The following Fedora EPEL 7 Security updates need testing:
Age URL
48
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2c81054303
remctl-3.14-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8b8dc96235
nodejs-deep-extend-0.5.1-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3a39b00b77
thunderbird-enigmail-2.0.4-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-860176245e
gifsicle-1.91-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-48b823c3dc
strongswan-5.6.2-6.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
beaker-25.4-1.el7
chromium-66.0.3359.181-2.el7
iperf-2.0.11-1.el7
libqtxdg-2.0.0-12.el7
lxqt-qtplugin-0.11.1-11.el7
pdns-recursor-4.1.3-2.el7
phpMyAdmin-4.4.15.10-3.el7
purple-discord-0-18.20180515gitb895521.el7
purple-hangouts-0-58.20180419hg9d008f2.el7
purple-libsteam-1.6.1-21.20180514git4a09c08.el7
purple-skypeweb-1.5-1.20180525gitcf65095.el7
python-moksha-hub-1.5.7-1.el7
standard-test-roles-2.13-1.el7
youtube-dl-2018.05.18-1.el7
Details about builds:
================================================================================
beaker-25.4-1.el7 (FEDORA-EPEL-2018-e15951a712)
Full-stack software and hardware integration testing system
--------------------------------------------------------------------------------
Update Information:
Upstream version 25.4 ---- Upstream version 25.2
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 25 2018 Greg Hellings <greg.hellings(a)gmail.com> - 25.4-1
- Upstream version 25.4
- Fixes BZ 1579575
* Mon May 14 2018 Greg Hellings <greg.hellings(a)gmail.com> - 25.2-1
- Upstream version 25.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1579575 - beaker-25.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1579575
[ 2 ] Bug #1566043 - beaker-25.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1566043
--------------------------------------------------------------------------------
================================================================================
chromium-66.0.3359.181-2.el7 (FEDORA-EPEL-2018-297fb7f6c0)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Update to 66.0.3359.181. Security fix for CVE-2018-6085 CVE-2018-6086
CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091
CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096
CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101
CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106
CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111
CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6116 CVE-2018-6117
CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 23 2018 Tom Callaway <spot(a)fedoraproject.org> 66.0.3359.181-2
- fix missing files
* Mon May 21 2018 Tom Callaway <spot(a)fedoraproject.org> 66.0.3359.181-1
- update to 66.0.3359.181
* Tue May 15 2018 Tom Callaway <spot(a)fedoraproject.org> 66.0.3359.170-2
- only x86_64 i686 have swiftshader
- fix gcc8 alignof issue on i686
* Mon May 14 2018 Tom Callaway <spot(a)fedoraproject.org> 66.0.3359.170-1
- update to 66.0.3359.170
- include swiftshader files
* Tue May 1 2018 Tom Callaway <spot(a)fedoraproject.org> 66.0.3359.139-1
- update to 66.0.3359.139
* Wed Apr 18 2018 Tom Callaway <spot(a)fedoraproject.org> 66.0.3359.117-1
- update to 66.0.3359.117
* Tue Apr 17 2018 Tom Callaway <spot(a)fedoraproject.org> 65.0.3325.181-3
- use system fontconfig (except on epel7)
* Wed Apr 4 2018 Tom Callaway <spot(a)fedoraproject.org> 65.0.3325.181-2
- add explicit dependency on minizip (bz 1534282)
* Wed Mar 28 2018 Tom Callaway <spot(a)fedoraproject.org>
- check that there is no system 'google' module, shadowing bundled ones
- conditionalize api keys (on by default)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1577115 - CVE-2018-6120 chromium-browser: Heap buffer overflow in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1577115
[ 2 ] Bug #1577114 - CVE-2018-6122 chromium-browser: Type confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1577114
[ 3 ] Bug #1577113 - CVE-2018-6121 chromium-browser: Privilege Escalation in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1577113
[ 4 ] Bug #1573856 - CVE-2018-6118 chromium-browser: Use after free in Media Cache
https://bugzilla.redhat.com/show_bug.cgi?id=1573856
[ 5 ] Bug #1568797 - CVE-2018-6117 chromium-browser: Confusing autofill settings
