The following Fedora EPEL 8 Security updates need testing:
Age URL
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-31e354d8e4
syslog-ng-3.23.1-3.el8
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4c460336cc
shapelib-1.5.0-12.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
awstats-7.9-1.el8
dcfldd-1.9-1.el8
epel-rpm-macros-8-37
fedora-license-data-1.13-1.el8
radare2-5.8.2-1.el8
xrootd-5.5.2-1.el8
Details about builds:
================================================================================
awstats-7.9-1.el8 (FEDORA-EPEL-2023-91aa97c08e)
Advanced Web Statistics
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version 7.9; see
https://www.awstats.org/docs/awstats_changelog.txt for more details
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 18 2023 Tim Jackson <rpm(a)timj.co.uk> - 7.9-1
- Version 7.9
--------------------------------------------------------------------------------
================================================================================
dcfldd-1.9-1.el8 (FEDORA-EPEL-2023-b9d4d76774)
Improved dd, useful for forensics and security
--------------------------------------------------------------------------------
Update Information:
bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 9 2023 Michal Ambroz <rebus at, seznam.cz> - 1.9-1
- bump to 1.9
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Oct 22 2022 Michal Ambroz <rebus at, seznam.cz> - 1.8-1
- bump to 1.8
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Feb 14 2022 Michal Ambroz <rebus at, seznam.cz> - 1.7.1-3
- fix typo in license - #2036038
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2168491 - dcfldd-1.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2168491
--------------------------------------------------------------------------------
================================================================================
epel-rpm-macros-8-37 (FEDORA-EPEL-2023-739eba5dc0)
Extra Packages for Enterprise Linux RPM macros
--------------------------------------------------------------------------------
Update Information:
Stop overriding macros that are now in RHEL 8.7
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 8 2023 Maxwell G <gotmax(a)e.email> - 8-37
- Stop overriding macros that are now in RHEL 8.7
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.13-1.el8 (FEDORA-EPEL-2023-cd5b94a793)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
- Add NIST Public Domain license as approved - Add Blue Oak Model License 1.0.0
as approved
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 10 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.13-1
- Fix erroneous substitutions of legacy-name for name
- Add NIST Public Domain license as approved
- Add Blue Oak Model License 1.0.0 as approved
--------------------------------------------------------------------------------
================================================================================
radare2-5.8.2-1.el8 (FEDORA-EPEL-2023-c1bf7ff735)
The reverse engineering framework
--------------------------------------------------------------------------------
Update Information:
bigfix release fixing couple of possible bugffer overflows rated as CVE
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 25 2023 Michal Ambroz <rebus at, seznam.cz> 5.8.2-1
- bump to 5.8.2
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.7.8-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Aug 2 2022 Michal Ambroz <rebus at, seznam.cz> 5.7.8-1
- bump to 5.7.8
* Tue Aug 2 2022 Michal Ambroz <rebus at, seznam.cz> 5.7.6-1
- bump to 5.7.6
- cherrypicked patch for new libmagic from upstream
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.6.8-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Apr 21 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> - 5.6.8-1
- bump to 5.6.8
* Wed Apr 13 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-2
- refresh list of bundled libraries and associated cleanup
* Tue Apr 12 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-2
- Fixes for CVE-2022-1061 CVE-2022-1207 CVE-2022-1237 CVE-2022-1238
CVE-2022-1240 CVE-2022-1244 CVE-2022-1283 CVE-2022-1284 CVE-2022-1296
CVE-2022-1297
* Tue Apr 12 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-1
- bump to 5.6.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2061538 - CVE-2022-0849 radare2: use-after-free in r_reg_get_name_idx() in
libr/reg/reg.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2061538
[ 2 ] Bug #2068179 - CVE-2022-1052 radare2: Heap Buffer Overflow in
iterate_chained_fixups [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2068179
[ 3 ] Bug #2068586 - CVE-2022-1061 radare2: heap-based buffer overflow in parseDragons()
in libr/bin/p/bin_symbols.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2068586
[ 4 ] Bug #2073907 - CVE-2022-1284 radare2: heap-use-after-free in radareorg/radare2
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073907
[ 5 ] Bug #2073910 - CVE-2022-1283 radare2: NULL Pointer Dereference in
r_bin_ne_get_entrypoints function in radareorg/radare2 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073910
[ 6 ] Bug #2073956 - CVE-2022-1240 radare2: heap buffer overflow in
libr/bin/format/mach0/mach0.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073956
[ 7 ] Bug #2073962 - CVE-2022-1237 radare2: Improper Validation of Array Index can lead
to heap overflow [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073962
[ 8 ] Bug #2073971 - CVE-2022-1238 radare2: Heap-based Buffer Overflow in
libr/bin/format/ne/ne.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073971
[ 9 ] Bug #2073975 - CVE-2022-1244 radare2: heap-buffer-overflow might cause denial of
service. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073975
[ 10 ] Bug #2074066 - CVE-2022-1207 radare2: Out-of-bounds read allows reading sensitive
information [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2074066
[ 11 ] Bug #2074199 - CVE-2022-1296 radare2: Out-of-bounds read in `r_bin_ne_get_relocs`
function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2074199
[ 12 ] Bug #2074204 - CVE-2022-1297 radare2: Out-of-bounds read in
r_bin_ne_get_entrypoints function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2074204
[ 13 ] Bug #2076175 - CVE-2022-1382 radare2: NULL Pointer Dereference [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2076175
[ 14 ] Bug #2076177 - CVE-2022-1383 radare2: Heap-based Buffer Overflow [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2076177
[ 15 ] Bug #2078497 - CVE-2022-1444 radare2: : radare2: heap-use-after-free capable of
denial of service [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2078497
[ 16 ] Bug #2078498 - CVE-2022-1444 radare2: : radare2: heap-use-after-free capable of
denial of service [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2078498
[ 17 ] Bug #2078504 - CVE-2022-1451 radare2: Out-of-bounds read in
r_bin_java_constant_value_attr_new function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2078504
[ 18 ] Bug #2078505 - CVE-2022-1451 radare2: Out-of-bounds read in
r_bin_java_constant_value_attr_new function [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2078505
[ 19 ] Bug #2078509 - CVE-2022-1452 radare2: Out-of-bounds read in
r_bin_java_bootstrap_methods_attr_new function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2078509
[ 20 ] Bug #2078510 - CVE-2022-1452 radare2: Out-of-bounds read in
r_bin_java_bootstrap_methods_attr_new function [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2078510
--------------------------------------------------------------------------------
================================================================================
xrootd-5.5.2-1.el8 (FEDORA-EPEL-2023-66e40b5134)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
xrootd 5.5.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 9 2023 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1:5.5.2-1
- Update to version 5.5.2
- Drop patches accepted upstream or previously backported
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:5.5.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Jan 17 2023 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1:5.5.1-2
- Add missing include - fixes build failure with gcc 13
- Fix build failure due to possible large memory allocation
--------------------------------------------------------------------------------