The following Fedora EPEL 7 Security updates need testing:
Age URL
938
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
700
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
282
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
180
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
178
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4
tnef-1.4.14-1.el7
177
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
44
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-17b77b3268
botan-1.10.16-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9f88067c22
mpg123-1.25.6-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23
libmspack-0.6-0.1.alpha.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2795d59fcc
python3-numpy-1.10.4-5.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30a9c74908
php-horde-Horde-Image-2.5.2-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5b07cc6958
wordpress-4.8.2-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8da6477f0a
moodle-3.1.8-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3a2abe4898
php-horde-passwd-5.0.7-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a3ae700da7
php-horde-wicked-2.0.8-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d49c1ef800
php-horde-nag-4.2.17-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b8147c68
openvpn-auth-ldap-2.0.3-15.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e3436f7a95
libbson-1.3.5-4.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9179bc1cf5
chromium-61.0.3163.100-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3dcce634cb
MySQL-zrm-3.0-17.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-afdcf119f4
freexl-1.0.4-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4826761f5d
openvpn-2.4.4-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-abe6f98ebf
tor-0.2.9.12-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0f92580f68
yadifa-2.2.6-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
bgpq3-0.1.31-1.el7
fedmsg-1.0.1-4.el7
fedora-easy-karma-0-0.32.20170930git0c81432c.el7
nova-agent-2.1.6-1.el7
odcs-0.0.7-1.el7
openboardview-7.3-5.el7
openscap-daemon-0.1.8-1.el7
opensmtpd-6.0.2p1-6.el7
openvpn-2.4.4-1.el7
petsc-3.7.7-1.el7
php-phpmyadmin-sql-parser-4.2.2-1.el7
python-sync2jira-1.4-1.el7
sysbench-1.0.9-2.el7
tor-0.2.9.12-1.el7
tsung-1.7.0-1.el7
yadifa-2.2.6-1.el7
Details about builds:
================================================================================
bgpq3-0.1.31-1.el7 (FEDORA-EPEL-2017-666fc07261)
Automate BGP filter generation based on routing database information
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1495004 - Review Request: bgpq3 - Automate BGP filter generation based on
routing database information
https://bugzilla.redhat.com/show_bug.cgi?id=1495004
--------------------------------------------------------------------------------
================================================================================
fedmsg-1.0.1-4.el7 (FEDORA-EPEL-2017-57b6bb1261)
Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:
* Refactor subpackages so that python2-fedmsg contains everything * Update to
the latest upstream release
--------------------------------------------------------------------------------
================================================================================
fedora-easy-karma-0-0.32.20170930git0c81432c.el7 (FEDORA-EPEL-2017-35e7efea31)
Fedora update feedback made easy
--------------------------------------------------------------------------------
Update Information:
Add support for new bodhi client bindings and add hard dependencies for yum or
python2-dnf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494644 - fedora.client.bodhi.BodhiClientException: You must provide a
captcha_key
https://bugzilla.redhat.com/show_bug.cgi?id=1494644
[ 2 ] Bug #1270600 - fedora-easy-karma can not execute without yum or python2-dnf
(missing dependency)
https://bugzilla.redhat.com/show_bug.cgi?id=1270600
--------------------------------------------------------------------------------
================================================================================
nova-agent-2.1.6-1.el7 (FEDORA-EPEL-2017-3fb011c248)
Agent for setting up clean servers on Xen
--------------------------------------------------------------------------------
Update Information:
This is a new package.
--------------------------------------------------------------------------------
================================================================================
odcs-0.0.7-1.el7 (FEDORA-EPEL-2017-45f7d47d2a)
The On Demand Compose Service
--------------------------------------------------------------------------------
Update Information:
Now with fedmsg support. ---- Fixes from @puiterwijk's security audit.
