The following Fedora EPEL 8 Security updates need testing:
Age URL
19
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1e00c3d01e
cutter-re-2.2.0-1.el8 rizin-0.5.1-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-95d6efd5d6
seamonkey-2.53.16-1.el8
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-711f25dbbf
netatalk-3.1.14-3.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
inxi-3.3.26-1.el8
pdns-4.7.3-1.el8
pdns-recursor-4.8.4-1.el8
zchunk-1.3.1-1.el8
Details about builds:
================================================================================
inxi-3.3.26-1.el8 (FEDORA-EPEL-2023-26f3bbde8a)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update to 3.3.26.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 3 2023 Vasiliy N. Glazov <vascom2(a)gmail.com> - 3.3.26-1
- Update to 3.3.26
* Sat Mar 11 2023 Fabio Valentini <decathorpe(a)gmail.com> - 3.3.25-2
- Rebuild for
https://pagure.io/releng/issue/11327
--------------------------------------------------------------------------------
================================================================================
pdns-4.7.3-1.el8 (FEDORA-EPEL-2023-c28f233c6b)
A modern, advanced and high performance authoritative-only nameserver
--------------------------------------------------------------------------------
Update Information:
- Update to 4.7.3 Release notes:
https://doc.powerdns.com/authoritative/changelog/4.7.html#change-4.7.3
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 4 2023 Morten Stevens <mstevens(a)fedoraproject.org> - 4.7.3-1
- Update to 4.7.3
* Mon Feb 20 2023 Jonathan Wakely <jwakely(a)redhat.com> - 4.7.2-5
- Rebuilt for Boost 1.81
* Mon Jan 23 2023 Morten Stevens <mstevens(a)fedoraproject.org> - 4.7.2-4
- Fix missing include for gcc13
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.7.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Nov 8 2022 Richard Shaw <hobbes1069(a)gmail.com> - 4.7.2-2
- Rebuild for yaml-cpp 0.7.0.
* Tue Nov 1 2022 Morten Stevens <mstevens(a)fedoraproject.org> - 4.7.2-1
- Update to 4.7.2
* Mon Oct 31 2022 Morten Stevens <mstevens(a)fedoraproject.org> - 4.7.1-1
- Update to 4.7.1
* Sat Oct 22 2022 Morten Stevens <mstevens(a)fedoraproject.org> - 4.7.0-1
- Update to 4.7.0
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.6.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed May 4 2022 Thomas Rodgers <trodgers(a)redhat.com> - 4.6.2-2
- Rebuilt for Boost 1.78
--------------------------------------------------------------------------------
================================================================================
pdns-recursor-4.8.4-1.el8 (FEDORA-EPEL-2023-d4a7c0e04e)
Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
- Update to 4.8.4 Release notes:
https://doc.powerdns.com/recursor/changelog/4.8.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 4 2023 Morten Stevens <mstevens(a)fedoraproject.org> - 4.8.4-1
- Update to 4.8.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2069403 - CVE-2022-27227 pdns-recursor: pdns,pdns-recursor: Incomplete zone
transfers handled as successful [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2069403
[ 2 ] Bug #2120865 - CVE-2022-37428 pdns-recursor: DoS when protobuf logging is enabled
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2120865
[ 3 ] Bug #2182851 - CVE-2023-26437 pdns-recursor: Deterred spoofing attempts can lead
to authoritative servers being marked unavailable [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2182851
--------------------------------------------------------------------------------
================================================================================
zchunk-1.3.1-1.el8 (FEDORA-EPEL-2023-9215c40764)
Compressed file format that allows easy deltas
--------------------------------------------------------------------------------
Update Information:
Fix several low severity security bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 4 2023 Jonathan Dieter <jdieter(a)gmail.com> - 1.3.1-1
- Fix a few low severity security bugs including
- An off-by-one overflow when reading compressed integers from a
malicious zchunk file
- Error handling being skipped when the number of bytes read doesn't
match what's expected
- Not freeing memory when attempting to reallocate to size 0
--------------------------------------------------------------------------------