The following Fedora EPEL 6 Security updates need testing:
Age URL
924
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
814
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
786
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
396
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
125
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92
libmspack-0.6-0.1.alpha.el6
45
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e
optipng-0.7.6-6.el6
27
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6e4ce19598
monit-5.25.1-1.el6
17
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462
heimdal-7.5.0-1.el6
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fde8252ab7
python-bottle-0.12.13-1.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4
rootsh-1.5.3-17.el6
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2ba6bfc5d8
wordpress-4.9.2-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
GraphicsMagick-1.3.28-1.el6
distribution-gpg-keys-1.18-1.el6
fedfind-4.0.0-1.el6
mozilla-https-everywhere-2018.1.11-1.el6
Details about builds:
================================================================================
GraphicsMagick-1.3.28-1.el6 (FEDORA-EPEL-2018-1049ca4872)
An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:
Latest stable release, includes many bug and security fixes. See also
http://www.graphicsmagick.org/NEWS.html#january-20-2017
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1473729 - CVE-2017-11102 GraphicsMagick: Input validation failure in
ReadOneJNGImage function may cause denial of service [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473729
[ 2 ] Bug #1473741 - CVE-2017-11139 GraphicsMagick: double free vulnerabilities in the
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473741
[ 3 ] Bug #1473752 - CVE-2017-11140 GraphicsMagick: Resource exhaustion denial of
service in ReadJPEGImage function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1473752
[ 4 ] Bug #1475454 - CVE-2017-11637 GraphicsMagick: NULL pointer dereference in
WritePCLImage() in coders/pcl.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475454
[ 5 ] Bug #1475458 - CVE-2017-11636 GraphicsMagick: Heap based buffer over-write in
WriteRGBImage in coders/rgb.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475458
[ 6 ] Bug #1475490 - CVE-2017-11641 GraphicsMagick: Memory Leak in the PersistCache in
magick/pixel_cache.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475490
[ 7 ] Bug #1475498 - CVE-2017-11643 GraphicsMagick: Heap based over-write in
WriteCMYKImagefunction in coders/cmyk.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1475498
[ 8 ] Bug #1484483 - CVE-2017-13147 GraphicsMagick: Allocation failure in ReadMNGImage
function in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1484483
[ 9 ] Bug #1512038 - CVE-2017-16669 GraphicsMagick: Heap buffer over-write in
AcquireCacheNexus function in magick/pixel_cache.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1512038
[ 10 ] Bug #1512049 - CVE-2017-16353 GraphicsMagick: ImageMagick, GraphicsMagick: memory
information disclosure in DescribeImage function in magick/describe.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1512049
[ 11 ] Bug #1528037 - CVE-2017-17782 GraphicsMagick: heap-based buffer over-read in
ReadOneJNGImage function in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528037
[ 12 ] Bug #1528051 - CVE-2017-17783 GraphicsMagick: heap based buffer over-read in
ReadPALMImage in coders/palm.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528051
[ 13 ] Bug #1529535 - CVE-2017-17915 GraphicsMagick: Memory leak in the function
ReadMNGImage in coders/png.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529535
[ 14 ] Bug #1529557 - CVE-2017-17913 GraphicsMagick: stack-based buffer over-read in
WriteWEBPImage in coders/webp.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529557
[ 15 ] Bug #1529580 - CVE-2017-17912 GraphicsMagick: GraphicsMagick: heap-based buffer
over-read in ReadNewsProfile in coders/tiff.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1529580
[ 16 ] Bug #1536951 - GraphicsMagick: 2018-5685 GraphicsMagick: Infinite loop and
application hang in coders/bmp.c:ReadBMPImage [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1536951
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.18-1.el6 (FEDORA-EPEL-2018-4c19ea99da)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
- updated Copr keys - add UnitedRPMs - add remi 2018 key
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1536804 - distribution-gpg-keys-1.18-1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1536804
--------------------------------------------------------------------------------
================================================================================
fedfind-4.0.0-1.el6 (FEDORA-EPEL-2018-a79242a0ec)
Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:
This update provides a new major release of fedfind. It is going out to stable
releases as fedfind is used quite extensively in Fedora QA infrastructure, and
we prefer to keep all those deployments on the latest code. The new release also
provides some significant enhancements in correctness checking that will be
useful in these cases. See [the upstream changelog](https://pagure.io/fedora-
qa/fedfind/blob/5713f806517a358a5761aaaff9cfd276f8aeb862/f/CHANGELOG.md) for
more details on the specific changes in this release. Most uses of fedfind (both
CLI and as a Python library) should continue to work unchanged, or with only
minimal changes (mainly because `get_release` can raise some different
exceptions now).
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-2018.1.11-1.el6 (FEDORA-EPEL-2018-1e59402c3f)
HTTPS enforcement extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
* More ruleset updates
--------------------------------------------------------------------------------