The following Fedora EPEL 7 Security updates need testing:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-389d1fe8e6
libmysofa-1.2-4.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-4dda69dcf1
rubygem-rack-cors-1.0.6-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-9ec8ceb857
ansible-2.9.18-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-548bb74e95
nagios-4.4.6-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-88.0.4324.182-2.el7
distribution-gpg-keys-1.51-1.el7
knot-resolver-5.3.0-1.el7
lua-unbound-0.5-1.el7
mock-core-configs-34.2-1.el7
privoxy-3.0.32-1.el7
x11vnc-0.9.13-12.el7
Details about builds:
================================================================================
chromium-88.0.4324.182-2.el7 (FEDORA-EPEL-2021-580891d7f4)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Fix issue with swiftshader where symbols were not properly generated for the
dlopened shared objects, preventing proper functionality. ---- Update to
88.0.4324.182. Fixes CVE-2021-21149 CVE-2021-21150 CVE-2021-21151
CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156
CVE-2021-21157
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 25 2021 Tom Callaway <spot(a)fedoraproject.org> - 88.0.4234.182-2
- fix swiftshader symbols in libEGL/libGLESv2 with gcc
* Wed Feb 17 2021 Tom Callaway <spot(a)fedoraproject.org> - 88.0.4234.182-1
- update to 88.0.4234.182
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1929523 - CVE-2021-21149 chromium-browser: Stack overflow in Data Transfer
https://bugzilla.redhat.com/show_bug.cgi?id=1929523
[ 2 ] Bug #1929524 - CVE-2021-21150 chromium-browser: Use after free in Downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1929524
[ 3 ] Bug #1929525 - CVE-2021-21151 chromium-browser: Use after free in Payments
https://bugzilla.redhat.com/show_bug.cgi?id=1929525
[ 4 ] Bug #1929526 - CVE-2021-21152 chromium-browser: Heap buffer overflow in Media
https://bugzilla.redhat.com/show_bug.cgi?id=1929526
[ 5 ] Bug #1929527 - CVE-2021-21153 chromium-browser: Stack overflow in GPU Process
https://bugzilla.redhat.com/show_bug.cgi?id=1929527
[ 6 ] Bug #1929528 - CVE-2021-21154 chromium-browser: Heap buffer overflow in Tab Strip
https://bugzilla.redhat.com/show_bug.cgi?id=1929528
[ 7 ] Bug #1929529 - CVE-2021-21155 chromium-browser: Heap buffer overflow in Tab Strip
https://bugzilla.redhat.com/show_bug.cgi?id=1929529
[ 8 ] Bug #1929530 - CVE-2021-21156 chromium-browser: Heap buffer overflow in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1929530
[ 9 ] Bug #1929531 - CVE-2021-21157 chromium-browser: Use after free in Web Sockets
https://bugzilla.redhat.com/show_bug.cgi?id=1929531
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.51-1.el7 (FEDORA-EPEL-2021-7ec39b62bb)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
mock-core-config: - configs: use Fedora N-1 gpg keys for ELN distribution-gpg-
key: - update copr keys - Add missing CentOS SIG keys - add Fedora 36 key -
matrix of opengpg availablity - add intel new gpg key
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 1 2021 Miroslav Such�� <msuchy(a)redhat.com> 1.51-1
- update copr keys
- Add missing CentOS SIG keys
- add Fedora 36 key
- matrix of opengpg availablity
- add intel new gpg key
* Wed Feb 17 2021 Miroslav Such�� <msuchy(a)redhat.com> 1.50-1
- Add symlinks for F35
* Wed Feb 17 2021 Miroslav Such�� <msuchy(a)redhat.com> 1.49-1
- update copr keys
- add mariadb key
- document type61
- add Alma Linux
--------------------------------------------------------------------------------
================================================================================
knot-resolver-5.3.0-1.el7 (FEDORA-EPEL-2021-8ea279341d)
Caching full DNS Resolver
--------------------------------------------------------------------------------
Update Information:
- update to upstream version 5.3.0 - add dnstap module subpackage
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 1 2021 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 5.3.0-1
- update to upstream version 5.3.0
- add dnstap module subpackage
- required Knot DNS >= 2.9
--------------------------------------------------------------------------------
================================================================================
lua-unbound-0.5-1.el7 (FEDORA-EPEL-2021-74495023f5)
Binding to libunbound for Lua
--------------------------------------------------------------------------------
Update Information:
Lua bindings for the Unbound APIs.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1914678 - Review Request: lua-unbound - Binding to libunbound for Lua
https://bugzilla.redhat.com/show_bug.cgi?id=1914678
