The following Fedora EPEL 6 Security updates need testing:
Age URL
40
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c
unrtf-0.21.9-8.el6
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c4ebc0d2d
wordpress-4.9.7-1.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d801e05f92
uwsgi-2.0.17.1-1.el6
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-aeb81e4fba
libpng10-1.0.69-5.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
gnudos-1.11-5.el6
optipng-0.7.7-1.el6
redis-3.2.12-1.el6
Details about builds:
================================================================================
gnudos-1.11-5.el6 (FEDORA-EPEL-2018-deee77598e)
The GnuDOS library for GNU/Linux
--------------------------------------------------------------------------------
Update Information:
Added BuildRequires: gcc
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 20 2018 Mohammed Isam <mohammed_isam1984(a)yahoo.com> 1.11-5
- Added BuildRequires: gcc
* Sat May 12 2018 Mohammed Isam <mohammed_isam1984(a)yahoo.com> 1.11-4
- Bugfixes
* Sat May 12 2018 Mohammed Isam <mohammed_isam1984(a)yahoo.com> 1.11-3
- Added missing copyright notice for ChangeLog file
* Fri May 11 2018 Mohammed Isam <mohammed_isam1984(a)yahoo.com> 1.11-2
- Added THANKS file and fixed missing copyright notices
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1604166 - gnudos: FTBFS in Fedora rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1604166
--------------------------------------------------------------------------------
================================================================================
optipng-0.7.7-1.el6 (FEDORA-EPEL-2018-bc1f8c9269)
PNG optimizer and converter
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.7
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 14 2018 Peter Hanecak <hany(a)hany.sk> - 0.7.7-1
- Update to 0.7.7
- Dropped pathes (both CVEs fixed in 0.7.7)
- Added BuildRequires: gcc
(
https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot)
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.6-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.6-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
redis-3.2.12-1.el6 (FEDORA-EPEL-2018-a83d5ad82b)
A persistent key-value database
--------------------------------------------------------------------------------
Update Information:
Upstream 3.2.12 security fix release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 20 2018 Nathan Scott <nathans(a)redhat.com> - 3.2.12-1
- Upstream 3.2.12 security fix release.
- Fixes CVE-2017-15047: Lack clusterLoadConfig input validation (RHBZ #1499153)
- Fixes CVE-2018-11218: Heap corruption in lua_cmsgpack.c (RHBZ #1591537)
- Fixes CVE-2018-11219: Integer overflow in lua_struct.c b_unpack (RHBZ #1591538)
- Fixes CVE-2018-12326: code execution via a crafted command line (RHBZ #1594294)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1594294 - CVE-2018-12326 redis: code execution via a crafted command line
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1594294
[ 2 ] Bug #1592931 - /var/run/redis directory not created by RPM
(redis-3.2.11-1.el6.x86_64.rpm)
https://bugzilla.redhat.com/show_bug.cgi?id=1592931
[ 3 ] Bug #1591538 - CVE-2018-11219 redis: Integer overflow in lua_struct.c:b_unpack()
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1591538
[ 4 ] Bug #1591537 - CVE-2018-11218 redis: Heap corruption in lua_cmsgpack.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1591537
[ 5 ] Bug #1499153 - CVE-2017-15047 redis: Insufficient input validation in the
clusterLoadConfig function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1499153
--------------------------------------------------------------------------------