The following Fedora EPEL 7 Security updates need testing:
Age URL
466
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
207
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
205
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-136fa99185
limnoria-20191109-2.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5fecd4c331
libmodbus-3.0.8-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d8f3c6a443
chromium-78.0.3904.97-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-58be818bb4
thunderbird-enigmail-2.1.3-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8a7207a341
libidn2-2.3.0-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aff200699c
mingw-libidn2-2.3.0-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b1761c2898
imapfilter-2.6.15-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
fail2ban-0.10.4-1.el7
jhead-3.04-1.el7
radsecproxy-1.8.0-1.el7
Details about builds:
================================================================================
fail2ban-0.10.4-1.el7 (FEDORA-EPEL-2019-dac149ad76)
Daemon to ban hosts that cause multiple authentication errors
--------------------------------------------------------------------------------
Update Information:
Update to 0.10.4 --- Incompatibility list (compared to v.0.9): * Filter (or
`failregex`) internal capture-groups: - If you've your own `failregex` or
custom filters using conditional match `(?P=host)`, you should rewrite the regex
like in example below resp. using `(?:(?P=ip4)|(?P=ip6)` instead of `(?P=host)`
(or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding your `usedns` and `raw`
settings). Of course you can always define your own capture-group (like
below `_cond_ip_`) to do this. ``` testln="1500000000 failure from
192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln"
"^\s*failure from
(?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$" ``` - New internal
groups
(currently reserved for internal usage): `ip4`, `ip6`, `dns`, `fid`,
`fport`, additionally `user` and another captures in lower case if mapping from
tag `<F-*>` used in failregex (e. g. `user` by `<F-USER>`). * v.0.10 uses
more
precise date template handling, that can be theoretically incompatible to some
user configurations resp. `datepattern`. * Since v0.10 fail2ban supports the
matching of IPv6 addresses, but not all ban actions are IPv6-capable now.
Also: - Define banaction_allports for firewalld, update banaction (bz#1775175)
- Update sendmail-reject with TLSMTA & MSA port IDs (bz#1722625) - Remove config
files for other distros (bz#1533113)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 23 2019 Orion Poplawski <orion(a)nwra.com> - 0.10.4-1
- Update to 0.10.4
- Define banaction_allports for firewalld, update banaction (bz#1775175)
- Update sendmail-reject with TLSMTA & MSA port IDs (bz#1722625)
- Remove config files for other distros (bz#1533113)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1725975 - ssh jail bans the same IP for all log messages
https://bugzilla.redhat.com/show_bug.cgi?id=1725975
[ 2 ] Bug #1733363 - The default ssd filter file /etc/fail2ban/filter.d/sshd.conf does
not protect against brute force password guessing if using pam_sss for authentication.
https://bugzilla.redhat.com/show_bug.cgi?id=1733363
[ 3 ] Bug #1401360 - postfix-rbl.conf regex for "454 4.7.1" should be
"554 5.7.1" for default postfix reject_rbl_client
https://bugzilla.redhat.com/show_bug.cgi?id=1401360
[ 4 ] Bug #1775175 - fail2ban-firewalld should define banaction_allports
https://bugzilla.redhat.com/show_bug.cgi?id=1775175
--------------------------------------------------------------------------------
================================================================================
jhead-3.04-1.el7 (FEDORA-EPEL-2019-1a5ac407f8)
Tool for displaying EXIF data embedded in JPEG images
--------------------------------------------------------------------------------
Update Information:
updated to 3.04 (CVE-2019-19035)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 22 2019 Adrian Reber <adrian(a)lisas.de> - 3.04-1
- updated to 3.04 (CVE-2019-19035)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1775098 - CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and
process_SOFn in jpgfile.c leads to denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1775098
--------------------------------------------------------------------------------
================================================================================
radsecproxy-1.8.0-1.el7 (FEDORA-EPEL-2019-34fead3896)
Generic RADIUS proxy with RadSec support
--------------------------------------------------------------------------------
Update Information:
radsecproxy is a generic RADIUS proxy that in addition to usual RADIUS UDP
transport, also supports TLS (RadSec), as well as RADIUS over TCP and DTLS. The
aim is for the proxy to have sufficient features to be flexible, while at the
same time to be small, efficient and easy to configure.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 17 2019 Robert Scheck <robert(a)fedoraproject.org> 1.8.0-1
- Upgrade to 1.8.0 (#1753052)
- Initial spec file for Fedora and Red Hat Enterprise Linux
--------------------------------------------------------------------------------