The following Fedora EPEL 8 Security updates need testing:
Age URL
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-71d1af6aca
isync-1.4.1-1.el8
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-fedb6fa69d
python-aiohttp-3.7.4-1.el8
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-fc2f1ff74c
x11vnc-0.9.16-3.el8
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-1073219045
privoxy-3.0.32-1.el8
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a2e8a7475f
chromium-88.0.4324.182-2.el8
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-94317ce911
suricata-5.0.6-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-6b1b1f9053
python-django-2.2.19-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-58f4d56777
zabbix40-4.0.29-1.el8
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-e9c2beec98
nagios-4.4.6-4.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
assimp-5.0.1-1.el8
clamav-0.103.1-3.el8
fetch-crl-3.0.21-1.el8
mlt-6.24.0-3.el8
movit-1.6.3-2.el8
rclone-1.54.0-1.el8
uberftp-2.8-13.el8
xbg-0.0.2-1.el8
Details about builds:
================================================================================
assimp-5.0.1-1.el8 (FEDORA-EPEL-2021-5e7146d746)
Library to import various 3D model formats into applications
--------------------------------------------------------------------------------
Update Information:
New package: assimp-5.0.1-1
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1929567 - Please build assimp for EPEL 8
https://bugzilla.redhat.com/show_bug.cgi?id=1929567
--------------------------------------------------------------------------------
================================================================================
clamav-0.103.1-3.el8 (FEDORA-EPEL-2021-a847c261f5)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
- clamav-freshclam.service: Standard output type syslog is obsolete (#1933977) -
Quiet proxy on stdout (#1814698) ---- ClamAV 0.103.1 patch release
https://blog.clamav.net/2021/02/clamav-01031-patch-release.html Notable changes
Added a new scan option to alert on broken media (graphics) file formats.
This feature mitigates the risk of malformed media files intended to exploit
vulnerabilities in other software. At present, media validation exists for JPEG,
TIFF, PNG and GIF files. To enable this feature, set AlertBrokenMedia yes in
clamd.conf for use with ClamD, or use the --alert-broken-media option when using
ClamScan. These options are disabled by default in this patch release but may be
enabled in a subsequent release. Application developers may enable this
scan option by enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan
option bit field. Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF and
PNG typing behavior. BMP and JPEG 2000 files will continue to detect as
CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG 2000 format-
checking capabilities. Bug fixes Fixed PNG parser logic bugs that caused
an excess of parsing errors and fixed a stack exhaustion issue affecting some
systems when scanning PNG files. PNG file type detection was disabled via
signature database update for ClamAV version 0.103.0 to mitigate the effects
from these bugs. Fixed an issue where PNG and GIF files no longer work with
Target:5 graphics signatures if detected as CL_TYPE_PNG or CL_TYPE_GIF rather
than as CL_TYPE_GRAPHICS. Target types now support up to 10 possible file types
to make way for additional graphics types in future releases. Fixed
ClamOnAcc's --fdpass option. File descriptor passing (or "FD-passing")
is a
mechanism by which ClamOnAcc and ClamDScan may transfer an open file to ClamD to
scan, even if ClamD is running as a non-privileged user and wouldn't otherwise
have read-access to the file. This enables ClamD to scan all files without
having to run ClamD as root. If possible, ClamD should never be run as root to
mitigate the risk in case ClamD is somehow compromised while scanning malware.
Interprocess file descriptor passing for ClamOnAcc was broken since version
0.102.0 due to a bug introduced by the switch to cURL for communicating with
ClamD. On Linux, passing file descriptors from one process to another is handled
by the kernel, so we reverted ClamOnAcc to use standard system calls for socket
communication when FD-passing is enabled. Fixed a ClamOnAcc stack
corruption issue on some systems when using an older version of libcurl. Patch
courtesy of Emilio Pozuelo Monfort. Allow ClamScan and ClamDScan scans to
proceed even if the realpath lookup failed. This alleviates an issue on Windows
scanning files hosted on file-systems that do not support the
GetMappedFileNameW() API, such as on ImDisk RAM-disks. Fixed FreshClam's
--on-update-execute=EXIT_1 temporary directory cleanup issue. ClamD's log
output and VirusEvent feature now provide the scan target's file path instead of
a file descriptor. The ClamD socket API for submitting a scan by FD-passing
doesn't include a file path. This feature works by looking up the file path by
the file descriptor. This feature works on Mac and Linux but is not yet
implemented for other UNIX operating systems. FD-passing is not available for
Windows. Fixed an issue where FreshClam database validation didn't work
correctly when run in daemon mode on Linux/Unix. Fixed scan speed
performance issues accidentally introduced in ClamAV 0.103.0 caused by hashing
file maps more than once when parsing a file as a new type, and caused by
frequent scanning of non-HTML text data with the HTML parser. Other
improvements Scanning JPEG, TIFF, PNG and GIF files will no longer return
"parse" errors when file format validation fails. Instead, the scan will alert
with the "Heuristics.Broken.Media" signature prefix and a descriptive suffix to
indicate the issue, provided that the "alert broken media" feature is enabled.
