The following Fedora EPEL 7 Security updates need testing:
Age URL
833
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
595
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
178
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
75
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
73
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4
tnef-1.4.14-1.el7
72
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-340bb46b1d
capnproto-0.5.3.1-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4aae1e22f1
lxc-1.0.10-2.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d9786818e4
python-nbxmpp-0.5.6-1.el7 gajim-0.16.8-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a8886eb42e
cross-binutils-2.28-1.el7 cross-gcc-7.0.1-0.4.el7.1.1
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30baf73207
chromium-59.0.3071.104-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-59.0.3071.104-1.el7
cross-binutils-2.28-1.el7
cross-gcc-7.0.1-0.4.el7.1.1
inxi-2.3.21-1.el7
libmediainfo-0.7.96-1.el7
lynis-2.5.1-2.el7
mediainfo-0.7.96-1.el7
mock-1.4.2-1.el7
php-jsonlint-1.6.1-1.el7
tlp-1.0-1.el7
vtun-3.0.4-1.el7
waiverdb-0.2.1-1.el7
Details about builds:
================================================================================
chromium-59.0.3071.104-1.el7 (FEDORA-EPEL-2017-30baf73207)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Update to .104. Fix mp3 playback. Security fix for CVE-2017-5087, CVE-2017-5088,
CVE-2017-5089 ---- Chromium 59. Add smaller logo files. Fix lots of security
bugs: Security fix for CVE-2017-5070, CVE-2017-5071, CVE-2017-5072,
CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5086, CVE-2017-5076,
CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081,
CVE-2017-5082, CVE-2017-5083, CVE-2017-5085
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1462151 - CVE-2017-5089 chromium-browser: domain spoofing in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1462151
[ 2 ] Bug #1462149 - CVE-2017-5088 chromium-browser: out of bounds read in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1462149
[ 3 ] Bug #1462148 - CVE-2017-5087 chromium-browser: sandbox escape in indexeddb
https://bugzilla.redhat.com/show_bug.cgi?id=1462148
[ 4 ] Bug #1459037 - CVE-2017-5085 chromium-browser: inappropriate javascript execution
on webui pages
https://bugzilla.redhat.com/show_bug.cgi?id=1459037
[ 5 ] Bug #1459036 - CVE-2017-5083 chromium-browser: ui spoofing in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1459036
[ 6 ] Bug #1459035 - CVE-2017-5082 chromium-browser: insufficient hardening in credit
card editor
https://bugzilla.redhat.com/show_bug.cgi?id=1459035
[ 7 ] Bug #1459034 - CVE-2017-5081 chromium-browser: extension verification bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1459034
[ 8 ] Bug #1459033 - CVE-2017-5080 chromium-browser: use after free in credit card
autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1459033
[ 9 ] Bug #1459032 - CVE-2017-5079 chromium-browser: ui spoofing in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1459032
[ 10 ] Bug #1459031 - CVE-2017-5078 chromium-browser: possible command injection in
mailto handling
https://bugzilla.redhat.com/show_bug.cgi?id=1459031
[ 11 ] Bug #1459030 - CVE-2017-5077 chromium-browser: heap buffer overflow in skia
https://bugzilla.redhat.com/show_bug.cgi?id=1459030
[ 12 ] Bug #1459029 - CVE-2017-5076 chromium-browser: address spoofing in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1459029
[ 13 ] Bug #1459028 - CVE-2017-5086 chromium-browser: address spoofing in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1459028
[ 14 ] Bug #1459027 - CVE-2017-5075 chromium-browser: information leak in csp reporting
https://bugzilla.redhat.com/show_bug.cgi?id=1459027
[ 15 ] Bug #1459025 - CVE-2017-5074 chromium-browser: use after free in apps bluetooth
https://bugzilla.redhat.com/show_bug.cgi?id=1459025
[ 16 ] Bug #1459024 - CVE-2017-5073 chromium-browser: use after free in print preview
https://bugzilla.redhat.com/show_bug.cgi?id=1459024
[ 17 ] Bug #1459023 - CVE-2017-5072 chromium-browser: address spoofing in omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1459023
[ 18 ] Bug #1459022 - CVE-2017-5071 chromium-browser: out of bounds read in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1459022