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-34.2-1.el7 (FEDORA-EPEL-2021-7ec39b62bb)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
mock-core-config: - configs: use Fedora N-1 gpg keys for ELN distribution-gpg-
key: - update copr keys - Add missing CentOS SIG keys - add Fedora 36 key -
matrix of opengpg availablity - add intel new gpg key
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 22 2021 Pavel Raiskup <praiskup(a)redhat.com> 34.2-1
- configs: use Fedora N-1 gpg keys for ELN (praiskup(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
privoxy-3.0.32-1.el7 (FEDORA-EPEL-2021-9fbe0750f7)
Privacy enhancing proxy
--------------------------------------------------------------------------------
Update Information:
3.0.32 ---- 3.0.31
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 1 2021 Gwyn Ciesla <gwync(a)protonmail.com> - 3.0.32-1
- 3.0.32
* Mon Feb 1 2021 Gwyn Ciesla <gwync(a)protonmail.com> - 3.0.31-1
- 3.0.31
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.29-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Nov 30 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 3.0.29-1
- 3.0.29
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.28-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.28-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.28-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Apr 19 2019 josef radinger <cheese(a)nosuchhost.net> - 3.0.28-1
- bump version
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.26-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jan 25 2019 Petr Pisar <ppisar(a)redhat.com> - 3.0.26-8
- Rebuild against patched libpcreposix library (bug #1667614)
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.26-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.26-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.26-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.26-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Mar 14 2017 Jon Ciesla <limburgher(a)gmail.com> - 3.0.26-3
- systemd cleanup
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.26-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1928727 - CVE-2021-20209 privoxy: memory leak in the show-status CGI handler
when no action files are configured [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1928727
[ 2 ] Bug #1928732 - CVE-2021-20210 privoxy: memory leak in the show-status CGI handler
when no filter files are configured [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1928732
[ 3 ] Bug #1928735 - CVE-2021-20211 privoxy: memory leak when client tags are active
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1928735
[ 4 ] Bug #1928738 - CVE-2021-20212 privoxy: memory leak if multiple filters are
executed and the last one is skipped due to a pcre error [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1928738
[ 5 ] Bug #1928741 - CVE-2021-20213 privoxy: dereference of a NULL-pointer that could
result in a crash if accept-intercepted-requests was enabled [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1928741
[ 6 ] Bug #1928744 - CVE-2021-20214 privoxy: memory leak in the client-tags CGI handler
when client tags are configured [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1928744
[ 7 ] Bug #1928748 - CVE-2021-20215 privoxy: memory leaks in the show-status CGI handler
when memory allocations fail [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1928748
[ 8 ] Bug #1928751 - CVE-2020-35502 privoxy: memory leaks when a response is buffered
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1928751
[ 9 ] Bug #1933424 - privoxy-3.0.32 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1933424
--------------------------------------------------------------------------------
================================================================================
x11vnc-0.9.13-12.el7 (FEDORA-EPEL-2021-0859a9d61e)
VNC server for the current X11 session
--------------------------------------------------------------------------------
Update Information:
This release fixes an insecure permissins of shared memory semgentes created by
an x11vnc server. Previously the segments were readable and writable for any
local user. Now they are accessible only to the user who executed the x11vnc
server.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 1 2021 Petr Pisar <ppisar(a)redhat.com> - 0.9.13-12
- Fix CVE-2020-29074 (insecure permissions on a shared memory) (bug #1933604)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1933602 - CVE-2020-29074 x11vnc: insecure permissions on shm
https://bugzilla.redhat.com/show_bug.cgi?id=1933602
--------------------------------------------------------------------------------