https://bugzilla.redhat.com/show_bug.cgi?id=1568797
[ 6 ] Bug #1568796 - CVE-2018-6116 chromium-browser: Incorrect low memory handling in
WebAssembly
https://bugzilla.redhat.com/show_bug.cgi?id=1568796
[ 7 ] Bug #1568795 - CVE-2018-6115 chromium-browser: SmartScreen bypass in downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1568795
[ 8 ] Bug #1568794 - CVE-2018-6114 chromium-browser: CSP bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1568794
[ 9 ] Bug #1568793 - CVE-2018-6113 chromium-browser: URL spoof in Navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1568793
[ 10 ] Bug #1568792 - CVE-2018-6112 chromium-browser: Incorrect URL handling in
DevTools
https://bugzilla.redhat.com/show_bug.cgi?id=1568792
[ 11 ] Bug #1568791 - CVE-2018-6111 chromium-browser: Heap-use-after-free in DevTools
https://bugzilla.redhat.com/show_bug.cgi?id=1568791
[ 12 ] Bug #1568790 - CVE-2018-6110 chromium-browser: Incorrect handling of plaintext
files via file://
https://bugzilla.redhat.com/show_bug.cgi?id=1568790
[ 13 ] Bug #1568789 - CVE-2018-6109 chromium-browser: Incorrect handling of files by
FileAPI
https://bugzilla.redhat.com/show_bug.cgi?id=1568789
[ 14 ] Bug #1568788 - CVE-2018-6108 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1568788
[ 15 ] Bug #1568787 - CVE-2018-6107 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1568787
[ 16 ] Bug #1568786 - CVE-2018-6106 chromium-browser: Incorrect handling of promises in
V8
https://bugzilla.redhat.com/show_bug.cgi?id=1568786
[ 17 ] Bug #1568785 - CVE-2018-6105 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1568785
[ 18 ] Bug #1568782 - CVE-2018-6104 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1568782
[ 19 ] Bug #1568781 - CVE-2018-6103 chromium-browser: UI spoof in Permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1568781
[ 20 ] Bug #1568780 - CVE-2018-6102 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1568780
[ 21 ] Bug #1568779 - CVE-2018-6101 chromium-browser: Insufficient protection of remote
debugging prototol in DevTools
https://bugzilla.redhat.com/show_bug.cgi?id=1568779
[ 22 ] Bug #1568778 - CVE-2018-6100 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1568778
[ 23 ] Bug #1568777 - CVE-2018-6099 chromium-browser: CORS bypass in ServiceWorker
https://bugzilla.redhat.com/show_bug.cgi?id=1568777
[ 24 ] Bug #1568776 - CVE-2018-6098 chromium-browser: URL spoof in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1568776
[ 25 ] Bug #1568775 - CVE-2018-6097 chromium-browser: Fullscreen UI spoof
https://bugzilla.redhat.com/show_bug.cgi?id=1568775
[ 26 ] Bug #1568774 - CVE-2018-6096 chromium-browser: Fullscreen UI spoof
https://bugzilla.redhat.com/show_bug.cgi?id=1568774
[ 27 ] Bug #1568773 - CVE-2018-6095 chromium-browser: Lack of meaningful user
interaction requirement before file upload
https://bugzilla.redhat.com/show_bug.cgi?id=1568773
[ 28 ] Bug #1568771 - CVE-2018-6094 chromium-browser: Exploit hardening regression in
Oilpan
https://bugzilla.redhat.com/show_bug.cgi?id=1568771
[ 29 ] Bug #1568770 - CVE-2018-6093 chromium-browser: Same origin bypass in Service
Worker
https://bugzilla.redhat.com/show_bug.cgi?id=1568770
[ 30 ] Bug #1568769 - CVE-2018-6092 chromium-browser: Integer overflow in WebAssembly
https://bugzilla.redhat.com/show_bug.cgi?id=1568769
[ 31 ] Bug #1568767 - CVE-2018-6091 chromium-browser: Incorrect handling of plug-ins by
Service Worker
https://bugzilla.redhat.com/show_bug.cgi?id=1568767
[ 32 ] Bug #1568766 - CVE-2018-6090 chromium-browser: Heap buffer overflow in Skia
https://bugzilla.redhat.com/show_bug.cgi?id=1568766
[ 33 ] Bug #1568765 - CVE-2018-6089 chromium-browser: Same origin policy bypass in
Service Worker
https://bugzilla.redhat.com/show_bug.cgi?id=1568765
[ 34 ] Bug #1568764 - CVE-2018-6088 chromium-browser: Use after free in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1568764
[ 35 ] Bug #1568763 - CVE-2018-6087 chromium-browser: Use after free in WebAssembly
https://bugzilla.redhat.com/show_bug.cgi?id=1568763
[ 36 ] Bug #1568762 - CVE-2018-6086 chromium-browser: Use after free in Disk Cache
https://bugzilla.redhat.com/show_bug.cgi?id=1568762
[ 37 ] Bug #1568761 - CVE-2018-6085 chromium-browser: Use after free in Disk Cache
https://bugzilla.redhat.com/show_bug.cgi?id=1568761
