The following Fedora EPEL 5 Security updates need testing:
Age URL
1103
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
557
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
322
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7....
172
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5821/cherokee-1....
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5894/mksh-50f-1.el5
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5975/jasper-1.90...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5953/wordpress-4...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6090/drupal7-vie...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6081/clamav-0.98...
The following builds have been pushed to Fedora EPEL 5 updates-testing
clamav-0.98.7-1.el5
drupal7-views-3.11-1.el5
opendmarc-1.3.1-13.el5
Details about builds:
================================================================================
clamav-0.98.7-1.el5 (FEDORA-EPEL-2015-6081)
Anti-virus software
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.98.7
=============
This release contains new scanning features and bug fixes.
- Improvements to PDF processing: decryption, escape sequence handling, and file
property collection.
- Scanning/analysis of additional Microsoft Office 2003 XML format.
- Fix infinite loop condition on crafted y0da cryptor file. Identified and patch
suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
- Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian
Andrzej Siewior. CVE-2015-2222.
- Fix false negatives on files within iso9660 containers. This issue was reported by
Minzhuan Gong.
- Fix a couple crashes on crafted upack packed file. Identified and patches supplied by
Sebastian Andrzej Siewior.
- Fix a crash during algorithmic detection on crafted PE file. Identified and patch
supplied by Sebastian Andrzej Siewior.
- Fix an infinite loop condition on a crafted "xz" archive file. This was
reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668.
- Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested
by John E. Krokes.
- Apply upstream patch for possible heap overflow in Henry Spencer's regex library.
CVE-2015-2305.
- Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian
Andrzej Siewior. CVE-2015-2170.
- Fix segfault scanning certain HTML files. Reported with sample by Kai Risku.
- Improve detections within xar/pkg files.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 29 2015 Robert Scheck <robert(a)fedoraproject.org> - 0.98.7-1
- Upgrade to 0.98.7 and updated daily.cvd (#1217014)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1217206 - CVE-2015-2221: clamav Infinite loop condition on crafted y0da
cryptor file
https://bugzilla.redhat.com/show_bug.cgi?id=1217206
[ 2 ] Bug #1217207 - CVE-2015-2222 clamav: crash on crafted petite packed file
https://bugzilla.redhat.com/show_bug.cgi?id=1217207
[ 3 ] Bug #1217208 - CVE-2015-2668 clamav: Infinite loop condition on a crafted
"xz" archive file
https://bugzilla.redhat.com/show_bug.cgi?id=1217208
[ 4 ] Bug #1217209 - CVE-2015-2170: clamav: Crash in upx decoder with crafted file
https://bugzilla.redhat.com/show_bug.cgi?id=1217209
--------------------------------------------------------------------------------
================================================================================
drupal7-views-3.11-1.el5 (FEDORA-EPEL-2015-6090)
Provides a method for site designers to control content presentation
--------------------------------------------------------------------------------
Update Information:
- Release 3.11 is a security fix release
- Upstream changelog is at
https://www.drupal.org/node/2480259
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 30 2015 Peter Borsa <peter.borsa(a)gmail.com> - 3.11-1
- Release 3.11 is a security fix release
- Upstream changelog is at
https://www.drupal.org/node/2480259
* Sat Feb 14 2015 Peter Borsa <peter.borsa(a)gmail.com> - 3.10-1
- Release 3.10 is a security fix release
- Upstream changelog is at
https://drupal.org/node/2424103
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 21 2014 Peter Borsa <peter.borsa(a)gmail.com> - 3.8-1
- Release 3.8 is a security fix release
- Upstream changelog is at
https://drupal.org/node/2271305
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1217279 - drupal7-views-3.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1217279
--------------------------------------------------------------------------------
================================================================================
opendmarc-1.3.1-13.el5 (FEDORA-EPEL-2015-6082)
A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and
library
--------------------------------------------------------------------------------
Update Information:
- Replaced various commands with rpm macros
- Included support for systemd macros (#1216881)
- Added libspf2-devel to BuildRequires
- libspf2 support now provided for all branches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #905304 - Review Request: OpenDMARC - Domain-based Message Authentication,
Reporting & Conformance (DMARC) milter and library
https://bugzilla.redhat.com/show_bug.cgi?id=905304
--------------------------------------------------------------------------------