The following Fedora EPEL 6 Security updates need testing:
Age URL
582
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
576
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
466
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
438
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
168
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53
chicken-4.11.0-3.el6
48
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
33
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8c6c7bf06e
dbus-sharp-0.7.0-16.el6 dbus-sharp-glib-0.5.0-14.el6 mono-4.2.4-9.el6
15
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5bc0e8fa7d
drupal7-title-1.0-0.7.alpha9.el6
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b17ae6b75a
viewvc-1.1.26-1.el6 viewvc-1.1.26-1.el6 viewvc-1.1.26-1.el6 viewvc-1.1.26-1.el6
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2f6331df71
bitlbee-3.5.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
nrpe-3.0.1-1.el6
php-pecl-zendopcache-7.0.5-2.el6
python-ansible-tower-cli-3.0.3-1.el6
python-bugzilla-2.0.0-1.el6
tripwire-2.4.3.2-1.el6
xrootd-4.6.0-1.el6
Details about builds:
================================================================================
nrpe-3.0.1-1.el6 (FEDORA-EPEL-2017-b64fc8eec9)
Host/service/network monitoring agent for Nagios
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.1. Major update but upstream is no longer supporting old code.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1411705 - allowed_hosts doesn't work, if one of the hostnames can't
be resolved by dns
https://bugzilla.redhat.com/show_bug.cgi?id=1411705
[ 2 ] Bug #1275870 - NRPE initscript does not read PID file when calling
status/killproc
https://bugzilla.redhat.com/show_bug.cgi?id=1275870
--------------------------------------------------------------------------------
================================================================================
php-pecl-zendopcache-7.0.5-2.el6 (FEDORA-EPEL-2017-5901b42760)
The Zend OPcache
--------------------------------------------------------------------------------
Update Information:
Add security mitigation fix backported from PHP 5.6: * php#69090 check cached
files permissions This change introduce 2 new configuration options: *
**opcache.validate_permission** (default 0): leads OPcache to check file
readability on each access to cached file. This directive should be enabled in
shared hosting environment, when few users (PHP-FPM pools) reuse the common
OPcache shared memory. * **opcache.validate_root** (default 0): prevent name
collisions in chroot'ed environment. This directive prevents file name
collisions in different "chroot" environments. It should be enabled for sites
that may serve requests in different "chroot" environments.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409317 - backport security fix #69090 for OPcache
https://bugzilla.redhat.com/show_bug.cgi?id=1409317
--------------------------------------------------------------------------------
================================================================================
python-ansible-tower-cli-3.0.3-1.el6 (FEDORA-EPEL-2017-97a3a31e2b)
A CLI tool for Ansible Tower
--------------------------------------------------------------------------------
Update Information:
update to 3.0.3
--------------------------------------------------------------------------------
================================================================================
python-bugzilla-2.0.0-1.el6 (FEDORA-EPEL-2017-8a3a013ae6)
A python library and tool for interacting with Bugzilla
--------------------------------------------------------------------------------
Update Information:
* Rebased to version 2.0.0 * Several fixes for use with bugzilla 5 * This
release contains several smallish API breaks: * Bugzilla.bug_autorefresh now
defaults to False * Credentials are now cached in ~/.cache/python-bugzilla/ *
bin/bugzilla was converted to argparse * bugzilla query --boolean_chart option
is removed * Unify command line flags across sub commands
--------------------------------------------------------------------------------
================================================================================
tripwire-2.4.3.2-1.el6 (FEDORA-EPEL-2017-d86357b3da)
IDS (Intrusion Detection System)
--------------------------------------------------------------------------------
Update Information:
update to 2.4.3.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #830999 - tripwire cron should send mail to configured recipients
https://bugzilla.redhat.com/show_bug.cgi?id=830999
--------------------------------------------------------------------------------
================================================================================
xrootd-4.6.0-1.el6 (FEDORA-EPEL-2017-85c437a7c5)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
New version 4.6.0, release notes are here:
https://github.com/xrootd/xrootd/blob/v4.6.0/docs/ReleaseNotes.txt
--------------------------------------------------------------------------------