[SECURITY] Fedora EPEL 9 Update: cacti-1.2.27-1.el9
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-17176c2215
2024-05-31 01:11:22.902644
--------------------------------------------------------------------------------
Name : cacti
Product : Fedora EPEL 9
Version : 1.2.27
Release : 1.el9
URL : https://www.cacti.net/
Summary : An rrd based graphing tool
Description :
Cacti is a complete frontend to RRDTool. It stores all of the
necessary information to create graphs and populate them with
data in a MySQL database. The frontend is completely PHP
driven.
--------------------------------------------------------------------------------
Update Information:
Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes
for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 21 2024 Carl George <carlwgeorge(a)fedoraproject.org> - 1.2.27-1
- Update to version 1.2.27
- CVE-2024-25641, CVE-2024-29894, CVE-2024-31443, CVE-2024-31444, CVE-2024-31445, CVE-2024-31458, CVE-2024-31459, CVE-2024-31460, CVE-2024-34340
* Tue May 21 2024 Carl George <carlwgeorge(a)fedoraproject.org> - 1.2.26-1
- Update to version 1.2.26
- CVE-2023-49084, CVE-2023-49085, CVE-2023-49086, CVE-2023-49088, CVE-2023-50250, CVE-2023-51448
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2255603 - CVE-2023-49084 cacti: RCE when managing links [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255603
[ 2 ] Bug #2255607 - CVE-2023-49086 cacti: XSS when adding new devices [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255607
[ 3 ] Bug #2255668 - CVE-2023-49085 CVE-2023-49088 CVE-2023-50250 CVE-2023-51448 cacti: Multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255668
[ 4 ] Bug #2280481 - CVE-2024-34340 cacti: authentication bypass when using older password hashes [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280481
[ 5 ] Bug #2280496 - CVE-2024-29894 cacti: XSS vulnerability when using JavaScript based messaging API [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280496
[ 6 ] Bug #2280499 - CVE-2024-31458 CVE-2024-31459 CVE-2024-31460 cacti: multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280499
[ 7 ] Bug #2280502 - CVE-2024-31443 CVE-2024-31444 CVE-2024-31445 cacti: multiple vulnerabilties [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280502
[ 8 ] Bug #2280505 - CVE-2024-25641 cacti: remote code execution vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280505
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update cacti' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 days, 13 hours
Fedora EPEL 7 Update: python-copr-1.132-1.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-473133d592
2024-05-31 00:44:48.800176
--------------------------------------------------------------------------------
Name : python-copr
Product : Fedora EPEL 7
Version : 1.132
Release : 1.el7
URL : https://github.com/fedora-copr/copr
Summary : Python interface for Copr
Description :
COPR is lightweight build system. It allows you to create new project in WebUI,
and submit new builds and COPR will create yum repository from latest builds.
This package contains python interface to access Copr service. Mostly useful
for developers only.
--------------------------------------------------------------------------------
Update Information:
https://docs.pagure.org/copr.copr/release-notes/2024-05-22.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 21 2024 Jakub Kadlcik <frostyx(a)email.cz> 1.132-1
- Discourage from deleting objects while paginating over them
- Suggest pagination only when a GET request timeouts
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-copr' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 days, 14 hours
Fedora EPEL 7 Update: copr-cli-1.112-1.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-473133d592
2024-05-31 00:44:48.800176
--------------------------------------------------------------------------------
Name : copr-cli
Product : Fedora EPEL 7
Version : 1.112
Release : 1.el7
URL : https://github.com/fedora-copr/copr
Summary : Command line interface for COPR
Description :
COPR is lightweight build system. It allows you to create new project in WebUI,
and submit new builds and COPR will create yum repository from latests builds.
This package contains command line interface.
--------------------------------------------------------------------------------
Update Information:
https://docs.pagure.org/copr.copr/release-notes/2024-05-22.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 21 2024 Jakub Kadlcik <frostyx(a)email.cz> 1.112-1
- Add per package timeout option
- Remove dependency on simplejson
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update copr-cli' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 days, 14 hours
[SECURITY] Fedora EPEL 7 Update: cacti-1.2.27-1.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-d0445178a9
2024-05-31 00:44:48.800142
--------------------------------------------------------------------------------
Name : cacti
Product : Fedora EPEL 7
Version : 1.2.27
Release : 1.el7
URL : https://www.cacti.net/
Summary : An rrd based graphing tool
Description :
Cacti is a complete frontend to RRDTool. It stores all of the
necessary information to create graphs and populate them with
data in a MySQL database. The frontend is completely PHP
driven.
