The following Fedora EPEL 6 Security updates need testing:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-972f57ea6d
drupal7-7.72-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b425525e83
mbedtls-2.7.17-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
aha-0.5.1-1.el6
amavisd-milter-1.7.1-1.el6
golang-1.15.2-1.el6
proftpd-1.3.3g-15.el6
Details about builds:
================================================================================
aha-0.5.1-1.el6 (FEDORA-EPEL-2020-0271d6f7f6)
Convert terminal output to HTML
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release (v0.5.1)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 14 2020 Artur Frenszek-Iwicki <fedora(a)svgames.pl> - 0.5.1-1
- Update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
amavisd-milter-1.7.1-1.el6 (FEDORA-EPEL-2020-8ac4c5df36)
Sendmail milter for amavisd-new using the AM.PDP protocol
--------------------------------------------------------------------------------
Update Information:
# amavisd-milter ## Bug and compatibility fixes - An empty sender must always
be enclosed in angle brackets
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 14 2020 Robert Scheck <robert(a)fedoraproject.org> 1.7.1-1
- Upgrade to 1.7.1 (#1878910)
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1878910 - amavisd-milter-1.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1878910
--------------------------------------------------------------------------------
================================================================================
golang-1.15.2-1.el6 (FEDORA-EPEL-2020-54aaef4451)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
* Rebase to go1.15.2 * Security fix for CVE-2020-24553
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 10 2020 Jakub ��ajka <jcajka(a)redhat.com> - 1.15.2-1
- Rebase to go1.15.2
- Security fix for CVE-2020-24553
- Resolves: BZ#1874859
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi
and net/http/fcgi could cause XSS
https://bugzilla.redhat.com/show_bug.cgi?id=1874857
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3g-15.el6 (FEDORA-EPEL-2020-83b080a694)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update fixes a NULL pointer dereference in SCP options processing. An
authenticated remote attacker could issue invalid SCP commands, possibly
resulting in a Denial of Service condition. Note: the sftp/scp server is not
enabled by the default configuration.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 14 2020 Paul Howarth <paul(a)city-fan.org> - 1.3.3g-15
- Fix null pointer dereference for invalid SCP command by passing the
correct argument count to getopt(3)
https://github.com/proftpd/proftpd/issues/1043
https://github.com/proftpd/proftpd/pull/1044
https://bugzilla.redhat.com/show_bug.cgi?id=1878869
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1878869 - proftpd: NULL pointer dereference via invalid SCP command leads to
DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1878869
--------------------------------------------------------------------------------