The following Fedora EPEL 7 Security updates need testing:
Age URL
26
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a
unrtf-0.21.9-8.el7
23
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
chromium-67.0.3396.79-1.el7
21
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-15b7dc35af
pass-1.7.2-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9d8de55465
drupal7-backup_migrate-3.5-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7926246d9d
libgit2-0.26.4-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ccbe8e3c4d
knot-resolver-2.4.0-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
guacamole-server-0.9.14-1.el7
libvncserver-0.9.9-0.12.el7
nekovm-2.2.0-5.el7
php-bartlett-php-compatinfo-db-1.33.0-1.el7
transifex-client-0.13.4-1.el7
wordpress-4.9.7-1.el7
Details about builds:
================================================================================
guacamole-server-0.9.14-1.el7 (FEDORA-EPEL-2018-6b0fdd8b40)
Server-side native components that form the Guacamole proxy
--------------------------------------------------------------------------------
Update Information:
Limited arch package libvncserver for ppc64 + latest Guacamole server.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 3 2018 Simone Caronni <negativo17(a)gmail.com> - 0.9.14-1
- Update to 0.9.14.
- Update SPEC file.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1563305 - Please update guacamole to latest version
https://bugzilla.redhat.com/show_bug.cgi?id=1563305
[ 2 ] Bug #1546859 - CVE-2018-7225 libvncserver: Improper input sanitization in
rfbProcessClientNormalMessage in rfbserver.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1546859
--------------------------------------------------------------------------------
================================================================================
libvncserver-0.9.9-0.12.el7 (FEDORA-EPEL-2018-6b0fdd8b40)
Library to make writing a vnc server easy
--------------------------------------------------------------------------------
Update Information:
Limited arch package libvncserver for ppc64 + latest Guacamole server.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1563305 - Please update guacamole to latest version
https://bugzilla.redhat.com/show_bug.cgi?id=1563305
[ 2 ] Bug #1546859 - CVE-2018-7225 libvncserver: Improper input sanitization in
rfbProcessClientNormalMessage in rfbserver.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1546859
--------------------------------------------------------------------------------
================================================================================
nekovm-2.2.0-5.el7 (FEDORA-EPEL-2018-5f4ca2ed51)
Neko embedded scripting language and virtual machine
--------------------------------------------------------------------------------
Update Information:
initial release for EPEL7
--------------------------------------------------------------------------------
================================================================================
php-bartlett-php-compatinfo-db-1.33.0-1.el7 (FEDORA-EPEL-2018-7853163ec6)
Reference Database to be used with php-compatinfo library
--------------------------------------------------------------------------------
Update Information:
**Version 1.33.0** - 2018-07-05 * **Added** - Support to PHP 7.1.18 and
7.1.19 * **Changed** - Igbinary reference updated to version 2.0.7
(stable) - Stomp reference updated to version 2.0.2 (stable) - Varnish
reference updated to version 1.2.4 (stable)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 6 2018 Remi Collet <remi(a)remirepo.net> - 1.33.0-1
- update to 1.33.0
--------------------------------------------------------------------------------
================================================================================
transifex-client-0.13.4-1.el7 (FEDORA-EPEL-2018-ddb17af229)
Command line tool for Transifex translation management
--------------------------------------------------------------------------------
Update Information:
New upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 6 2018 Luis Bazan <lbazan(a)fedoraproject.org> - 0.13.4-1
- New upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1594046 - Cannot install due to missing dependency:
python3-backports-ssl_match_hostname
https://bugzilla.redhat.com/show_bug.cgi?id=1594046
--------------------------------------------------------------------------------
================================================================================
wordpress-4.9.7-1.el7 (FEDORA-EPEL-2018-3f114dff22)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
Update to 4.9.7 security release.
https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-
release/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 5 2018 Kevin Fenzi <kevin(a)scrye.com> - 4.9.7-1
- Update to 4.9.7 security update. Fixes bug #1598612
- Fixes CVE-2018-12895 bugs #1595584 and #1595585
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1595585 - CVE-2018-12895 wordpress: Author users can execute arbitrary code
by leveraging directory traversal on the wp-admin/post.php thumb parameter [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1595585
[ 2 ] Bug #1598612 - wordpress-4.9.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1598612
--------------------------------------------------------------------------------