The following Fedora EPEL 8 Security updates need testing:
Age URL
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4c26d6c15b
knot-resolver-5.5.3-1.el8
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-9f67252d52
chromium-105.0.5195.125-2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
ImageMagick-6.9.12.64-1.el8
apptainer-1.1.0-1.el8
dkms-3.0.7-1.el8
fennel-1.2.0-1.el8
mock-core-configs-37.8-1.el8
openbabel-3.1.1-14.el8
openssl3-3.0.1-41.el8.1
python-dnslib-0.9.21-1.el8
Details about builds:
================================================================================
ImageMagick-6.9.12.64-1.el8 (FEDORA-EPEL-2022-63f85dcc14)
An X application for displaying and manipulating images
--------------------------------------------------------------------------------
Update Information:
Update ImageMagick to 6.9.12.64 (#2129597)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 S��rgio Basto <sergio(a)serjux.com> - 1:6.9.12.64-1
- Update ImageMagick to 6.9.12.64 (#2129597)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2129597 - ImageMagick-6.9.12.64 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2129597
--------------------------------------------------------------------------------
================================================================================
apptainer-1.1.0-1.el8 (FEDORA-EPEL-2022-531e44bc7e)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.0 ---- Update to upstream 1.1.0-rc.3 ---- update to upstream
1.1.0-rc.2 ---- Update to 1.1.0~rc.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0
- Update to upstream 1.1.0. Uncomment the requiring of fuse2fs on el7.
* Tue Sep 6 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0-rc.3
- Update to upstream 1.1.0~rc.3. Uncomment setting squashfuse_version and
the requiring of fuse2fs on el7.
* Wed Aug 17 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0~rc.2
- Update to upstream 1.1.0~rc.2. Remove customizations put into
1.1.0-rc.1 packaging except for f35 inclusion of golang source.
* Tue Aug 2 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0~rc.1
- Update to upstream 1.1.0~rc.1
- Require fuse2fs package on el7
- Require fuse-overlayfs everywhere for cases that kernel overlayfs
does not support
- Add patch for 32-bit compilation
* Wed Jul 6 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.3
- Update to upstream 1.0.3
* Tue May 10 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.2
- Update to upstream 1.0.2
* Wed Mar 16 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.1
- Update to upstream 1.0.1
- Remove patch from pr 299, not needed anymore
* Thu Mar 3 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.0
- Initial release from upstream 1.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2130297 - apptainer-1.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2130297
--------------------------------------------------------------------------------
================================================================================
dkms-3.0.7-1.el8 (FEDORA-EPEL-2022-c39424ac9e)
Dynamic Kernel Module Support Framework
--------------------------------------------------------------------------------
Update Information:
Update to bugfix release 3.0.7.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Simone Caronni <negativo17(a)gmail.com> - 3.0.7-1
- Update to 3.0.7.
* Tue Aug 9 2022 Simone Caronni <negativo17(a)gmail.com> - 3.0.6-2
- Adjust kernel devel subpackage requirements.
--------------------------------------------------------------------------------
================================================================================
fennel-1.2.0-1.el8 (FEDORA-EPEL-2022-4d9bf21fc5)
A Lisp that compiles to Lua
--------------------------------------------------------------------------------
Update Information:
## New Forms - Add `fcollect` macro for range ���comprehension��� ## New Features -
Make `include` splice modules in where they���re used instead of at the top - Add
`ast-source` function to API to get file/line info from AST nodes - Show errors
using terminal control codes instead of arrow indicator - Parser now includes
column information (byte-based) in AST nodes - For greater consistency, add
&into/&until to certain looping constructs ## Bug Fixes - Duplicate table keys
no longer crash the compiler - Don���t print stack trace for compiler errors in
built-in macros - Fix an issue with native modules in `--compile-binary` -
Improve argument handling so unused arguments get passed on to script - Fix a
bug where macros modifying table literals would emit incorrect output - Fix a
bug in the REPL where parser errors display the error message as `nil` - Fix a
bug when nil were emitted by unquote in a macro, and the macro was not compiled
correctly because the resulting list length was calculated incorrectly - Fix a
