EPEL Fedora 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Dec 5 03:25:01 UTC 2013
The following Fedora EPEL 6 Security updates need testing:
Age URL
592 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
106 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21.el6
48 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11865/quassel-0.9.1-1.el6
21 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-1.el6
14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12156/varnish-2.1.5-5.el6
14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12154/mediawiki119-1.19.9-1.el6
12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12171/drupal7-7.24-1.el6
7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12222/drupal6-6.29-1.el6
4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12238/seamonkey-2.21-2.esr1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12290/zabbix20-2.0.9-2.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12301/zabbix-1.8.18-2.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12299/lynis-1.3.6-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
dropbear-2013.62-1.el6
eventlog-0.2.13-1.el6
golang-1.2-1.el6
heat-cfntools-1.2.6-2.el6
lynis-1.3.6-1.el6
mod_form-0.1-1.20131204svn145.el6
perl-Net-GitHub-0.54-1.el6
pythia8-8.1.80-1.el6
python-chai-0.4.6-1.el6
python-cmdln-1.3.0-1.el6
root-5.34.13-1.el6
xrootd-3.3.5-1.el6
zabbix-1.8.18-2.el6
zabbix20-2.0.9-2.el6
Details about builds:
================================================================================
dropbear-2013.62-1.el6 (FEDORA-EPEL-2013-12289)
SSH2 server and client
--------------------------------------------------------------------------------
Update Information:
2013.62 - Tuesday 3 December 2013
- Disable "interactive" QoS connection options when a connection doesn't
have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch.
- Log when a hostkey is generated with -R, fix some bugs in handling server
hostkey commandline options
- Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe
- Update config.guess and config.sub again
2013.61test - Thursday 14 November 2013
- ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to
be generated) and ECDH for setting up encryption keys (no intervention
required). This is significantly faster.
- curve25519-sha256 at libssh.org support for setting up encryption keys. This is
another elliptic curve mode with less potential of NSA interference in
algorithm parameters. curve25519-donna code thanks to Adam Langley
- -R option to automatically generate hostkeys. This is recommended for
embedded platforms since it allows the system random number device
/dev/urandom a longer startup time to generate a secure seed before the
hostkey is required.
- Compile fixes for old vendor compilers like Tru64 from Daniel Richard G.
- Make authorized_keys handling more robust, don't exit encountering
malformed lines. Thanks to Lorin Hochstein and Mark Stillwell
2013.60 - Wednesday 16 October 2013
- Fix "make install" so that it doesn't always install to /bin and /sbin
- Fix "make install MULTI=1", installing manpages failed
- Fix "make install" when scp is included since it has no manpage
- Make --disable-bundled-libtom work
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Christopher Meng <rpm at cicku.me> - 2013.62-1
- Update to 2013.62
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1020251 - dropbear-2013.60 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1020251
--------------------------------------------------------------------------------
================================================================================
eventlog-0.2.13-1.el6 (FEDORA-EPEL-2013-12298)
Syslog-ng v2/v3 support library
--------------------------------------------------------------------------------
Update Information:
Update to version 0.2.13
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 0.2.13-1
- update to version 0.2.13
- updated the Source and URL fields
--------------------------------------------------------------------------------
================================================================================
golang-1.2-1.el6 (FEDORA-EPEL-2013-12293)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
update to upstream go1.2
fix rpmspec conditional
split out the golang-godoc
Go programming language from Google, now available in EPEL.
