The following Fedora EPEL 7 Security updates need testing:
Age URL
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-855ba97187
shapelib-1.3.0-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
dcfldd-1.9-1.el7
fedora-license-data-1.13-1.el7
radare2-5.8.2-1.el7
rust-1.67.1-1.el7
xrootd-5.5.2-1.el7
Details about builds:
================================================================================
dcfldd-1.9-1.el7 (FEDORA-EPEL-2023-14c83a72b9)
Improved dd, useful for forensics and security
--------------------------------------------------------------------------------
Update Information:
bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 9 2023 Michal Ambroz <rebus at, seznam.cz> - 1.9-1
- bump to 1.9
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Oct 22 2022 Michal Ambroz <rebus at, seznam.cz> - 1.8-1
- bump to 1.8
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Feb 14 2022 Michal Ambroz <rebus at, seznam.cz> - 1.7.1-3
- fix typo in license - #2036038
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2168491 - dcfldd-1.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2168491
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.13-1.el7 (FEDORA-EPEL-2023-a5323e9319)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
- Add NIST Public Domain license as approved - Add Blue Oak Model License 1.0.0
as approved
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 10 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.13-1
- Fix erroneous substitutions of legacy-name for name
- Add NIST Public Domain license as approved
- Add Blue Oak Model License 1.0.0 as approved
--------------------------------------------------------------------------------
================================================================================
radare2-5.8.2-1.el7 (FEDORA-EPEL-2023-8535da02dc)
The reverse engineering framework
--------------------------------------------------------------------------------
Update Information:
bigfix release fixing couple of possible bugffer overflows rated as CVE
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 25 2023 Michal Ambroz <rebus at, seznam.cz> 5.8.2-1
- bump to 5.8.2
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.7.8-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Aug 2 2022 Michal Ambroz <rebus at, seznam.cz> 5.7.8-1
- bump to 5.7.8
* Tue Aug 2 2022 Michal Ambroz <rebus at, seznam.cz> 5.7.6-1
- bump to 5.7.6
- cherrypicked patch for new libmagic from upstream
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.6.8-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Apr 21 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> - 5.6.8-1
- bump to 5.6.8
* Wed Apr 13 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-2
- refresh list of bundled libraries and associated cleanup
* Tue Apr 12 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-2
- Fixes for CVE-2022-1061 CVE-2022-1207 CVE-2022-1237 CVE-2022-1238
CVE-2022-1240 CVE-2022-1244 CVE-2022-1283 CVE-2022-1284 CVE-2022-1296
CVE-2022-1297
* Tue Apr 12 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-1
- bump to 5.6.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2061538 - CVE-2022-0849 radare2: use-after-free in r_reg_get_name_idx() in
libr/reg/reg.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2061538
[ 2 ] Bug #2068179 - CVE-2022-1052 radare2: Heap Buffer Overflow in
iterate_chained_fixups [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2068179
[ 3 ] Bug #2068586 - CVE-2022-1061 radare2: heap-based buffer overflow in parseDragons()
in libr/bin/p/bin_symbols.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2068586
[ 4 ] Bug #2073907 - CVE-2022-1284 radare2: heap-use-after-free in radareorg/radare2
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073907
[ 5 ] Bug #2073910 - CVE-2022-1283 radare2: NULL Pointer Dereference in
r_bin_ne_get_entrypoints function in radareorg/radare2 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073910
[ 6 ] Bug #2073956 - CVE-2022-1240 radare2: heap buffer overflow in
libr/bin/format/mach0/mach0.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073956
[ 7 ] Bug #2073962 - CVE-2022-1237 radare2: Improper Validation of Array Index can lead
to heap overflow [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073962
[ 8 ] Bug #2073971 - CVE-2022-1238 radare2: Heap-based Buffer Overflow in
libr/bin/format/ne/ne.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073971
[ 9 ] Bug #2073975 - CVE-2022-1244 radare2: heap-buffer-overflow might cause denial of
service. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073975
[ 10 ] Bug #2074066 - CVE-2022-1207 radare2: Out-of-bounds read allows reading sensitive
information [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2074066
[ 11 ] Bug #2074199 - CVE-2022-1296 radare2: Out-of-bounds read in `r_bin_ne_get_relocs`
function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2074199
[ 12 ] Bug #2074204 - CVE-2022-1297 radare2: Out-of-bounds read in
r_bin_ne_get_entrypoints function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2074204
[ 13 ] Bug #2076175 - CVE-2022-1382 radare2: NULL Pointer Dereference [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2076175
[ 14 ] Bug #2076177 - CVE-2022-1383 radare2: Heap-based Buffer Overflow [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2076177
[ 15 ] Bug #2078497 - CVE-2022-1444 radare2: : radare2: heap-use-after-free capable of
denial of service [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2078497
[ 16 ] Bug #2078498 - CVE-2022-1444 radare2: : radare2: heap-use-after-free capable of
denial of service [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2078498
[ 17 ] Bug #2078504 - CVE-2022-1451 radare2: Out-of-bounds read in
r_bin_java_constant_value_attr_new function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2078504
[ 18 ] Bug #2078505 - CVE-2022-1451 radare2: Out-of-bounds read in
r_bin_java_constant_value_attr_new function [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2078505
[ 19 ] Bug #2078509 - CVE-2022-1452 radare2: Out-of-bounds read in
r_bin_java_bootstrap_methods_attr_new function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2078509
[ 20 ] Bug #2078510 - CVE-2022-1452 radare2: Out-of-bounds read in
r_bin_java_bootstrap_methods_attr_new function [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2078510
--------------------------------------------------------------------------------
================================================================================
rust-1.67.1-1.el7 (FEDORA-EPEL-2023-a352d478c2)
The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
- Downgrade `clippy::uninlined_format_args` to pedantic. - Fix a type mismatch
in the internal async generator ABI.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 9 2023 Josh Stone <jistone(a)redhat.com> - 1.67.1-1
- Update to 1.67.1.
* Fri Feb 3 2023 Josh Stone <jistone(a)redhat.com> - 1.67.0-3
- Unbundle libgit2 on Fedora 38.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2168758 - rust-1.67.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2168758
--------------------------------------------------------------------------------
================================================================================
xrootd-5.5.2-1.el7 (FEDORA-EPEL-2023-7796aa48c5)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
xrootd 5.5.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 9 2023 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1:5.5.2-1
- Update to version 5.5.2
- Drop patches accepted upstream or previously backported
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:5.5.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Jan 17 2023 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1:5.5.1-2
- Add missing include - fixes build failure with gcc 13
- Fix build failure due to possible large memory allocation
--------------------------------------------------------------------------------