REPL bug where `,doc m.foo` did not resolve multisym to macro for macro modules
loaded as macro table via `(import-macros m :my.macro.module)`
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Michel Alexandre Salim <salimma(a)fedoraproject.org> 1.2.0-1
- Update to 1.2.0
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 1.1.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2121958 - fennel-1.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2121958
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-37.8-1.el8 (FEDORA-EPEL-2022-16891c41d0)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
- openEuler 22.03 configs added (yikunkero(a)gmail.com) - openEuler 20.03 configs
added (yikunkero(a)gmail.com) - Oracle Linux 9 configs added (a.samets(a)gmail.com)
- change license to spdx (msuchy(a)redhat.com) - Update to AlmaLinux Quay.io repo
(srbala(a)gmail.com) - EPEL Koji repo not exposed when we are on EPEL Next
(miro(a)hroncok.cz)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Pavel Raiskup <praiskup(a)redhat.com> 37.8-1
- openEuler 22.03 configs added (yikunkero(a)gmail.com)
- openEuler 20.03 configs added (yikunkero(a)gmail.com)
- Oracle Linux 9 configs added (a.samets(a)gmail.com)
- change license to spdx (msuchy(a)redhat.com)
- Update to AlmaLinux Quay.io repo (srbala(a)gmail.com)
- EPEL Koji repo not exposed when we are on EPEL Next (miro(a)hroncok.cz)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2129571 - RFE - add oraclelinux-9 configuration to mock-core-configs
https://bugzilla.redhat.com/show_bug.cgi?id=2129571
--------------------------------------------------------------------------------
================================================================================
openbabel-3.1.1-14.el8 (FEDORA-EPEL-2022-6ad4f1fee1)
Chemistry software file format converter
--------------------------------------------------------------------------------
Update Information:
- New packages
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Antonio Trande <sagitter(a)fedoraproject.org> - 3.1.1-14
- Fix EPEL builds
* Tue Sep 27 2022 Antonio Trande <sagitter(a)fedoraproject.org> - 3.1.1-13
- New rebuild
* Sun Aug 7 2022 Antonio Trande <sagitter(a)fedoraproject.org> - 3.1.1-12
- Add profile file openbabel3.sh (rhbz#2112710)
* Thu Aug 4 2022 Scott Talbert <swt(a)techie.net> - 3.1.1-11
- Rebuild with wxWidgets 3.2
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.1-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jul 8 2022 Antonio Trande <sagitter(a)fedoraproject.org> - 3.1.1-9
- Patched for rhbz#2105259
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 3.1.1-8
- Rebuilt for Python 3.11
* Mon May 30 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.1.1-7
- Perl 5.36 rebuild
* Thu Jan 27 2022 V��t Ondruch <vondruch(a)redhat.com> - 3.1.1-6
- Rebuilt for
https://fedoraproject.org/wiki/Changes/Ruby_3.1
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
openssl3-3.0.1-41.el8.1 (FEDORA-EPEL-2022-3bebee4625)
Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Sync with CentOS Stream 9's openssl to pick up CVE fixes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Michel Alexandre Salim <salimma(a)fedoraproject.org> 3.0.1-41.1
- Merge c9s openssl changes to pick up CVE fixes
* Thu Aug 11 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-41
- Zeroize public keys as required by FIPS 140-3
Related: rhbz#2102542
- Add FIPS indicator for HKDF
Related: rhbz#2114772
* Fri Aug 5 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-40
- Deal with DH keys in FIPS mode according FIPS-140-3 requirements
Related: rhbz#2102536
- Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
Related: rhbz#2102537
- Use signature for RSA pairwise test according FIPS-140-3 requirements
Related: rhbz#2102540
- Reseed all the parent DRBGs in chain on reseeding a DRBG
Related: rhbz#2102541
* Mon Aug 1 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-39
- Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test
- Use Use digest_sign & digest_verify in FIPS signature self test
- Use FFDHE2048 in Diffie-Hellman FIPS self-test
Resolves: rhbz#2102535
* Thu Jul 14 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-38
- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously
initialized.
Resolves: rhbz#2103289
- Improve AES-GCM performance on Power9 and Power10 ppc64le
Resolves: rhbz#2051312
- Improve ChaCha20 performance on Power10 ppc64le
Resolves: rhbz#2051312
* Tue Jul 5 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-37
- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
Resolves: CVE-2022-2097
* Thu Jun 16 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-36
- Ciphersuites with RSAPSK KX should be filterd in FIPS mode
- Related: rhbz#2085088
- FIPS provider should block RSA encryption for key transport.
