Fedora EPEL 7 updates-testing report - epel-devel - Fedora mailing-lists

22 Jul 2022


      The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-c06521ff93   chromium-103.0.5060.114-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
distribution-gpg-keys-1.74-1.el7
    openssl11-1.1.1k-4.el7
Details about builds:
================================================================================
 distribution-gpg-keys-1.74-1.el7 (FEDORA-EPEL-2022-3fcd2b8a9a)
 GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
Add Anolis OS GPG Keys  ----  - added Rocky linux - updated Copr keys
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2022 Miroslav Such�� msuchy@redhat.com 1.74-1
- Add Anolis OS GPG Keys
* Sun Jul 17 2022 Miroslav Such�� msuchy@redhat.com 1.73-1
- update copr keys
- Add Rocky Linux 9 Keys and Refresh 8
--------------------------------------------------------------------------------
================================================================================
 openssl11-1.1.1k-4.el7 (FEDORA-EPEL-2022-e05ac11f9b)
 Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
- backport from 1.1.1k-7: CVE-2022-2097: AES OCB fails to encrypt some bytes
on 32-bit x86      Resolves: CVE-2022-2097    - backport from 1.1.1k-7: Update
expired certificates used in the testsuite      Resolves: rhbz#2100554    -
backport from 1.1.1k-7: CVE-2022-1292: openssl: c_rehash script allows command
injection      Resolves: rhbz#2090371    - backport from 1.1.1k-7:
CVE-2022-2068: the c_rehash script allows command injection      Resolves:
rhbz#2098278
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2022 Robert Scheck robert@fedoraproject.org 1.1.1k-4
- backport from 1.1.1k-7: CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
  Resolves: CVE-2022-2097
- backport from 1.1.1k-7: Update expired certificates used in the testsuite
  Resolves: rhbz#2100554
- backport from 1.1.1k-7: CVE-2022-1292: openssl: c_rehash script allows command injection
  Resolves: rhbz#2090371
- backport from 1.1.1k-7: CVE-2022-2068: the c_rehash script allows command injection
  Resolves: rhbz#2098278
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection
        https://bugzilla.redhat.com/show_bug.cgi?id=2081494
  [ 2 ] Bug #2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection
        https://bugzilla.redhat.com/show_bug.cgi?id=2097310
  [ 3 ] Bug #2104905 - CVE-2022-2097 openssl: AES OCB fails to encrypt some bytes
        https://bugzilla.redhat.com/show_bug.cgi?id=2104905
--------------------------------------------------------------------------------