The following Fedora EPEL 8 Security updates need testing:
Age URL
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-0754fdd085
openvpn-2.4.11-1.el8
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-24ab212ee8
p7zip-16.02-20.el8
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-3a1aaec707
pngcheck-2.4.0-8.el8
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-b308580516
perl-Image-ExifTool-12.16-3.el8
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-bbc31e5925
java-latest-openjdk-16.0.1.0.9-1.rolling.el8
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-33433b2f22
python-yara-4.1.0-1.el8 yara-4.1.0-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-9be66bdb10
python-markdown2-2.4.0-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a3a4866065
libopenmpt-0.5.8-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
R-4.0.5-1.el8
ansible-2.9.21-1.el8
centos-packager-0.7.0-6.el8
chromium-90.0.4430.93-1.el8
exim-4.94.2-1.el8
perl-Carp-Always-0.16-9.el8
powerman-2.3.26-1.el8
qpid-proton-0.34.0-1.el8
qsynth-0.9.2-1.el8
Details about builds:
================================================================================
R-4.0.5-1.el8 (FEDORA-EPEL-2021-a02e59ec69)
A language for data analysis and graphics
--------------------------------------------------------------------------------
Update Information:
Update R to 4.0.5. rpy & rkward rebuilt to match where needed.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 3 2021 Tom Callaway <spot(a)fedoraproject.org> - 4.0.5-1
- update to 4.0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1945341 - R-4.0.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1945341
--------------------------------------------------------------------------------
================================================================================
ansible-2.9.21-1.el8 (FEDORA-EPEL-2021-118e48ab1c)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to ansible 2.9.21 with various small fixes to ansible-test.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 4 2021 Kevin Fenzi <kevin(a)scrye.com> - 2.9.21-1
- Update to 2.9.21.
--------------------------------------------------------------------------------
================================================================================
centos-packager-0.7.0-6.el8 (FEDORA-EPEL-2021-239c87f476)
Tools and files necessary for building CentOS packages
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1953690 - Review Request: centos-packager - Tools and files necessary for
building CentOS packages
https://bugzilla.redhat.com/show_bug.cgi?id=1953690
--------------------------------------------------------------------------------
================================================================================
chromium-90.0.4430.93-1.el8 (FEDORA-EPEL-2021-e8421e33b3)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to Chromium 90.0.4430.93. Fixes the following security issues:
CVE-2021-21206 CVE-2021-21220 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203
CVE-2021-21204 CVE-2021-21221 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209
CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214
CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219
CVE-2021-21205 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197
CVE-2021-21198 CVE-2021-21199 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224
CVE-2021-21225 CVE-2021-21226 CVE-2021-21227 CVE-2021-21232 CVE-2021-21233
CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 If you hold your
broken appliances close to the screen when you update, it might fix them too.