- Other RSA encryption options should still be available if key length is enough
- Related: rhbz#2053289
- Improve diagnostics when passing unsupported groups in TLS
- Related: rhbz#2070197
- Fix PPC64 Montgomery multiplication bug
- Related: rhbz#2098199
- Strict certificates validation shouldn't allow explicit EC parameters
- Related: rhbz#2058663
- CVE-2022-2068: the c_rehash script allows command injection
- Related: rhbz#2098277
* Wed Jun 8 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-35
- Add explicit indicators for signatures in FIPS mode and mark signature
primitives as unapproved.
Resolves: rhbz#2087147
* Fri Jun 3 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-34
- Some OpenSSL test certificates are expired, updating
- Resolves: rhbz#2092456
* Thu May 26 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-33
- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
- Resolves: rhbz#2089444
- CVE-2022-1343 openssl: Signer certificate verification returned
inaccurate response when using OCSP_NOCHECKS
- Resolves: rhbz#2087911
- CVE-2022-1292 openssl: c_rehash script allows command injection
- Resolves: rhbz#2090362
- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
Related: rhbz#2087147
- Use KAT for ECDSA signature tests, s390 arch
- Resolves: rhbz#2069235
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-32
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
- Resolves: rhbz#2083240
- Ciphersuites with RSA KX should be filterd in FIPS mode
- Related: rhbz#2085088
- In FIPS mode, signature verification works with keys of arbitrary size
above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys
below 2048 bits
- Resolves: rhbz#2077884
* Wed May 18 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-31
- Disable SHA-1 signature verification in FIPS mode
- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode
Resolves: rhbz#2087147
* Mon May 16 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-30
- Use KAT for ECDSA signature tests
- Resolves: rhbz#2069235
* Thu May 12 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-29
- `-config` argument of openssl app should work properly in FIPS mode
- Resolves: rhbz#2083274
- openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
- Resolves: rhbz#2063947
* Fri May 6 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-28
- OpenSSL should not accept custom elliptic curve parameters
- Resolves rhbz#2066412
- OpenSSL should not accept explicit curve parameters in FIPS mode
- Resolves rhbz#2058663
* Fri May 6 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-27
- Change FIPS module version to include hash of specfile, patches and sources
Resolves: rhbz#2070550
* Thu May 5 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-26
- OpenSSL FIPS module should not build in non-approved algorithms
- Resolves: rhbz#2081378
* Mon May 2 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-25
- FIPS provider should block RSA encryption for key transport.
- Other RSA encryption options should still be available
- Resolves: rhbz#2053289
* Thu Apr 28 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-24
- Fix regression in evp_pkey_name2type caused by tr_TR locale fix
Resolves: rhbz#2071631
* Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-23
- Fix openssl curl error with LANG=tr_TR.utf8
- Resolves: rhbz#2071631
* Mon Mar 28 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-22
- FIPS provider should block RSA encryption for key transport
- Resolves: rhbz#2053289
* Tue Mar 22 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-21
- Fix occasional internal error in TLS when DHE is used
- Resolves: rhbz#2004915
* Fri Mar 18 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-20
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
no OpenSSL library context is set
- Resolves: rhbz#2065400
* Fri Mar 18 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-19
- Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
- Resolves: rhbz#2065400
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2089472 - CVE-2022-1343 openssl3: openssl: Signer certificate verification
returns inaccurate response when using OCSP_NOCHECKS [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2089472
[ 2 ] Bug #2095814 - CVE-2022-1292 openssl3: openssl: c_rehash script allows command
injection [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2095814
[ 3 ] Bug #2099970 - CVE-2022-2068 openssl3: openssl: the c_rehash script allows command
injection [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2099970
[ 4 ] Bug #2105033 - CVE-2022-2097 openssl3: openssl: AES OCB fails to encrypt some
bytes [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2105033
--------------------------------------------------------------------------------
================================================================================
python-dnslib-0.9.21-1.el8 (FEDORA-EPEL-2022-6319bfdcaa)
Simple library to encode/decode DNS packets
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 0.9.21
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Fabian Affolter <mail(a)fabian-affolter.ch> - 0.9.21-1
- Update to latest upstream release 0.9.21
- Fix for CVE-2022-22846 (closes rhbz#2042610, closes rhbz#2042611)
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.14-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 0.9.14-6
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.14-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.14-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 0.9.14-3
- Rebuilt for Python 3.10
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.14-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2042610 - CVE-2022-22846 python-dnslib: client does not validate DNS
transaction ID
https://bugzilla.redhat.com/show_bug.cgi?id=2042610
--------------------------------------------------------------------------------