The following Fedora EPEL 7 Security updates need testing:
Age URL
102
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a
unrtf-0.21.9-8.el7
53
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a
bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7
36
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
36
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-69993b3f45
sleuthkit-4.6.2-1.el7
28
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3a3c72c5e5
chromium-68.0.3440.106-3.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3492a96896
myrepos-1.20180726-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ac179250ba
gitolite3-3.6.9-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-4255a1292d
php-tcpdf-6.2.22-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c0e0064bf7
moodle-3.1.14-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ae9b5a9e70
hylafax+-5.6.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
NetworkManager-strongswan-1.4.3-2.el7
OpenMolcas-18.0-6.o180813.1752.el7
fldigi-4.0.18-2.el7
freedv-1.3.1-3.el7.1
hamlib-3.3-1.el7
libbson-1.3.5-6.el7
libmodulemd-1.6.4-1.el7
mozilla-noscript-10.1.9.6-1.el7
python-collectd_systemd-0.0.1-0.7.20180604gitbe9c647.el7
qsstv-9.2.6-4.el7
soundkonverter-3.0.1-2.el7
twa-1.3.1-1.el7
xorgxrdp-0.2.8-1.el7
zabbix30-3.0.22-2.el7
zchunk-0.9.10-1.el7
Details about builds:
================================================================================
NetworkManager-strongswan-1.4.3-2.el7 (FEDORA-EPEL-2018-06162324c0)
NetworkManager strongSwan IPSec VPN plug-in
--------------------------------------------------------------------------------
Update Information:
Update to version 1.4.3.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
OpenMolcas-18.0-6.o180813.1752.el7 (FEDORA-EPEL-2018-7dce5eec99)
A multiconfigurational quantum chemistry software package
--------------------------------------------------------------------------------
Update Information:
Fix pyparsing requirement. ---- Also include the python driver. ---- First
release in EPEL 7.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1617953 - Review Request: OpenMolcas - A multiconfigurational quantum
chemistry software package
https://bugzilla.redhat.com/show_bug.cgi?id=1617953
--------------------------------------------------------------------------------
================================================================================
fldigi-4.0.18-2.el7 (FEDORA-EPEL-2018-c32b31432b)
Digital modem program for Linux
--------------------------------------------------------------------------------
Update Information:
Update to hamlib 3.3 and rebuild dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 30 2018 Richard Shaw <hobbes1069(a)gmail.com> - 4.0.18-2
- Rebuild for hamlib 3.3.
* Thu Aug 30 2018 Richard Shaw <hobbes1069(a)gmail.com> - 4.0.18-1
- Update to 4.0.18.
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.17-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 7 2018 Richard Shaw <hobbes1069(a)gmail.com> - 4.0.17-1
- Update to 4.0.17.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1623903 - hamlib-3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1623903
--------------------------------------------------------------------------------
================================================================================
freedv-1.3.1-3.el7.1 (FEDORA-EPEL-2018-c32b31432b)
FreeDV Digital Voice
--------------------------------------------------------------------------------
Update Information:
Update to hamlib 3.3 and rebuild dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 30 2018 Richard Shaw <hobbes1069(a)gmail.com> - 1.3.1-3
- Rebuild for hamlib 3.3.
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1623903 - hamlib-3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1623903
--------------------------------------------------------------------------------
================================================================================
hamlib-3.3-1.el7 (FEDORA-EPEL-2018-c32b31432b)
Run-time library to control radio transceivers and receivers
--------------------------------------------------------------------------------
Update Information:
Update to hamlib 3.3 and rebuild dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 30 2018 Richard Shaw <hobbes1069(a)gmail.com> - 3.3-1
- Update to 3.3.
* Fri Jul 20 2018 Jaroslav ��karvada <jskarvad(a)redhat.com> - 3.2-5
- Fixed FTBFS by adding gcc-c++ requirement
Resolves: rhbz#1604307
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.2-3
- Perl 5.28 rebuild
* Tue Jun 19 2018 Jaroslav ��karvada <jskarvad(a)redhat.com> - 3.2-2
- Dropped info scriptlets, it's now handled automatically by trigger
* Tue Apr 3 2018 Richard Shaw <hobbes1069(a)gmail.com> - 3.2-1
- Update to 3.2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1623903 - hamlib-3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1623903
--------------------------------------------------------------------------------
================================================================================
libbson-1.3.5-6.el7 (FEDORA-EPEL-2018-bc87c43cdd)
Building, parsing, and iterating BSON documents
--------------------------------------------------------------------------------
Update Information:
This release fixes a heap-based buffer over-read when parsing a mallformed BSON
document (CVE-2018-16790).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 18 2018 Petr Pisar <ppisar(a)redhat.com> - 1.3.5-6
- Fix CVE-2018-16790 (heap-based buffer over-read in
_bson_iter_next_internal()) (bug #1627925)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1627923 - CVE-2018-16790 libbson: Heap-based buffer over-read in
_bson_iter_next_internal in bson-iter.c
https://bugzilla.redhat.com/show_bug.cgi?id=1627923
--------------------------------------------------------------------------------
================================================================================
libmodulemd-1.6.4-1.el7 (FEDORA-EPEL-2018-a2566f75da)
Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
- Update to 1.6.4 - Add Buildopts to the documentation. - Deduplicate module
streams when merging. - Drop upstreamed patches.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 18 2018 Stephen Gallagher <sgallagh(a)redhat.com> - 1.6.4-1
- Update to 1.6.4.
