The following Fedora EPEL 6 Security updates need testing:
Age URL
838
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
832
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
722
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
694
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
304
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
33
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92
libmspack-0.6-0.1.alpha.el6
17
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-164cc614ff
nagios-4.3.4-4.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0177a71c41
tnef-1.4.15-1.el6
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f7e4cbd529
golang-1.7.6-2.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0100ef8963
tre-0.7.6-3.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-93a3dd5663
cacti-1.1.19-2.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-51e496e5c0
seamonkey-2.49.1-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-abd82daec6
lame-3.100-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
RackTables-0.20.14-1.el6
globus-common-17.2-1.el6
globus-ftp-control-8.2-1.el6
globus-gram-job-manager-scripts-6.10-1.el6
globus-gss-assist-11.1-1.el6
globus-gssapi-gsi-13.2-1.el6
imapfilter-2.6.10-2.el6
lame-3.100-1.el6
ocserv-0.11.9-1.el6
php-phpseclib-2.0.7-1.el6
seamonkey-2.49.1-1.el6
Details about builds:
================================================================================
RackTables-0.20.14-1.el6 (FEDORA-EPEL-2017-255a88f330)
A data-center asset management system
--------------------------------------------------------------------------------
Update Information:
Rebase to v0.20.14 Address BZ1492171
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1492171 - PHP parse error with RackTables-0.20.13-1.el7.noarch
https://bugzilla.redhat.com/show_bug.cgi?id=1492171
--------------------------------------------------------------------------------
================================================================================
globus-common-17.2-1.el6 (FEDORA-EPEL-2017-c006a87349)
Globus Toolkit - Common Library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
globus-ftp-control-8.2-1.el6 (FEDORA-EPEL-2017-c006a87349)
Globus Toolkit - GridFTP Control Library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-scripts-6.10-1.el6 (FEDORA-EPEL-2017-c006a87349)
Globus Toolkit - GRAM Job ManagerScripts
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
globus-gss-assist-11.1-1.el6 (FEDORA-EPEL-2017-c006a87349)
Globus Toolkit - GSSAPI Assist library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
globus-gssapi-gsi-13.2-1.el6 (FEDORA-EPEL-2017-c006a87349)
Globus Toolkit - GSSAPI library
--------------------------------------------------------------------------------
Update Information:
* globus-common 17.2 * globus-ftp-control 8.2 * globus-gram-job-manager-scripts
6.10 * globus-gssapi-gsi 13.2 * globus-gss-assist 11.1
--------------------------------------------------------------------------------
================================================================================
imapfilter-2.6.10-2.el6 (FEDORA-EPEL-2017-98c4798f95)
A flexible client side mail filtering utility for IMAP servers
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream release, fixing some ancient RHBZ bugs.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1423737 - imapfilter: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1423737
[ 2 ] Bug #1331652 - [PATCH] Disable sslv3 in imapfilter
https://bugzilla.redhat.com/show_bug.cgi?id=1331652
--------------------------------------------------------------------------------
================================================================================
lame-3.100-1.el6 (FEDORA-EPEL-2017-abd82daec6)
Free MP3 audio compressor
--------------------------------------------------------------------------------
Update Information:
LAME 3.100 - October 13 2017 ============================ * Rog��rio Brito
* Don't include the debian directory as one that is needed during builds. Patch
taken from Debian's packaging of lame. * Resurrect Owen Taylor's code
dated from 97-11-3 to properly deal with GTK1. This was transplanted back from
aclocal.m4 with a patch provided by Andres Mejia. This change makes it easy to
regenerate autotools' files with a simple invocation of autoconf -vfi. *
Fix possible race condition causing build failures in libmp3lame. Discovered in
automated builds by the Debian project with patch provided by Andres Mejia. *
Robert Hegemann * Improved detection of MPEG audio data in RIFF WAVE
files. Tracker item [ 3545112 ] Invalid sampling detection * New switch
--gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain
adjustment in decibels, than the use of --scale <factor>. * Fix for
tracker item [ 3558466 ] Bug in path handling * Fix for tracker item [
3567844 ] problem with Tag genre * Fix for tracker item [ 3565659 ] no
progress indication with pipe input * Fix for tracker item [ 3544957 ]
scale (empty) silent encode without warning * Fix for tracker item [
3580176 ] environment variable LAMEOPT doesn't work anymore * Fix for
tracker item [ 3608583 ] input file name displayed with wrong character encoding
(on windows console with CP_UTF8) * Fix for bug ticket [ #447 ] Fix
dereference NULL and Buffer not NULL terminated issues. Thanks to Surabhi Mishra
* Fix for bug ticket [ #445 ] dereference of a null pointer possible in loop.
