The following Fedora EPEL 5 Security updates need testing: Age URL 794 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893 libguestfs-1.20.12-1.el5 558 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5 408 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5 51 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516 mcollective-2.8.4-1.el5 50 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-10d919912b git-1.8.2.1-2.el5 23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6 thttpd-2.25b-24.el5 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-481f9cfb21 shellinabox-2.19-1.el5 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2 libsndfile-1.0.17-8.el5 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-11c5c57d59 openssl101e-1.0.1e-5.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
arprec-2.2.18-1.el5 openssl101e-1.0.1e-5.el5 qd-2.3.15-3.el5 sagator-1.3.1-1.el5 tcl-mysqltcl-3.052-1.el5
Details about builds:
================================================================================ arprec-2.2.18-1.el5 (FEDORA-EPEL-2015-ceb0d0c1cc) Software package for performing arbitrary precision arithmetic -------------------------------------------------------------------------------- Update Information:
update qd and arprec to recent version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1290979 - arprec-2.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1290979 --------------------------------------------------------------------------------
================================================================================ openssl101e-1.0.1e-5.el5 (FEDORA-EPEL-2015-11c5c57d59) A general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information:
A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) ---- The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint https://bugzilla.redhat.com/show_bug.cgi?id=1288326 [ 2 ] Bug #1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak https://bugzilla.redhat.com/show_bug.cgi?id=1288322 [ 3 ] Bug #1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter https://bugzilla.redhat.com/show_bug.cgi?id=1288320 --------------------------------------------------------------------------------
================================================================================ qd-2.3.15-3.el5 (FEDORA-EPEL-2015-ceb0d0c1cc) Double-Double and Quad-Double Arithmetic -------------------------------------------------------------------------------- Update Information:
update qd and arprec to recent version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1290979 - arprec-2.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1290979 --------------------------------------------------------------------------------
================================================================================ sagator-1.3.1-1.el5 (FEDORA-EPEL-2015-9aa897f045) Antivirus/anti-spam gateway for smtp server -------------------------------------------------------------------------------- Update Information:
Update to upstream with clamav-0.99 support. --------------------------------------------------------------------------------
================================================================================ tcl-mysqltcl-3.052-1.el5 (FEDORA-EPEL-2015-92439702b4) MySQL interface for Tcl -------------------------------------------------------------------------------- Update Information:
Update to release 3.052 to bugfix an issue related to multi-statement selects --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org