[ 19 ] Bug #1459021 - CVE-2017-5070 chromium-browser: type confusion in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1459021
--------------------------------------------------------------------------------
================================================================================
cross-binutils-2.28-1.el7 (FEDORA-EPEL-2017-a8886eb42e)
A GNU collection of cross-compilation binary utilities
--------------------------------------------------------------------------------
Update Information:
Rebase cross-gcc and cross-binutils.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1162664 - cross-binutils: binutils: directory traversal vulnerability
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162664
[ 2 ] Bug #1162629 - CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC
parser [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162629
[ 3 ] Bug #1162618 - CVE-2014-8503 cross-binutils: binutils: stack overflow in objdump
when parsing specially crafted ihex file [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162618
[ 4 ] Bug #1162605 - CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162605
[ 5 ] Bug #1162582 - CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when
parsing specially crafted PE executable [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162582
[ 6 ] Bug #1440669 - Rebase cross-gcc on EPEL with latest RHEL-7 gcc sources
https://bugzilla.redhat.com/show_bug.cgi?id=1440669
--------------------------------------------------------------------------------
================================================================================
cross-gcc-7.0.1-0.4.el7.1.1 (FEDORA-EPEL-2017-a8886eb42e)
Cross C compiler
--------------------------------------------------------------------------------
Update Information:
Rebase cross-gcc and cross-binutils.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1162664 - cross-binutils: binutils: directory traversal vulnerability
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162664
[ 2 ] Bug #1162629 - CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC
parser [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162629
[ 3 ] Bug #1162618 - CVE-2014-8503 cross-binutils: binutils: stack overflow in objdump
when parsing specially crafted ihex file [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162618
[ 4 ] Bug #1162605 - CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162605
[ 5 ] Bug #1162582 - CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when
parsing specially crafted PE executable [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162582
[ 6 ] Bug #1440669 - Rebase cross-gcc on EPEL with latest RHEL-7 gcc sources
https://bugzilla.redhat.com/show_bug.cgi?id=1440669
--------------------------------------------------------------------------------
================================================================================
inxi-2.3.21-1.el7 (FEDORA-EPEL-2017-59f79e4db7)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.21.
--------------------------------------------------------------------------------
================================================================================
libmediainfo-0.7.96-1.el7 (FEDORA-EPEL-2017-814c12bcec)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.96.
--------------------------------------------------------------------------------
================================================================================
lynis-2.5.1-2.el7 (FEDORA-EPEL-2017-68fc81975d)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
Update to 2.5.1 / Add patch to fix lynis show changelog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1457583 - lynis-2.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1457583
--------------------------------------------------------------------------------
================================================================================
mediainfo-0.7.96-1.el7 (FEDORA-EPEL-2017-814c12bcec)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.96.
--------------------------------------------------------------------------------
================================================================================
mock-1.4.2-1.el7 (FEDORA-EPEL-2017-65be829503)
Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
There are new features: * The bootstrap feature is now disabled by default.
