The following Fedora EPEL 6 Security updates need testing:
Age URL
995
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
885
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
856
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
467
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
196
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92
libmspack-0.6-0.1.alpha.el6
115
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e
optipng-0.7.6-6.el6
87
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462
heimdal-7.5.0-1.el6
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a67ea8c563
golang-1.9.4-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e4e96fbf3f
drupal7-7.58-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
GeoIP-GeoLite-data-2018.04-1.el6
collectd-4.10.9-5.el6
container-exception-logger-1.0.2-1.el6
koji-1.15.1-1.el6
libdasm-1.6-1.el6
python-productmd-1.11-2.el6
spectre-meltdown-checker-0.36-1.el6
wordpress-4.9.5-1.el6
Details about builds:
================================================================================
GeoIP-GeoLite-data-2018.04-1.el6 (FEDORA-EPEL-2018-37d736fb36)
Free GeoLite IP geolocation country database
--------------------------------------------------------------------------------
Update Information:
Final database update from Maxmind. There will be no further updates of the free
databases, so geolocation data from the legacy GeoIP library will become
increasingly inaccurate over time.
--------------------------------------------------------------------------------
================================================================================
collectd-4.10.9-5.el6 (FEDORA-EPEL-2018-2a7eb3d385)
Statistics collection daemon for filling RRD files
--------------------------------------------------------------------------------
Update Information:
Fix Bind plugin timezone parsing issue
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1506845 - Bind plugin produces wrong timestamp - upstream bug
https://bugzilla.redhat.com/show_bug.cgi?id=1506845
--------------------------------------------------------------------------------
================================================================================
container-exception-logger-1.0.2-1.el6 (FEDORA-EPEL-2018-06f43ee88b)
Logging from a container to a host
--------------------------------------------------------------------------------
Update Information:
Introducing container-exception-logger (#1559938)
--------------------------------------------------------------------------------
================================================================================
koji-1.15.1-1.el6 (FEDORA-EPEL-2018-870a92fcc5)
Build system tools
--------------------------------------------------------------------------------
Update Information:
Fixes for CVE-2018-1002150.
--------------------------------------------------------------------------------
================================================================================
libdasm-1.6-1.el6 (FEDORA-EPEL-2018-c9d5e8c275)
Simple x86 disassembly library
--------------------------------------------------------------------------------
Update Information:
New package - libdasm Summary: Simple x86 disassembly library
Description: libdasm is a C-library that tries to provide simple and convenient
way to disassemble Intel x86 raw op-code bytes (machine code). It can parse and
print out op-codes in AT&T and Intel syntax. The op-codes are based on IA-32
Intel Architecture Software Developer's Manual Volume 2: Instruction Set
Reference, order number 243667, year 2004. Non-Intel instructions are not
supported at the moment (also, non-Intel but Intel-compatible CPU extensions,
like AMD 3DNow! are not supported).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1559699 - Review Request: libdasm - Simple x86 disassembly library
https://bugzilla.redhat.com/show_bug.cgi?id=1559699
--------------------------------------------------------------------------------
================================================================================
python-productmd-1.11-2.el6 (FEDORA-EPEL-2018-369afcbb80)
Library providing parsers for metadata related to OS installation
--------------------------------------------------------------------------------
Update Information:
New upstream release with support for working with metadata about modules.
--------------------------------------------------------------------------------
================================================================================
spectre-meltdown-checker-0.36-1.el6 (FEDORA-EPEL-2018-49eda500cd)
Spectre & Meltdown vulnerability/mitigation checker for Linux
--------------------------------------------------------------------------------
Update Information:
Update to release 0.36: * Feature: Add support to detect RHEL 5 kernels
backported mitigations * Feature: Add `--prefix-arch` option for cross-
architecture kernel inspection * Feature: Add `--hw-only` option to only show
CPU microcode features supported for mitigation * Feature: Add support to
properly extract some previously unsupported ARM kernels * Feature: Check for
MSR/CPUID of each CPU core, not just the first one * Feature: Add `--batch
prometheus` option to produce output for consumption by prometheus-node-exporter
* Fix: Corrected a corner case of blacklist detection for some microcode
versions * Fix: Properly detect Xen PVHVM mode * Fix: No longer check MSR/CPUID
for non-x86 CPUs * Misc: Other tiny enhancements and fixes
--------------------------------------------------------------------------------
================================================================================
wordpress-4.9.5-1.el6 (FEDORA-EPEL-2018-b5d9f8f571)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.9.5 Security and Maintenance Release** WordPress 4.9.5 is now
available. This is a security and maintenance release for all versions since
WordPress 3.7. We strongly encourage you to update your sites immediately.
WordPress versions 4.9.4 and earlier are affected by three security issues. As
part of the core team's ongoing commitment to security hardening, the following
fixes have been implemented in 4.9.5: * Don't treat localhost as same host
by default. * Use safe redirects when redirecting the login page if SSL is
forced. * Make sure the version string is correctly escaped for use in
generator tags. Thank you to the reporters of these issues for practicing
���[coordinated security
disclosure](https://make.wordpress.org/core/handbook/testing/reporting-se...
vulnerabilities/): [
xknown](https://profiles.wordpress.org/xknown) of the
WordPress Security Team, [Nitin Venkatesh
(
nitstorm)](https://hackerone.com/nitstorm), and [Garth
Mortensen](https://twitter.com/voldemortensen) of the WordPress Security Team.
Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of note were:
* The previous styles on caption shortcodes have been restored. * Cropping
on touch screen devices is now supported. * A variety of strings such as
error messages have been updated for better clarity. * The position of an
attachment placeholder during uploads has been fixed. * Custom nonce
functionality in the REST API JavaScript client has been made consistent
throughout the code base. * Improved compatibility with PHP 7.2.
--------------------------------------------------------------------------------