The following Fedora EPEL 8 Security updates need testing:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-fedb6fa69d
python-aiohttp-3.7.4-1.el8
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-fc2f1ff74c
x11vnc-0.9.16-3.el8
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-1073219045
privoxy-3.0.32-1.el8
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-94317ce911
suricata-5.0.6-1.el8
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-6b1b1f9053
python-django-2.2.19-1.el8
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-58f4d56777
zabbix40-4.0.29-1.el8
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-e9c2beec98
nagios-4.4.6-4.el8
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-cd16d1b0bf
upx-3.96-8.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
chromium-89.0.4389.82-1.el8
gnome-shell-extension-historymanager-prefix-search-12-7.el8
gperftools-2.7-9.el8
java-latest-openjdk-16.0.0.0.36-1.rolling.el8
perl-Test-PostgreSQL-1.28-1.el8
pg_top-4.0.0-1.el8
python-bloom-0.10.2-1.el8
python-shapely-1.7.1-9.el8
singularity-3.7.2-1.el8
Details about builds:
================================================================================
chromium-89.0.4389.82-1.el8 (FEDORA-EPEL-2021-9ca5d37fa8)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Hi there. This is the latest release of the browser that Google doesn't want you
to use. It fixes a bag full of security issues: CVE-2021-21162 CVE-2021-21180
CVE-2021-21164 CVE-2021-21170 CVE-2021-21181 CVE-2021-21166 CVE-2021-21160
CVE-2021-21179 CVE-2021-21187 CVE-2021-21173 CVE-2021-21174 CVE-2021-21183
CVE-2021-21161 CVE-2021-21171 CVE-2021-21178 CVE-2021-21169 CVE-2021-21163
CVE-2021-21175 CVE-2021-21177 CVE-2021-21185 CVE-2021-21190 CVE-2021-21184
CVE-2021-21168 CVE-2021-21167 CVE-2021-21188 CVE-2021-21172 CVE-2021-21182
CVE-2021-21176 CVE-2021-21159 CVE-2021-21186 CVE-2021-21165 CVE-2021-21189 ----
Fix issue with swiftshader where symbols were not properly generated for the
dlopened shared objects, preventing proper functionality. ---- Update to
88.0.4324.182. Fixes CVE-2021-21149 CVE-2021-21150 CVE-2021-21151
CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156
CVE-2021-21157
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 8 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.82-1
- update to 89.0.4389.82
* Thu Mar 4 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.72-1
- update to 89.0.4389.72
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
88.0.4324.182-3
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
* Thu Feb 25 2021 Tom Callaway <spot(a)fedoraproject.org> - 88.0.4234.182-2
- fix swiftshader symbols in libEGL/libGLESv2 with gcc
* Wed Feb 17 2021 Tom Callaway <spot(a)fedoraproject.org> - 88.0.4234.182-1
- update to 88.0.4234.182
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1929523 - CVE-2021-21149 chromium-browser: Stack overflow in Data Transfer
https://bugzilla.redhat.com/show_bug.cgi?id=1929523
[ 2 ] Bug #1929524 - CVE-2021-21150 chromium-browser: Use after free in Downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1929524
[ 3 ] Bug #1929525 - CVE-2021-21151 chromium-browser: Use after free in Payments
https://bugzilla.redhat.com/show_bug.cgi?id=1929525
[ 4 ] Bug #1929526 - CVE-2021-21152 chromium-browser: Heap buffer overflow in Media
https://bugzilla.redhat.com/show_bug.cgi?id=1929526
[ 5 ] Bug #1929527 - CVE-2021-21153 chromium-browser: Stack overflow in GPU Process
https://bugzilla.redhat.com/show_bug.cgi?id=1929527
[ 6 ] Bug #1929528 - CVE-2021-21154 chromium-browser: Heap buffer overflow in Tab Strip
https://bugzilla.redhat.com/show_bug.cgi?id=1929528
[ 7 ] Bug #1929529 - CVE-2021-21155 chromium-browser: Heap buffer overflow in Tab Strip
https://bugzilla.redhat.com/show_bug.cgi?id=1929529
[ 8 ] Bug #1929530 - CVE-2021-21156 chromium-browser: Heap buffer overflow in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1929530
[ 9 ] Bug #1929531 - CVE-2021-21157 chromium-browser: Use after free in Web Sockets
https://bugzilla.redhat.com/show_bug.cgi?id=1929531
[ 10 ] Bug #1935934 - CVE-2021-21162 chromium-browser: Use after free in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1935934
[ 11 ] Bug #1935935 - CVE-2021-21180 chromium-browser: Use after free in tab search
https://bugzilla.redhat.com/show_bug.cgi?id=1935935
[ 12 ] Bug #1935936 - CVE-2021-21164 chromium-browser: Insufficient data validation in
Chrome for iOS
https://bugzilla.redhat.com/show_bug.cgi?id=1935936
[ 13 ] Bug #1935937 - CVE-2021-21170 chromium-browser: Incorrect security UI in Loader
https://bugzilla.redhat.com/show_bug.cgi?id=1935937
[ 14 ] Bug #1935938 - CVE-2021-21181 chromium-browser: Side-channel information leakage
in autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1935938
