The following Fedora EPEL 6 Security updates need testing:
Age URL
788
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
135
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6...
120
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
79
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1011/php-ZendFra...
29
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1471/chicken-4.8...
25
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1477/drupal7-vie...
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1563/mono-2.10.8...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1572/chkrootkit-...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1584/python-djbl...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1608/mcollective...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1612/tor-0.2.4.2...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1628/hiera-1.0.0...
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1634/python-djan...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1648/owncloud-6....
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1649/python-jinj...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1657/lynis-1.5.6...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1627/php-horde-H...
The following builds have been pushed to Fedora EPEL 6 updates-testing
iperf3-3.0.5-1.el6
isorelax-0-0.5.release20050331.el6.1
knot-1.4.7-1.el6
mom-0.4.1-1.el6
nodejs-0.10.29-1.el6
pcp-3.9.5-1.el6
pen-0.23.0-1.el6
perl-Tree-R-0.06-1.el6
python-django-dajaxice-0.6-1.el6
rubygem-deep_merge-1.0.1-5.el6
udt-4.11-2.el6
v8-3.14.5.10-9.el6
Details about builds:
================================================================================
iperf3-3.0.5-1.el6 (FEDORA-EPEL-2014-1679)
Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.5
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 19 2014 Susant Sahani <ssahani(a)redhat.com> 3.0.5-1
- Update to 3.0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1111027 - iperf3-3.0.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1111027
--------------------------------------------------------------------------------
================================================================================
isorelax-0-0.5.release20050331.el6.1 (FEDORA-EPEL-2014-1670)
Public interfaces for RELAX Core
--------------------------------------------------------------------------------
Update Information:
Build of isorelax for el6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #719665 - Please build isorelax for EPEL 6
https://bugzilla.redhat.com/show_bug.cgi?id=719665
--------------------------------------------------------------------------------
================================================================================
knot-1.4.7-1.el6 (FEDORA-EPEL-2014-1681)
An authoritative DNS daemon
--------------------------------------------------------------------------------
Update Information:
update to 1.4.7
update to 1.4.6, DNSSEC: fix possible signing loop when doing key rollover, RRL: fixed
sending of malformed UDP empty responses
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 18 2014 Jan Vcelak <jvcelak(a)fedoraproject.org> 1.4.7-1
- update to 1.4.7
+ Fixed DDNS corner cases
+ Fixed zone EXPIRE timer
+ Fixed semantic checks false positives
+ Fixed sending malformed IXFR with automatic DNSSEC
+ Fixed NAPTR record serialization
* Thu May 22 2014 Jan Vcelak <jvcelak(a)fedoraproject.org> 1.4.6-2
- update to 1.4.6
+ DNSSEC: fix possible signing loop when doing key rollover
+ RRL: fixed sending of malformed UDP empty responses
--------------------------------------------------------------------------------
================================================================================
mom-0.4.1-1.el6 (FEDORA-EPEL-2014-1683)
Dynamically manage system resources on virtualization hosts
--------------------------------------------------------------------------------
Update Information:
Update MOM to version 0.4.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 18 2014 Adam Litke <alitke(a)redhat.com> - 0.4.1-1
- Upgrade to 0.4.1
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.4.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
nodejs-0.10.29-1.el6 (FEDORA-EPEL-2014-1680)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
2014.06.05, Version 0.10.29 (Stable)
* child_process: do not set args before throwing (Greg Sabia Tucker)
* child_process: spawn() does not throw TypeError (Greg Sabia Tucker)
* constants: export O_NONBLOCK (Fedor Indutny)
* crypto: improve memory usage (Alexis Campailla)
* fs: close file if fstat() fails in readFile() (cjihrig)
* lib: name EventEmitter prototype methods (Ben Noordhuis)
* tls: fix performance issue (Alexis Campailla)
The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot be done in a
stable distribution release. This build of nodejs will behave as if NODE_INVALID_UTF8 was
set. For more information on the implications, see:
http://blog.nodejs.org/2014/06/16/openssl-and-breaking-utf-8-change/
Additionally, a minor bug in v8 has been fixed that caused certain integer comparisons to
return true when they should have returned false.
Please note that there is no OpenSSL security fixes as part of this update as there were
upstream; nodejs in EPEL uses the system OpenSSL library included with RHEL and thus
receives security updates as soon as the "openssl" packages on your system are
updated.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 19 2014 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 0.10.29-1
- new upstream release 0.10.29
http://blog.nodejs.org/2014/06/16/node-v0-10-29-stable/
- The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot
be done in a stable distribution release. This build of nodejs will behave as
if NODE_INVALID_UTF8 was set. For more information on the implications, see:
http://blog.nodejs.org/2014/06/16/openssl-and-breaking-utf-8-change/
--------------------------------------------------------------------------------
================================================================================
pcp-3.9.5-1.el6 (FEDORA-EPEL-2014-1678)
System-level performance monitoring and performance management
--------------------------------------------------------------------------------
Update Information:
Daemon signal handlers no longer use unsafe APIs (BZ 847343), Handle /var/run setups on a
temporary filesystem (BZ 656659), Resolve pmlogcheck sigsegv for some archives (BZ
1077432), Ensure pcp-gui-{testsuite,debuginfo} packages get replaced, Revive support for
EPEL5 builds, post pcp-gui merge, Update to latest PCP sources.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 18 2014 Dave Brolley <brolley(a)redhat.com> - 3.9.5-1
- Daemon signal handlers no longer use unsafe APIs (BZ 847343)
- Handle /var/run setups on a temporary filesystem (BZ 656659)
- Resolve pmlogcheck sigsegv for some archives (BZ 1077432)
- Ensure pcp-gui-{testsuite,debuginfo} packages get replaced.
