The following Fedora EPEL 6 Security updates need testing:
Age URL
813
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
807
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
697
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
669
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
279
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
175
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c0d33ae70f
tnef-1.4.14-1.el6
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92
libmspack-0.6-0.1.alpha.el6
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e50abdd3d5
python3-numpy-1.10.4-6.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e563119ec9
php-horde-Horde-Image-2.5.2-1.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bfeae1e322
wordpress-4.8.2-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5b8684c487
php-horde-passwd-5.0.7-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e6c88309c0
php-horde-wicked-2.0.8-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a981889220
php-horde-nag-4.2.17-1.el6
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-be95216c3a
MySQL-zrm-3.0-6.el6.2
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-ad63a060a6
freexl-1.0.4-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ansible-2.4.0.0-2.el6
freexl-1.0.4-1.el6
globus-ftp-control-8.1-1.el6
globus-gass-copy-9.28-1.el6
globus-gridftp-server-12.3-1.el6
globus-gssapi-gsi-13.1-1.el6
golang-github-go-ini-ini-1.21.1-0.5.git3d73f4b.el6
golang-github-howeyc-gopass-0-0.10.git3ca2347.el6
nmon-16g-3.el6
redis-3.2.11-1.el6
Details about builds:
================================================================================
ansible-2.4.0.0-2.el6 (FEDORA-EPEL-2017-c64e477a67)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.0 for EPEL6. Additionally drop the python-jmespath requirement
here because it causes conflicts on amazon linux.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494640 - Ansible 2.3.2 conflict with python27-jmespath
https://bugzilla.redhat.com/show_bug.cgi?id=1494640
--------------------------------------------------------------------------------
================================================================================
freexl-1.0.4-1.el6 (FEDORA-EPEL-2017-ad63a060a6)
Library to extract data from within an Excel spreadsheet
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-2923 and CVE-2017-2924
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1490896 - CVE-2017-2924 freexl: Heap-based buffer overflow in the
read_legacy_biff function
https://bugzilla.redhat.com/show_bug.cgi?id=1490896
[ 2 ] Bug #1490898 - CVE-2017-2923 freexl: Heap-based buffer overflow in the
read_biff_next_record function
https://bugzilla.redhat.com/show_bug.cgi?id=1490898
--------------------------------------------------------------------------------
================================================================================
globus-ftp-control-8.1-1.el6 (FEDORA-EPEL-2017-2128941ec1)
Globus Toolkit - GridFTP Control Library
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit update. * globus-ftp-control 8.1 * globus-gass-copy 9.28 *
globus-gridftp-server 12.3 * globus-gssapi-gsi 13.1
--------------------------------------------------------------------------------
================================================================================
globus-gass-copy-9.28-1.el6 (FEDORA-EPEL-2017-2128941ec1)
Globus Toolkit - Globus Gass Copy
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit update. * globus-ftp-control 8.1 * globus-gass-copy 9.28 *
globus-gridftp-server 12.3 * globus-gssapi-gsi 13.1
--------------------------------------------------------------------------------
================================================================================
globus-gridftp-server-12.3-1.el6 (FEDORA-EPEL-2017-2128941ec1)
Globus Toolkit - Globus GridFTP Server
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit update. * globus-ftp-control 8.1 * globus-gass-copy 9.28 *
globus-gridftp-server 12.3 * globus-gssapi-gsi 13.1
--------------------------------------------------------------------------------
================================================================================
globus-gssapi-gsi-13.1-1.el6 (FEDORA-EPEL-2017-2128941ec1)
Globus Toolkit - GSSAPI library
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit update. * globus-ftp-control 8.1 * globus-gass-copy 9.28 *
globus-gridftp-server 12.3 * globus-gssapi-gsi 13.1
--------------------------------------------------------------------------------
================================================================================
golang-github-go-ini-ini-1.21.1-0.5.git3d73f4b.el6 (FEDORA-EPEL-2017-adb8591f1c)
Package ini provides INI file read and write functionality in Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 3d73f4b845efdf9989fffd4b4e562727744a34ba
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412590 - Tracker for golang-github-go-ini-ini
https://bugzilla.redhat.com/show_bug.cgi?id=1412590
--------------------------------------------------------------------------------
================================================================================
golang-github-howeyc-gopass-0-0.10.git3ca2347.el6 (FEDORA-EPEL-2017-e06b9dce17)
Getpasswd for Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 3ca23474a7c7203e0a0a070fd33508f6efdb9b3d ---- Update spec to
spec-2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250479 - Tracker for golang-github-howeyc-gopass
https://bugzilla.redhat.com/show_bug.cgi?id=1250479
--------------------------------------------------------------------------------
================================================================================
nmon-16g-3.el6 (FEDORA-EPEL-2017-fbedb12ba4)
Nigel's performance Monitor for Linux
--------------------------------------------------------------------------------
Update Information:
Unretiring EPEL branches
--------------------------------------------------------------------------------
================================================================================
redis-3.2.11-1.el6 (FEDORA-EPEL-2017-92561ef37d)
A persistent key-value database
--------------------------------------------------------------------------------
Update Information:
Upstream 3.2.11 bug-fix-only release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1491728 - EPEL 6 brought in incompatible version of redis
https://bugzilla.redhat.com/show_bug.cgi?id=1491728
--------------------------------------------------------------------------------