The following Fedora EPEL 6 Security updates need testing:
Age URL
719
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
713
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
603
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
575
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
185
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
81
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c0d33ae70f
tnef-1.4.14-1.el6
16
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f70a51bd19
tomcat-7.0.78-1.el6
15
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-23f4cb5d02
lxc-1.0.10-2.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-16880697fe
nagios-4.3.2-3.el6
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6489eec271
golang-1.7.6-1.el6
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9ec615ff74
openvpn-2.4.3-1.el6
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-fc2d88e3d3
zabbix20-2.0.21-1.el6
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-94b8514427
zabbix22-2.2.18-1.el6
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d99d50d751
catdoc-0.95-1.el6
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b1d8b4aed9
globus-xio-5.16-1.el6 globus-net-manager-0.17-1.el6 globus-gass-cache-program-6.7-1.el6
globus-gass-copy-9.27-1.el6 globus-gssapi-gsi-12.16-1.el6
globus-gram-job-manager-14.36-1.el6 globus-gridftp-server-12.2-1.el6 globus-io-11.9-1.el6
globus-xio-gsi-driver-3.11-1.el6 globus-xio-pipe-driver-3.10-1.el6
globus-xio-udt-driver-1.27-1.el6 myproxy-6.1.28-1.el6 globus-ftp-client-8.35-2.el6
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f7d349f9b4
drupal7-7.56-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1490b54059
libtomcrypt-1.17-25.el6 libtommath-0.42.0-5.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2e08fc8a0d
phpMyAdmin-4.0.10.20-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8ba2ea7136
php-horde-Horde-Image-2.5.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
golang-github-pelletier-go-buffruneio-0.2.0-0.1.gitc37440a.el6
golang-github-pelletier-go-toml-1.0.0-0.1.git5ccdfb1.el6
golang-googlecode-go-exp-0-0.14.gitd00e13e.el6
libtomcrypt-1.17-25.el6
libtommath-0.42.0-5.el6
php-horde-Horde-Image-2.5.1-1.el6
php-theseer-autoload-1.24.1-1.el6
phpMyAdmin-4.0.10.20-1.el6
Details about builds:
================================================================================
golang-github-pelletier-go-buffruneio-0.2.0-0.1.gitc37440a.el6
(FEDORA-EPEL-2017-9b12c806b4)
Wrapper around bufio to provide buffered runes access with unlimited unreads
--------------------------------------------------------------------------------
Update Information:
Bump to v0.2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1464885 - Tracker for golang-github-pelletier-go-buffruneio
https://bugzilla.redhat.com/show_bug.cgi?id=1464885
[ 2 ] Bug #1430564 - golang-github-pelletier-go-buffruneio-v0.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1430564
--------------------------------------------------------------------------------
================================================================================
golang-github-pelletier-go-toml-1.0.0-0.1.git5ccdfb1.el6 (FEDORA-EPEL-2017-71ead19225)
Go library for the TOML language
--------------------------------------------------------------------------------
Update Information:
Bump to v1.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1464882 - Tracker for golang-github-pelletier-go-toml
https://bugzilla.redhat.com/show_bug.cgi?id=1464882
[ 2 ] Bug #1430562 - golang-github-pelletier-go-toml-v1.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1430562
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-go-exp-0-0.14.gitd00e13e.el6 (FEDORA-EPEL-2017-0f766e4789)
Experimental tools and packages for Go
--------------------------------------------------------------------------------
Update Information:
Remove superfluous dependencies
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456243 - golang-googlecode-go-exp: FTBFS due to missing dependencies on
Fedora 26+
https://bugzilla.redhat.com/show_bug.cgi?id=1456243
[ 2 ] Bug #1423669 - golang-googlecode-go-exp: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1423669
--------------------------------------------------------------------------------
================================================================================
libtomcrypt-1.17-25.el6 (FEDORA-EPEL-2017-1490b54059)
A comprehensive, portable cryptographic toolkit
--------------------------------------------------------------------------------
Update Information:
- Fix CVE-2016-6129 (#1370955, #1370957) - Update URLs (#1463608, #1463547)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1370955 - CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack
https://bugzilla.redhat.com/show_bug.cgi?id=1370955
--------------------------------------------------------------------------------
================================================================================
libtommath-0.42.0-5.el6 (FEDORA-EPEL-2017-1490b54059)
A portable number theoretic multiple-precision integer library
--------------------------------------------------------------------------------
Update Information:
- Fix CVE-2016-6129 (#1370955, #1370957) - Update URLs (#1463608, #1463547)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1370955 - CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack
https://bugzilla.redhat.com/show_bug.cgi?id=1370955
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Image-2.5.1-1.el6 (FEDORA-EPEL-2017-8ba2ea7136)
Horde Image API
--------------------------------------------------------------------------------
Update Information:
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command
injections. ---- **Horde_Image 2.5.0** * [mjr] **SECURITY**: Prevent DOS
attack by preventing an infinite loop in certain conditions (CVE-2017-9773,
reported by Fariskhi Vidyan). * [mjr] **SECURITY**: Prevent RCE attacks by
properly sanitizing shell arguments (CVE-2017-9774, reported by Fariskhi
Vidyan). * [jan] Add blur effect.
--------------------------------------------------------------------------------
================================================================================
php-theseer-autoload-1.24.1-1.el6 (FEDORA-EPEL-2017-ecba2c4642)
A tool and library to generate autoload code
--------------------------------------------------------------------------------
Update Information:
**Release 1.24.1** * Merge PR
[#78](https://github.com/theseer/Autoload/pull/78): Restore PHP 5.3
compatibility [Remi] ---- **Release 1.24.0** *
[#77](https://github.com/theseer/Autoload/issues/77): Change duplicate detection
to collect all rather than exit on first
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.0.10.20-1.el6 (FEDORA-EPEL-2017-2e08fc8a0d)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.20 (2017-03-29) ================================= Welcome to
phpMyAdmin 4.0.10.20, a release containing a security fix and a bug fix. The
security fix relates to the possible bypass of
$cfg['Servers'][$i]['AllowNoPassword'], see PMASA-2017-08. The bug fix
relates
to searching a database when the locale is not set 'en'.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437828 - phpMyAdmin: Bypass
$cfg['Servers'][$i]['AllowNoPassword']
https://bugzilla.redhat.com/show_bug.cgi?id=1437828
--------------------------------------------------------------------------------