- Revive support for EPEL5 builds, post pcp-gui merge.
- Update to latest PCP sources.
* Fri Jun 6 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.9.4-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #847343 - pcp: pmcd signal handlers are unsafe
https://bugzilla.redhat.com/show_bug.cgi?id=847343
[ 2 ] Bug #656659 - Please Update Spec File to use %ghost on files in /var/run and
/var/lock
https://bugzilla.redhat.com/show_bug.cgi?id=656659
[ 3 ] Bug #1077432 - pmlogcheck SEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1077432
--------------------------------------------------------------------------------
================================================================================
pen-0.23.0-1.el6 (FEDORA-EPEL-2014-1675)
Load balancer for "simple" tcp based protocols such as http or smtp
--------------------------------------------------------------------------------
Update Information:
This release adds support for IPv6 for backend servers as well as the listening socket.
Usage:
http://morestuff.siag.nu/2014/04/14/using-pen-as-an-address-family-adapter/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 18 2014 Christopher Meng <rpm(a)cicku.me> - 0.23.0-1
- Update to 0.23.0
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.22.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu Apr 3 2014 Christopher Meng <rpm(a)cicku.me> - 0.22.1-1
- Update to 0.22.1
- Patch merged upstream.
* Wed Apr 2 2014 Christopher Meng <rpm(a)cicku.me> - 0.22.0-2
- Patch messed with syntax.
--------------------------------------------------------------------------------
================================================================================
perl-Tree-R-0.06-1.el6 (FEDORA-EPEL-2014-1671)
Perl extension for the R-tree data structure and algorithms
--------------------------------------------------------------------------------
Update Information:
Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110246 - Review Request: perl-Tree-R - Perl extension for the Rtree data
structure and algorithms
https://bugzilla.redhat.com/show_bug.cgi?id=1110246
--------------------------------------------------------------------------------
================================================================================
python-django-dajaxice-0.6-1.el6 (FEDORA-EPEL-2014-1672)
Agnostic and easy to use AJAX library for Django
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.6. You can find the changes in the upstream description at
http://django-dajaxice.readthedocs.org/en/latest/changelog.html#id1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 17 2014 Richard Marko <rmarko(a)fedoraproject.org> - 0.6-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
rubygem-deep_merge-1.0.1-5.el6 (FEDORA-EPEL-2014-1673)
Merge Deeply Nested Hashes
--------------------------------------------------------------------------------
Update Information:
New package rubygem-deep_merge - Merges deep hashes in ruby
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1064352 - Review Request: rubygem-deep_merge - Merges deep hashes in ruby.
https://bugzilla.redhat.com/show_bug.cgi?id=1064352
--------------------------------------------------------------------------------
================================================================================
udt-4.11-2.el6 (FEDORA-EPEL-2014-1676)
UDP based Data Transfer Protocol
--------------------------------------------------------------------------------
Update Information:
UDT is a reliable UDP based application level data transport protocol for distributed data
intensive applications over wide area high-speed networks. UDT uses UDP to transfer bulk
data with its own eliability control and congestion control mechanisms. The new protocol
can transfer data at a much higher speed than TCP does. UDT is also a highly configurable
framework that can accommodate various congestion control algorithms.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1107441 - Review Request: udt - UDP based Data Transfer Protocol
https://bugzilla.redhat.com/show_bug.cgi?id=1107441
--------------------------------------------------------------------------------
================================================================================
v8-3.14.5.10-9.el6 (FEDORA-EPEL-2014-1680)
JavaScript Engine
--------------------------------------------------------------------------------
Update Information:
2014.06.05, Version 0.10.29 (Stable)
* child_process: do not set args before throwing (Greg Sabia Tucker)
* child_process: spawn() does not throw TypeError (Greg Sabia Tucker)
* constants: export O_NONBLOCK (Fedor Indutny)
* crypto: improve memory usage (Alexis Campailla)
* fs: close file if fstat() fails in readFile() (cjihrig)
* lib: name EventEmitter prototype methods (Ben Noordhuis)
* tls: fix performance issue (Alexis Campailla)
The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot be done in a
stable distribution release. This build of nodejs will behave as if NODE_INVALID_UTF8 was
set. For more information on the implications, see:
http://blog.nodejs.org/2014/06/16/openssl-and-breaking-utf-8-change/
Additionally, a minor bug in v8 has been fixed that caused certain integer comparisons to
return true when they should have returned false.
Please note that there is no OpenSSL security fixes as part of this update as there were
upstream; nodejs in EPEL uses the system OpenSSL library included with RHEL and thus
receives security updates as soon as the "openssl" packages on your system are
updated.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 19 2014 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1:3.14.5.10-9
- fix corner case in integer comparisons (v8 bug#2416; nodejs bug#7528)
--------------------------------------------------------------------------------