The Go Programming Language from Google, now available for EPEL.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 2 2013 Vincent Batts <vbatts at fedoraproject.org> - 1.2-1
- Update to upstream 1.2 release
- remove the pax tar patches
* Tue Nov 26 2013 Vincent Batts <vbatts at redhat.com> - 1.1.2-8
- fix the rpmspec conditional for rhel and fedora
* Thu Nov 21 2013 Vincent Batts <vbatts at redhat.com> - 1.1.2-7
- patch tests for testing on rawhide
- let the same spec work for rhel and fedora
* Wed Nov 20 2013 Vincent Batts <vbatts at redhat.com> - 1.1.2-6
- don't symlink /usr/bin out to ../lib..., move the file
- seperate out godoc, to accomodate the go.tools godoc
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1022983 - Update to Go 1.2
https://bugzilla.redhat.com/show_bug.cgi?id=1022983
[ 2 ] Bug #1034951 - golang-vim has unsatisfied dependencies on epel6
https://bugzilla.redhat.com/show_bug.cgi?id=1034951
--------------------------------------------------------------------------------
================================================================================
heat-cfntools-1.2.6-2.el6 (FEDORA-EPEL-2013-12296)
Tools required to be installed on Heat provisioned cloud instances
--------------------------------------------------------------------------------
Update Information:
Create /var/lib/heat-cfntools directory
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 11 2013 Jeff Peeler <jpeeler at redhat.com> 1.2.6-2
- add /var/lib/heat-cfntools directory (rhbz #1028664)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1028664 - /var/lib/heat-cfntools is unowned
https://bugzilla.redhat.com/show_bug.cgi?id=1028664
--------------------------------------------------------------------------------
================================================================================
lynis-1.3.6-1.el6 (FEDORA-EPEL-2013-12299)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
* 1.3.6 (2013-12-03)
New:
- Support for the dntpd time daemon
- New Apache test for modules [HTTP-6632]
- Apache test for mod_evasive [HTTP-6640]
- Apache test for mod_qos [HTTP-6641]
- Apache test for mod_spamhaus [HTTP-6642]
- Apache test for ModSecurity [HTTP-6643]
- Check for installed package audit tool [PKGS-7398]
- Added initial support for new pkgng and related tools [PKGS-7381]
- Check for ssh-keyscan binary
- ZFS support for FreeBSD [FILE-6330]
- Test for passwordless accounts [AUTH-9283]
- Initial OS support for DragonFly BSD
- Initial OS support for TrueOS (FreeBSD based)
- Initial OS support for elementary OS (Luna)
- GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
- Check for DHCP client [NETW-3030]
- Initial support for OSSEC (system integrity) [FINT-4328]
- New parameter --log-file to adjust log file location
- New function IsRunning() to check status of processes
- New function RealFilename() to determine file name
- New function CheckItem() for parsing files
- New function ReportManual() and ReportException() to simplify code
- New function DirectoryExists() to check existence of a directory
- Support for dntpd [TIME-3104]
Changes:
- Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
- Extended test to gather listening network ports for Linux [NETW-3012]
- Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
- Added suggestion for discovered shells on FreeBSD [AUTH-9218]
- Extended core dump test with additional details [KRNL-5820]
- Properly display suggestion if portaudit is not installed [PKGS-7382]
- Ignore message if no packages are installed (pkg_info) [PKGS-7320]
- Also try using apt-check on Debian systems [PKGS-7392]
- Adjusted logging for RPM binary on systems not using it [PKGS-7308]
- Extended search in cron directories for rdate/ntpdate [TIME-3104]
- Adjusted PHP check to find ini files [PHP-2211]
- Skip Apache test for NetBSD [HTTP-6622]
- Skip test http version check for NetBSD [HTTP-6624]
- Additional check to surpress sort error [HTTP-6626]
- Improved the way binaries are checked (less disk reads)
- Adjusted ReportWarning() function to skip impact rating
- Improved report on screen by leaving out date/time and type
- Redirect errors while checking for OpenSSL version
- Extended reporting with firewall status and software
- Adjusted naming of some operating systems to make them more consistent
- Extended update check by using host binary if dig is not installed
- Count number of installed binaries/packages and report them
- Report about log rotation tool and status
- Updated man page
Belated update after 4 years.
Belated update after 4 years.
Belated update after 4 years.
