The following Fedora EPEL 8 Security updates need testing:
Age URL
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-5f230957f1
duktape-2.2.0-6.el8
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-cf1c0e2ced
strongswan-5.9.10-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
dcmtk-3.6.4-11.el8
munin-2.0.72-1.el8
pack-0.28.0-1.el8
resalloc-openstack-9.5-1.el8
Details about builds:
================================================================================
dcmtk-3.6.4-11.el8 (FEDORA-EPEL-2023-40e1d58afe)
Offis DICOM Toolkit (DCMTK)
--------------------------------------------------------------------------------
Update Information:
This update contains several high and critical security fixes. -
CVE-2021-41687/CVE-2021-41688/CVE-2021-41690 - CVE-2021-41689 -
CVE-2022-2119/CVE-2022-2120/CVE-2022-2121 - CVE-2022-43272 It also switches to
use bundled charls v1 to match the behavior in Fedora.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 2 2023 Carl George <carl(a)george.computer> - 3.6.4-11
- Backport fix for CVE-2021-41687/CVE-2021-41688/CVE-2021-41690, resolves
rhbz#2106336/rhbz#2106315/rhbz#2106332
- Backport fix for CVE-2021-41689, resolves rhbz#2106340
- Backport fix for CVE-2022-2119/CVE-2022-2120/CVE-2022-2121, resolves
rhbz#2173039/rhbz#2173042/rhbz#2173045
- Backport fix for CVE-2022-43272, resolves rhbz#2150931
- Use bundled charls (Ankur Sinha)
* Mon Apr 12 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> - 3.6.4-10
- Fix RHBZ#1827255 (Manual pages installed at the wrong path)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2106315 - CVE-2021-41688 dcmtk: a double free allows for a DoS [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2106315
[ 2 ] Bug #2106332 - CVE-2021-41690 dcmtk: sending specific requests to the dcmqrdb
program can incur a memory leak [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2106332
[ 3 ] Bug #2106336 - CVE-2021-41687 dcmtk: a memory leak allows a DoS [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2106336
[ 4 ] Bug #2106340 - CVE-2021-41689 dcmtk: a head-based overflow may lead to DoS
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2106340
[ 5 ] Bug #2150931 - CVE-2022-43272 dcmtk: memory leak via the T_ASC_Association object.
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2150931
[ 6 ] Bug #2173039 - CVE-2022-2119 dcmtk: path traversal [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2173039
[ 7 ] Bug #2173042 - CVE-2022-2120 dcmtk: relative path traversal [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2173042
[ 8 ] Bug #2173045 - CVE-2022-2121 dcmtk: NULL pointer dereference that could lead to a
DoS [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2173045
--------------------------------------------------------------------------------
================================================================================
munin-2.0.72-1.el8 (FEDORA-EPEL-2023-4b8028fa26)
Network-wide resource monitoring tool
--------------------------------------------------------------------------------
Update Information:
Upstream update to 2.0.72. This version also adds support for munin-get to
download and install plugins from contrib.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 7 2023 Kim B. Heino <b(a)bbbs.net> - 2.0.72-1
- Upgrade to 2.0.72
- Add munin-get plugin directory
- Mangle /var/lib/munin-node SELinux
- Fix service startup order
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.69-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
pack-0.28.0-1.el8 (FEDORA-EPEL-2023-1caf83152b)
Convert code into runnable images
--------------------------------------------------------------------------------
Update Information:
Resolves: #2161300 - set _fortify_level 3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 6 2023 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.28.0-2
- Resolves: #2161300 - set _fortify_level 3
* Mon Mar 6 2023 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.28.0-1
- bump to v0.28.0
* Mon Mar 6 2023 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.28.0~rc2-4
- fix build flags specification
* Mon Mar 6 2023 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.28.0~rc2-3
- migrated to SPDX license
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.28.0~rc2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Dec 12 2022 RH Container Bot <rhcontainerbot(a)fedoraproject.org> -
0.28.0~rc2-1
- auto bump to v0.28.0-rc2
* Mon Oct 10 2022 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.27.0-7
- update autosetup
* Mon Oct 10 2022 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.27.0-6
- add macros for getting correct version and add comment about Source0
tarball
* Wed Aug 17 2022 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.27.0-5
- use built_tag_strip macro instead of built_tag for rhcontainerbot
autobuilder
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.27.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0.27.0-3
- Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
* Sun Jul 10 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0.27.0-2
- Rebuild for CVE-2022-{24675,28327,29526 in golang}
--------------------------------------------------------------------------------
================================================================================
resalloc-openstack-9.5-1.el8 (FEDORA-EPEL-2023-5c2be9c052)
Resource allocator scripts for OpenStack
--------------------------------------------------------------------------------
Update Information:
new upstream release, the -new script has --security-group option
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 7 2023 Pavel Raiskup <praiskup(a)redhat.com> - 9.5-1
- new upstream release, the -new script has --security-group option
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 9.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------