The following Fedora EPEL 8 Security updates need testing:
Age URL
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-d2e987a67b
python-django-filter-21.1-1.el8
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-61671327d7
chromium-94.0.4606.81-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
strongswan-5.9.4-1.el8
yubioath-desktop-5.0.5-3.el8
Details about builds:
================================================================================
strongswan-5.9.4-1.el8 (FEDORA-EPEL-2021-8e6e4346fa)
An OpenSource IPsec-based VPN and TNC solution
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2021-41990 and CVE-2021-41991
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 20 2021 Paul Wouters <paul.wouters(a)aiven.io> - 5.9.4-1
- Resolves: rhbz#2015165 strongswan-5.9.4 is available
- Resolves: rhbz#2015612 CVE-2021-41990 strongswan: gmp plugin: integer overflow via a
crafted certificate with an RSASSA-PSS signature
- Resolves: rhbz#2015615 CVE-2021-41991 strongswan: integer overflow when replacing
certificates in cache
- Add BuildRequire for tpm2-tss-devel and weak dependency for tpm2-tools
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 5.9.3-4
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.9.3-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sat Jul 10 2021 Bj��rn Esser <besser82(a)fedoraproject.org> - 5.9.3-2
- Rebuild for versioned symbols in json-c
* Tue Jul 6 2021 Paul Wouters <paul.wouters(a)aiven.io> - 5.9.3-1
- Resolves: rhbz#1979574 strongswan-5.9.3 is available
- Make strongswan main dir world readable so apps can find strongswan.conf
* Thu Jun 3 2021 Paul Wouters <paul.wouters(a)aiven.io> - 5.9.2-1
- Resolves: rhbz#1896545 strongswan-5.9.2 is available
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 5.9.1-2
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2015165 - strongswan-5.9.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2015165
[ 2 ] Bug #2015612 - CVE-2021-41990 strongswan: gmp plugin: integer overflow via a
crafted certificate with an RSASSA-PSS signature [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2015612
[ 3 ] Bug #2015615 - CVE-2021-41991 strongswan: integer overflow when replacing
certificates in cache [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2015615
--------------------------------------------------------------------------------
================================================================================
yubioath-desktop-5.0.5-3.el8 (FEDORA-EPEL-2021-a0804f6fa7)
Yubikey tool for generating OATH event-based HOTP and time-based TOTP codes
--------------------------------------------------------------------------------
Update Information:
Build for EPEL8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2013422 - Please build yubioath-desktop for EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=2013422
--------------------------------------------------------------------------------