The following Fedora EPEL 6 Security updates need testing:
Age URL
35
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-06b243cced
guacamole-server-1.0.0-1.el6
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-62f9745b71
drupal7-7.65-1.el6
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-13e2a65b5e
wordpress-5.1.1-4.el6
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8d5207833a
ntfs-3g-2017.3.23-11.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
ansible-2.6.16-1.el6
clamav-0.100.3-1.el6
ninja-build-1.7.2-2.el6
singularity-3.1.1-1.el6
Details about builds:
================================================================================
ansible-2.6.16-1.el6 (FEDORA-EPEL-2019-c78aa6fc8b)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.16 bugfix release. See
https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v...
for more information.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 4 2019 Kevin Fenzi <kevin(a)scrye.com> - 2.6.16-1
- Update to 2.6.16.
--------------------------------------------------------------------------------
================================================================================
clamav-0.100.3-1.el6 (FEDORA-EPEL-2019-9c8cf7e4be)
Anti-virus software
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.100.3 ============== ClamAV 0.100.3 is a patch release to address a
few security related bugs. This patch release is being released alongside the
0.101.2 patch so that users who are unable to upgrade to 0.101 due to libclamav
API changes are protected. The bug fixes in this release are limited to
security-related bugs only. Users are encouraged to upgrade to 0.101.2 for
additional improvements. - Fixes for the following vulnerabilities: -
CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning
PDF documents. The defect is a failure to correctly keep track of the number
of bytes remaining in a buffer when indexing file data. - CVE-2019-1789:
An out-of-bounds heap read condition may occur when scanning PE files (i.e.
Windows EXE and DLL files) that have been packed using Aspack as a result of
inadequate bound-checking. - CVE-2019-1788: An out-of-bounds heap write
condition may occur when scanning OLE2 files such as Microsoft Office
97-2003 documents. The invalid write happens when an invalid pointer is
mistakenly used to initialize a 32bit integer to zero. This is likely to
crash the application. Thank you to the Google OSS-Fuzz project for identifying
and reporting the bugs patched in this release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Robert Scheck <robert(a)fedoraproject.org> - 0.100.3-1
- Upgrade to 0.100.3 (#1696106, #1696110, #1696116)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1696116 - CVE-2019-1788 clamav: out-of-bounds heap write when scanning OLE2
files
https://bugzilla.redhat.com/show_bug.cgi?id=1696116
[ 2 ] Bug #1696110 - CVE-2019-1789 clamav: out-of-bounds heap read when scanning PE
files
https://bugzilla.redhat.com/show_bug.cgi?id=1696110
[ 3 ] Bug #1696106 - CVE-2019-1787 clamav: out-of-bounds heap read when scanning PDF
documents
https://bugzilla.redhat.com/show_bug.cgi?id=1696106
--------------------------------------------------------------------------------
================================================================================
ninja-build-1.7.2-2.el6 (FEDORA-EPEL-2019-76763433e3)
A small build system with a focus on speed
--------------------------------------------------------------------------------
Update Information:
Initial EL6 package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1695759 - ninja-build: build for EPEL6
https://bugzilla.redhat.com/show_bug.cgi?id=1695759
--------------------------------------------------------------------------------
================================================================================
singularity-3.1.1-1.el6 (FEDORA-EPEL-2019-1069e1d162)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.1.1-1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 2 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.1.1-1
- Update to upstream 3.1.1-1
* Mon Feb 25 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.1.0-1
- Update to upstream 3.1.0-1
* Tue Jan 22 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.0.3-1
- Update to upstream 3.0.3-1 release.
* Fri Jan 18 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.0.3-rc2
- Update to upstream 3.0.3-rc2
* Wed Jan 16 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.0.3-rc1
- Update to upstream 3.0.3-rc1
* Wed Jan 9 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.0.2-1.2
- Add patch for PR 2531
* Mon Jan 7 2019 Dave Dykstra <dwd(a)fedoraproject.org> - 3.0.2-1.1
- Update to upstream 3.0.2
- Added patches for PRs 2472, 2478, 2481
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1693909 - singularity-3.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1693909
--------------------------------------------------------------------------------