The following Fedora EPEL 6 Security updates need testing:
Age URL
66
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c
unrtf-0.21.9-8.el6
34
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d801e05f92
uwsgi-2.0.17.1-1.el6
26
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-aeb81e4fba
libpng10-1.0.69-5.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-40277073c5
cgit-0.12-2.el6
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f21474267b
condor-8.6.11-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
clamav-0.100.1-2.el6
distribution-gpg-keys-1.22-1.el6
geolite2-20180807-1.el6
lighttpd-1.4.47-2.el6
python-productmd-1.16-1.el6
recap-1.4.0-1.el6
spectre-meltdown-checker-0.39-1.el6
tomcat-7.0.90-1.el6
Details about builds:
================================================================================
clamav-0.100.1-2.el6 (FEDORA-EPEL-2018-ecc69a2903)
Anti-virus software
--------------------------------------------------------------------------------
Update Information:
- Bundle zlib 1.2.7-17.el7 to avoid malformed database errors (#1600458)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 12 2018 Robert Scheck <robert(a)fedoraproject.org> - 0.100.1-2
- Bundle zlib 1.2.7-17.el7 to avoid malformed database errors (#1600458)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1600458 - [EL6] Clamd fails to run after upgrading to 0.100.0-1 (main.cvd:
Malformed database)
https://bugzilla.redhat.com/show_bug.cgi?id=1600458
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.22-1.el6 (FEDORA-EPEL-2018-adfd38b8b9)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
## Features: - Starting with mock-core-configs version 29.1 the gpg keys for
rawhide are checked now. - There is a new config option `print_main_output`,
which allows you to override default behavior: # By default, mock only
prints the build log to stderr if it is a tty; you can # force it on here
(for CI builds where there is no tty, for example) by # setting this to
True, or force it off by setting it to False. #
config_opts['print_main_output'] = None - Following new environment variables
are passed to mock from user environment: `http_proxy`, `ftp_proxy`,
`https_proxy`, `no_proxy`. - bash completion has been reworked and is now much
simple and hopefully better ## Bugfixes: - Mockchain will again stop after the
first failure if -c or --recurse is not used. - Commands started by mock will
be using `C.UTF-8` locale instead of `en_US.UTF-8`, which does not need to be
available. - There is new default for `nspawn_args`:
`config_opts['nspawn_args'] = ['--capability=cap_ipc_lock']`. This will
enable
cap_ipc_lock in nspawn container, which will allow to use `mlock()`
[
RHBZ#1580435](https://bugzilla.redhat.com/show_bug.cgi?id=1580435). - Do not
get spec from the command line when using scm [
GH#203](https://github.com/rpm-
software-management/mock/issues/203) - use host's resolv.conf when --enable-
network is set on cml
[
RHBZ#1593212](https://bugzilla.redhat.com/show_bug.cgi?id=1593212)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 12 2018 Miroslav Such�� <msuchy(a)redhat.com> 1.22-1
- update copr keys
- add fedora 30
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1593212 - --enable-network got broken by commit disabling host_resolv
https://bugzilla.redhat.com/show_bug.cgi?id=1593212
[ 2 ] Bug #1580435 - rubygem-mongo: "Inappropriate ioctl for device" for only
mock new chroot
https://bugzilla.redhat.com/show_bug.cgi?id=1580435
--------------------------------------------------------------------------------
================================================================================
geolite2-20180807-1.el6 (FEDORA-EPEL-2018-e183500219)
Free IP geolocation databases
--------------------------------------------------------------------------------
Update Information:
- Latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 13 2018 Carl George <carl(a)george.computer> - 20180807-1
- Latest upstream
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
20180605-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.47-2.el6 (FEDORA-EPEL-2018-785de4dd7a)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
Backported security fix from 1.4.50
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 13 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 1.4.47-2
- Backported patches from 1.4.50.
--------------------------------------------------------------------------------
================================================================================
python-productmd-1.16-1.el6 (FEDORA-EPEL-2018-9c4db33a7d)
Library providing parsers for metadata related to OS installation
--------------------------------------------------------------------------------
Update Information:
Allow modules with no RPMs in the metadata.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 14 2018 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 1.16-1
- Allow module metadata with empty modules
* Fri Jul 20 2018 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 1.15-4
- Use python2_sitelib instead of python_sitelib
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.15-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 22 2018 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 1.15-2
- Rebuilt for Python 3.7
--------------------------------------------------------------------------------
================================================================================
recap-1.4.0-1.el6 (FEDORA-EPEL-2018-25cdc9687e)
Generates reports of various system information
--------------------------------------------------------------------------------
Update Information:
Latest upstream rhbz#1602980
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 20 2018 Tony Garcia <tony.garcia(a)rackspace.com> - 1.4.0-1
- Latest upstream rhbz#1602980
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1602980 - recap-1.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1602980
--------------------------------------------------------------------------------
================================================================================
spectre-meltdown-checker-0.39-1.el6 (FEDORA-EPEL-2018-bf866c8f05)
Spectre & Meltdown vulnerability/mitigation checker for Linux
--------------------------------------------------------------------------------
Update Information:
* Feature: two new methods for reading MSR without a recent-enough `dd` binary:
using `perl` or the `msr-tools` when these are present * Feature: add detection
of RSBA feature bit (set by some hypervisors) indicating possible RSB underflow
host CPU vulnerability, and require kernel support for RSB stuffing even on non-
Skylake CPUs when this is the case * Feature: support for /boot partition on a
btrfs subvolume * Feature: add standard location of Arch armv5/armv7 kernel
image * Fix: the ARCH_CAPABILITIES MSR wasn't read correctly, preventing proper
SSB_NO and RDCL_NO feature bits detection
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 13 2018 Reto Gantenbein <reto.gantenbein(a)linuxmonk.ch> - 0.39-1
- Update to 0.39
--------------------------------------------------------------------------------
================================================================================
tomcat-7.0.90-1.el6 (FEDORA-EPEL-2018-d143ebd7cc)
Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API
--------------------------------------------------------------------------------
Update Information:
This update includes a rebase from 7.0.86 up to 7.0.90 which resolves two CVEs
along with various other bugs/features: * rhbz#1607585 CVE-2018-8037 tomcat:
Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed
up * rhbz#1579613 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable
'supportsCredentials' for all origins
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 31 2018 Coty Sutherland <csutherl(a)redhat.com> - 1:7.0.90-1
- Update to 7.0.90
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable
'supportsCredentials' for all origins
https://bugzilla.redhat.com/show_bug.cgi?id=1579611
[ 2 ] Bug #1607582 - CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2
connectors user sessions can get mixed up
https://bugzilla.redhat.com/show_bug.cgi?id=1607582
--------------------------------------------------------------------------------