The following Fedora EPEL 5 Security updates need testing:
Age URL
919
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
373
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
138
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7....
34
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2669/check-mk-1....
33
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2853/mediawiki11...
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3455/drupal7-7.3...
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3549/rubygem-act...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3554/rubygem-rai...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3570/tor-0.2.4.2...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3651/phpMyAdmin4...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3675/Pound-2.6-2...
The following builds have been pushed to Fedora EPEL 5 updates-testing
Pound-2.6-2.el5.2
jupp-28-1.el5
munin-2.0.24-1.el5
phpMyAdmin4-4.0.10.5-1.el5
ssdeep-2.12-1.el5
zabbix22-2.2.7-1.el5
Details about builds:
================================================================================
Pound-2.6-2.el5.2 (FEDORA-EPEL-2014-3675)
Reverse proxy and load balancer
--------------------------------------------------------------------------------
Update Information:
This is a rebase to 2.6 with a couple of fixes applied to address security fixes.
Note they usually are extra options that need
to be enabled manually so that we won't break functionality:
- CVE-2011-3389: Make it possible to deny use of "BEAST" vulnerable ciphers
- CVE-2012-4929: Disable compression to be safe from "CRIME"
- CVE-2005-2090: Chunked encofing response splitting (no awkward name here)
- CVE-2014-3566: Allow disabling SSLv3 (and others), to be safe from "POODLE"
- A redirect XSS fix
Backporting the fixes to 2.4 looked like a difficult task.
Please test thoroughly and downkarma the update if it is unacceptable for you.
--------------------------------------------------------------------------------
================================================================================
jupp-28-1.el5 (FEDORA-EPEL-2014-3573)
Compact and feature-rich WordStar-compatible editor
--------------------------------------------------------------------------------
Update Information:
Changes for jupp 28
===================
* Mention in comments that when enabling the -backpath option, its argument must not be
quoted, nor followed by a comment; issue found by R. Hubbell
* Some mostly harmless code cleanup; fix speeds[] array access/sizing; reported by dcb
(LP#1348559, LP#1348614)
* Fix size_t mixup
* Introduce ^KF (jupprc): compile and download NXC program to NXT brick, for Freedroidz,
a project of Teckids e.V. sponsored by tarent solutions GmbH
* Better const-cleanliness of code
* Quell New File message for scratch buffers
* Fix URI in ChangeLog file
* Actually build with LFS on GNU/Linux
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2014 Robert Scheck <robert(a)fedoraproject.org> 28-1
- Upgrade to 28
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
27-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
munin-2.0.24-1.el5 (FEDORA-EPEL-2014-3657)
Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:
Upstream released 2.0.24
Upstream released 2.0.23
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 26 2014 "D. Johnson" <fenris02(a)fedoraproject.org> - 2.0.24-1
- Upstream released 2.0.24
* Sat Oct 18 2014 "D. Johnson" <fenris02(a)fedoraproject.org> - 2.0.23-1
- Upstream released 2.0.23
* Fri Oct 17 2014 "D. Johnson" <fenris02(a)fedoraproject.org> - 2.0.22-1
- Upstream released 2.0.22
* Tue Oct 7 2014 "D. Johnson" <fenris02(a)fedoraproject.org> - 2.0.21-8
- BZ# 1149948 - munin-async pid file in /var/run rather than /var/run/munin
* Mon Sep 15 2014 Petr Pisar <ppisar(a)redhat.com> - 2.0.21-6
- Build against perl 5.20
* Sun Sep 14 2014 "D. Johnson" <fenris02(a)fedoraproject.org> - 2.0.21-6
- Add amavis plugin config defaults
* Sun Sep 7 2014 "D. Johnson" <fenris02(a)fedoraproject.org> - 2.0.21-5
- BZ# 1114857 - munin-2.0.21-2.fc21 FTBFS: No Package found for java-1.7.0-devel
- re-merge earlier commit for epel7
* Fri Aug 29 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.0.21-4
- Perl 5.20 rebuild
* Fri Aug 1 2014 "D. Johnson" <fenris02(a)fedoraproject.org> - 2.0.21-3
- Default to a localhost name to prevent munin-node from complaining
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0.21-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Apr 28 2014 Lubomir Rintel <lkundrak(a)v3.sk> - 2.0.21-1.1
- mx4j is not a build time dependency
- RHEL 7 Actually uses systemd too
- No Net::CIDR in el7
- No Cache::Memcached in el7
- Carp::Always is not actually required
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1114857 - munin-2.0.21-2.fc21 FTBFS: No Package found for java-1.7.0-devel
https://bugzilla.redhat.com/show_bug.cgi?id=1114857
[ 2 ] Bug #1149948 - munin-async pid file in /var/run rather than /var/run/munin
https://bugzilla.redhat.com/show_bug.cgi?id=1149948
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin4-4.0.10.5-1.el5 (FEDORA-EPEL-2014-3651)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.5 (2014-10-21)
================================
- [security] XSS in debug SQL output
- [security] XSS in monitor query analyzer
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2014 Robert Scheck <robert(a)fedoraproject.org> 4.0.10.5-1
- Upgrade to 4.0.10.5 (#1155362)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1155362 - CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in
versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12)
https://bugzilla.redhat.com/show_bug.cgi?id=1155362
--------------------------------------------------------------------------------
================================================================================
ssdeep-2.12-1.el5 (FEDORA-EPEL-2014-3611)
Compute context triggered piecewise hashes
--------------------------------------------------------------------------------
Update Information:
* Fixed issue when comparing identical hashes but with different block sizes.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 26 2014 Remi Collet <remi(a)fedoraproject.org> - 2.12-1
- update to 2.12
- fix license handling
--------------------------------------------------------------------------------
================================================================================
zabbix22-2.2.7-1.el5 (FEDORA-EPEL-2014-3599)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
http://www.zabbix.com/rn2.2.7.php
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 25 2014 Volker Fröhlich <volker27(a)gmx.at> - 2.2.7-1
- New upstream release
* Wed Aug 27 2014 Volker Fröhlich <volker27(a)gmx.at> - 2.2.6-1
- New upstream release
- Use the upstream tarball, now that non-free json was replaced with android-json
--------------------------------------------------------------------------------