GIF format validation will no longer fail if the GIF image is missing the
trailer byte, as this appears to be a relatively common issue in otherwise
functional GIFs. Added a TIFF dynamic configuration (DCONF) option that was
missing. This will allow us to disable TIFF format validation via signature
database update in the event that it proves to be problematic. This feature
already exists for many other file types.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 7 2021 S��rgio Basto <sergio(a)serjux.com> - 0.103.1-3
- clamav-freshclam.service: Standard output type syslog is obsolete (#1933977)
- Quiet proxy on stdout (#1814698)
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 0.103.1-2
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
* Wed Feb 17 2021 S��rgio Basto <sergio(a)serjux.com> - 0.103.1-1
- Update to 0.103.1
* Wed Jan 27 2021 S��rgio Basto <sergio(a)serjux.com> - 0.103.0-3
- Add upstream patch clamonacc: Fix stack buffer overflow with old curl
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.103.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1814698 - freshclam --quiet returns proxy on stdout
https://bugzilla.redhat.com/show_bug.cgi?id=1814698
[ 2 ] Bug #1909184 - clamdscan in 0.103.0 version seems to consume too much memory
https://bugzilla.redhat.com/show_bug.cgi?id=1909184
[ 3 ] Bug #1933977 - clamav-freshclam.service "Standard output type syslog is
obsolete"
https://bugzilla.redhat.com/show_bug.cgi?id=1933977
--------------------------------------------------------------------------------
================================================================================
fetch-crl-3.0.21-1.el8 (FEDORA-EPEL-2021-6cc4d91dbf)
Downloads Certificate Revocation Lists
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.21 and extra build reqires for https URLs.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 8 2021 Steve Traylen <steve.traylen(a)cern.ch> - 3.0.21-1
- Update version extra perl R for https
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1901879 - Missing dependency
https://bugzilla.redhat.com/show_bug.cgi?id=1901879
--------------------------------------------------------------------------------
================================================================================
mlt-6.24.0-3.el8 (FEDORA-EPEL-2021-899e72019f)
Toolkit for broadcasters, video editors, media players, transcoders
--------------------------------------------------------------------------------
Update Information:
Add MLT and movit to epel8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
movit-1.6.3-2.el8 (FEDORA-EPEL-2021-899e72019f)
GPU video filter library
--------------------------------------------------------------------------------
Update Information:
Add MLT and movit to epel8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
rclone-1.54.0-1.el8 (FEDORA-EPEL-2021-035e01ef74)
Rsync for cloud storage
--------------------------------------------------------------------------------
Update Information:
Update to 1.54.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 8 2021 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 1.54.0-1
- Update to 1.54.0
- Close: rhbz#1918543
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1918543 - rclone-1.54.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1918543
--------------------------------------------------------------------------------
================================================================================
uberftp-2.8-13.el8 (FEDORA-EPEL-2021-20bb8f246e)
GridFTP-enabled ftp client
--------------------------------------------------------------------------------
Update Information:
https://github.com/JasonAlt/UberFTP has been archived and uberftp is now
maintained
https://github.com/gridcf/UberFTP
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 8 2021 Steve Traylen <steve.traylen(a)cern.ch> - 2.8-13
- Upstream is now GridCF project
https://mailman.egi.eu/pipermail/discuss/2019-March/000273.html
--------------------------------------------------------------------------------
================================================================================
xbg-0.0.2-1.el8 (FEDORA-EPEL-2021-c8a929affd)
Tiny XCB root window color setter
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1919712 - Review Request: xbg - Tiny XCB root window color setter
https://bugzilla.redhat.com/show_bug.cgi?id=1919712
--------------------------------------------------------------------------------