The following Fedora EPEL 7 Security updates need testing:
Age URL
743
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
506
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
208
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3
chicken-4.11.0-3.el7
88
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
15
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-19578898e6
w3m-0.5.3-30.git20170102.el7
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-769c60931f
wordpress-4.7.3-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6950a0884d R-3.3.3-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-956d05f9c4
mbedtls-2.4.2-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-05ac8b1dc4
php-onelogin-php-saml-2.10.5-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b639a46822
tcpreplay-4.2.0-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
gnome-shell-extension-no-topleft-hot-corner-14.0-2.el7
javawriter-2.5.1-4.el7
ovirt-guest-agent-1.0.13-2.el7
tcpreplay-4.2.0-1.el7
tlp-0.9-5.el7
xfce4-equake-plugin-1.3.8.1-1.el7
Details about builds:
================================================================================
gnome-shell-extension-no-topleft-hot-corner-14.0-2.el7 (FEDORA-EPEL-2017-c340eeff19)
Disable the "hot corner" in the top-left of GNOME Shell
--------------------------------------------------------------------------------
Update Information:
Put "Recommends" spec tag in a conditional, so that EPEL 7 will build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1389955 - Review Request: gnome-shell-extension-no-topleft-hot-corner -
Disable the "hot corner" in GNOME Shell
https://bugzilla.redhat.com/show_bug.cgi?id=1389955
--------------------------------------------------------------------------------
================================================================================
javawriter-2.5.1-4.el7 (FEDORA-EPEL-2017-7a22f48c16)
A Java API for generating .java source files
--------------------------------------------------------------------------------
Update Information:
Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ovirt-guest-agent-1.0.13-2.el7 (FEDORA-EPEL-2017-34f8fb3225)
The oVirt Guest Agent
--------------------------------------------------------------------------------
Update Information:
oVirt guest agent with a bugfix for el7 systems and hotplug memory on KVM
systems and new channel name fix
--------------------------------------------------------------------------------
================================================================================
tcpreplay-4.2.0-1.el7 (FEDORA-EPEL-2017-b639a46822)
Replay captured network traffic
--------------------------------------------------------------------------------
Update Information:
Features and fixes include: - MAC rewriting capabilities by Pedro Arthur (#313)
- Fix several issues identified by Coverity (#305) - Packet distortion --fuzz-
seed option by Gabriel Ganne (#302) - Add --unique-ip-loops option to modify IPs
every few loops (#296) - Netmap startup delay increase (#290) - tcpcapinfo
buffer overflow vulnerablily (#278) - Update git-clone instructions by Kyle
McDonald (#277) - Allow fractions for --pps option (#270) - Print per-loop stats
with --stats=0 (#269) - Add protection against packet drift by Guillaume Scott
(#268) - Print flow stats periodically with --stats output (#262) - Include
Travis-CI build support by Ilya Shipitsin (#264) (#285) - tcpreplay won't replay
all packets in a pcap file with --netmap (#255) - First and last packet times
in --stats output (#239) - Switch to wire speed after 30 minutes at 6 Gbps
(#210) - tcprewrite fix checksum properly for fragmented packets (#190) ----
Patch CVE-2017-6429. Tcpcapinfo utility of Tcpreplay has a buffer overflow
vulnerability associated with parsing a crafted pcap file. This occurs in the
src/tcpcapinfo.c file when capture has a packet that is too large to handle.
References:
http://seclists.org/bugtraq/2017/Mar/22 Upstream bug:
https://github.com/appneta/tcpreplay/issues/278
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429521 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1429521
[ 2 ] Bug #1429522 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1429522
--------------------------------------------------------------------------------
================================================================================
tlp-0.9-5.el7 (FEDORA-EPEL-2017-eb010f224a)
Advanced power management tool for Linux
--------------------------------------------------------------------------------
Update Information:
Upstream bug fixes for 0.9: - fix corner case for tlp-stat causing an error -
mitigate slow shutdown issue.
--------------------------------------------------------------------------------
================================================================================
xfce4-equake-plugin-1.3.8.1-1.el7 (FEDORA-EPEL-2017-7ee98adbf4)
Plugin for the XFCE panel which monitors earthquakes
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream version 1.3.8.1
--------------------------------------------------------------------------------