Fedora EPEL 8 updates-testing report - epel-devel - Fedora mailing-lists

5 Jun 2020


      The following Fedora EPEL 8 Security updates need testing:
 Age  URL
  11  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-383149ca50   perl-Email-MIME-1.949-1.el8 perl-Email-MIME-ContentType-1.024-1.el8
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-3943d14499   mbedtls-2.16.6-1.el8
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5b6f780725   cacti-1.2.12-1.el8 cacti-spine-1.2.12-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
fmf-0.12-1.el8
    pdns-recursor-4.2.2-1.el8
    python-monotonic-1.5-7.el8
    python-shodan-1.23.0-1.el8
    resalloc-3.2-1.el8
    rubygem-rack-2.2.2-1.el8
    strongswan-5.8.2-5.el8
Details about builds:
================================================================================
 fmf-0.12-1.el8 (FEDORA-EPEL-2020-6f72b8adb8)
 Flexible Metadata Format
--------------------------------------------------------------------------------
Update Information:
Fix cache issue in utils.fetch
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun  4 2020 Petr ��pl��chal psplicha@redhat.com - 0.12-1
- Do git pull in utils.fetch
- Make fetch._run official as utils.run
* Tue Mar 17 2020 Petr ��pl��chal psplicha@redhat.com - 0.11-2
- Enable back python2-fmf subpackage for RHEL7
--------------------------------------------------------------------------------
================================================================================
 pdns-recursor-4.2.2-1.el8 (FEDORA-EPEL-2020-21930ff650)
 Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2020-10995, CVE-2020-12244 and CVE-2020-10030
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  3 2020 Ruben Kerkhof ruben@rubenkerkhof.com - 4.2.1-1
- Upstream released new version
  Fixes CVE-2020-10995, CVE-2020-12244 and CVE-2020-10030
  See https://doc.powerdns.com/recursor/changelog/4.2.html#change-4.2.2 for more details
* Thu Jan  2 2020 Ruben Kerkhof ruben@rubenkerkhof.com - 4.2.1-1
- Upstream released new version, including a fix for a memory leak
  See https://blog.powerdns.com/2019/12/09/powerdns-recursor-4-2-1-released/ for changes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1837296 - pdns-recursor-4.3.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1837296
  [ 2 ] Bug #1838002 - bump powerdns to at lat 4.1.16 to fix CVEs
        https://bugzilla.redhat.com/show_bug.cgi?id=1838002
  [ 3 ] Bug #1839800 - CVE-2020-10995 CVE-2020-12244 CVE-2020-10030 pdns-recursor: multiple vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=1839800
  [ 4 ] Bug #1840184 - CVE-2020-10030 pdns-recursor: stack-based out-of-bounds read via a larger hostname [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840184
  [ 5 ] Bug #1840185 - CVE-2020-10030 pdns-recursor: stack-based out-of-bounds read via a larger hostname [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840185
  [ 6 ] Bug #1840192 - CVE-2020-12244 pdns-recursor: incorrect handling of records in the answer section of a NXDOMAIN response lacking an SOA allows an attacker to bypass DNSSEC validation [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840192
  [ 7 ] Bug #1840193 - CVE-2020-12244 pdns-recursor: incorrect handling of records in the answer section of a NXDOMAIN response lacking an SOA allows an attacker to bypass DNSSEC validation [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840193
  [ 8 ] Bug #1840281 - CVE-2020-10995 pdns-recursor: issue in DNS protocol allows malicious parties to use recursive DNS services to attack third party authoritative name servers [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840281
  [ 9 ] Bug #1840282 - CVE-2020-10995 pdns-recursor: issue in DNS protocol allows malicious parties to use recursive DNS services to attack third party authoritative name servers [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840282
--------------------------------------------------------------------------------
================================================================================
 python-monotonic-1.5-7.el8 (FEDORA-EPEL-2020-54dad51d4b)
 An implementation of time.monotonic() for Python 2 & < 3.3
--------------------------------------------------------------------------------
Update Information:
Built for EPEL8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1843879 - [EPEL8][RFE] python-monotonic for EPEL8
        https://bugzilla.redhat.com/show_bug.cgi?id=1843879
--------------------------------------------------------------------------------
================================================================================
 python-shodan-1.23.0-1.el8 (FEDORA-EPEL-2020-796a72f36d)
 Python library and command-line utility for Shodan.io
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 1.23.0
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
 resalloc-3.2-1.el8 (FEDORA-EPEL-2020-274cb50d79)
 Resource allocator for expensive resources - client tooling
--------------------------------------------------------------------------------
Update Information:
- new configuration option cmd_release - command to be run before resource as
reusable again - after server restart, schedule all inconsistent resources to be
(mitigates issue#41) - systemd service is restarted upon failure (just in case)
----  new version v3.1, improved resource checker  ----  new 3.0 version - new
possibility to re-use resources, and client requests can survive server restart
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
 rubygem-rack-2.2.2-1.el8 (FEDORA-EPEL-2020-fa06066564)
 a modular Ruby webserver interface
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-8161
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun  4 2020 Gerd Pokorra gp@zimt.uni-siegen.de - 2.2.2-1
- Update to 2.2.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1838283 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1838283
--------------------------------------------------------------------------------
================================================================================
 strongswan-5.8.2-5.el8 (FEDORA-EPEL-2020-ab79c2a210)
 An OpenSource IPsec-based VPN and TNC solution
--------------------------------------------------------------------------------
Update Information:
Update to 5.8.2, various minor bugfixes
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 22 2020 Mikhail Zabaluev mikhail.zabaluev@gmail.com - 5.8.2-5
- Patch to declare a global variable with extern (#1800117)
* Mon Feb 10 2020 Paul Wouters pwouters@redhat.com - 5.8.2-4
- use tmpfile to ensure rundir is present
* Fri Jan 31 2020 Fedora Release Engineering releng@fedoraproject.org - 5.8.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sat Dec 28 2019 Paul Wouters pwouters@redhat.com - 5.8.2-2
- Use /run/strongswan as rundir to support strongswans in namespaces
* Tue Dec 17 2019 Mikhail Zabaluev mikhail.zabaluev@gmail.com - 5.8.2-1
- Update to 5.8.2 (#1784457)
- The D-Bus config file moved under datadir
* Mon Sep  2 2019 Mikhail Zabaluev mikhail.zabaluev@gmail.com - 5.8.1-1
- Update to 5.8.1 (#1711920)
- No more separate strongswan-swanctl.service to start out of order (#1775548)
- Added strongswan-starter.service
* Sat Jul 27 2019 Fedora Release Engineering releng@fedoraproject.org - 5.7.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Feb  3 2019 Fedora Release Engineering releng@fedoraproject.org - 5.7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1800117 - strongswan: FTBFS in Fedora rawhide/f32
        https://bugzilla.redhat.com/show_bug.cgi?id=1800117
--------------------------------------------------------------------------------