(fixes not guaranteed)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 27 2021 Tom Callaway <spot(a)fedoraproject.org> - 90.0.4430.93-1
- update to 90.0.4430.93
* Wed Apr 21 2021 Tom Callaway <spot(a)fedoraproject.org> - 90.0.4430.85-1
- update to 90.0.4430.85
* Fri Apr 16 2021 Tom Callaway <spot(a)fedoraproject.org> - 90.0.4430.72-1
- update to 90.0.4430.72
* Wed Apr 14 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.128-1
- update to 89.0.4389.128
* Wed Mar 31 2021 Jonathan Wakely <jwakely(a)redhat.com> - 89.0.4389.90-5
- Rebuilt for removed libstdc++ symbols (#1937698)
* Mon Mar 29 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.90-4
- fix libva compile in rawhide
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1945106 - CVE-2021-21194 chromium-browser: Use after free in screen capture
https://bugzilla.redhat.com/show_bug.cgi?id=1945106
[ 2 ] Bug #1945107 - CVE-2021-21195 chromium-browser: Use after free in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1945107
[ 3 ] Bug #1945108 - CVE-2021-21196 chromium-browser: Heap buffer overflow in TabStrip
https://bugzilla.redhat.com/show_bug.cgi?id=1945108
[ 4 ] Bug #1945109 - CVE-2021-21197 chromium-browser: Heap buffer overflow in TabStrip
https://bugzilla.redhat.com/show_bug.cgi?id=1945109
[ 5 ] Bug #1945110 - CVE-2021-21198 chromium-browser: Out of bounds read in IPC
https://bugzilla.redhat.com/show_bug.cgi?id=1945110
[ 6 ] Bug #1945111 - CVE-2021-21199 chromium-browser: Use Use after free in Aura
https://bugzilla.redhat.com/show_bug.cgi?id=1945111
[ 7 ] Bug #1949617 - CVE-2021-21206 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1949617
[ 8 ] Bug #1949618 - CVE-2021-21220 chromium-browser: Insufficient validation of
untrusted input in V8 for x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1949618
[ 9 ] Bug #1950436 - CVE-2021-21201 chromium-browser: Use after free in permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1950436
[ 10 ] Bug #1950437 - CVE-2021-21202 chromium-browser: Use after free in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1950437
[ 11 ] Bug #1950438 - CVE-2021-21203 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1950438
[ 12 ] Bug #1950439 - CVE-2021-21204 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1950439
[ 13 ] Bug #1950440 - CVE-2021-21221 chromium-browser: Insufficient validation of
untrusted input in Mojo
https://bugzilla.redhat.com/show_bug.cgi?id=1950440
[ 14 ] Bug #1950441 - CVE-2021-21207 chromium-browser: Use after free in IndexedDB
https://bugzilla.redhat.com/show_bug.cgi?id=1950441
[ 15 ] Bug #1950442 - CVE-2021-21208 chromium-browser: Insufficient data validation in
QR scanner
https://bugzilla.redhat.com/show_bug.cgi?id=1950442
[ 16 ] Bug #1950443 - CVE-2021-21209 chromium-browser: Inappropriate implementation in
storage
https://bugzilla.redhat.com/show_bug.cgi?id=1950443
[ 17 ] Bug #1950444 - CVE-2021-21210 chromium-browser: Inappropriate implementation in
Network
https://bugzilla.redhat.com/show_bug.cgi?id=1950444
[ 18 ] Bug #1950445 - CVE-2021-21211 chromium-browser: Inappropriate implementation in
Navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1950445
[ 19 ] Bug #1950446 - CVE-2021-21212 chromium-browser: Incorrect security UI in Network
Config UI
https://bugzilla.redhat.com/show_bug.cgi?id=1950446
[ 20 ] Bug #1950447 - CVE-2021-21213 chromium-browser: Use after free in WebMIDI
https://bugzilla.redhat.com/show_bug.cgi?id=1950447
[ 21 ] Bug #1950448 - CVE-2021-21214 chromium-browser: Use after free in Network API
https://bugzilla.redhat.com/show_bug.cgi?id=1950448
[ 22 ] Bug #1950449 - CVE-2021-21215 chromium-browser: Inappropriate implementation in
Autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1950449
[ 23 ] Bug #1950450 - CVE-2021-21216 chromium-browser: Inappropriate implementation in
Autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1950450
[ 24 ] Bug #1950451 - CVE-2021-21217 chromium-browser: Uninitialized Use in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1950451
[ 25 ] Bug #1950452 - CVE-2021-21218 chromium-browser: Uninitialized Use in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1950452
[ 26 ] Bug #1950453 - CVE-2021-21219 chromium-browser: Uninitialized Use in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1950453
[ 27 ] Bug #1950454 - CVE-2021-21205 chromium-browser: Insufficient policy enforcement
in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1950454
