The following Fedora EPEL 7 Security updates need testing:
Age URL
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a3ae41bd1e
unrealircd-6.0.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
blender-2.68a-9.el7
hwinfo-21.68-2.el7
libbson-1.3.5-7.el7
rpki-client-7.7-1.el7
rust-1.60.0-1.el7
Details about builds:
================================================================================
blender-2.68a-9.el7 (FEDORA-EPEL-2022-4a24f39c87)
3D modeling, animation, rendering and post-production
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12081,
CVE-2017-12082, CVE-2017-12086, CVE-2017-12099, CVE-2017-12100, CVE-2017-12101,
CVE-2017-12105, CVE-2017-2908, CVE-2017-2899, CVE-2017-2900, fix CVE-2017-2901,
CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906,
CVE-2017-2907, CVE-2017-2918. Includes manual backports of the following
upstream commits: - a6700362 ���Memory: add MEM_malloc_arrayN() function to
protect against overflow.��� - d30cc1ea ���Fix buffer overflows in TIFF, PNG, IRIS,
DPX, HDR and AVI loading.��� - 07aed40 ���Fix buffer overflow vulernability in
thumbnail file reading.��� - e6df028 ���Fix buffer overflow vulnerabilities in mesh
code.��� - e6df028 ���Fix buffer overflow vulnerability in curve, font, particles
code.���
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 4 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1:2.68a-9
- Backport a6700362 ���Memory: add MEM_malloc_arrayN() function to protect against
overflow.��� ��� a prerequisite for several security fixes
- Backport d30cc1ea ���Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI
loading.��� Fix CVE-2017-2899 (fix RHBZ#1610813),
fix CVE-2017-2900 (fix RHBZ#1610816), fix CVE-2017-2901 (fix RHBZ#1610819),
fix CVE-2017-2902 (fix RHBZ#1610822), fix CVE-2017-2903 (fix RHBZ#1610824),
fix CVE-2017-2904 (fix RHBZ#1610827), fix CVE-2017-2905 (fix RHBZ#1610829),
fix CVE-2017-2906 (fix RHBZ#1610832), fix CVE-2017-2907 (fix RHBZ#1610834),
fix CVE-2017-2918 (fix RHBZ#1610843)
- Backport 07aed40 ���Fix buffer overflow vulernability in thumbnail file
reading.��� Fix CVE-2017-2908 (fix RHBZ#1610836)
- Backport e04d7c4 ���Fix buffer overflow vulnerabilities in mesh code.���
Fix CVE-2017-12081 (fix RHBZ#1610865), fix CVE-2017-12082 (fix RHBZ#1610862),
fix CVE-2017-12086 (fix RHBZ#1571612), fix CVE-2017-12099 (fix RHBZ#1610860),
fix CVE-2017-12100 (fix RHBZ#1610858), fix CVE-2017-12101 (fix RHBZ#1610856),
fix CVE-2017-12105 (fix RHBZ#1610840)
- Backport e6df028 ���Fix buffer overflow vulnerability in curve, font, particles
code.���
Fix CVE-2017-12102 (fix RHBZ#1610851), fix CVE-2017-12103 (fix RHBZ#1610848),
fix CVE-2017-12104 (fix RHBZ#1610846)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1571612 - CVE-2017-12086 blender: Integer overflow in
BKE_mesh_calc_normals_tessface potentially leading to code execution [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1571612
[ 2 ] Bug #1610813 - CVE-2017-2899 blender: Integer Overflow in imb_loadtiff [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610813
[ 3 ] Bug #1610816 - CVE-2017-2900 blender: Integer Overflow in IMB_ibImageFromMemory
[epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610816
[ 4 ] Bug #1610819 - CVE-2017-2901 blender: Integer Overflow in imb_loadiris [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610819
[ 5 ] Bug #1610822 - CVE-2017-2902 blender: Integer Overflow in DPX loading [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610822
[ 6 ] Bug #1610824 - CVE-2017-2903 blender: Integer Overflow in logImageOpenFromMemory
[epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610824
[ 7 ] Bug #1610827 - CVE-2017-2904 blender: Integer Overflow in the RADIANCE loading
functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610827
[ 8 ] Bug #1610829 - CVE-2017-2905 blender: Integer Overflow in the bmp loading
functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610829
[ 9 ] Bug #1610832 - CVE-2017-2906 blender: Integer Overflow in the animation playing
functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610832
[ 10 ] Bug #1610834 - CVE-2017-2907 blender: Integer Overflow in the animation playing
functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610834
[ 11 ] Bug #1610836 - CVE-2017-2908 blender: Integer Overflow in the thumbnail
functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610836
[ 12 ] Bug #1610840 - CVE-2017-12105 blender: Integer Overflow in the
BKE_mesh_vertexCos_get function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610840
[ 13 ] Bug #1610843 - CVE-2017-2918 blender: Integer Overflow in the Image loading
functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610843
[ 14 ] Bug #1610846 - CVE-2017-12104 blender: Integer Overflow when it draws a Particle
object [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610846
[ 15 ] Bug #1610848 - CVE-2017-12103 blender: Integer Overflow when it converts text
rendered as a font into a curve [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610848
