The following Fedora EPEL 7 Security updates need testing: Age URL 743 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 506 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 208 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 88 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-19578898e6 w3m-0.5.3-30.git20170102.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-769c60931f wordpress-4.7.3-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6950a0884d R-3.3.3-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-956d05f9c4 mbedtls-2.4.2-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-05ac8b1dc4 php-onelogin-php-saml-2.10.5-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b639a46822 tcpreplay-4.2.0-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
gnome-shell-extension-no-topleft-hot-corner-14.0-2.el7 javawriter-2.5.1-4.el7 ovirt-guest-agent-1.0.13-2.el7 tcpreplay-4.2.0-1.el7 tlp-0.9-5.el7 xfce4-equake-plugin-1.3.8.1-1.el7
Details about builds:
================================================================================ gnome-shell-extension-no-topleft-hot-corner-14.0-2.el7 (FEDORA-EPEL-2017-c340eeff19) Disable the "hot corner" in the top-left of GNOME Shell -------------------------------------------------------------------------------- Update Information:
Put "Recommends" spec tag in a conditional, so that EPEL 7 will build. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1389955 - Review Request: gnome-shell-extension-no-topleft-hot-corner - Disable the "hot corner" in GNOME Shell https://bugzilla.redhat.com/show_bug.cgi?id=1389955 --------------------------------------------------------------------------------
================================================================================ javawriter-2.5.1-4.el7 (FEDORA-EPEL-2017-7a22f48c16) A Java API for generating .java source files -------------------------------------------------------------------------------- Update Information:
Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ ovirt-guest-agent-1.0.13-2.el7 (FEDORA-EPEL-2017-34f8fb3225) The oVirt Guest Agent -------------------------------------------------------------------------------- Update Information:
oVirt guest agent with a bugfix for el7 systems and hotplug memory on KVM systems and new channel name fix --------------------------------------------------------------------------------
================================================================================ tcpreplay-4.2.0-1.el7 (FEDORA-EPEL-2017-b639a46822) Replay captured network traffic -------------------------------------------------------------------------------- Update Information:
Features and fixes include: - MAC rewriting capabilities by Pedro Arthur (#313) - Fix several issues identified by Coverity (#305) - Packet distortion --fuzz- seed option by Gabriel Ganne (#302) - Add --unique-ip-loops option to modify IPs every few loops (#296) - Netmap startup delay increase (#290) - tcpcapinfo buffer overflow vulnerablily (#278) - Update git-clone instructions by Kyle McDonald (#277) - Allow fractions for --pps option (#270) - Print per-loop stats with --stats=0 (#269) - Add protection against packet drift by Guillaume Scott (#268) - Print flow stats periodically with --stats output (#262) - Include Travis-CI build support by Ilya Shipitsin (#264) (#285) - tcpreplay won't replay all packets in a pcap file with --netmap (#255) - First and last packet times in --stats output (#239) - Switch to wire speed after 30 minutes at 6 Gbps (#210) - tcprewrite fix checksum properly for fragmented packets (#190) ---- Patch CVE-2017-6429. Tcpcapinfo utility of Tcpreplay has a buffer overflow vulnerability associated with parsing a crafted pcap file. This occurs in the src/tcpcapinfo.c file when capture has a packet that is too large to handle. References: http://seclists.org/bugtraq/2017/Mar/22 Upstream bug: https://github.com/appneta/tcpreplay/issues/278 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1429521 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1429521 [ 2 ] Bug #1429522 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1429522 --------------------------------------------------------------------------------
================================================================================ tlp-0.9-5.el7 (FEDORA-EPEL-2017-eb010f224a) Advanced power management tool for Linux -------------------------------------------------------------------------------- Update Information:
Upstream bug fixes for 0.9: - fix corner case for tlp-stat causing an error - mitigate slow shutdown issue. --------------------------------------------------------------------------------
================================================================================ xfce4-equake-plugin-1.3.8.1-1.el7 (FEDORA-EPEL-2017-7ee98adbf4) Plugin for the XFCE panel which monitors earthquakes -------------------------------------------------------------------------------- Update Information:
- Rebuilt for new upstream version 1.3.8.1 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org