The following Fedora EPEL 6 Security updates need testing: Age URL 148 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828 chicken-4.9.0.1-4.el6 130 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 124 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 56 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148 optipng-0.7.5-5.el6 56 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6 44 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-68a2c2db36 python-pymongo-3.0.3-1.el6 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-28606b6d1d perl-HTML-Scrubber-0.15-1.el6.1 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-5d63583df0 metis-5.1.0-7.el6 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e195439195 drupal7-jquery_update-2.7-1.el6 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-967595b7c1 wildmagic5-5.13-12.el6 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8fc6f35cc9 MUMPS-5.0.1-4.el6 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d47ae2d16b owncloud-7.0.11-1.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-a7d37297d4 telegram-cli-1.3.1-7.20150730git2052f4.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-0ae4daf2d6 tubo-5.0.15-3.el6 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-b4ebe76583 putty-0.63-5.el6 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-20cb365c26 zarafa-7.1.14-1.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-260d131310 libpng10-1.0.64-1.el6 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8161a5151b ProDy-1.7.1-1.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-b76c1e5912 potrace-1.13-2.el6 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-2fad2e45f6 monitorix-3.8.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
monitorix-3.8.1-1.el6 proftpd-1.3.3g-7.el6 python-dirq-1.7-1.el6
Details about builds:
================================================================================ monitorix-3.8.1-1.el6 (FEDORA-EPEL-2015-2fad2e45f6) A free, open source, lightweight system monitoring tool -------------------------------------------------------------------------------- Update Information:
This is a maintenance release that mainly fixes a Document Object Model (DOM)-based cross-site scripting (XSS) vulnerability in the monitorix.cgi file. Such vulnerability is by injection a JS code in the when parameter of the URL shown after generating the graphs. Additionally, a potential denial of service (DoS) issue was discovered in the same when parameter of the URL which could lead in the creation of an enormous amount of .png files in the imgs directory of the server. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1281979 - monitorix-3.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1281979 --------------------------------------------------------------------------------
================================================================================ proftpd-1.3.3g-7.el6 (FEDORA-EPEL-2015-a57010c117) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information:
This update adds support for specifying TLSv1.1 and TLSv1.2 as values for TLSProtocol in the mod_tls configuration. The mod_tls module is still disabled by default and the default value for TLSProtocol remains as "SSLv23 TLSv1", so the newer protocols must be explicitly enabled if desired. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1281493 - Unable to use TLSv1.1 or TLSv1.2 protocol when TLSProtocol is set to TLSv1 https://bugzilla.redhat.com/show_bug.cgi?id=1281493 --------------------------------------------------------------------------------
================================================================================ python-dirq-1.7-1.el6 (FEDORA-EPEL-2015-1ac94fc8d0) Directory based queue -------------------------------------------------------------------------------- Update Information:
Updated to latest upstream version. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1281769 - python-dirq-1.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1281769 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org