The following Fedora EPEL 7 Security updates need testing:
Age URL
1083
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
846
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
428
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
325
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
157
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23
libmspack-0.6-0.1.alpha.el7
95
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece
nagios-4.3.4-5.el7
44
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65
rootsh-1.5.3-17.el7
18
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7134fc92a1
jhead-3.00-7.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-276ec6ee2b
exim-4.90.1-2.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e50c94a832
seamonkey-2.49.2-2.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-525417d3d4
mbedtls-2.7.0-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-cee77fc9b3
knot-resolver-2.1.0-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b7a74678b1
openjpeg2-2.3.0-6.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-50566f0a39
uwsgi-2.0.16-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-0296296d7c
mingw-wavpack-5.1.0-4.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9111777f91
freexl-1.0.5-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
copr-cli-1.67-1.el7
drupal7-7.57-1.el7
lxqt-config-0.11.1-9.el7
python-copr-1.86-1.el7
python-crypto-2.6.1-15.el7
python2-zope-interface-4.0.5-0.el7
tlp-1.1-1.el7
Details about builds:
================================================================================
copr-cli-1.67-1.el7 (FEDORA-EPEL-2018-e25b4fc6da)
Command line interface for COPR
--------------------------------------------------------------------------------
Update Information:
- remove Group tag - Shebangs cleanup - fix deps in spec - allow running tests
only for epel7 - tests also for python2 during builds - new custom source method
- require to specify project when building module ---- - allow to set
use_bootstrap_container via API ---- - add SCM api - add deprecation warnings
for tito and mockscm methods ---- - fix unittests - run tests with python3 -
pag#130 update requirements - pag#125 copr build copr pkgs [pkgs ...] builds
only the first SRPM - pag#112 [RFE] copr-cli whoami - Bug 1431035 - coprs should
check credentials before uploading source rpm - Spelling fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431035 - coprs should check credentials before uploading source rpm
https://bugzilla.redhat.com/show_bug.cgi?id=1431035
--------------------------------------------------------------------------------
================================================================================
drupal7-7.57-1.el7 (FEDORA-EPEL-2018-3e70a38ad4)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
This update fixes multiple security vulnerabilities. Read more details here:
https://www.drupal.org/SA-CORE-2018-001
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1548191 - drupal7: drupal: JavaScript cross-site scripting in checkPlain
function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548191
[ 2 ] Bug #1548326 - drupal7: drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5
(SA-CORE-2018-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548326
[ 3 ] Bug #1548202 - drupal7: drupal: External link injection on 404 pages when linking
to the current page [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548202
[ 4 ] Bug #1548198 - drupal7: drupal: jQuery vulnerability with untrusted domains
requests via Ajax [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548198
[ 5 ] Bug #1548194 - drupal7: drupal: Private file access bypass in Drupal private file
system [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548194
[ 6 ] Bug #1548190 - drupal7: drupal: JavaScript cross-site scripting in checkPlain
function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548190
[ 7 ] Bug #1547793 - drupal7-7.57 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1547793
--------------------------------------------------------------------------------
================================================================================
lxqt-config-0.11.1-9.el7 (FEDORA-EPEL-2018-ee985ab75d)
Config tools for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
Enabled aarch64 on EPEL 7.
--------------------------------------------------------------------------------
================================================================================
python-copr-1.86-1.el7 (FEDORA-EPEL-2018-72e5f79860)
Python interface for Copr
--------------------------------------------------------------------------------
Update Information:
- remove Group tag - build python2-copr package conditionally - Remove
unnecessary shebang sed in copr-cli.spec and python-copr.spec - fix deps in spec
- new custom source method - use username from config if nothing is explicitly
specified - remove outdated modularity code - require to specify project when
building module
--------------------------------------------------------------------------------
================================================================================
python-crypto-2.6.1-15.el7 (FEDORA-EPEL-2018-a3ae6e7571)
Cryptography library for Python
--------------------------------------------------------------------------------
Update Information:
The textbook ElGamal implementation is not secure. PyCrypto and some other
implementations use the wrong algorithm, which may lead to some information
disclosure simply by looking at the encrypted text. For a full description, see
https://github.com/dlitz/pycrypto/issues/253 This update includes a fix for
this problem backported from pycryptodome. This is CVE-2018-6594.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1542313 - CVE-2018-6594 python-crypto: Weak ElGamal key parameters in
PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading
ciphertext
https://bugzilla.redhat.com/show_bug.cgi?id=1542313
--------------------------------------------------------------------------------
================================================================================
python2-zope-interface-4.0.5-0.el7 (FEDORA-EPEL-2018-a3e7bd9aee)
Dummy package depending on python-zope-interface
--------------------------------------------------------------------------------
Update Information:
This package exists only to allow packagers to uniformly depend upon python2
-zope-interface.
--------------------------------------------------------------------------------
================================================================================
tlp-1.1-1.el7 (FEDORA-EPEL-2018-012aa3f97e)
Advanced power management tool for Linux
--------------------------------------------------------------------------------
Update Information:
Update to 1.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1538383 - tlp-1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1538383
--------------------------------------------------------------------------------