The following Fedora EPEL 7 Security updates need testing: Age URL 466 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 207 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 205 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-136fa99185 limnoria-20191109-2.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5fecd4c331 libmodbus-3.0.8-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d8f3c6a443 chromium-78.0.3904.97-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-58be818bb4 thunderbird-enigmail-2.1.3-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8a7207a341 libidn2-2.3.0-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aff200699c mingw-libidn2-2.3.0-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b1761c2898 imapfilter-2.6.15-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
fail2ban-0.10.4-1.el7 jhead-3.04-1.el7 radsecproxy-1.8.0-1.el7
Details about builds:
================================================================================ fail2ban-0.10.4-1.el7 (FEDORA-EPEL-2019-dac149ad76) Daemon to ban hosts that cause multiple authentication errors -------------------------------------------------------------------------------- Update Information:
Update to 0.10.4 --- Incompatibility list (compared to v.0.9): * Filter (or `failregex`) internal capture-groups: - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should rewrite the regex like in example below resp. using `(?:(?P=ip4)|(?P=ip6)` instead of `(?P=host)` (or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding your `usedns` and `raw` settings). Of course you can always define your own capture-group (like below `_cond_ip_`) to do this. ``` testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$" ``` - New internal groups (currently reserved for internal usage): `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if mapping from tag `<F-*>` used in failregex (e. g. `user` by `<F-USER>`). * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some user configurations resp. `datepattern`. * Since v0.10 fail2ban supports the matching of IPv6 addresses, but not all ban actions are IPv6-capable now. Also: - Define banaction_allports for firewalld, update banaction (bz#1775175) - Update sendmail-reject with TLSMTA & MSA port IDs (bz#1722625) - Remove config files for other distros (bz#1533113) -------------------------------------------------------------------------------- ChangeLog:
* Sat Nov 23 2019 Orion Poplawski orion@nwra.com - 0.10.4-1 - Update to 0.10.4 - Define banaction_allports for firewalld, update banaction (bz#1775175) - Update sendmail-reject with TLSMTA & MSA port IDs (bz#1722625) - Remove config files for other distros (bz#1533113) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1725975 - ssh jail bans the same IP for all log messages https://bugzilla.redhat.com/show_bug.cgi?id=1725975 [ 2 ] Bug #1733363 - The default ssd filter file /etc/fail2ban/filter.d/sshd.conf does not protect against brute force password guessing if using pam_sss for authentication. https://bugzilla.redhat.com/show_bug.cgi?id=1733363 [ 3 ] Bug #1401360 - postfix-rbl.conf regex for "454 4.7.1" should be "554 5.7.1" for default postfix reject_rbl_client https://bugzilla.redhat.com/show_bug.cgi?id=1401360 [ 4 ] Bug #1775175 - fail2ban-firewalld should define banaction_allports https://bugzilla.redhat.com/show_bug.cgi?id=1775175 --------------------------------------------------------------------------------
================================================================================ jhead-3.04-1.el7 (FEDORA-EPEL-2019-1a5ac407f8) Tool for displaying EXIF data embedded in JPEG images -------------------------------------------------------------------------------- Update Information:
updated to 3.04 (CVE-2019-19035) -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 22 2019 Adrian Reber adrian@lisas.de - 3.04-1 - updated to 3.04 (CVE-2019-19035) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1775098 - CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and process_SOFn in jpgfile.c leads to denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1775098 --------------------------------------------------------------------------------
================================================================================ radsecproxy-1.8.0-1.el7 (FEDORA-EPEL-2019-34fead3896) Generic RADIUS proxy with RadSec support -------------------------------------------------------------------------------- Update Information:
radsecproxy is a generic RADIUS proxy that in addition to usual RADIUS UDP transport, also supports TLS (RadSec), as well as RADIUS over TCP and DTLS. The aim is for the proxy to have sufficient features to be flexible, while at the same time to be small, efficient and easy to configure. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 17 2019 Robert Scheck robert@fedoraproject.org 1.8.0-1 - Upgrade to 1.8.0 (#1753052) - Initial spec file for Fedora and Red Hat Enterprise Linux --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org