--------------------------------------------------------------------------------
Update Information:
Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes
for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 21 2024 Carl George <carlwgeorge(a)fedoraproject.org> - 1.2.27-1
- Update to version 1.2.27
- CVE-2024-25641, CVE-2024-29894, CVE-2024-31443, CVE-2024-31444, CVE-2024-31445, CVE-2024-31458, CVE-2024-31459, CVE-2024-31460, CVE-2024-34340
* Tue May 21 2024 Carl George <carlwgeorge(a)fedoraproject.org> - 1.2.26-1
- Update to version 1.2.26
- CVE-2023-49084, CVE-2023-49085, CVE-2023-49086, CVE-2023-49088, CVE-2023-50250, CVE-2023-51448
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2255603 - CVE-2023-49084 cacti: RCE when managing links [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255603
[ 2 ] Bug #2255607 - CVE-2023-49086 cacti: XSS when adding new devices [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255607
[ 3 ] Bug #2255668 - CVE-2023-49085 CVE-2023-49088 CVE-2023-50250 CVE-2023-51448 cacti: Multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2255668
[ 4 ] Bug #2280481 - CVE-2024-34340 cacti: authentication bypass when using older password hashes [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280481
[ 5 ] Bug #2280496 - CVE-2024-29894 cacti: XSS vulnerability when using JavaScript based messaging API [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280496
[ 6 ] Bug #2280499 - CVE-2024-31458 CVE-2024-31459 CVE-2024-31460 cacti: multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280499
[ 7 ] Bug #2280502 - CVE-2024-31443 CVE-2024-31444 CVE-2024-31445 cacti: multiple vulnerabilties [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280502
[ 8 ] Bug #2280505 - CVE-2024-25641 cacti: remote code execution vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280505
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update cacti' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 days, 14 hours
Fedora EPEL 8 Update: bitcoin-core-27.0-1.el8
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-03cb9a6f6c
2024-05-31 00:31:05.637239
--------------------------------------------------------------------------------
Name : bitcoin-core
Product : Fedora EPEL 8
Version : 27.0
Release : 1.el8
URL : https://bitcoincore.org/
Summary : Peer to Peer Cryptographic Currency
Description :
Bitcoin is a digital cryptographic currency that uses peer-to-peer technology to
operate with no central authority or banks; managing transactions and the
issuing of bitcoins is carried out collectively by the network.
--------------------------------------------------------------------------------
Update Information:
Update to Bitcoin Core 27!
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 22 2024 Simone Caronni <negativo17(a)gmail.com> - 27.0-1
- Update to 27.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2272760 - bitcoin-core-27.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272760
[ 2 ] Bug #2273756 - [abrt] bitcoin-core-desktop: ExecuteBackedWrapper<CCoinsViewErrorCatcher::GetCoin(const COutPoint&, Coin&) const::<lambda()> >(): bitcoin-qt killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2273756
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update bitcoin-core' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 days, 14 hours
Fedora EPEL 8 Update: git-extras-7.2.0-1.el8
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-efe2f10542
2024-05-31 00:31:05.637232
--------------------------------------------------------------------------------
Name : git-extras
Product : Fedora EPEL 8
Version : 7.2.0
Release : 1.el8
URL : https://github.com/tj/git-extras
Summary : Little git extras
Description :
git-extras adds the following extra-commands to git:
alias, archive-file, bug, changelog, commits-since, contrib, count,
create-branch, delete-branch, delete-submodule, delete-tag, effort,
extras, feature, fresh-branch, gh-pages, graft, ignore, info,
local-commits, obliterate, promote, refactor, release, repl, setup,
squash, summary, touch, undo
For more information about the extra-commands, see the included
README.md, HTML, mark-down or man-pages.
--------------------------------------------------------------------------------
Update Information:
Update git-extras to 7.2.0 (#2276888)
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 21 2024 S��rgio Basto <sergio(a)serjux.com> - 7.2.0-1
- Update git-extras to 7.2.0 (#2276888)
* Wed Jan 24 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Oct 30 2023 Vasiliy N. Glazov <vascom2(a)gmail.com> - 7.1.0-1
- Update to 7.1.0
* Mon Sep 18 2023 Vasiliy N. Glazov <vascom2(a)gmail.com> - 7.0.0-1
- Update to 7.0.0
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.5.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2276888 - git-extras-7.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2276888
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update git-extras' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 days, 14 hours
Fedora EPEL 8 Update: python-copr-common-0.24-1.el8
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-04b7cfc515
2024-05-31 00:31:05.637225
--------------------------------------------------------------------------------
Name : python-copr-common
Product : Fedora EPEL 8
Version : 0.24
Release : 1.el8
URL : https://github.com/fedora-copr/copr
Summary : Python code used by Copr
Description :
COPR is lightweight build system. It allows you to create new project in WebUI,
and submit new builds and COPR will create yum repository from latest builds.
This package contains python code used by other Copr packages. Mostly
useful for developers only.
--------------------------------------------------------------------------------
Update Information:
https://docs.pagure.org/copr.copr/release-notes/2024-05-22.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 21 2024 Jakub Kadlcik <frostyx(a)email.cz> 0.24-1
- Fix chroot_to_branch default
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-copr-common' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 days, 14 hours
Fedora EPEL 8 Update: copr-rpmbuild-0.73-1.el8
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-04b7cfc515
2024-05-31 00:31:05.637225
--------------------------------------------------------------------------------
Name : copr-rpmbuild
Product : Fedora EPEL 8
Version : 0.73
Release : 1.el8
URL : https://github.com/fedora-copr/copr
Summary : Run COPR build tasks
Description :
Provides command capable of running COPR build-tasks.
Example: copr-rpmbuild 12345-epel-7-x86_64 will locally
build build-id 12345 for chroot epel-7-x86_64.
--------------------------------------------------------------------------------
Update Information:
https://docs.pagure.org/copr.copr/release-notes/2024-05-22.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 21 2024 Jakub Kadlcik <frostyx(a)email.cz> 0.73-1
- Remove static methods from tests
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update copr-rpmbuild' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 days, 14 hours