[ 15 ] Bug #1935939 - CVE-2021-21166 chromium-browser: Object lifecycle issue in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1935939
[ 16 ] Bug #1935940 - CVE-2021-21160 chromium-browser: Heap buffer overflow in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1935940
[ 17 ] Bug #1935941 - CVE-2021-21179 chromium-browser: Use after free in Network
Internals
https://bugzilla.redhat.com/show_bug.cgi?id=1935941
[ 18 ] Bug #1935942 - CVE-2021-21187 chromium-browser: Insufficient data validation in
URL formatting
https://bugzilla.redhat.com/show_bug.cgi?id=1935942
[ 19 ] Bug #1935943 - CVE-2021-21173 chromium-browser: Side-channel information leakage
in Network Internals
https://bugzilla.redhat.com/show_bug.cgi?id=1935943
[ 20 ] Bug #1935944 - CVE-2021-21174 chromium-browser: Inappropriate implementation in
Referrer
https://bugzilla.redhat.com/show_bug.cgi?id=1935944
[ 21 ] Bug #1935945 - CVE-2021-21183 chromium-browser: Inappropriate implementation in
performance APIs
https://bugzilla.redhat.com/show_bug.cgi?id=1935945
[ 22 ] Bug #1935946 - CVE-2021-21161 chromium-browser: Heap buffer overflow in TabStrip
https://bugzilla.redhat.com/show_bug.cgi?id=1935946
[ 23 ] Bug #1935947 - CVE-2021-21171 chromium-browser: Incorrect security UI in TabStrip
and Navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1935947
[ 24 ] Bug #1935948 - CVE-2021-21178 chromium-browser: Inappropriate implementation in
Compositing
https://bugzilla.redhat.com/show_bug.cgi?id=1935948
[ 25 ] Bug #1935950 - CVE-2021-21169 chromium-browser: Out of bounds memory access in
V8
https://bugzilla.redhat.com/show_bug.cgi?id=1935950
[ 26 ] Bug #1935951 - CVE-2021-21163 chromium-browser: Insufficient data validation in
Reader Mode
https://bugzilla.redhat.com/show_bug.cgi?id=1935951
[ 27 ] Bug #1935952 - CVE-2021-21175 chromium-browser: Inappropriate implementation in
Site isolation
https://bugzilla.redhat.com/show_bug.cgi?id=1935952
[ 28 ] Bug #1935953 - CVE-2021-21177 chromium-browser: Insufficient policy enforcement
in Autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1935953
[ 29 ] Bug #1935954 - CVE-2021-21185 chromium-browser: Insufficient policy enforcement
in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1935954
[ 30 ] Bug #1935955 - CVE-2021-21190 chromium-browser: Uninitialized Use in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1935955
[ 31 ] Bug #1935956 - CVE-2021-21184 chromium-browser: Inappropriate implementation in
performance APIs
https://bugzilla.redhat.com/show_bug.cgi?id=1935956
[ 32 ] Bug #1935958 - CVE-2021-21168 chromium-browser: Insufficient policy enforcement
in appcache
https://bugzilla.redhat.com/show_bug.cgi?id=1935958
[ 33 ] Bug #1935959 - CVE-2021-21167 chromium-browser: Use after free in bookmarks
https://bugzilla.redhat.com/show_bug.cgi?id=1935959
[ 34 ] Bug #1935960 - CVE-2021-21188 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1935960
[ 35 ] Bug #1935961 - CVE-2021-21172 chromium-browser: Insufficient policy enforcement
in File System API
https://bugzilla.redhat.com/show_bug.cgi?id=1935961
[ 36 ] Bug #1935962 - CVE-2021-21182 chromium-browser: Insufficient policy enforcement
in navigations
https://bugzilla.redhat.com/show_bug.cgi?id=1935962
[ 37 ] Bug #1935963 - CVE-2021-21176 chromium-browser: Inappropriate implementation in
full screen mode
https://bugzilla.redhat.com/show_bug.cgi?id=1935963
[ 38 ] Bug #1935964 - CVE-2021-21159 chromium-browser: Heap buffer overflow in TabStrip
https://bugzilla.redhat.com/show_bug.cgi?id=1935964
[ 39 ] Bug #1935965 - CVE-2021-21186 chromium-browser: Insufficient policy enforcement
in QR scanning
https://bugzilla.redhat.com/show_bug.cgi?id=1935965
[ 40 ] Bug #1935966 - CVE-2021-21165 chromium-browser: Object lifecycle issue in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1935966
[ 41 ] Bug #1935967 - CVE-2021-21189 chromium-browser: Insufficient policy enforcement
in payments
https://bugzilla.redhat.com/show_bug.cgi?id=1935967
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-historymanager-prefix-search-12-7.el8
(FEDORA-EPEL-2021-81d271101c)
Use PageUp and PageDown to search for previous GNOME Shell commands
--------------------------------------------------------------------------------
Update Information:
Minor rebuild to mark HistoryManager Prefix Search as incompatible with GNOME
40.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
gperftools-2.7-9.el8 (FEDORA-EPEL-2021-0eda4297eb)
Very fast malloc and performance analysis tools
--------------------------------------------------------------------------------
Update Information:
Downgrade to 2.7 with an epoch bump for epel8. This is a known-stable version
for Ceph. Backport ppc64le and s390x fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 12 2021 Steve Traylen <steve.traylen(a)cern.ch> - 1:2.7-9
- Correct inter package deps for epoch bump
