The following Fedora EPEL 7 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1eae057392
apptainer-1.1.6-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-66548f784b
openssl11-1.1.1k-5.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-110.0.5481.100-1.el7
clamav-0.103.8-3.el7
gfal2-2.21.3-1.el7
Details about builds:
================================================================================
chromium-110.0.5481.100-1.el7 (FEDORA-EPEL-2023-b4e42e5a12)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 110.0.5481.100
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 17 2023 Than Ngo <than(a)redhat.com> - 110.0.5481.100-1
- update to 110.0.5481.100
* Thu Feb 16 2023 Than Ngo <than(a)redhat.com> - 110.0.5481.77-2
- fix #2071126, enable support V4L2 stateless decoders for aarch64 plattform
- fix prefers-color-scheme
- drop snapshot_blob.bin, replace snapshot_blob.bin with v8_context_snapshot.bin
- move headless_lib*.pak to headless subpackage
--------------------------------------------------------------------------------
================================================================================
clamav-0.103.8-3.el7 (FEDORA-EPEL-2023-466d8ae059)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
- Fix daily.cvd file - Split out documentation into separate -doc sub-package -
(#2128276) Please port your pcre dependency to pcre2 - Explicit dependency on
systemd since systemd-devel no longer has this dependency on F37+ - (#2136977)
not requires data(clamav) on clamav-libs - (#2023371) Add documentation to
preserve user permissions of DatabaseOwner ---- ClamAV 0.103.8 is a critical
patch release with the following fixes: *
CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023...;:
Fixed a possible remote code execution vulnerability in the HFS+ file parser.
The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7
and earlier. Thank you to Simon Scannell for reporting this issue. *
CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023...;:
Fixed a possible remote information leak vulnerability in the DMG file parser.
The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7
and earlier. Thank you to Simon Scannell for reporting this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 Orion Poplawski <orion(a)nwra.com> - 0.103.8-3
- Fix daily.cvd file
* Sat Feb 18 2023 S��rgio Basto <sergio(a)serjux.com> - 0.103.8-2
- Split out documentation into separate -doc sub-package
- (#2128276) Please port your pcre dependency to pcre2
- Explicit dependency on systemd since systemd-devel no longer has this dependency on
F37+
- (#2136977) not requires data(clamav) on clamav-libs
- (#2023371) Add documentation to preserve user permissions of DatabaseOwner
* Fri Feb 17 2023 Orion Poplawski <orion(a)nwra.com> - 0.103.8-1
- Update to 0.103.8
* Mon Nov 7 2022 S��rgio Basto <sergio(a)serjux.com> - 0.103.7-4
- (#2136977) not requires data(clamav) on clamav-libs
- (#2023371) Add documentation to preserve user permissions of DatabaseOwner
* Thu Sep 22 2022 S��rgio Basto <sergio(a)serjux.com> - 0.103.7-3
- (#2128276) Please port your pcre dependency to pcre2
- Explicit dependency on systemd since systemd-devel no longer has this dependency on
F37+
* Mon Aug 1 2022 Orion Poplawski <orion(a)nwra.com> - 0.103.7-2
- Split out documentation into separate -doc sub-package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2170570 - Please build ClamAV 0.103.8 for EL7
https://bugzilla.redhat.com/show_bug.cgi?id=2170570
[ 2 ] Bug #2171869 - daily.cvd in clamav-0.103.8-1 fails md5sum by clamscan
https://bugzilla.redhat.com/show_bug.cgi?id=2171869
--------------------------------------------------------------------------------
================================================================================
gfal2-2.21.3-1.el7 (FEDORA-EPEL-2023-a6c30e61d2)
Grid file access library 2.0
--------------------------------------------------------------------------------
Update Information:
Upstream release v2.21.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 Mihai Patrascoiu <mihai.patrascoiu(a)cern.ch> - 2.21.3-1
- Upgrade to upstream release 2.21.3
- Drop patches accepted upstream
* Tue Jan 24 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2.21.2-3
- Rebuild for gtest 1.13.0 (close RHBZ#2163832)
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.21.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------