The following Fedora EPEL 5 Security updates need testing:
Age URL
784
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893
libguestfs-1.20.12-1.el5
548
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5
398
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849
sblim-sfcb-1.3.8-2.el5
41
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516
mcollective-2.8.4-1.el5
39
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-10d919912b
git-1.8.2.1-2.el5
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6
thttpd-2.25b-24.el5
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-481f9cfb21
shellinabox-2.19-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
GeoIP-GeoLite-data-2015.12-1.el5
figlet-2.2.5-9.el5
globus-gsi-proxy-core-7.9-1.el5
globus-gsi-sysconfig-6.9-1.el5
globus-gssapi-gsi-11.24-1.el5
myproxy-6.1.16-1.el5
shellinabox-2.19-1.el5
Details about builds:
================================================================================
GeoIP-GeoLite-data-2015.12-1.el5 (FEDORA-EPEL-2015-7e7fd7eada)
Free GeoLite IP geolocation country database
--------------------------------------------------------------------------------
Update Information:
Periodic database update.
--------------------------------------------------------------------------------
================================================================================
figlet-2.2.5-9.el5 (FEDORA-EPEL-2015-3bdff83721)
A program for making large letters out of ordinary text
--------------------------------------------------------------------------------
Update Information:
Fix memory corruption.
--------------------------------------------------------------------------------
================================================================================
globus-gsi-proxy-core-7.9-1.el5 (FEDORA-EPEL-2015-54843af4db)
Globus Toolkit - Globus GSI Proxy Core Library
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
globus-gsi-sysconfig-6.9-1.el5 (FEDORA-EPEL-2015-54843af4db)
Globus Toolkit - Globus GSI System Config Library
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
globus-gssapi-gsi-11.24-1.el5 (FEDORA-EPEL-2015-54843af4db)
Globus Toolkit - GSSAPI library
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
myproxy-6.1.16-1.el5 (FEDORA-EPEL-2015-54843af4db)
Manage X.509 Public Key Infrastructure (PKI) security credentials
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
shellinabox-2.19-1.el5 (FEDORA-EPEL-2015-481f9cfb21)
Web based AJAX terminal emulator
--------------------------------------------------------------------------------
Update Information:
* Added support for middle-click paste * Improved iOS support * New logic to
enable soft keyboard icon * Disable HTTPS fallback using the URL /plain.
Consequently disables automatic upgrades from HTTP to HTTPS (CVE-2015-8400)
---- - Fixed handling of large HTTP packets - Fixed services cleanup on session
timeout - Added logging to system log files for important/fatal errors - Support
for perfect forward secrecy (SSL) - Disabled secure client initiated
renegotiations (SSL) - Minor CSS fixes - SSL security issues - Firefox
international keyboard issue - 256 color support - Message passing support for
embedded shellinabox - Unix domain socket support - Real IP recognition over
proxy - Other minor bug fixes and improvements - Packaging: add license macro,
switch to GitHub sources
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1287579 - CVE-2015-8400 shellinabox: DNS rebinding attack due to HTTP
fallback [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287579
[ 2 ] Bug #1287578 - CVE-2015-8400 shellinabox: DNS rebinding attack due to HTTP
fallback [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1287578
[ 3 ] Bug #1252109 - We package an unmaintained fork of shellinabox
https://bugzilla.redhat.com/show_bug.cgi?id=1252109
--------------------------------------------------------------------------------