[ 16 ] Bug #1610851 - CVE-2017-12102 blender: Integer Overflow when it converts converts
curves to polygons [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610851
[ 17 ] Bug #1610856 - CVE-2017-12101 blender: Integer Overflow in the
modifier_mdef_compact_influences functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610856
[ 18 ] Bug #1610858 - CVE-2017-12100 blender: Integer Overflow in the
multires_load_old_dm functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610858
[ 19 ] Bug #1610860 - CVE-2017-12099 blender: Integer Overflow in the legacy Mesh
attribute tface [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610860
[ 20 ] Bug #1610862 - CVE-2017-12082 blender: Integer Overflow in the CustomData Mesh
loading functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610862
[ 21 ] Bug #1610865 - CVE-2017-12081 blender: Integer Overflow in the upgrade of a
legacy Mesh attribute [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1610865
--------------------------------------------------------------------------------
================================================================================
hwinfo-21.68-2.el7 (FEDORA-EPEL-2022-72167dbb66)
Hardware information tool
--------------------------------------------------------------------------------
Update Information:
Rebuild for unannounced libx86emu soname bump.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 8 2022 Carl George <carl(a)george.computer> - 21.68-2
- Rebuild for unannounced libx86emu soname bump
- Resolves: rhbz#2073238
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2073238 - rebuild hwinfo 21.68-1 against libx86emu 3.5-1 for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=2073238
--------------------------------------------------------------------------------
================================================================================
libbson-1.3.5-7.el7 (FEDORA-EPEL-2022-14d598751d)
Building, parsing, and iterating BSON documents
--------------------------------------------------------------------------------
Update Information:
This release prevents from a memory corruption when dealing with a too large
(larger than a half of a address space) JSON documents. The prevention results
in terminating the offended process. The same meassure which libbson triggers on
a memory exhaustion.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 7 2022 Petr Pisar <ppisar(a)redhat.com> - 1.3.5-7
- Fix CVE-2022-24795 (an integer overflow leading to heap memory corruption
when dealing with large inputs) (bug #2072913)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2072912 - CVE-2022-24795 yajl: heap-based buffer overflow when handling large
inputs due to an integer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2072912
--------------------------------------------------------------------------------
================================================================================
rpki-client-7.7-1.el7 (FEDORA-EPEL-2022-9e4f7fd0a2)
RPKI validator to support BGP Origin Validation
--------------------------------------------------------------------------------
Update Information:
# rpki-client 7.7 - Add various RFC 6488 compliance checks to improve the CMS
parser. - Improve RRDP replication through less aggressive cache cleanup. -
Add a check whether a given Manifest EE certificate is listed on the applicable
CRL. - For forward compatibility permit ASPA object to appear on Manifests.
- Various improvements to the `-f <file>` diagnostic option to now also validate
files containing Trust Anchor certs and CRLs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 8 2022 Robert Scheck <robert(a)fedoraproject.org> 7.7-1
- Upgrade to 7.7 (#2073214)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2073214 - rpki-client-7.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2073214
--------------------------------------------------------------------------------
================================================================================
rust-1.60.0-1.el7 (FEDORA-EPEL-2022-fbe6a17582)
The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
Update to Rust 1.60.0: * Source-based Code Coverage * `cargo --timings` * New
syntax for Cargo features * Incremental compilation re-enabled * `Instant`
monotonicity guarantees * Stabilized APIs See the [blog
post](https://blog.rust-lang.org/2022/04/07/Rust-1.60.0.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1600-2022-04-07) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 7 2022 Josh Stone <jistone(a)redhat.com> - 1.60.0-1
- Update to 1.60.0.
* Fri Mar 25 2022 Josh Stone <jistone(a)redhat.com> - 1.59.0-4
- Fix the archive index for wasm32-wasi's libc.a
* Fri Mar 4 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1.59.0-3
- Rebuild against the bootstrapped build
* Fri Mar 4 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1.59.0-2.1
- Bootstrapping for Fedora ELN
--------------------------------------------------------------------------------