Update.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #469317 - Review request: lynis - Security and system auditing tool
https://bugzilla.redhat.com/show_bug.cgi?id=469317
[ 2 ] Bug #1037866 - lynis-1.3.5-1.fc19.noarch: broken permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1037866
--------------------------------------------------------------------------------
================================================================================
mod_form-0.1-1.20131204svn145.el6 (FEDORA-EPEL-2013-12295)
Apache module that decodes data submitted from Web forms
--------------------------------------------------------------------------------
Update Information:
New package inclusion.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1035934 - Review Request: mod_form - Apache module that decodes data submitted from Web forms
https://bugzilla.redhat.com/show_bug.cgi?id=1035934
--------------------------------------------------------------------------------
================================================================================
perl-Net-GitHub-0.54-1.el6 (FEDORA-EPEL-2013-12300)
Perl interface for github.com
--------------------------------------------------------------------------------
Update Information:
New addition to EPEL
--------------------------------------------------------------------------------
================================================================================
pythia8-8.1.80-1.el6 (FEDORA-EPEL-2013-12291)
Pythia Event Generator for High Energy Physics
--------------------------------------------------------------------------------
Update Information:
* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 30 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 8.1.80-1
- Update to version 8.1.80
- Use full version in soname
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 8.1.76-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-chai-0.4.6-1.el6 (FEDORA-EPEL-2013-12297)
Easy to use mocking/stub framework
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.6
* Immediately after running a test, teardown the stubs. This fixes any problems with exception handling, such as UnexpectedCall, when methods involved in exception handling, such as `open`, have been stubbed.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037546 - python-chai-0.4.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1037546
--------------------------------------------------------------------------------
================================================================================
python-cmdln-1.3.0-1.el6 (FEDORA-EPEL-2013-12292)
An improved cmd.py for Writing Multi-command Scripts and Shells
--------------------------------------------------------------------------------
Update Information:
New package inclusion.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1038190 - Review Request: python-cmdln - An improved cmd.py for Writing Multi-command Scripts and Shells
https://bugzilla.redhat.com/show_bug.cgi?id=1038190
--------------------------------------------------------------------------------
================================================================================
root-5.34.13-1.el6 (FEDORA-EPEL-2013-12291)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.34.13-1
- Update to 5.34.13
- Remove java-devel build dependency (not needed with Fedora's libhdfs)
- Adapt to pythia8 >= 8.1.80
* Mon Nov 25 2013 Orion Poplawski <orion at cora.nwra.com> - 5.34.10-3
- Fix hadoop lib location
* Mon Nov 18 2013 Dave Airlie <airlied at redhat.com> - 5.34.10-2
- rebuilt for GLEW 1.10
--------------------------------------------------------------------------------
================================================================================
xrootd-3.3.5-1.el6 (FEDORA-EPEL-2013-12291)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1:3.3.5-1
- Update to version 3.3.5
--------------------------------------------------------------------------------
================================================================================
zabbix-1.8.18-2.el6 (FEDORA-EPEL-2013-12301)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
This update solves the vulnerability described in CVE-2013-6824:
"Zabbix agent is vulnerable to remote command execution from the Zabbix server in some cases"
https://support.zabbix.com/browse/ZBX-7479
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 3 2013 Volker Fröhlich <volker27 at gmx.at> - 1.8.18-2
- Fix vulnerability for remote command execution injection
(ZBX-7479, CVE-2013-6824)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037943 - CVE-2013-6824 zabbix: remote command execution from zabbix server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1037943
[ 2 ] Bug #1037942 - CVE-2013-6824 zabbix: remote command execution from zabbix server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1037942
--------------------------------------------------------------------------------
================================================================================
zabbix20-2.0.9-2.el6 (FEDORA-EPEL-2013-12290)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
This update solves the vulnerability described in CVE-2013-6824:
"Zabbix agent is vulnerable to remote command execution from the Zabbix server in some cases"
https://support.zabbix.com/browse/ZBX-7479
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 3 2013 Volker Fröhlich <volker27 at gmx.at> - 2.0.9-2
- Fix vulnerability for remote command execution injection
(ZBX-7479, CVE-2013-6824)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037944 - CVE-2013-6824 zabbix20: zabbix: remote command execution from zabbix server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1037944
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list