EPEL Fedora 6 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sun Dec 15 20:26:28 UTC 2013 

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 602  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
 117  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61-21.el6
  59  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11865/quassel-0.9.1-1.el6
  32  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-1.el6
  17  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12222/drupal6-6.29-1.el6
  14  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12238/seamonkey-2.21-2.esr1.el6
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12301/zabbix-1.8.18-2.el6
   7  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12324/munin-2.0.19-1.el6
   7  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12321/munin-2.0.18-2.el6
   2  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12361/libreswan-3.7-1.el6
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12386/v8-3.14.5.10-3.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    globus-gram-job-manager-slurm-1.2-2.el6
    opensmtpd-5.4.1p1-1.el6
    python-moksha-hub-1.2.2-1.el6
    v8-3.14.5.10-3.el6
    zabbix20-2.0.10-2.el6

Details about builds:


================================================================================
 globus-gram-job-manager-slurm-1.2-2.el6 (FEDORA-EPEL-2013-12388)
 Globus Toolkit - SLURM Job Manager Support
--------------------------------------------------------------------------------
Update Information:

New package from Globus Toolkit 5.2.5.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1028165 - Review Request: globus-gram-job-manager-slurm - Globus Toolkit - SLURM Job Manager Support
        https://bugzilla.redhat.com/show_bug.cgi?id=1028165
--------------------------------------------------------------------------------


================================================================================
 opensmtpd-5.4.1p1-1.el6 (FEDORA-EPEL-2013-12385)
 Free implementation of the server-side SMTP protocol as defined by RFC 5321
--------------------------------------------------------------------------------
Update Information:

OpenSMTPD package initial submission
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1021719 - Review Request: opensmtpd - Minimalistic but powerful smtp server
        https://bugzilla.redhat.com/show_bug.cgi?id=1021719
--------------------------------------------------------------------------------


================================================================================
 python-moksha-hub-1.2.2-1.el6 (FEDORA-EPEL-2013-12382)
 Hub components for Moksha
--------------------------------------------------------------------------------
Update Information:

Fix memory leak in the websocket server.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 13 2013 Ralph Bean <rbean at redhat.com> - 1.2.2-1
- Latest upstream fixing a memory leak in the websocket server.
* Sun Aug  4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 v8-3.14.5.10-3.el6 (FEDORA-EPEL-2013-12386)
 JavaScript Engine
--------------------------------------------------------------------------------
Update Information:

This update resolves multiple security vulnerabilities in the V8 JavaScript just-in-time compiler.

--

Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6640 to the following vulnerability:

Name: CVE-2013-6640
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6640
Assigned: 20131105
Reference: http://code.google.com/p/v8/source/detail?r=17801
Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=319860

The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.

--

Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6639 to the following vulnerability:

Name: CVE-2013-6639
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639
Assigned: 20131105
Reference: http://code.google.com/p/v8/source/detail?r=17801
Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=319835

The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 13 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-3
- backport fix for out-of-bounds read DoS (RHBZ#1039889; CVE-2013-6640)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1039888 - CVE-2013-6639 v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen-dehoist.cc
        https://bugzilla.redhat.com/show_bug.cgi?id=1039888
  [ 2 ] Bug #1039889 - CVE-2013-6640 v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen-dehoist.cc
        https://bugzilla.redhat.com/show_bug.cgi?id=1039889
--------------------------------------------------------------------------------


================================================================================
 zabbix20-2.0.10-2.el6 (FEDORA-EPEL-2013-12384)
 Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:

New upstream release 2.0.10

http://www.zabbix.com/rn2.0.10.php

Note that CVE-2013-6824 was already fixed in 2.0.9-2!

This release includes new init scripts that allow to run multiple instances. Please take a look at the included README file for detailed instructions.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Dec 15 2013 Volker Fröhlich <volker27 at gmx.at> - 2.0.10-2
- The start function of the proxy init script had a typo causing failure
- Improved the section on running multiple instances in the README
* Fri Dec 13 2013 Volker Fröhlich <volker27 at gmx.at> - 2.0.10-1
- New upstream release
- Drop obsolete patch ZBX-7479
- Improve init scripts to not kill other instances (BZ#1018293)
- General overhaul of init scripts and documentation in README
- Harmonize scriptlet if-clause style
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1018293 - init.d script kills also any subsequent agents that were started
        https://bugzilla.redhat.com/show_bug.cgi?id=1018293
--------------------------------------------------------------------------------

More information about the epel-devel mailing list