[ 28 ] Bug #1951741 - CVE-2021-21222 chromium-browser: Heap buffer overflow in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1951741
[ 29 ] Bug #1951742 - CVE-2021-21223 chromium-browser: Integer overflow in Mojo
https://bugzilla.redhat.com/show_bug.cgi?id=1951742
[ 30 ] Bug #1951743 - CVE-2021-21224 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1951743
[ 31 ] Bug #1951744 - CVE-2021-21225 chromium-browser: Out of bounds memory access in
V8
https://bugzilla.redhat.com/show_bug.cgi?id=1951744
[ 32 ] Bug #1951745 - CVE-2021-21226 chromium-browser: Use after free in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1951745
[ 33 ] Bug #1954051 - CVE-2021-21227 chromium-browser: Insufficient data validation in
V8
https://bugzilla.redhat.com/show_bug.cgi?id=1954051
[ 34 ] Bug #1954052 - CVE-2021-21232 chromium-browser: Use after free in Dev Tools
https://bugzilla.redhat.com/show_bug.cgi?id=1954052
[ 35 ] Bug #1954053 - CVE-2021-21233 chromium-browser: Heap buffer overflow in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=1954053
[ 36 ] Bug #1954054 - CVE-2021-21228 chromium-browser: Insufficient policy enforcement
in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1954054
[ 37 ] Bug #1954055 - CVE-2021-21229 chromium-browser: Incorrect security UI in
downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1954055
[ 38 ] Bug #1954056 - CVE-2021-21230 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1954056
[ 39 ] Bug #1954058 - CVE-2021-21231 chromium-browser: Insufficient data validation in
V8
https://bugzilla.redhat.com/show_bug.cgi?id=1954058
--------------------------------------------------------------------------------
================================================================================
exim-4.94.2-1.el8 (FEDORA-EPEL-2021-beed69126f)
The exim mail transfer agent
--------------------------------------------------------------------------------
Update Information:
This is new version of exim.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 4 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.94.2-1
- New version
* Mon Apr 12 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.94-3
- Release bump to fix greylisting
--------------------------------------------------------------------------------
================================================================================
perl-Carp-Always-0.16-9.el8 (FEDORA-EPEL-2021-48f0da6718)
Warn and die in Perl noisily with stack backtraces
--------------------------------------------------------------------------------
Update Information:
This package contains the Perl module Carp::Always, a module meant as a
debugging aid. It can be used to make a script complain loudly with stack
backtraces when warn()ing or die()ing.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1956892 - EPEL8 Branch Request: perl-Carp-Always
https://bugzilla.redhat.com/show_bug.cgi?id=1956892
--------------------------------------------------------------------------------
================================================================================
powerman-2.3.26-1.el8 (FEDORA-EPEL-2021-969542a990)
Centralized power control for clusters
--------------------------------------------------------------------------------
Update Information:
Build for EPEL8.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
qpid-proton-0.34.0-1.el8 (FEDORA-EPEL-2021-107094c3d1)
A high performance, lightweight messaging library
--------------------------------------------------------------------------------
Update Information:
Rebased to 0.34.0.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 4 2021 Irina Boverman <iboverma(a)redhat.com> - 0.34.0-1
- Rebased to 0.34.0
--------------------------------------------------------------------------------
================================================================================
qsynth-0.9.2-1.el8 (FEDORA-EPEL-2021-948aa2248f)
Qt based Fluidsynth GUI front end
--------------------------------------------------------------------------------
Update Information:
Update to version 0.9.2
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 14 2021 Christoph Karl <pampelmuse [AT] gmx [DOT] at> - 0.9.2-1
- Update to new version 0.9.2
* Sun Feb 7 2021 Christoph Karl <pampelmuse [AT] gmx [DOT] at> - 0.9.1-1
- Update to new version 0.9.1
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Dec 23 2020 Christoph Karl <pampelmuse [AT] gmx [DOT] at> - 0.9.0-1
- Update to new version 0.9.0
--------------------------------------------------------------------------------