The following Fedora EPEL 7 Security updates need testing:
Age URL
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-568a1eb67d
btrbk-0.31.3-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-2d515d4692
binaryen-104-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-673d6fb241
libmetalink-0.1.3-5.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4dd661d32b
prosody-0.11.12-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-04da0327c7
clamav-0.103.5-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-f37ca1b24a
guacamole-server-1.4.0-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
R-Rcpp-1.0.8-1.el7
zabbix40-4.0.37-1.el7
zabbix50-5.0.19-1.el7
Details about builds:
================================================================================
R-Rcpp-1.0.8-1.el7 (FEDORA-EPEL-2022-b960664faa)
Seamless R and C++ Integration
--------------------------------------------------------------------------------
Update Information:
Rcpp 1.0.8
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1.0.8-1
- Update to 1.0.8
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jul 21 2021 Tom Callaway <spot(a)fedoraproject.org> - 1.0.7-2
- rebuild for R 4.1.0 (epel8)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2041330 - Version 1.0.8 was released, please update it.
https://bugzilla.redhat.com/show_bug.cgi?id=2041330
--------------------------------------------------------------------------------
================================================================================
zabbix40-4.0.37-1.el7 (FEDORA-EPEL-2022-92a697e332)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
Update to 4.0.37 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2022 Orion Poplawski <orion(a)nwra.com> - 4.0.37-1
- Update to 4.0.37 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2040749 - CVE-2022-23131 zabbix: Unsafe client-side session storage leading
to authentication bypass / instance takeover via Zabbix Frontend with configured SAML
https://bugzilla.redhat.com/show_bug.cgi?id=2040749
--------------------------------------------------------------------------------
================================================================================
zabbix50-5.0.19-1.el7 (FEDORA-EPEL-2022-c99f63fce9)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
Update to 5.0.19 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2022 Orion Poplawski <orion(a)nwra.com> - 5.0.19-1
- Update to 5.0.19 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2040748 - CVE-2022-23134 zabbix50: zabbix: Possible view of the setup pages
by unauthenticated users if config file already exists [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2040748
[ 2 ] Bug #2040752 - CVE-2022-23131 zabbix50: zabbix: Unsafe client-side session storage
leading to authentication bypass / instance takeover via Zabbix Frontend with configured
SAML [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2040752
[ 3 ] Bug #2040757 - CVE-2022-23132 zabbix50: zabbix: Incorrect permissions of
[/var/run/zabbix] forces dac_override [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2040757
[ 4 ] Bug #2040761 - CVE-2022-23133 zabbix50: zabbix: Stored XSS in host groups
configuration window in Zabbix Frontend [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2040761
--------------------------------------------------------------------------------