- Add Buildopts to the documentation.
- Deduplicate module streams when merging.
- Drop upstreamed patches.
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-10.1.9.6-1.el7 (FEDORA-EPEL-2018-1141f91524)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
This update introduces NoScript version 10 (WebExtension-compatible) required
for Firefox 60 ESR and moves the legacy (classic) version 5.x to SeaMonkey-
specific folder. v 5.1.8.7
============================================================= * [Security] Fixed
script blocking bypass zero-day (thanks Zerodium for unresponsible disclosure,
https://twitter.com/Zerodium/status/1039127214602641409) * [Surrogate] Fixed
typo in 2mdn replacement (thansk barbaz) * [XSS] Fixed InjectionChecker choking
at some big JSON payloads sents as POST form data * [XSS] In-depth protection
against native ES6 modules abuse * Fixed classic beta channel users being
accidentally migrated to stable (thanks barbaz)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 16 2018 Dominik Mierzejewski <rpm(a)greysector.net> - 10.1.9.6-1
- update to 10.1.9.6
- keep the classic version for seamonkey users
* Sun Sep 16 2018 Dominik Mierzejewski <rpm(a)greysector.net> - 5.1.8.7-1
- update to 5.1.8.7 (fixes CVE-2018-16983)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1629212 - CVE-2018-16983 mozilla-noscript: NoScript Bypass via the
text/html;/json Content-Type value
https://bugzilla.redhat.com/show_bug.cgi?id=1629212
--------------------------------------------------------------------------------
================================================================================
python-collectd_systemd-0.0.1-0.7.20180604gitbe9c647.el7 (FEDORA-EPEL-2018-0b0d1f216e)
Collectd plugin to monitor systemd services
--------------------------------------------------------------------------------
Update Information:
An update to the selinux policy. collectd is now able to access status of old
style SysV init scripts being managed with systemd.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 18 2018 Steve Traylen <steve.traylen(a)cern.ch> -
0.0.1-0.7.20180516gita7018ec
- Update selinux policy to allow collectd access to old style SysV scripts.
* Tue Sep 18 2018 Steve Traylen <steve.traylen(a)cern.ch> -
0.0.1-0.6.20180516gita7018ec
- Update selinux policy to allow collectd access to old style SysV scripts.
--------------------------------------------------------------------------------
================================================================================
qsstv-9.2.6-4.el7 (FEDORA-EPEL-2018-c32b31432b)
Qt-based slow-scan TV and fax
--------------------------------------------------------------------------------
Update Information:
Update to hamlib 3.3 and rebuild dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 30 2018 Richard Shaw <hobbes1069(a)gmail.com> - 9.2.6-4
- Rebuild for hamlib 3.3.
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 9.2.6-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1623903 - hamlib-3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1623903
--------------------------------------------------------------------------------
================================================================================
soundkonverter-3.0.1-2.el7 (FEDORA-EPEL-2018-23b796dca3)
Audio file converter, CD ripper and Replay Gain tool
--------------------------------------------------------------------------------
Update Information:
Remove patch moving the appdata file as RHEL use the old location ---- Release
3.0.1
--------------------------------------------------------------------------------
================================================================================
twa-1.3.1-1.el7 (FEDORA-EPEL-2018-f537442a08)
Tiny web auditor with strong opinions
--------------------------------------------------------------------------------
Update Information:
New package - first bodhi update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1629446 - Review Request: twa - tiny web auditor
https://bugzilla.redhat.com/show_bug.cgi?id=1629446
--------------------------------------------------------------------------------
================================================================================
xorgxrdp-0.2.8-1.el7 (FEDORA-EPEL-2018-bf0e6c6e41)
Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:
This release includes some invalid memory access issue, #124 and #125.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 19 2018 Bojan Smojver <bojan(a)rexursive.com> - 0.2.8-1
- Bump up to 0.2.8
* Thu Sep 6 2018 Bojan Smojver <bojan(a)rexursive.com> - 0.2.7-3
- Rebuild against Xorg 1.20.1
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.2.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
zabbix30-3.0.22-2.el7 (FEDORA-EPEL-2018-39c65ddf94)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
Zabbix is software that monitors numerous parameters of a network and the health
and integrity of servers. Zabbix uses a flexible notification mechanism that
allows users to configure e-mail based alerts for virtually any event. This
allows a fast reaction to server problems. Zabbix offers excellent reporting and
data visualization features based on the stored data. This makes Zabbix ideal
for capacity planning. Zabbix supports both polling and trapping. All Zabbix
reports and statistics, as well as configuration parameters are accessed through
a web-based front end. A web-based front end ensures that the status of your
network and the health of your servers can be assessed from any location.
Properly configured, Zabbix can play an important role in monitoring IT
infrastructure. This is equally true for small organizations with a few servers
and for large companies with a multitude of servers.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528400 - Review Request: zabbix30 - Open-source monitoring solution for your
IT infrastructure
https://bugzilla.redhat.com/show_bug.cgi?id=1528400
--------------------------------------------------------------------------------
================================================================================
zchunk-0.9.10-1.el7 (FEDORA-EPEL-2018-181645f674)
Compressed file format that allows easy deltas
--------------------------------------------------------------------------------
Update Information:
Fixes security bugs identified by Coverity
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 18 2018 Jonathan Dieter <jdieter(a)gmail.com> - 0.9.10-1
- Update to 0.9.10
- Fixes security bugs found by Coverity
--------------------------------------------------------------------------------