* Mon Mar 1 2021 Yaakov Selkowitz <yselkowi(a)redhat.com> - 1:2.7-8
- Backport ppc64le and s390x fixes (#1933792)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1933792 - ceph crashes with gperftools 2.8
https://bugzilla.redhat.com/show_bug.cgi?id=1933792
--------------------------------------------------------------------------------
================================================================================
java-latest-openjdk-16.0.0.0.36-1.rolling.el8 (FEDORA-EPEL-2021-df7021d422)
OpenJDK 16 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
This update have intentionally autokarma-off butany user review highly
appreciated
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 9 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:16.0.0.0.36-1.rolling
- fixed suggests of wrong pcsc-lite-devel(aarch-64) to correct pcsc-lite-libs(aarch-64)
* Fri Feb 19 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:16.0.0.0.36-0.rolling
- Update to jdk-16.0.0.0+36
- Update tarball generation script to use git following OpenJDK's move to github
- Update tarball generation script to use PR3823 which handles JDK-8235710 changes
- Use upstream default for version-pre rather than setting it to "ea" or
""
- Drop libsunec.so which is no longer generated, thanks to JDK-8235710
- Drop unnecessary compiler flags, dating back to work on GCC 6 & 10
- Adapt RH1750419 alt-java patch to still apply after some variable re-naming in the
makefiles
- Update filever to remove any trailing zeros, as in the OpenJDK build, and use for source
filename
- Use system harfbuzz now this is supported.
- Pass SOURCE_DATE_EPOCH to build for reproducible builds
* Fri Feb 19 2021 Stephan Bergmann <sbergman(a)redhat.com> - 1:15.0.2.0.7-1.rolling
- Hardcode /usr/sbin/alternatives for Flatpak builds
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:15.0.2.0.7-0.rolling.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-Test-PostgreSQL-1.28-1.el8 (FEDORA-EPEL-2021-7333ebbdac)
PostgreSQL runner for Perl tests
--------------------------------------------------------------------------------
Update Information:
This release randomizes a port number of the server. It also adds support for
beta versions on the server. It also delivers upstream tests in a dedicated
tests subpackage.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 12 2021 Petr Pisar <ppisar(a)redhat.com> - 1.28-1
- 1.28 bump
- Package tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1938172 - perl-Test-PostgreSQL-1.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1938172
--------------------------------------------------------------------------------
================================================================================
pg_top-4.0.0-1.el8 (FEDORA-EPEL-2021-0c17af9564)
'top' for PostgreSQL process
--------------------------------------------------------------------------------
Update Information:
EPEL8 build
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-bloom-0.10.2-1.el8 (FEDORA-EPEL-2021-2e5cc063bc)
Bloom is a release automation tool
--------------------------------------------------------------------------------
Update Information:
Update to the latest release of `bloom`
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 11 2021 Scott K Logan <logans(a)cottsay.net> - 0.10.2-1
- Update to 0.10.2
--------------------------------------------------------------------------------
================================================================================
python-shapely-1.7.1-9.el8 (FEDORA-EPEL-2021-31c75e514c)
Manipulation and analysis of geometric objects in the Cartesian plane
--------------------------------------------------------------------------------
Update Information:
Fix tests that failed on s390x because they assumed the host was little-endian
(RHBZ#1937719,
https://github.com/Toblerity/Shapely/issues/1102). Fix skipped
tests for vectorized extensions. ---- Initial package for EPEL8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1750791 - Request to build python-shapely for EPEL 8
https://bugzilla.redhat.com/show_bug.cgi?id=1750791
[ 2 ] Bug #1937719 - Test failures on s390x
https://bugzilla.redhat.com/show_bug.cgi?id=1937719
--------------------------------------------------------------------------------
================================================================================
singularity-3.7.2-1.el8 (FEDORA-EPEL-2021-8cd38bc0c7)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream 3.7.2.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 11 2021 Dave Dykstra <dwd(a)fedoraproject.org> - 3.7.2-1
- Upgrade to upstream 3.7.2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1937530 - singularity-3.7.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1937530
--------------------------------------------------------------------------------