The following Fedora EPEL 7 Security updates need testing:
Age URL
163
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a
unrtf-0.21.9-8.el7
114
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a
bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7
97
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
70
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3492a96896
myrepos-1.20180726-1.el7
20
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bdb21ebc3f
drupal7-7.60-2.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-be918c58c6
SDL2_image-2.0.4-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-df2d5af2fe
mingw-SDL2-2.0.9-1.el7 mingw-SDL2_mixer-2.0.4-1.el7 mingw-SDL2_image-2.0.4-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-32e0cee0bb
perl-Mojolicious-7.94-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9051b49e75
suricata-4.0.6-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fc29932f12
pdns-4.0.6-2.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9270bbaec
pdns-recursor-4.1.7-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a09ace87bb
php-PHPMailer-5.2.27-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-0e73364530
python-paramiko-2.1.1-0.9.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
bird-1.6.4-2.el7
gnome-screensaver-3.6.1-20.el7
pam_2fa-1.0-1.el7
python-fedmsg-meta-fedora-infrastructure-0.27.0-1.el7
Details about builds:
================================================================================
bird-1.6.4-2.el7 (FEDORA-EPEL-2018-c25e48ded1)
BIRD Internet Routing Daemon
--------------------------------------------------------------------------------
Update Information:
Update of bird to version 1.6.4 which includes fix for CVE-2018-12066. bird now
runs under bird user and group rather than root Running bird in foreground
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 19 2018 Stanislav Kozina <skozina(a)redhat.org> - 1.6.4-2
- Fix running bird under non-root user and group
* Mon Nov 19 2018 Stanislav Kozina <skozina(a)redhat.org> - 1.6.4-1
- Update to 1.6.4
- Fix CVE-2018-12066 (#1588770)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1285672 - Bird should start in foreground in the systemd unit
https://bugzilla.redhat.com/show_bug.cgi?id=1285672
[ 2 ] Bug #1642737 - bird-1.6.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1642737
[ 3 ] Bug #1397574 - Bird should drop privileges
https://bugzilla.redhat.com/show_bug.cgi?id=1397574
[ 4 ] Bug #1588770 - CVE-2018-12066 bird: Stack overflow in BGP mask expressions
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1588770
--------------------------------------------------------------------------------
================================================================================
gnome-screensaver-3.6.1-20.el7 (FEDORA-EPEL-2018-844c12300f)
GNOME Screensaver
--------------------------------------------------------------------------------
Update Information:
Rebuilt for RHEL 7.6 (gnome-desktop3 3.28)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 18 2018 Yaakov Selkowitz <yselkowi(a)redhat.com> - 3.6.1-20
- Rebuilt for gnome-desktop3 3.28
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.6.1-19
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 2 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.6.1-18
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.6.1-17
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.6.1-16
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Feb 3 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.6.1-15
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
pam_2fa-1.0-1.el7 (FEDORA-EPEL-2018-f6b899126d)
Second factor authentication for PAM
--------------------------------------------------------------------------------
Update Information:
The PAM 2FA module provides a second factor authentication, which can be
combined with the standard PAM-based password authentication to ask for: *
What you know: user account password ( standard PAM modules ) * What you have
(pick one of): (PAM 2FA) + A Google Authenticator Application on your phone
+ A Phone Number capable of receiving SMS + A Yubikey pam_ssh_user_auth
checks the value of SSH_USER_AUTH and will return success if is non-empty and
failure if it is. It can be used to skip other PAM authentication methods with
a configuration like: auth [success=1 ignore=ignore default=die]
pam_ssh_user_auth.so auth substack password-auth
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1650633 - Review Request: pam_2fa - Second factor authentication for PAM
https://bugzilla.redhat.com/show_bug.cgi?id=1650633
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.27.0-1.el7 (FEDORA-EPEL-2018-267ea6f622)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Update to 0.27.0 Change log can be found at:
https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0270 ----
Upgrade to 0.26.0 Changelog is at:
https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0260 ----
Update to 0.25.0 Changelog at:
https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0250
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 19 2018 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.27.0-1
- Upgrade to 0.27.0
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.26.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 0.26.0-2
- Rebuilt for Python 3.7
* Mon Jun 11 2018 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.26.0-1
- Update to 0.26.0
* Tue May 29 2018 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.25.0-2
- Fix the Requires in el6
* Fri May 25 2018 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.25.0-1
- Update to 0.25.0
--------------------------------------------------------------------------------