The following Fedora EPEL 6 Security updates need testing:
Age URL
607
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
601
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
491
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
463
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
194
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53
chicken-4.11.0-3.el6
73
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
58
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8c6c7bf06e
dbus-sharp-0.7.0-16.el6 dbus-sharp-glib-0.5.0-14.el6 mono-4.2.4-9.el6
23
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-acd2c2af0d
nagios-4.2.4-4.el6
16
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c3b112eb9e
tomcat-7.0.75-1.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4e715bd3df
phpMyAdmin-4.0.10.19-1.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-02d45f12e7
canl-c-2.1.8-1.el6
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-148092c401
cacti-1.0.4-1.el6
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1bdfd523cb
drupal7-metatag-1.21-1.el6
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e4e18670f5
drupal7-views-3.15-1.el6
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-23896f34bd
munin-2.0.30-5.el6
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6f8067610a
GraphicsMagick-1.3.25-6.el6
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1e1f31ce42
tor-0.2.9.10-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-27a44b4bbf
tcpreplay-4.1.2-3.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-50cbc23498
wordpress-4.7.3-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
golang-github-circonus-labs-circonusllhist-0-0.1.git365d370.el6
golang-github-hashicorp-go-sockaddr-0-0.1.gitaf174a6.el6
golang-github-mitchellh-copystructure-0-0.1.gitcdac825.el6
golang-github-mitchellh-go-wordwrap-0-0.1.gitad45545.el6
lynis-2.4.4-1.el6
tcpreplay-4.1.2-3.el6
wordpress-4.7.3-1.el6
Details about builds:
================================================================================
golang-github-circonus-labs-circonusllhist-0-0.1.git365d370.el6
(FEDORA-EPEL-2017-6f1f087171)
A go implementation of Circonus log-linear histograms
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410356 - Review Request: golang-github-circonus-labs-circonusllhist - A go
implementation of Circonus log-linear histograms
https://bugzilla.redhat.com/show_bug.cgi?id=1410356
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-go-sockaddr-0-0.1.gitaf174a6.el6 (FEDORA-EPEL-2017-9ac8fbddf2)
IP Address/UNIX Socket convenience functions for Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410393 - Review Request: golang-github-hashicorp-go-sockaddr - IP
Address/UNIX Socket convenience functions for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1410393
--------------------------------------------------------------------------------
================================================================================
golang-github-mitchellh-copystructure-0-0.1.gitcdac825.el6 (FEDORA-EPEL-2017-0ca219fb56)
Go library for deep copying values in Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410401 - Review Request: golang-github-mitchellh-copystructure - Go library
for deep copying values in Go
https://bugzilla.redhat.com/show_bug.cgi?id=1410401
--------------------------------------------------------------------------------
================================================================================
golang-github-mitchellh-go-wordwrap-0-0.1.gitad45545.el6 (FEDORA-EPEL-2017-63e5e40ce9)
A Go library for wrapping words in a string
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410394 - Review Request: golang-github-mitchellh-go-wordwrap - A Go library
for wrapping words in a string
https://bugzilla.redhat.com/show_bug.cgi?id=1410394
--------------------------------------------------------------------------------
================================================================================
lynis-2.4.4-1.el6 (FEDORA-EPEL-2017-3ef1c842bf)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.4 ---- Update to 2.4.2 ---- Update to 2.4.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1426200 - lynis-2.4.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1426200
[ 2 ] Bug #1422705 - lynis-2.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1422705
[ 3 ] Bug #1421133 - lynis-2.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1421133
--------------------------------------------------------------------------------
================================================================================
tcpreplay-4.1.2-3.el6 (FEDORA-EPEL-2017-27a44b4bbf)
Replay captured network traffic
--------------------------------------------------------------------------------
Update Information:
Patch CVE-2017-6429. Tcpcapinfo utility of Tcpreplay has a buffer overflow
vulnerability associated with parsing a crafted pcap file. This occurs in the
src/tcpcapinfo.c file when capture has a packet that is too large to handle.
References:
http://seclists.org/bugtraq/2017/Mar/22 Upstream bug:
https://github.com/appneta/tcpreplay/issues/278
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429521 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1429521
[ 2 ] Bug #1429522 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1429522
--------------------------------------------------------------------------------
================================================================================
wordpress-4.7.3-1.el6 (FEDORA-EPEL-2017-50cbc23498)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.7.3 is now available**. This is a security release for all
previous versions and we strongly encourage you to update your sites
immediately. WordPress versions 4.7.2 and earlier are affected by six security
issues: * Cross-site scripting (XSS) via media file metadata. Reported by
Chris Andr�� Dale, Yorick Koster, and Simon P. Briggs. * Control characters
can trick redirect URL validation. Reported by Daniel Chatfield. *
Unintended files can be deleted by administrators using the plugin deletion
functionality. Reported by xuliang. * Cross-site scripting (XSS) via video
URL in YouTube embeds. Reported by Marc Montpas. * Cross-site scripting
(XSS) via taxonomy term names. Reported by Delta. * Cross-site request
forgery (CSRF) in Press This leading to excessive use of server resources.
Reported by Sipke Mellema. Thank you to the reporters for practicing
responsible disclosure. In addition to the security issues above, WordPress
4.7.3 contains 39 maintenance fixes to the 4.7 release series. For more
information, see the [release
notes](https://codex.wordpress.org/Version_4.7.3)
or consult the [list of
changes](https://core.trac.wordpress.org/query?status=cl
osed&milestone=4.7.3&group=component&col=id&col=summary&col=component&col=status
&col=owner&col=type&col=priority&col=keywords&order=priority).
--------------------------------------------------------------------------------