from grep (fixes [#322](https://github.com/speed47/spectre-
meltdown-checker/issues/322)) * fix: msr: fix msr module detection under Ubuntu
19.10 (fixes [#316](https://github.com/speed47/spectre-meltdown-
checker/issues/316)) * fix: mocking value for read_msr * chore: rename mcedb
cmdline parameters to fwdb, and change db version scheme * chore: fwdb: update
to v130.20191104+i20191027
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 11 2019 Reto Gantenbein <reto.gantenbein(a)linuxmonk.ch> - 0.43-1
- Update to 0.43
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.42-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------