The following Fedora EPEL 8 Security updates need testing:
Age URL
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a3a4866065
libopenmpt-0.5.8-1.el8
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-9be66bdb10
python-markdown2-2.4.0-1.el8
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-e8421e33b3
chromium-90.0.4430.93-1.el8
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-e393e03d96
screen-4.6.2-12.el8
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-80b9d6d879
python-impacket-0.9.22-3.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-4f73cb65d7
cacti-1.2.17-1.el8 cacti-spine-1.2.17-1.el8
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7f3c561cd8
radare2-5.2.1-2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
configsnap-0.20.1-1.el8
drbd-9.17.0-1.el8
ipmctl-02.00.00.3878-1.el8
knot-3.0.6-1.el8
mingw-libidn2-2.3.1-1.el8
prosody-0.11.9-1.el8
python-pefile-2021.5.13-1.el8
sec-2.9.0-1.el8
tkrzw-0.9.16-1.el8
yakuake-3.0.5-5.el8
Details about builds:
================================================================================
configsnap-0.20.1-1.el8 (FEDORA-EPEL-2021-76e6f03713)
Record and compare system state
--------------------------------------------------------------------------------
Update Information:
Update python binary for python3 based distros ---- Port configsnap to python3
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 12 2021 Christos Triantafyllidis
<christos.triantafyllidis(a)rackspace.co.uk> - 0.20.1-1
- Update python binary for python3 based distros
* Fri May 7 2021 Nick Rhodes <nrhodes91(a)gmail.com> - 0.20.0-3
- Fix build issues in Koji
* Fri May 7 2021 Nick Rhodes <nrhodes91(a)gmail.com> - 0.20.0-1
- Port to python3 compatibility (PR 120)
--------------------------------------------------------------------------------
================================================================================
drbd-9.17.0-1.el8 (FEDORA-EPEL-2021-df31e47d8f)
DRBD user-land tools and scripts
--------------------------------------------------------------------------------
Update Information:
Upstream release of 9.17.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 13 2021 Peter Hanecak <hany(a)hany.sk> - 9.17.0-1
- Upstream release of 9.17.0
- fixed permission for tmpfiles.d/drbd.conf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1953557 - drbd-9.17.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1953557
--------------------------------------------------------------------------------
================================================================================
ipmctl-02.00.00.3878-1.el8 (FEDORA-EPEL-2021-fbc5044dff)
Utility for managing Intel Optane DC persistent memory modules
--------------------------------------------------------------------------------
Update Information:
Update to release v02.00.00.3878
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 13 2021 Steven Pontsler <steven.pontsler(a)intel.com> - 02.00.00.3878-1
- Release 02.00.00.3878
--------------------------------------------------------------------------------
================================================================================
knot-3.0.6-1.el8 (FEDORA-EPEL-2021-9d2cc0872e)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.0.6
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 14 2021 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 3.0.6-1
- Update to 3.0.6
--------------------------------------------------------------------------------
================================================================================
mingw-libidn2-2.3.1-1.el8 (FEDORA-EPEL-2021-6b16d7928c)
MinGW Windows Internationalized Domain Name 2008 support library
--------------------------------------------------------------------------------
Update Information:
Libidn2 2.3.1 (released 2021-05-12) =================================== *
Implement full roundtrip for lookup functionality With TR64 enabled
(default), `������i` was converted to `xn-- o-oia59s`. The output contains an
illegal space and thus could not be decoded any more. * Fix domain too long
error * doc: `idn2.1` and `libidn2.texi` automatically get `idn2 --help`
output. * Updated gnulib files and various build fixes. In particular,
it no longer attempts to detect a host CC compiler.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 12 2021 Robert Scheck <robert(a)fedoraproject.org> 2.3.1-1
- Upgrade to 2.3.1 (#1960007)
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.3.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.3.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.3.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1960007 - mingw-libidn2-2.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1960007
--------------------------------------------------------------------------------
================================================================================
prosody-0.11.9-1.el8 (FEDORA-EPEL-2021-86c73cc3af)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.11.9 ============== This release addresses a number of important
security issues that affect most deployments of Prosody. Full details are
available in a separate security advisory. Upstream recommends that all
deployments upgrade or apply the mitigations described in the advisory:
https://prosody.im/security/advisory_20210512/ Note: Upstream updated the
default config file. DNF or RPM will create a
`/etc/prosody/prosody.cfg.lua.rpmnew` file, so make sure you update your
existing `/etc/prosody/prosody.cfg.lua` to enable mod_limits after the upgrade.
