The following Fedora EPEL 8 Security updates need testing:
Age URL
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-71d1af6aca
isync-1.4.1-1.el8
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-fedb6fa69d
python-aiohttp-3.7.4-1.el8
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-6fed4b5ffb
nagios-4.4.6-3.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-fc2f1ff74c
x11vnc-0.9.16-3.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a2e8a7475f
chromium-88.0.4324.182-2.el8
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-94317ce911
suricata-5.0.6-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
atari800-4.2.0-2.el8
guacamole-server-1.3.0-1.el8
kirc-0.2.4-1.el8
nova-agent-2.1.23-1.el8
oomd-0.4.0-6.el8
python-SecretStorage-3.2.0-3.el8
python-django-2.2.19-1.el8
wsdd-0.6.4-1.el8
zabbix40-4.0.29-1.el8
Details about builds:
================================================================================
atari800-4.2.0-2.el8 (FEDORA-EPEL-2021-a5eae8e39d)
An emulator of 8-bit Atari personal computers
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1924660 - Review Request: atari800 - An emulator of 8-bit Atari personal
computers
https://bugzilla.redhat.com/show_bug.cgi?id=1924660
--------------------------------------------------------------------------------
================================================================================
guacamole-server-1.3.0-1.el8 (FEDORA-EPEL-2021-7fb11f3cdd)
Server-side native components that form the Guacamole proxy
--------------------------------------------------------------------------------
Update Information:
Guacamole is an HTML5 remote desktop gateway. Guacamole provides access to
desktop environments using remote desktop protocols like VNC and RDP. A
centralized server acts as a tunnel and proxy, allowing access to multiple
desktops through a web browser. No browser plugins are needed, and no client
software needs to be installed. The client requires nothing more than a web
browser supporting HTML5 and AJAX.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1911092 - Build guacamole-server for EPEL 8 after Red Hat has reparied their
mess
https://bugzilla.redhat.com/show_bug.cgi?id=1911092
--------------------------------------------------------------------------------
================================================================================
kirc-0.2.4-1.el8 (FEDORA-EPEL-2021-60f48e843f)
Tiny IRC client written in POSIX C99
--------------------------------------------------------------------------------
Update Information:
New upstream release ---- Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1919704 - Review Request: kirc - Tiny IRC client written in POSIX C99
https://bugzilla.redhat.com/show_bug.cgi?id=1919704
[ 2 ] Bug #1935559 - kirc-0.2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1935559
--------------------------------------------------------------------------------
================================================================================
nova-agent-2.1.23-1.el8 (FEDORA-EPEL-2021-ff0eb8f137)
Agent for setting up clean servers on Xen
--------------------------------------------------------------------------------
Update Information:
Latest upstream release. EL7 moved to depend on python3.6 to match upstream
changes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 4 2021 Sam P <survient(a)fedoraproject.org> - 2.1.23-1
- Updated to latest upstream release
- Changed crypto depedency to match upstream
- Removed now-irrelevant patch and added versionfix.patch
See
https://github.com/Rackspace-DOT/nova-agent/issues/100.
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 2.1.21-6
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.21-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.21-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 26 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 2.1.21-3
- Rebuilt for Python 3.9
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.21-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
oomd-0.4.0-6.el8 (FEDORA-EPEL-2021-17a93b09a2)
Userspace Out-Of-Memory (OOM) killer
--------------------------------------------------------------------------------
Update Information:
Initial version for EPEL 8.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-SecretStorage-3.2.0-3.el8 (FEDORA-EPEL-2021-484fbbed1f)
Python bindings to
FreeDesktop.org Secret Service API
--------------------------------------------------------------------------------
Update Information:
This module provides a way for securely storing passwords and other secrets. It
uses D-Bus Secret Service API that is supported by GNOME Keyring (>= 2.30) and
KSecretsService. The main classes provided are secretstorage.Item, representing
a secret item (that has a label, a secret and some attributes) and
secretstorage.Collection, a place items are stored in. SecretStorage supports
most of the functions provided by Secret Service, including creating and
deleting items and collections, editing items, locking and unlocking collections
(asynchronous unlocking is also supported).
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1869811 - Please build python-SecretStorage for EPEL 8
https://bugzilla.redhat.com/show_bug.cgi?id=1869811
--------------------------------------------------------------------------------
================================================================================
python-django-2.2.19-1.el8 (FEDORA-EPEL-2021-6b1b1f9053)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
update to 2.2.19, resolve CVE-2021-23336 (rbhz#1931539)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 5 2021 Matthias Runge <mrunge(a)redhat.com> - 2.2.19-1
- update to 2.2.19, resolve CVE-2021-23336 (rbhz#1931539)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1928904 - CVE-2021-23336 python: Web Cache Poisoning via
urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters
https://bugzilla.redhat.com/show_bug.cgi?id=1928904
--------------------------------------------------------------------------------
================================================================================
wsdd-0.6.4-1.el8 (FEDORA-EPEL-2021-8abc0fbadb)
Web Services Dynamic Discovery host daemon
--------------------------------------------------------------------------------
Update Information:
Latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 4 2021 Sam P <survient(a)fedoraproject.org> - 0.6.4-1
- Updated to latest upstream release.
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 0.6.3-2
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
--------------------------------------------------------------------------------
================================================================================
zabbix40-4.0.29-1.el8 (FEDORA-EPEL-2021-58f4d56777)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
Update to 4.0.29 Release notes: *
https://www.zabbix.com/rn/rn4.0.29 *
https://www.zabbix.com/rn/rn4.0.28 Resolves CVE-2021-27927:
CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 5 2021 Orion Poplawski <orion(a)nwra.com> - 4.0.29-1
- Update to 4.0.29 (CVE-2021-27927)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1934825 - CVE-2021-27927 zabbix: CControllerAuthenticationUpdate controller
lacks a CSRF protection mechanism
https://bugzilla.redhat.com/show_bug.cgi?id=1934825
--------------------------------------------------------------------------------