The following Fedora EPEL 7 Security updates need testing:
Age URL
686
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
428
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
425
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
135
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7
75
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-19d171a465
python34-3.4.10-5.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f33a36b2c4
python-httplib2-0.18.1-3.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c438b9fb89
lynis-3.0.0-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d749373a67
znc-1.8.1-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-af9b2ac861
alpine-2.23-2.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6ad4894c0c
jbig2dec-0.12-5.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0078f6abc1
xpdf-3.04-10.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-af9c6001d1
ngircd-26-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5d348316dd
chromium-83.0.4103.116-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
coturn-4.5.1.3-1.el7
php-composer-semver3-3.0.0-1.el7
putty-0.74-1.el7
python-ifcfg-0.21-1.el7
xrdp-0.9.13.1-1.el7
Details about builds:
================================================================================
coturn-4.5.1.3-1.el7 (FEDORA-EPEL-2020-afd5c42fd6)
TURN/STUN & ICE Server
--------------------------------------------------------------------------------
Update Information:
Coturn 4.5.1.3 ============== * merge PR #575: Fix rpm packaging * merge PR
#576: Tell tar to not include the metadata into release * merge PR #574:
Change Docker `turnserver.conf` to latest `turnserver.conf` * merge PR #566:
Remove reference to SSLv3 * merge PR #579: Ignore MD5 for BoringSSL * merge
PR #577: Build RPM from local folder instead of Git repo * Fix for
CVE-2020-4067: STUN response buffer not initialized properly (issue found and
reported #583 by Felix D��rre)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 30 2020 Robert Scheck <robert(a)fedoraproject.org> - 4.5.1.3-1
- Update to 4.5.1.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852362 - CVE-2020-4067 coturn: STUN response buffer not initialized
properly
https://bugzilla.redhat.com/show_bug.cgi?id=1852362
--------------------------------------------------------------------------------
================================================================================
php-composer-semver3-3.0.0-1.el7 (FEDORA-EPEL-2020-d8053bd3a2)
Semver library version 3
--------------------------------------------------------------------------------
Update Information:
Semver library version 3 that offers utilities, version constraint parsing and
validation. Originally written as part of composer/composer, now extracted and
made available as a stand-alone library. Autoloader:
/usr/share/php/Composer/Semver3/autoload.php
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1843516 - Review Request: php-composer-semver3 - Semver library version 3
https://bugzilla.redhat.com/show_bug.cgi?id=1843516
--------------------------------------------------------------------------------
================================================================================
putty-0.74-1.el7 (FEDORA-EPEL-2020-2f70f49092)
SSH, Telnet and Rlogin client
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-14002.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 30 2020 Jaroslav ��karvada <jskarvad(a)redhat.com> - 0.74-1
- New version
- Fixed possible information leak in the algorithm negotiation
Resolves: rhbz#1852418
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852415 - CVE-2020-14002 putty: Observable Discrepancy leading to an
information leak in the algorithm negotiation
https://bugzilla.redhat.com/show_bug.cgi?id=1852415
--------------------------------------------------------------------------------
================================================================================
python-ifcfg-0.21-1.el7 (FEDORA-EPEL-2020-780bf90285)
Python cross-platform network interface discovery (ifconfig/ipconfig/ip)
--------------------------------------------------------------------------------
Update Information:
Update to the latest `python-ifcfg` release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 30 2020 Scott K Logan <logans(a)cottsay.net> - 0.21-1
- Update to 0.21 (rhbz#1852561)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852561 - python-ifcfg-0.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1852561
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.13.1-1.el7 (FEDORA-EPEL-2020-6949cf3502)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
This is a security fix release that includes fixes for the following local
buffer overflow vulnerability. - CVE-2022-4044: Local users can perform a
buffer overflow attack against the xrdp-sesman service and then impersonate it
This update is recommended for all xrdp users.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 30 2020 Bojan Smojver <bojan(a)rexurive.com> - 1:0.9.13.1-1
- Bump up to 0.9.13.1
- CVE-2022-4044
--------------------------------------------------------------------------------