--------------------------------------------------------------------------------
================================================================================
openboardview-7.3-5.el7 (FEDORA-EPEL-2017-dced3e892c)
Viewer for PCB layouts
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
================================================================================
openscap-daemon-0.1.8-1.el7 (FEDORA-EPEL-2017-f033be17d0)
Manages continuous SCAP scans of your infrastructure
--------------------------------------------------------------------------------
Update Information:
upgrade to the latest upstream release
--------------------------------------------------------------------------------
================================================================================
opensmtpd-6.0.2p1-6.el7 (FEDORA-EPEL-2017-8f47a3c83f)
Free implementation of the server-side SMTP protocol as defined by RFC 5321
--------------------------------------------------------------------------------
Update Information:
Fixing HAVE_REALLOCARRAY in portable
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1480303 - opensmptd: Accidentally interposes reallocarray
https://bugzilla.redhat.com/show_bug.cgi?id=1480303
--------------------------------------------------------------------------------
================================================================================
openvpn-2.4.4-1.el7 (FEDORA-EPEL-2017-4826761f5d)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Maintenance release with several minor upstream bugfixes and a security fix
related to legacy configurations deploying the deprecated `key-method 1`
configuration option
([
CVE-2017-12166](https://community.openvpn.net/openvpn/wiki/CVE-2017-12166)).
From this update of, OpenVPN will use the lz4 compression library from Fedora
EPEL instead of the upstream bundled library.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1497109 - CVE-2017-12166 openvpn: Incorrect bounds check in read_key() with
'key-method 1'
https://bugzilla.redhat.com/show_bug.cgi?id=1497109
--------------------------------------------------------------------------------
================================================================================
petsc-3.7.7-1.el7 (FEDORA-EPEL-2017-95cf1c696b)
Portable Extensible Toolkit for Scientific Computation
--------------------------------------------------------------------------------
Update Information:
- Update to 3.7.7 - Move petscvariables/petscrules under a private directory of
libdir
--------------------------------------------------------------------------------
================================================================================
php-phpmyadmin-sql-parser-4.2.2-1.el7 (FEDORA-EPEL-2017-3a8700adef)
A validating SQL lexer and parser with a focus on MySQL dialect
--------------------------------------------------------------------------------
Update Information:
**Version 4.2.2** - 2017-09-28 * Added support for binding parameters.
--------------------------------------------------------------------------------
================================================================================
python-sync2jira-1.4-1.el7 (FEDORA-EPEL-2017-b1ccb3cb7a)
Sync pagure and github issues to jira, via fedmsg
--------------------------------------------------------------------------------
Update Information:
Now with support for spaces! ---- Latest upstream. Supports labels. Thanks
@pingou!
--------------------------------------------------------------------------------
================================================================================
sysbench-1.0.9-2.el7 (FEDORA-EPEL-2017-b96ffec815)
System performance benchmark
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1488694 - sysbench-1.0.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1488694
--------------------------------------------------------------------------------
================================================================================
tor-0.2.9.12-1.el7 (FEDORA-EPEL-2017-abe6f98ebf)
Anonymizing overlay network for TCP
--------------------------------------------------------------------------------
Update Information:
update to upstream release 0.2.9.12 (SECURITY) (#1494860)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494860 - tor-0.2.9.10-1.el7.x86_64 is unsecure and out of date
https://bugzilla.redhat.com/show_bug.cgi?id=1494860
[ 2 ] Bug #1493512 - CVE-2017-0380 tor: Stack disclosure in hidden services logs when
SafeLogging disabled [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1493512
[ 3 ] Bug #1493513 - CVE-2017-0380 tor: Stack disclosure in hidden services logs when
SafeLogging disabled [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1493513
--------------------------------------------------------------------------------
================================================================================
tsung-1.7.0-1.el7 (FEDORA-EPEL-2017-6cf6da0e9a)
A distributed multi-protocol load testing tool
--------------------------------------------------------------------------------
Update Information:
Update to 1.7.0 (#1486744)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1486744 - tsung-1.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1486744
--------------------------------------------------------------------------------
================================================================================
yadifa-2.2.6-1.el7 (FEDORA-EPEL-2017-0f92580f68)
Lightweight authoritative Name Server with DNSSEC capabilities
--------------------------------------------------------------------------------
Update Information:
20170912: YADIFA 2.2.6 --- Fixes an issue where a maliciously crafted message
may block the server.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494005 - CVE-2017-14339 yadifa: Infinite loop due to insufficient checks in
the DNS packet parser
https://bugzilla.redhat.com/show_bug.cgi?id=1494005
--------------------------------------------------------------------------------