The following Fedora EPEL 8 Security updates need testing:
Age URL
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ee729bf9b2
sympa-6.2.72-2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
apptainer-1.1.9-1.el8
guacamole-server-1.5.2-2.el8
mongo-c-driver-1.23.5-1.el8
perl-HTML-StripScripts-1.06-22.el8
remmina-1.4.31-1.el8
syncthing-1.23.5-1.el8
Details about builds:
================================================================================
apptainer-1.1.9-1.el8 (FEDORA-EPEL-2023-8957de8c8a)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream-1.1.9
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Dave Dykstra <dwd(a)fnal.gov> - 1.1.9-1
- Update to upstream 1.1.9.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2213313 - apptainer-1.1.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2213313
--------------------------------------------------------------------------------
================================================================================
guacamole-server-1.5.2-2.el8 (FEDORA-EPEL-2023-24b6ae61af)
Server-side native components that form the Guacamole proxy
--------------------------------------------------------------------------------
Update Information:
- Added upstream patch to fix RDP related segfault ([GUACAMOLE-
1802](https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-...)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Robert Scheck <robert(a)fedoraproject.org> - 1.5.2-2
- Added upstream patch to fix RDP related segfault (GUACAMOLE-1802)
--------------------------------------------------------------------------------
================================================================================
mongo-c-driver-1.23.5-1.el8 (FEDORA-EPEL-2023-eefdadb7f8)
Client library written in C for MongoDB
--------------------------------------------------------------------------------
Update Information:
**libmongoc 1.23.5** Fixes: * Fix potential crash due to insufficient
memory when allocating performance counters. * Fix compilation error on
Android platforms due to missing aligned_alloc. * Return an error if
RewrapManyDataKey is invoked without a provider when a masterKey is given.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Remi Collet <remi(a)remirepo.net> - 1.23.5-1
- update to 1.23.5
--------------------------------------------------------------------------------
================================================================================
perl-HTML-StripScripts-1.06-22.el8 (FEDORA-EPEL-2023-d55abd83c7)
Strip scripting constructs out of HTML
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2023-24038
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Xavier Bachelot <xavier(a)bachelot.org> 1.06-22
- Add patch for CVE-2023-24038
- Convert License: to SPDX
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.06-21
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.06-20
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue May 31 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.06-19
- Perl 5.36 rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.06-18
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.06-17
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri May 21 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.06-16
- Perl 5.34 rebuild
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.06-15
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.06-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 23 2020 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.06-13
- Perl 5.32 rebuild
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.06-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2164149 - CVE-2023-24038 perl-HTML-StripScripts: Handler for style attribute
is vulnerable to ReDoS [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2164149
--------------------------------------------------------------------------------
================================================================================
remmina-1.4.31-1.el8 (FEDORA-EPEL-2023-d93c96ff4c)
Remote Desktop Client
--------------------------------------------------------------------------------
Update Information:
New upstream version 1.4.31. Remove no longer needed patches.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Phil Wyett <philip.wyett(a)kathenas.org> - 1.4.31-1
- New upstream version 1.4.31.
- Remove no longer needed patches.
* Tue Jun 6 2023 Phil Wyett <philip.wyett(a)kathenas.org> - 1.4.30-3
- Remove some old workarounds from spec file.
--------------------------------------------------------------------------------
================================================================================
syncthing-1.23.5-1.el8 (FEDORA-EPEL-2023-e14003b86d)
Continuous File Synchronization
--------------------------------------------------------------------------------
Update Information:
Update to version 1.23.5. Addresses CVE-2022-46165.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.23.5-1
- Update to version 1.23.5; Fixes RHBZ#2213024
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.23.4-1
- Update to version 1.23.4; Fixes RHBZ#2184805
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.23.2-1
- Update to version 1.23.2; Fixes RHBZ#2167959
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2213012 - CVE-2022-46165 syncthing: Cross-site scripting through malicious
files [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2213012
--------------------------------------------------------------------------------