Thanks to Renu Tyagi * Fix for bug ticket [ #449 ] Make sure functions
with SSE instructions maintain their own properly aligned stack. Thanks to
Fabian Greffrath * Fix for bug ticket [ #458 ] Multiple Stack and Heap
Corruptions from Malicious File. Thanks to Gareth Evans and Elio Blanca *
Fix for bug ticket [ #460 ] A division by zero vulnerability. Thanks to Wang
Shiyang, Liu Bingchang * Fix for bug ticket [ #461 ] CVE-2017-9410
fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read
and ap * Fix for bug ticket [ #462 ] CVE-2017-9411 fill_buffer_resample
function in libmp3lame/util.c invalid memory read and application crash *
Fix for bug ticket [ #463 ] CVE-2017-9412 unpack_read_samples function in
frontend/get_audio.c invalid memory read and application crash * Fix for
bug ticket [ #434 ] clip detect scale suggestion unaware of scale input value
* HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3
data resulted in internal buffer overflow (write). Thanks to Henri Salo *
Alexander Leidinger * Feature request, patch ticket [ #27 ] Add
lame_encode_buffer_interleaved_int() by Michael Fink
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1470199 - CVE-2015-9099 CVE-2015-9100 CVE-2017-11720 CVE-2017-13712
CVE-2017-15018 CVE-2017-15019 CVE-2017-15045 CVE-2017-15046 CVE-2017-9410 CVE-2017-9411
CVE-2017-9412 CVE-2017-8419 lame: Multiple vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1470199
--------------------------------------------------------------------------------
================================================================================
ocserv-0.11.9-1.el6 (FEDORA-EPEL-2017-e37d37845b)
OpenConnect SSL VPN server
--------------------------------------------------------------------------------
Update Information:
- Update to upstream 0.11.9 release
--------------------------------------------------------------------------------
================================================================================
php-phpseclib-2.0.7-1.el6 (FEDORA-EPEL-2017-1c18b0d9ba)
PHP Secure Communications Library
--------------------------------------------------------------------------------
Update Information:
**Version 2.0.7** - 2017-10-22 * **SSH2:** - add new READ_NEXT mode
(#1140) - add sendIdentificationStringFirst() - add sendKEXINITFirst()
- add sendIdentificationStringLast() - add sendKEXINITLast() (#1162) -
assume any SSH server >= 1.99 supports SSH2 (#1170) - workaround for bad
arcfour256 implementations (#1171) - don't choke when getting response from
diff channel in exec() (#1167) * **SFTP:** - add
enablePathCanonicalization() - add disablePathCanonicalization() (#1137)
- fix put() with remote file stream resource (#1177) * ANSI: misc fixes (#1150,
#1161) * X509: use DateTime instead of unix time (#1166) * Ciphers: use eval()
instead of create_function() for >= 5.3
--------------------------------------------------------------------------------
================================================================================
seamonkey-2.49.1-1.el6 (FEDORA-EPEL-2017-51e496e5c0)
Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:
Update to 2.49.1 Based on the Firefox/Thunderbird ESR (extension support
release) code version 52.4.0 Fixes various security issues, see
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ and
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ for
more info. Since the version of 2.48, SeaMonkey uses another disk cache
implementation. It is preferable to clear the cache (even before the update) to
avoid extra disk space usage by the old cache data.
--------------------------------------------------------------------------------