The following Fedora EPEL 7 Security updates need testing:
Age URL
50
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2c81054303
remctl-3.14-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8b8dc96235
nodejs-deep-extend-0.5.1-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-860176245e
gifsicle-1.91-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-48b823c3dc
strongswan-5.6.2-6.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-297fb7f6c0
chromium-66.0.3359.181-2.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-90002f509e
pdns-recursor-4.1.3-2.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-74ee3ae47e
phpMyAdmin-4.4.15.10-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
cobbler-2.8.3-2.el7
python-fedmsg-meta-fedora-infrastructure-0.25.0-1.el7
thunderbird-enigmail-2.0.6-1.el7
Details about builds:
================================================================================
cobbler-2.8.3-2.el7 (FEDORA-EPEL-2018-bbdc0ecf38)
Boot server configurator
--------------------------------------------------------------------------------
Update Information:
Update to 2.8.3 - Fix security issue
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 28 2018 Nicolas Chauvet <kwizart(a)gmail.com> - 2.8.3-2
- Restore mergeability with epel7
* Mon May 28 2018 Nicolas Chauvet <kwizart(a)gmail.com> - 2.8.3-1
- Update to 2.8.3 - security bugfix
* Wed Feb 21 2018 Orion Poplawski <orion(a)nwra.com> - 2.8.2-6
- Really fix django requires for Fedora 28+
* Tue Feb 20 2018 Orion Poplawski <orion(a)nwra.com> - 2.8.2-5
- Fix django requires for Fedora 28+
* Fri Feb 9 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 2.8.2-4
- Escape macros in %changelog
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.8.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Tue Feb 6 2018 Iryna Shcherbina <ishcherb(a)redhat.com> - 2.8.2-2
- Update Python 2 dependency declarations to new packaging standards
(See
https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1532469 - CVE-2017-1000469 cobbler: Command injection in the "add
repo" component allows for remote code execution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1532469
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.25.0-1.el7 (FEDORA-EPEL-2018-5e1b155e15)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Update to 0.25.0 Changelog at:
https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0250
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 25 2018 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.25.0-1
- Update to 0.25.0
--------------------------------------------------------------------------------
================================================================================
thunderbird-enigmail-2.0.6-1.el7 (FEDORA-EPEL-2018-65614e9fc9)
Authentication and encryption extension for Mozilla Thunderbird
--------------------------------------------------------------------------------
Update Information:
Some more efail fixes,
https://enigmail.net/index.php/en/download/changelog
---- Enigmail update to version 2.0.4, introduces fixes for the efail attack.
Please check and modify your Thunderbird settings if required:
https://enigmail.net/index.php/en/home/news/66-2018-05-16-efail-vulnerabi...
affects-encrypted-mails
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 28 2018 Christian Dersch <lupinix(a)fedoraproject.org> - 2.0.6-1
- new version
* Sat May 19 2018 Christian Dersch <lupinix(a)fedoraproject.org> - 2.0.4-1
- new version fixing efail vulnerability
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.9-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1583073 - enigmail: Multiple information leaks in responses to partially
encrypted messages
https://bugzilla.redhat.com/show_bug.cgi?id=1583073
--------------------------------------------------------------------------------