The following Fedora EPEL 6 Security updates need testing:
Age URL
99
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c
unrtf-0.21.9-8.el6
38
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f21474267b
condor-8.6.11-1.el6
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-130324cf61
gitolite3-3.6.9-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-154bc7ea13
php-tcpdf-6.2.22-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
inxi-3.0.24-1.el6
mozilla-noscript-5.1.8.7-1.el6
munin-2.0.40-4.el6
php-kolab-net-ldap3-1.0.7-2.el6
Details about builds:
================================================================================
inxi-3.0.24-1.el6 (FEDORA-EPEL-2018-933e7f4e3c)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.24. Now you can see hardware vulnerabilities and it's mitigations
by -Ca key.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 12 2018 Vasiliy N. Glazov <vascom2(a)gmail.com> 3.0.24-1
- Update to 3.0.24
* Mon Sep 10 2018 Vasiliy N. Glazov <vascom2(a)gmail.com> 3.0.23-1
- Update to 3.0.23
* Tue Sep 4 2018 Vasiliy N. Glazov <vascom2(a)gmail.com> 3.0.22-1
- Update to 3.0.22
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-5.1.8.7-1.el6 (FEDORA-EPEL-2018-0d793474b0)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
v 5.1.8.7 ============================================================= *
[Security] Fixed script blocking bypass zero-day (thanks Zerodium for
unresponsible disclosure,
https://twitter.com/Zerodium/status/1039127214602641409) * [Surrogate] Fixed
typo in 2mdn replacement (thansk barbaz) * [XSS] Fixed InjectionChecker choking
at some big JSON payloads sents as POST form data * [XSS] In-depth protection
against native ES6 modules abuse * Fixed classic beta channel users being
accidentally migrated to stable (thanks barbaz)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 16 2018 Dominik Mierzejewski <rpm(a)greysector.net> - 5.1.8.7-1
- update to 5.1.8.7 (fixes CVE-2018-16983)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1629212 - CVE-2018-16983 mozilla-noscript: NoScript Bypass via the
text/html;/json Content-Type value
https://bugzilla.redhat.com/show_bug.cgi?id=1629212
--------------------------------------------------------------------------------
================================================================================
munin-2.0.40-4.el6 (FEDORA-EPEL-2018-bf0c049faf)
Network-wide resource monitoring tool
--------------------------------------------------------------------------------
Update Information:
Improve upgrade path from old 2.0.33 to 2.0.40: save old apache config files as
%ghost. Improve first install experience by automatically creating localhost-
config and better example httpd/nginx config files.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 17 2018 Kim B. Heino <b(a)bbbs.net> - 2.0.40-4
- rhbz#1327512: munin-limits not reporting actual state of variable to NSCA
- rhbz#1629438: Create localhost-config on first install
- rhbz#1629438: Include old httpd config files as ghost
* Fri Sep 14 2018 Kim B. Heino <b(a)bbbs.net> - 2.0.40-3
- rhbz#1628390: Fix missing Perl dependencies in Fedora
- Obsolete munin-netip-plugins for epel upgrade path
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1628390 - munin-node requires perl-Getopt-Long but package does not require
it
https://bugzilla.redhat.com/show_bug.cgi?id=1628390
[ 2 ] Bug #1629438 - The 2.0.40-2 release of munin packages on Aug 25th 2018 is broken.
https://bugzilla.redhat.com/show_bug.cgi?id=1629438
[ 3 ] Bug #1327512 - munin-limits not reporting actual state of variable to NSCA
https://bugzilla.redhat.com/show_bug.cgi?id=1327512
--------------------------------------------------------------------------------
================================================================================
php-kolab-net-ldap3-1.0.7-2.el6 (FEDORA-EPEL-2018-14a57809d2)
Advanced functionality for accessing LDAP directories
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.7** - Jun 20 2018 * Fix bug where ldapsearch command was failing
when configured host contained protocol schema prefix * Fix regression in
setting LDAP cache file path * Improve setup of the schema cache location ----
**Version 1.0.6** - Apr 7 2017 * strncasecmp() -> strcasecmp() * Support GSSAPI
authentication * Use packagist as a source of Net_LDAP2 package ---- **Version
1.0.5** - Apr 5 2016 * Fix package names to conform with packagist's naming
policies * Fix bug where LDAP_OPT_DEBUG_LEVEL option couldn't have been disabled
(#4918) * Fix ldap_sort() deprecation warning in PHP7 (T1107) * Remove unused
variable, remove @ on ldap_add(), this may print useful warnings��� * Ensure that
multi-valued attributes have sequential indexes in the array ---- **Version
1.0.4** - Oct 15 2015 * Unify some error, warning and debug messages * fixing
recursive deletion of domains * Don't execute LDAP queries for domains if
domain_base_dn is not configured * Support %s variable in 'domain_filter' config
option * Fix find_domain() result when domain wasn't found (#4959)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 17 2018 Remi Collet <remi(a)fedoraproject.org> - 1.0.7-2
- update to 1.0.7
- sources from git snapshot
- provide php-composer(kolab/net_ldap3)
- update to 1.0.3
--------------------------------------------------------------------------------