The following Fedora EPEL 7 Security updates need testing:
Age URL
929
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
692
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
274
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
171
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
170
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4
tnef-1.4.14-1.el7
169
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
36
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-17b77b3268
botan-1.10.16-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-59c79d3a8a
google-api-python-client-1.6.3-1.el7 python-httplib2-0.9.2-0.1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7bdf242c17
drupal7-views-3.18-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-10553ac5bd
ReviewBoard-2.5.16-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9f88067c22
mpg123-1.25.6-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23
libmspack-0.6-0.1.alpha.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2795d59fcc
python3-numpy-1.10.4-5.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30a9c74908
php-horde-Horde-Image-2.5.2-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5b07cc6958
wordpress-4.8.2-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8da6477f0a
moodle-3.1.8-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3a2abe4898
php-horde-passwd-5.0.7-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a3ae700da7
php-horde-wicked-2.0.8-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d49c1ef800
php-horde-nag-4.2.17-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b8147c68
openvpn-auth-ldap-2.0.3-15.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e3436f7a95
libbson-1.3.5-4.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9179bc1cf5
chromium-61.0.3163.100-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
bodhi-2.11.0-2.el7
certbot-0.18.2-2.el7
chromium-61.0.3163.100-1.el7
php-SymfonyCmfRouting-1.4.1-1.el7
python-acme-0.18.2-1.el7
python-certbot-apache-0.18.2-1.el7
python-certbot-nginx-0.18.2-1.el7
xorgxrdp-0.2.4-3.el7
youtube-dl-2017.09.15-1.el7
Details about builds:
================================================================================
bodhi-2.11.0-2.el7 (FEDORA-EPEL-2017-1e6d4edc57)
A modular framework that facilitates publishing software updates
--------------------------------------------------------------------------------
Update Information:
Retry auth upon captcha failures. ---- Update to
[
bodhi-2.11.0](https://github.com/fedora-infra/bodhi/releases/tag/2.11.0).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494644 - fedora.client.bodhi.BodhiClientException: You must provide a
captcha_key
https://bugzilla.redhat.com/show_bug.cgi?id=1494644
[ 2 ] Bug #1493587 - bodhi-2.11.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493587
--------------------------------------------------------------------------------
================================================================================
certbot-0.18.2-2.el7 (FEDORA-EPEL-2017-ca6917d085)
A free, automated certificate authority client
--------------------------------------------------------------------------------
Update Information:
Update to 0.18.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1493796 - python-certbot-nginx-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493796
[ 2 ] Bug #1493795 - python-certbot-apache-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493795
[ 3 ] Bug #1493794 - certbot-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493794
[ 4 ] Bug #1493792 - python-acme-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493792
--------------------------------------------------------------------------------
================================================================================
chromium-61.0.3163.100-1.el7 (FEDORA-EPEL-2017-9179bc1cf5)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Update to 61.0.3163.100. Fixes issue where images were not loading on RHEL 7.
Security fix for CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114,
CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119,
CVE-2017-5120, CVE-2017-5121, CVE-2017-5122
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1488782 - CVE-2017-5120 chromium-browser: potential https downgrade during
redirect navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1488782
[ 2 ] Bug #1488781 - CVE-2017-5119 chromium-browser: use of uninitialized value in skia
https://bugzilla.redhat.com/show_bug.cgi?id=1488781
[ 3 ] Bug #1488779 - CVE-2017-5118 chromium-browser: bypass of content security policy
in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1488779
[ 4 ] Bug #1488778 - CVE-2017-5117 chromium-browser: use of uninitialized value in skia
https://bugzilla.redhat.com/show_bug.cgi?id=1488778
[ 5 ] Bug #1488777 - CVE-2017-5116 chromium-browser: type confusion in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1488777
[ 6 ] Bug #1488776 - CVE-2017-5115 chromium-browser: type confusion in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1488776
[ 7 ] Bug #1488775 - CVE-2017-5114 chromium-browser: memory lifecycle issue in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1488775
[ 8 ] Bug #1488774 - CVE-2017-5113 chromium-browser: heap buffer overflow in skia
https://bugzilla.redhat.com/show_bug.cgi?id=1488774
[ 9 ] Bug #1488773 - CVE-2017-5112 chromium-browser: heap buffer overflow in webgl
https://bugzilla.redhat.com/show_bug.cgi?id=1488773
[ 10 ] Bug #1488772 - CVE-2017-5111 chromium-browser: use after free in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1488772
[ 11 ] Bug #1494392 - CVE-2017-5122 chromium-browser: out-of-bounds access in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1494392
[ 12 ] Bug #1494391 - CVE-2017-5121 chromium-browser: out-of-bounds access in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1494391
--------------------------------------------------------------------------------
================================================================================
php-SymfonyCmfRouting-1.4.1-1.el7 (FEDORA-EPEL-2017-2ae2b8fd19)
Extends the Symfony2 routing component for dynamic routes and chaining
--------------------------------------------------------------------------------
Update Information:
## 1.4.1 * Fix locale matching in candidates
--------------------------------------------------------------------------------
================================================================================
python-acme-0.18.2-1.el7 (FEDORA-EPEL-2017-ca6917d085)
Python library for the ACME protocol
--------------------------------------------------------------------------------
Update Information:
Update to 0.18.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1493796 - python-certbot-nginx-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493796
[ 2 ] Bug #1493795 - python-certbot-apache-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493795
[ 3 ] Bug #1493794 - certbot-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493794
[ 4 ] Bug #1493792 - python-acme-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493792
--------------------------------------------------------------------------------
================================================================================
python-certbot-apache-0.18.2-1.el7 (FEDORA-EPEL-2017-ca6917d085)
The apache plugin for certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.18.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1493796 - python-certbot-nginx-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493796
[ 2 ] Bug #1493795 - python-certbot-apache-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493795
[ 3 ] Bug #1493794 - certbot-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493794
[ 4 ] Bug #1493792 - python-acme-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493792
--------------------------------------------------------------------------------
================================================================================
python-certbot-nginx-0.18.2-1.el7 (FEDORA-EPEL-2017-ca6917d085)
The nginx plugin for certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.18.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1493796 - python-certbot-nginx-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493796
[ 2 ] Bug #1493795 - python-certbot-apache-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493795
[ 3 ] Bug #1493794 - certbot-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493794
[ 4 ] Bug #1493792 - python-acme-0.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493792
--------------------------------------------------------------------------------
================================================================================
xorgxrdp-0.2.4-3.el7 (FEDORA-EPEL-2017-69df2856c2)
Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:
xorgxrdp v0.2.4 has been released. This version includes fixes of following
issues: - Implement disconnection by xrdp-dis command #51
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1482107 - xrdp Xorg session doesn't start after RHEL 7.3 to 7.4 update
due to undefined symbol error
https://bugzilla.redhat.com/show_bug.cgi?id=1482107
[ 2 ] Bug #1493328 - xorgxrdp-0.2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1493328
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2017.09.15-1.el7 (FEDORA-EPEL-2017-2f0a19125b)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1490153 - youtube-dl-2017.09.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1490153
--------------------------------------------------------------------------------