The following Fedora EPEL 7 Security updates need testing:
Age URL
861
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
623
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
205
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
103
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
101
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4
tnef-1.4.14-1.el7
100
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
35
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4aae1e22f1
lxc-1.0.10-2.el7
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-ffb0e00f3b
mosquitto-1.4.13-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7678ea423a
jabberd-2.6.1-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-86125e7897
GraphicsMagick-1.3.26-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b6bc17c1
globus-ftp-client-8.36-1.el7 globus-gass-cache-program-6.7-1.el7
globus-gass-copy-9.27-1.el7 globus-gram-client-13.18-1.el7
globus-gram-job-manager-14.36-1.el7 globus-gram-job-manager-condor-2.6-5.el7
globus-gridftp-server-12.2-1.el7 globus-gssapi-gsi-12.17-1.el7 globus-io-11.9-1.el7
globus-net-manager-0.17-1.el7 globus-xio-5.16-1.el7 globus-xio-gsi-driver-3.11-1.el7
globus-xio-pipe-driver-3.10-1.el7 globus-xio-udt-driver-1.28-1.el7 myproxy-6.1.28-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d13b9e8413
cacti-1.1.12-2.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-47be021843
heimdal-7.4.0-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a8886eb42e
cross-binutils-2.27-9.el7.1 cross-gcc-4.8.5-16.el7.1
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-93f422baa0
nodejs-6.11.1-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-491dd51db6
phpldapadmin-1.2.3-10.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-64c36b5282
rubygem-rack-cors-0.4.1-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0e0fd785bc
yara-3.6.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
git-extras-4.4.0-1.el7
rubygem-rack-cors-0.4.1-1.el7
yara-3.6.3-1.el7
zstd-1.3.0-1.el7
Details about builds:
================================================================================
git-extras-4.4.0-1.el7 (FEDORA-EPEL-2017-7adf128772)
Little git extras
--------------------------------------------------------------------------------
Update Information:
git-extras-4.4.0 is available
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1471372 - git-extras-4.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1471372
--------------------------------------------------------------------------------
================================================================================
rubygem-rack-cors-0.4.1-1.el7 (FEDORA-EPEL-2017-64c36b5282)
Middleware for enabling Cross-Origin Resource Sharing in Rack apps
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-11173, new upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1470688 - CVE-2017-11173 rubygem-rack-cors: Missing anchor in generated regex
in rack/cors.rb#L256 may permit forged malicious requests [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1470688
--------------------------------------------------------------------------------
================================================================================
yara-3.6.3-1.el7 (FEDORA-EPEL-2017-0e0fd785bc)
Pattern matching Swiss knife for malware researchers
--------------------------------------------------------------------------------
Update Information:
bump to 3.6.3 release - bugfix CVE-2017-11328 ---- Security fix for
CVE-2017-9304, CVE-2017-9465
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1459490 - CVE-2017-9465 yara: Buffer over-read in yr_arena_write_data
function
https://bugzilla.redhat.com/show_bug.cgi?id=1459490
--------------------------------------------------------------------------------
================================================================================
zstd-1.3.0-1.el7 (FEDORA-EPEL-2017-e8af27910d)
Zstd compression library
--------------------------------------------------------------------------------
Update Information:
Latest upstream
--------------------------------------------------------------------------------