The following Fedora EPEL 7 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-1b4c7ee66c
knot-resolver-5.5.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
dropbear-2017.75-2.el7
fts-3.12.0-1.el7
rlwrap-0.45.2-2.el7
Details about builds:
================================================================================
dropbear-2017.75-2.el7 (FEDORA-EPEL-2022-f0317a13d8)
Lightweight SSH server and client
--------------------------------------------------------------------------------
Update Information:
- Backport fix for CVE-2018-15599, resolves rhbz#1623177 - Backport fix for
CVE-2020-36254, resolves rhbz#1933067
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 28 2022 Carl George <carl(a)george.computer> - 2017.75-2
- Backport fix for CVE-2018-15599, resolves rhbz#1623177
- Backport fix for CVE-2020-36254, resolves rhbz#1933067
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1623177 - CVE-2018-15599 dropbear: User enumeration via malformed packets in
authentication requests [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1623177
[ 2 ] Bug #1933067 - CVE-2020-36254 dropbear: mishandles the filename of . or an empty
filename [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1933067
--------------------------------------------------------------------------------
================================================================================
fts-3.12.0-1.el7 (FEDORA-EPEL-2022-41b0d14048)
File Transfer Service V3
--------------------------------------------------------------------------------
Update Information:
The FTS v3.12.0 release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Mihai Patrascoiu <mipatras(a)cern.ch> - 3.12.0-1
- Upstream release v3.12.0
--------------------------------------------------------------------------------
================================================================================
rlwrap-0.45.2-2.el7 (FEDORA-EPEL-2022-04cccae3c4)
Wrapper for GNU readline
--------------------------------------------------------------------------------
Update Information:
Fixes the version handling in rlwrapfilter to work with x.y.z version numbers
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 28 2022 Michel Alexandre Salim <salimma(a)fedoraproject.org> 0.45.2-2
- Fix version parsing in rlwrapfilter.py (rhbz#2091749)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2091749 - rlwrap built for F36 sets a version number with a minor version to
the env RLWRAP_VERSION
https://bugzilla.redhat.com/show_bug.cgi?id=2091749
--------------------------------------------------------------------------------