--------------------------------------------------------------------------------
================================================================================
iperf-2.0.11-1.el7 (FEDORA-EPEL-2018-8b690ea247)
Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
Update Information:
update to 2.0.11 (#1582496)
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 25 2018 Gabriel Somlo <somlo at cmu.edu> 2.0.11-1
- update to 2.0.11 (#1582496)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.10-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1582496 - iperf-2.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1582496
--------------------------------------------------------------------------------
================================================================================
libqtxdg-2.0.0-12.el7 (FEDORA-EPEL-2018-eff5a537a1)
QtXdg, a Qt5 implementation of XDG standards
--------------------------------------------------------------------------------
Update Information:
Rebuild for EL 7.5 (Qt updated to 5.9, we rebuilt the packages using private api
here)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 7 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 2.0.0-12
- .spec cleanup, BR: gcc-c++, use %license %make_build
* Wed Feb 14 2018 Jan Grulich <jgrulich(a)redhat.com> - 2.0.0-11
- rebuild (qt5)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.0-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Dec 20 2017 Jan Grulich <jgrulich(a)redhat.com> - 2.0.0-9
- rebuild (qt5)
* Sun Nov 26 2017 Rex Dieter <rdieter(a)fedoraproject.org> - 2.0.0-8
- rebuild (qt5)
* Thu Oct 19 2017 Christian Dersch <lupinix(a)mailbox.org> - 2.0.0-7
- rebuilt
* Wed Oct 11 2017 Rex Dieter <rdieter(a)fedoraproject.org> - 2.0.0-6
- BR: qt5-qtbase-private-devel
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
lxqt-qtplugin-0.11.1-11.el7 (FEDORA-EPEL-2018-eff5a537a1)
Qt plugin framework for LXQt Desktop Suite
--------------------------------------------------------------------------------
Update Information:
Rebuild for EL 7.5 (Qt updated to 5.9, we rebuilt the packages using private api
here)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 14 2018 Jan Grulich <jgrulich(a)redhat.com> - 0.11.1-11
- rebuild (qt5)
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.1-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Dec 20 2017 Jan Grulich <jgrulich(a)redhat.com> - 0.11.1-9
- rebuild (qt5)
* Mon Nov 27 2017 Rex Dieter <rdieter(a)fedoraproject.org> - 0.11.1-8
- rebuild (qt5)
* Mon Oct 9 2017 Rex Dieter <rdieter(a)fedoraproject.org> - 0.11.1-7
- rebuild (qt5)
* Sun Aug 13 2017 Christian Dersch <lupinix(a)mailbox.org> - 0.11.1-6
- use versioned dependency for Qt
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
pdns-recursor-4.1.3-2.el7 (FEDORA-EPEL-2018-90002f509e)
Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
- Upstream released new version - Fix a bunch of CVE's
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 24 2018 Ruben Kerkhof <ruben(a)rubenkerkhof.com> - 4.1.3-2
- Fix sigabort (#1578732)
- Enable support for ed25519
* Thu May 24 2018 Ruben Kerkhof <ruben(a)rubenkerkhof.com> - 4.1.3-1
- New upstream release
- Fixes CVE-2017-15120, CVE-2018-1000003, CVE-2017-15090, CVE-2017-15092, CVE-2017-15093
and CVE-2017-15094
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1538010 - CVE-2018-1000003 pdns: Improper validation of wildcard synthesized
NSEC records [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1538010
[ 2 ] Bug #1524451 - CVE-2017-15090 CVE-2017-15092 CVE-2017-15093 CVE-2017-15094
CVE-2017-15120 pdns-recursor: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1524451
[ 3 ] Bug #1538011 - CVE-2018-1000003 pdns: Improper validation of wildcard synthesized
NSEC records [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1538011
[ 4 ] Bug #1524931 - CVE-2017-15120 pdns-recursor: Crafted CNAME answer can cause a
denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1524931
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.4.15.10-3.el7 (FEDORA-EPEL-2018-74ee3ae47e)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
- Added backported patch for PMASA-2018-1 (#1547748) - Backported patch to fix
displaying mysql.user and mysql.db - Added patch to silence PHP warning for