Security -------- * mod_limits, prosody.cfg.lua: Enable rate limits by
default * certmanager: Disable renegotiation by default * mod_proxy65:
Restrict access to local c2s connections by default * util.startup: Set more
aggressive defaults for GC * mod_c2s, mod_s2s, mod_component, mod_bosh,
mod_websockets: Set default stanza size limits *
mod_auth_internal_{plain,hashed}: Use constant-time string comparison for
secrets * mod_dialback: Remove dialback-without-dialback feature *
mod_dialback: Use constant-time comparison with hmac Minor changes
------------- * util.hashes: Add constant-time string comparison (binding to
`CRYPTO_memcmp`) * mod_c2s: Don���t throw errors in async code when connections
are gone * mod_c2s: Fix traceback in session close when conn is nil *
core.certmanager: Improve detection of LuaSec/OpenSSL capabilities *
mod_saslauth: Use a defined SASL error * MUC: Add support for advertising
muc#roomconfig_allowinvites in room disco#info * mod_saslauth: Don���t throw
errors in async code when connections are gone * mod_pep: Advertise base
pubsub feature (fixes #1632: mod_pep missing pubsub feature in disco) *
prosodyctl check config: Add `gc` to list of global options * prosodyctl
about: Report libexpat version if known * util.xmppstream: Add API to
dynamically configure the stanza size limit for a stream * util.set: Add
`is_set()` to test if an object is a set * mod_http: Skip IP resolution in
non-proxied case * mod_c2s: Log about missing conn on async state changes *
util.xmppstream: Reduce internal default xmppstream limit to 1MB
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 13 2021 Robert Scheck <robert(a)fedoraproject.org> 0.11.9-1
- Upgrade to 0.11.9 (#1960244, #1960332, #1960335, #1960340,
* Fri Apr 30 2021 Robert Scheck <robert(a)fedoraproject.org> 0.11.8-4
- Added upstream patch to avoid '-Wl,--as-needed' removing linking
to libpthread when building with current libicu (#1954178)
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 0.11.8-3
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
* Fri Feb 26 2021 Robert Scheck <robert(a)fedoraproject.org> 0.11.8-2
- Added upstream patch to unbreak Lua 5.4 support (#1933063)
- Added %check to run some common commands (as a small testsuite)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1960332 - CVE-2021-32917 prosody: use of mod_proxy65 is unrestricted in
default configuration
https://bugzilla.redhat.com/show_bug.cgi?id=1960332
[ 2 ] Bug #1960335 - CVE-2021-32918 prosody: DoS via insufficient memory consumption
controls
https://bugzilla.redhat.com/show_bug.cgi?id=1960335
[ 3 ] Bug #1960340 - CVE-2021-32919 prosody: undocumented dialback-without-dialback
option insecure
https://bugzilla.redhat.com/show_bug.cgi?id=1960340
[ 4 ] Bug #1960343 - CVE-2021-32920 prosody: DoS via repeated TLS renegotiation causing
excessive CPU consumption
https://bugzilla.redhat.com/show_bug.cgi?id=1960343
[ 5 ] Bug #1960349 - CVE-2021-32921 prosody: use of timing-dependent string comparison
with sensitive values
https://bugzilla.redhat.com/show_bug.cgi?id=1960349
--------------------------------------------------------------------------------
================================================================================
python-pefile-2021.5.13-1.el8 (FEDORA-EPEL-2021-f96ec82462)
Python module for working with Portable Executable files
--------------------------------------------------------------------------------
Update Information:
bump to version 2021.5.13
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 13 2021 Michal Ambroz <rebus _AT seznam.cz> - 2021.5.13-1
- bump to version 2021.5.13
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1960414 - python-pefile-2021.5.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1960414
--------------------------------------------------------------------------------
================================================================================
sec-2.9.0-1.el8 (FEDORA-EPEL-2021-32d3ea7c89)
Simple Event Correlator script to filter log file entries
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 13 2021 Stefan Schulze Frielinghaus <stefansf(a)fedoraproject.org> -
2.9.0-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
tkrzw-0.9.16-1.el8 (FEDORA-EPEL-2021-0f1c6f1360)
A straightforward implementation of DBM
--------------------------------------------------------------------------------
Update Information:
Version bump ---- Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 14 2021 TI_Eugene <ti.eugene(a)gmail.com> - 0.9.16-1
- Version bump
- el8 workaround (gcc10) removed
- 'make check' enabled again
* Tue May 11 2021 TI_Eugene <ti.eugene(a)gmail.com> - 0.9.15-1
- Version bump
- Added gcc10 as required for el8
- x32 enabled (#1920195)
- 'make check' temporary disabled
--------------------------------------------------------------------------------
================================================================================
yakuake-3.0.5-5.el8 (FEDORA-EPEL-2021-4574323dcf)
A drop-down terminal emulator
--------------------------------------------------------------------------------
Update Information:
Initial build on EPEL8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------