There were too many issues with it. You can enable it localy with `--bootstrap-
chroot`, but first see knows [
bugs](https://bugzilla.redhat.com/buglist.cgi?bug_
status=NEW&bug_status=ASSIGNED&component=mock&known_name=mock-
all&list_id=7491839&product=Fedora&product=Fedora%20EPEL&query_based_on=mock-
all&query_format=advanced) and [
issues](https://github.com/rpm-software-
management/mock/issues). * There is initial support for Fedora Modularity. You
can add to config: config_opts['module_enable'] = ['list',
'of', 'modules']
config_opts['module_install'] = ['module1/profile',
'module2/profile'] This
will call `dnf module enable list of modules` and `dnf module install
module1/profile module2/profile` during the init phase. There are some
bugfixes: * NSpawn chroot is switched off for EL6 targets
[[RHBZ#1456421](https://bugzilla.redhat.com/show_bug.cgi?id=1456421)]. * LVM
root is not umounted when `umount_root` is set to false
[[RHBZ#1447658](https://bugzilla.redhat.com/show_bug.cgi?id=1447658)] * Shell in
NSpawn container is now called with `--login` so `profile.d` scripts are
executed [[RHBZ#1450516](https://bugzilla.redhat.com/show_bug.cgi?id=1450516)]
[[RHBZ#1462373](https://bugzilla.redhat.com/show_bug.cgi?id=1462373)] * yum
rather then yum-deprecated is used when using bootstrap chroot
[[RHBZ#1446294](https://bugzilla.redhat.com/show_bug.cgi?id=1446294)] * Custom
chroot does not use bootstrap
[[RHBZ#1448321](https://bugzilla.redhat.com/show_bug.cgi?id=1448321)] * Mock now
use `dnf repoquery` instead of repoquery for chroots which uses DNF. * LVM's
scrub hook for bootstrap chroot is called
[[RHBZ#1446297](https://bugzilla.redhat.com/show_bug.cgi?id=1446297)] *
`--mount` will mount LVM volumes
[[RHBZ#1448017](https://bugzilla.redhat.com/show_bug.cgi?id=1448017)]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1448017 - [lvm] --mount does not mount the bootstrap volume
https://bugzilla.redhat.com/show_bug.cgi?id=1448017
[ 2 ] Bug #1446297 - "--scrub all" does not remove the bootsrap volume
https://bugzilla.redhat.com/show_bug.cgi?id=1446297
[ 3 ] Bug #1448321 - Problem with dnf_install_command in custom1 chroot
https://bugzilla.redhat.com/show_bug.cgi?id=1448321
[ 4 ] Bug #1446294 - No such file or directory: '/usr/bin/yum-deprecated'
https://bugzilla.redhat.com/show_bug.cgi?id=1446294
[ 5 ] Bug #1462373 - module load fails with "module unknown" error when
running under mock --new-chroot
https://bugzilla.redhat.com/show_bug.cgi?id=1462373
[ 6 ] Bug #1450516 - Login shell with systemd-nspawn
https://bugzilla.redhat.com/show_bug.cgi?id=1450516
[ 7 ] Bug #1447658 - [lvm] The buildroot volume is not kept mounted after build
https://bugzilla.redhat.com/show_bug.cgi?id=1447658
[ 8 ] Bug #1456421 - Cannot build packages in epel-6 with mock-1.14 due to new chroot
https://bugzilla.redhat.com/show_bug.cgi?id=1456421
--------------------------------------------------------------------------------
================================================================================
php-jsonlint-1.6.1-1.el7 (FEDORA-EPEL-2017-052d23dad3)
JSON Lint for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.6.1** (2017-06-18) * Fixed parsing of `0` as invalid
--------------------------------------------------------------------------------
================================================================================
tlp-1.0-1.el7 (FEDORA-EPEL-2017-05b24fcbe0)
Advanced power management tool for Linux
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1455545 - tlp-1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1455545
--------------------------------------------------------------------------------
================================================================================
vtun-3.0.4-1.el7 (FEDORA-EPEL-2017-414e87e78e)
Virtual tunnel over TCP/IP networks
--------------------------------------------------------------------------------
Update Information:
add epel7 branch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1462458 - Add vtun to EPEL 7?
https://bugzilla.redhat.com/show_bug.cgi?id=1462458
--------------------------------------------------------------------------------
================================================================================
waiverdb-0.2.1-1.el7 (FEDORA-EPEL-2017-ade2cfc374)
Service for waiving results in ResultsDB
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.2.1:
https://docs.pagure.org/waiverdb/release-
notes.html#waiverdb-0-2
--------------------------------------------------------------------------------