The following Fedora EPEL 6 Security updates need testing:
Age URL
138
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c
unrtf-0.21.9-8.el6
28
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-6bc3a525a2
libmad-0.15.1b-26.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
clamav-0.100.2-1.el6
davix-0.7.1-1.el6
getmail-5.6-1.el6
gfal2-python-1.9.5-1.el6
Details about builds:
================================================================================
clamav-0.100.2-1.el6 (FEDORA-EPEL-2018-791c4cceb9)
Anti-virus software
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.100.2 ============== Fixes for the following ClamAV vulnerabilities:
* CVE-2018-15378: * Vulnerability in ClamAV's MEW unpacking feature that
could allow an unauthenticated, remote attacker to cause a denial-of-service
(DoS) condition on an affected device. * Reported by Secunia Research at
Flexera. * Fix for a two-byte buffer over-read bug in ClamAV's PDF parsing
code. * Reported by Alex Gaynor. * Fixes for the following
vulnerabilities in bundled third-party libraries: * CVE-2018-14680: * An
issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not
reject blank CHM filenames. * CVE-2018-14681: * An issue was discovered
in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ
file header extensions could cause a one- or two-byte overwrite. *
CVE-2018-14682: * An issue was discovered in mspack/chmd.c in libmspack
before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM
decompression. Additionally, 0.100.2 reverted 0.100.1's patch for
CVE-2018-14679, and applied libmspack's version of the fix in its place Other
changes: * Some users have reported freshclam signature update failures as a
result of a delay between the time the new signature database content is
announced and the time that the content-delivery-network has the content
available for download. To mitigate these errors, this patch release includes
some modifications to freshclam to make it more lenient, and to reduce the time
that freshclam will ignore a mirror when it detects an issue. * On-Access
"Extra Scanning," an opt-in minor feature of OnAccess scanning on Linux
systems,
has been disabled due to a known issue with resource cleanup
OnAccessExtraScanning will be re-enabled in a future release when the issue is
resolved. In the mean-time, users who enabled the feature in clamd.conf will see
a warning informing them that the feature is not active. For details, click
here.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 23 2018 Robert Scheck <robert(a)fedoraproject.org> - 0.100.2-1
- Upgrade to 0.100.2 (#1635922)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1635922 - clamav-0.100.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1635922
--------------------------------------------------------------------------------
================================================================================
davix-0.7.1-1.el6 (FEDORA-EPEL-2018-d93c911354)
Toolkit for Http-based file management
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 24 2018 Andrea Manzi <andrea.manzi at cern.ch> - 0.7.1-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
getmail-5.6-1.el6 (FEDORA-EPEL-2018-66dc799af3)
POP3, IMAP4 and SDPS mail retriever with Maildir delivery
--------------------------------------------------------------------------------
Update Information:
Update to getmail 5.6
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 25 2018 Markus Mayer <lotharlutz(a)gmx.de> - 5.6-1
- upstream 5.6 release
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1563210 - getmail-5.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1563210
--------------------------------------------------------------------------------
================================================================================
gfal2-python-1.9.5-1.el6 (FEDORA-EPEL-2018-656f9d0998)
Python bindings for gfal 2
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 25 2018 Alejandro Alvarez <aalvarez(a)cern.ch> - 1.9.5-1
- Update for release 1.9.5
--------------------------------------------------------------------------------