The following Fedora EPEL 7 Security updates need testing:
Age URL
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-18a0e3fa23
apptainer-1.1.8-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-342b96903b
zarafa-7.1.14-6.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
liblxi-1.19-1.el7
tinyproxy-1.8.4-2.el7
Details about builds:
================================================================================
liblxi-1.19-1.el7 (FEDORA-EPEL-2023-56a488c223)
Library with simple API for communication with LXI devices
--------------------------------------------------------------------------------
Update Information:
# liblxi v1.19 * Silence cast of function type in autogenerated vxi11 code *
Add test example demonstrating how to use RAW protocol * Docs: Update README
with Homebrew installation instructions * macOS: Build support * macOS: Add
check for RPC headers * macOS: Remove libtirpc dependency during build process
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 3 2023 Robert Scheck <robert(a)fedoraproject.org> 1.19-1
- Upgrade to 1.19 (#2192857)
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.18-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2192857 - liblxi-1.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2192857
--------------------------------------------------------------------------------
================================================================================
tinyproxy-1.8.4-2.el7 (FEDORA-EPEL-2023-c1088e0644)
A small, efficient HTTP/SSL proxy daemon
--------------------------------------------------------------------------------
Update Information:
This updates tinyproxy to version 1.8.4, which as released by upstream fixes
CVE-2012-3505. It also included a backport from a newer upstream release to fix
CVE-2017-11747.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 3 2023 Carl George <carl(a)george.computer> - 1.8.4-2
- Backport fix for CVE-2017-11747
* Tue Mar 7 2017 Michael Adam <obnox(a)samba.org> - 1.8.4-1
- Update to new upstream version 1.8.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #849370 - CVE-2012-3505 tinyproxy: multiple headers hashmap DoS [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=849370
[ 2 ] Bug #1476704 - CVE-2017-11747 tinyproxy: Creating PID file after privileges
dropping allows local DoS [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1476704
--------------------------------------------------------------------------------