The following Fedora EPEL 5 Security updates need testing:
Age URL
942
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
396
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
161
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7....
57
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2669/check-mk-1....
56
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki11...
22
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3675/Pound-2.6-2...
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3784/mantis-1.2....
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3972/nginx-0.8.5...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3983/polarssl-1....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4147/lsyncd-2.1....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4166/clamav-0.98...
The following builds have been pushed to Fedora EPEL 5 updates-testing
clamav-0.98.5-1.el5
myproxy-6.1.6-1.el5
Details about builds:
================================================================================
clamav-0.98.5-1.el5 (FEDORA-EPEL-2014-4166)
Anti-virus software
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.98.5
=============
ClamAV 0.98.5 also includes these new features and bug fixes:
* Support for the XDP file format and extracting, decoding, and scanning PDF files
within XDP files. Addition of shared library support for LLVM versions 3.1 - 3.5 for the
purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. Andreas Cadhalpun
submitted the patch implementing this support.
* Enhancements to the clambc command line utility to assist ClamAV bytecode signature
authors by providing introspection into compiled bytecode programs.
* Resolution of many of the warning messages from ClamAV compilation.
* Improved detection of malicious PE files.
* Security fix for ClamAV crash when using 'clamscan -a'. This issue was
identified by Kurt Siefried of Red Hat.
* Security fix for ClamAV crash when scanning maliciously crafted yoda's crypter
files. This issue, as well as several other bugs fixed in this release, were identified by
Damien Millescamp of Oppida.
* ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode. Thanks to Reinhard Max
for supplying the patch.
* Bug fixes and other feature enhancements.
Please see the ChangeLog file or GIT log for further details.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 19 2014 Robert Scheck <robert(a)fedoraproject.org> - 0.98.5-1
- Upgrade to 0.98.5 and updated daily.cvd (#1138101)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1138101 - CVE-2013-6497 ClamAV: -a segmentation fault when processing files
https://bugzilla.redhat.com/show_bug.cgi?id=1138101
--------------------------------------------------------------------------------
================================================================================
myproxy-6.1.6-1.el5 (FEDORA-EPEL-2014-4159)
Manage X.509 Public Key Infrastructure (PKI) security credentials
--------------------------------------------------------------------------------
Update Information:
MyProxy 6.1.6
* Allow TLS (no longer force SSLv3)
* VOMS support now in a separate package (myproxy-voms)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 19 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 6.1.6-1
- Update to 6.1.6
- Drop patch myproxy-deps.patch (fixed upstream)
- Upstream source moved from sourceforge to the Globus Toolkit github repo
- Use source tarball published by Globus
- Use upstream's init scripts and systemd unit files
- New binary package myproxy-voms (voms support split out as a plugin)
--------------------------------------------------------------------------------