The following Fedora EPEL 7 Security updates need testing:
Age URL
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-3f4ec3ba2a
sympa-6.2.62-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-23a46d718e
libopenmpt-0.5.8-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-314d2feba2
chromium-90.0.4430.93-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-80d45ac7ec
ansible-2.9.21-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-680600d10f
python-impacket-0.9.22-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
djvulibre-3.5.25.3-23.el7
remmina-1.4.16-1.el7
rust-1.52.1-1.el7
Details about builds:
================================================================================
djvulibre-3.5.25.3-23.el7 (FEDORA-EPEL-2021-352a65d3bc)
DjVu viewers, encoders, and utilities
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2021-3500, CVE-2021-32490, CVE-2021-32491, CVE-2021-32492
and CVE-2021-32493.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 11 2021 Marek Kasik <mkasik(a)redhat.com> - 3.5.25.3-23
- Avoid unsigned short overflow in GBitmap when allocating row buffer
- Resolves: #1958181
* Tue May 11 2021 Marek Kasik <mkasik(a)redhat.com> - 3.5.25.3-22
- Avoid stack overflow in DjVuPort by remembering which file we are opening
- Resolves: #1958164
* Tue May 11 2021 Marek Kasik <mkasik(a)redhat.com> - 3.5.25.3-21
- Check input pool for NULL
- Resolves: #1958179
* Tue May 11 2021 Marek Kasik <mkasik(a)redhat.com> - 3.5.25.3-20
- Avoid integer overflow when allocating bitmap
- Resolves: #1958177
* Tue May 11 2021 Marek Kasik <mkasik(a)redhat.com> - 3.5.25.3-19
- Check image size for 0
- Resolves: #1958171
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1943684 - CVE-2021-32491 djvulibre: Integer overflow in function render() in
tools/ddjvu via crafted djvu file
https://bugzilla.redhat.com/show_bug.cgi?id=1943684
[ 2 ] Bug #1943685 - CVE-2021-3500 djvulibre: Stack overflow in function
DJVU::DjVuDocument::get_djvu_file() via crafted djvu file
https://bugzilla.redhat.com/show_bug.cgi?id=1943685
[ 3 ] Bug #1943686 - CVE-2021-32492 djvulibre: Out of bounds read in function
DJVU::DataPool::has_data() via crafted djvu file
https://bugzilla.redhat.com/show_bug.cgi?id=1943686
[ 4 ] Bug #1943690 - CVE-2021-32493 djvulibre: Heap buffer overflow in function
DJVU::GBitmap::decode() via crafted djvu file
https://bugzilla.redhat.com/show_bug.cgi?id=1943690
[ 5 ] Bug #1943693 - CVE-2021-32490 djvulibre: Out of bounds write in function
DJVU::filter_bv() via crafted djvu file
https://bugzilla.redhat.com/show_bug.cgi?id=1943693
--------------------------------------------------------------------------------
================================================================================
remmina-1.4.16-1.el7 (FEDORA-EPEL-2021-59507e9515)
Remote Desktop Client
--------------------------------------------------------------------------------
Update Information:
Update to bugfix release 1.4.16.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 11 2021 Simone Caronni <negativo17(a)gmail.com> - 1.4.16-1
- Update to 1.4.16.
* Tue May 11 2021 Simone Caronni <negativo17(a)gmail.com> - 1.4.15-1
- Update to 1.4.15.
* Mon May 10 2021 Simone Caronni <negativo17(a)gmail.com> - 1.4.14-1
- Update to 1.4.14.
* Thu Apr 15 2021 Simone Caronni <negativo17(a)gmail.com> - 1.4.13-2
- Rebuild for updated FreeRDP.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1950762 - [abrt] remmina: gdk_x11_device_manager_xi2_translate_event():
remmina killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1950762
[ 2 ] Bug #1951423 - [abrt] remmina: interval_valid(): remmina killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1951423
[ 3 ] Bug #1952899 - [abrt] remmina: vasprintf(): remmina killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1952899
[ 4 ] Bug #1958923 - remmina-1.4.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1958923
--------------------------------------------------------------------------------
================================================================================
rust-1.52.1-1.el7 (FEDORA-EPEL-2021-130c9b8560)
The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
Rust 1.52.1 disables incremental compilation by default, due to existing bugs
that now surface as internal compiler errors when caught by 1.52's new
verification. See the [blog post](https://blog.rust-
lang.org/2021/05/10/Rust-1.52.1.html) for a deeper explanation. ---- Update to
Rust 1.52.0: - Separate output for `cargo clippy` and `cargo check`. -
Stabilized APIs See the [blog post](https://blog.rust-
lang.org/2021/05/06/Rust-1.52.0.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1520-2021-05-06) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 10 2021 Josh Stone <jistone(a)redhat.com> - 1.52.1-1
- Update to 1.52.1.
* Thu May 6 2021 Josh Stone <jistone(a)redhat.com> - 1.52.0-1
- Update to 1.52.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1959270 - Compilation fails when recompiling cloudflare/boringtun
https://bugzilla.redhat.com/show_bug.cgi?id=1959270
--------------------------------------------------------------------------------