The following Fedora EPEL 7 Security updates need testing:
Age URL
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-dadb629ab0
xrdp-0.9.18-5.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-f762e66b0d
nodejs-16.14.0-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
python-opensearch-py-1.0.0-4.el7
radare2-5.6.0-2.el7
remmina-1.4.24-2.el7
Details about builds:
================================================================================
python-opensearch-py-1.0.0-4.el7 (FEDORA-EPEL-2022-3510c36edd)
Python low-level client for OpenSearch
--------------------------------------------------------------------------------
Update Information:
First release of package
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 12 2022 Steve Traylen <steve.traylen(a)cern.ch> -1.0.0-4
- Add requires as required on el7
* Sat Feb 12 2022 Steve Traylen <steve.traylen(a)cern.ch> -1.0.0-3
- Migrate to pyproject macros
- Migrate back to %py3 macros
- Provide python3 as well as python36.
* Thu Dec 9 2021 Steve Traylen <steve.traylen(a)cern.ch> - 1.0.0-2
- Review corrections rhbz#2016597
* Fri Oct 22 2021 Steve Traylen <steve.traylen(a)cern.ch> - 1.0.0-1
- Initial package.
--------------------------------------------------------------------------------
================================================================================
radare2-5.6.0-2.el7 (FEDORA-EPEL-2022-93154093e5)
The reverse engineering framework
--------------------------------------------------------------------------------
Update Information:
Update to version 5.6.0 fixes some security bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2022 Michal Ambroz <rebus at, seznam.cz> 5.6.0-2
- patch declaration of int i in for cycle to avoid C99 mode on EPEL7
* Wed Feb 9 2022 Michal Ambroz <rebus at, seznam.cz> 5.6.0-1
- bump to 5.6.0
- fix CVE-2022-0419
- fix CVE-2021-4021
* Wed Jan 26 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> - 5.5.4-1
- Update to version 5.5.4
- should be fixing CVE-2021-4021
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.4.2-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Sep 23 2021 Henrik Nordstrom <henrik(a)henriknordstrom.net> - 5.4.2-1
- Update to version 5.4.2
* Sat Sep 18 2021 Henrik Nordstrom <henrik(a)henriknordstrom.net> - 5.4.0-1
- Update to version 5.4.0
- Fix CVE-2021-3673
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.3.1-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1989137 - CVE-2021-3673 radare2: improper input validation can lead to
resource exhaustion when reading LE binary [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1989137
[ 2 ] Bug #2006164 - radare2-5.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2006164
[ 3 ] Bug #2027695 - CVE-2021-4021 radare2: uncontrolled resource consumption via
specially crafted ELF64 binary for MIPS architecture [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2027695
[ 4 ] Bug #2027696 - CVE-2021-4021 radare2: uncontrolled resource consumption via
specially crafted ELF64 binary for MIPS architecture [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2027696
[ 5 ] Bug #2045240 - CVE-2022-0173 radare2: is vulnerable to Out-of-bounds Read
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2045240
[ 6 ] Bug #2045242 - CVE-2022-0173 radare2: is vulnerable to Out-of-bounds Read
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2045242
[ 7 ] Bug #2050588 - CVE-2022-0419 radare2: NULL pointer dereference in load_buffer() in
bin_xnu_kernelcache.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2050588
[ 8 ] Bug #2050589 - CVE-2022-0419 radare2: NULL pointer dereference in load_buffer() in
bin_xnu_kernelcache.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2050589
--------------------------------------------------------------------------------
================================================================================
remmina-1.4.24-2.el7 (FEDORA-EPEL-2022-21bd91acbe)
Remote Desktop Client
--------------------------------------------------------------------------------
Update Information:
- Remove XDMCP reference from remmina package description. - Remove pyhoca-cli
BuildRrequires. Only Requires on x2go now required. - Use upstream projects
HTTPS URL. ---- New upstream version 1.4.24.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 12 2022 Phil Wyett <philip.wyett(a)kathenas.org> - 1.4.24-2
- Remove XDMCP reference from remmina package description.
- Remove pyhoca-cli BuildRrequires. Only Requires on x2go now required.
- Use upstream projects HTTPS URL.
* Thu Feb 10 2022 Phil Wyett <philip.wyett(a)kathenas.org> - 1.4.24-1
- New upstream version 1.4.24.
--------------------------------------------------------------------------------