The following Fedora EPEL 8 Security updates need testing: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-1563c1eaf3 chromium-78.0.3904.97-1.el8 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d9bc350179 mingw-libidn2-2.3.0-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-288e46f2d9 jhead-3.04-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
clamav-0.101.5-1.el8 pspg-2.6.0-1.el8
Details about builds:
================================================================================ clamav-0.101.5-1.el8 (FEDORA-EPEL-2019-52445f11c2) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information:
- Drop clamd@scan.service file (bz#1725810) ClamAV 0.101.5 is a security patch release that addresses the following issues. - CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. - Added the zip scanning improvements found in v0.102.0 where it scans files using zip records from a sorted catalogue which provides deduplication of file records resulting in faster extraction and scan time and reducing the likelihood of alerting on non-malicious duplicate file entries as overlapping files. - Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. - Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. - Null-dereference fix in email parser when using the --gen-json metadata option. ---- Add TimeoutStartSec=420 to clamd@.service to match upstream -------------------------------------------------------------------------------- ChangeLog:
* Sat Nov 23 2019 Orion Poplawski orion@nwra.com - 0.101.5-1 - Update to 0.101.5 (CVE-2019-15961) (bz#1775550) * Mon Nov 18 2019 Orion Poplawski orion@nwra.com - 0.101.4-3 - Drop clamd@scan.service file (bz#1725810) - Change /var/run to /run * Mon Nov 18 2019 Orion Poplawski orion@nwra.com - 0.101.4-2 - Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1631525 - clamav: clamscan --get-json does not output JSON https://bugzilla.redhat.com/show_bug.cgi?id=1631525 [ 2 ] Bug #1775550 - Request to build clamav 0.101.5 for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1775550 [ 3 ] Bug #1725810 - /usr/lib/systemd/system/clamd@scan.service:1: .include directives are deprecated https://bugzilla.redhat.com/show_bug.cgi?id=1725810 [ 4 ] Bug #1764835 - clamd at 100% CPU and SystemD keeps restarting clamd https://bugzilla.redhat.com/show_bug.cgi?id=1764835 --------------------------------------------------------------------------------
================================================================================ pspg-2.6.0-1.el8 (FEDORA-EPEL-2019-72ef432359) A unix pager optimized for psql -------------------------------------------------------------------------------- Update Information:
new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/2.6.0 ---- new upstream release -------------------------------------------------------------------------------- ChangeLog:
* Sun Nov 24 2019 Pavel Raiskup praiskup@redhat.com - 2.6.0-1 - new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/2.6.0 * Tue Nov 19 2019 Pavel Raiskup praiskup@redhat.com - 2.5.5-1 - new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/2.5.3 https://github.com/okbob/pspg/releases/tag/2.5.4 https://github.com/okbob/pspg/releases/tag/2.5.5 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1775977 - pspg-2.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1775977 [ 2 ] Bug #1768349 - pspg-2.5.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1768349 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org