count() in export
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 16 2018 Robert Scheck <robert(a)fedoraproject.org> 4.4.15.10-3
- Added backported patch for PMASA-2018-1 (#1547748)
- Backported patch to fix displaying mysql.user and mysql.db
- Added patch to silence PHP warning for count() in export
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1547748 - CVE-2018-7260 phpMyAdmin: XSS in db_central_columns.php
https://bugzilla.redhat.com/show_bug.cgi?id=1547748
--------------------------------------------------------------------------------
================================================================================
purple-discord-0-18.20180515gitb895521.el7 (FEDORA-EPEL-2018-9f195f90c4)
Discord plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated plugins to latest snapshots.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 25 2018 Vitaly Zaitsev <vitaly(a)easycoding.org> - 0-18.20180515gitb895521
- Updated to latest snapshot.
--------------------------------------------------------------------------------
================================================================================
purple-hangouts-0-58.20180419hg9d008f2.el7 (FEDORA-EPEL-2018-9f195f90c4)
Hangouts plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated plugins to latest snapshots.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 25 2018 Vitaly Zaitsev <vitaly(a)easycoding.org> - 1:0-58.20180419hg9d008f2
- Updated to latest snapshot.
--------------------------------------------------------------------------------
================================================================================
purple-libsteam-1.6.1-21.20180514git4a09c08.el7 (FEDORA-EPEL-2018-9f195f90c4)
Steam plugin for Pidgin/Adium/libpurple
--------------------------------------------------------------------------------
Update Information:
Updated plugins to latest snapshots.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 25 2018 Vitaly Zaitsev <vitaly(a)easycoding.org> -
1.6.1-21.20180514git4a09c08
- Updated to latest snapshot.
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.6.1-20.20171225git7f761df
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
purple-skypeweb-1.5-1.20180525gitcf65095.el7 (FEDORA-EPEL-2018-9f195f90c4)
Adds support for Skype to Pidgin
--------------------------------------------------------------------------------
Update Information:
Updated plugins to latest snapshots.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 25 2018 Vitaly Zaitsev <vitaly(a)easycoding.org> - 1.5-1.20180525gitcf65095
- Updated to version 1.5.
--------------------------------------------------------------------------------
================================================================================
python-moksha-hub-1.5.7-1.el7 (FEDORA-EPEL-2018-e1e4467f7a)
Hub components for Moksha
--------------------------------------------------------------------------------
Update Information:
Fix memory leak.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 25 2018 Ralph Bean <rbean(a)redhat.com> - 1.5.7-1
- new version
--------------------------------------------------------------------------------
================================================================================
standard-test-roles-2.13-1.el7 (FEDORA-EPEL-2018-587b13b63d)
Standard Test Interface Ansible roles
--------------------------------------------------------------------------------
Update Information:
Update to 2.13 ---- Update to 2.5 ---- Update to 2.11
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 25 2018 Andrei Stepanov <astepano(a)redhat.com> - 2.13-2
- Build with the latest merged PRs.
* Wed May 23 2018 Andrei Stepanov <astepano(a)redhat.com> - 2.12-1
- Build with the latest merged PRs.
* Mon May 21 2018 Andrei Stepanov <astepano(a)redhat.com> - 2.11-1
- Build with the latest merged PRs.
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2018.05.18-1.el7 (FEDORA-EPEL-2018-9c4b244295)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 25 2018 Mat��j Cepl <mcepl(a)redhat.com> - 2018.05.18-1
- Update to the latest release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1571491 - youtube-dl-2018.05.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1571491
--------------------------------------------------------------------------------