The following Fedora EPEL 7 Security updates need testing:
Age URL
729
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
491
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
210
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c
redis-3.2.3-1.el7
194
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3
chicken-4.11.0-3.el7
73
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-759dd56b65
firebird-2.5.7.27050.0-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-af1e2c321c
phpMyAdmin-4.4.15.10-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-20968c98b8
nodejs-6.9.5-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cf89632a6e
canl-c-2.1.8-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d5fe44714a
cacti-1.0.4-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0e81fa293f
drupal7-metatag-1.21-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f1dce07331
drupal7-views-3.15-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f99defddc3
munin-2.0.30-5.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-18d82f816f
breeze-icon-theme-5.31.0-1.el7 extra-cmake-modules-5.31.0-3.el7 kf5-5.31.0-1.el7
kf5-attica-5.31.0-1.el7 kf5-baloo-5.31.0-1.el7 kf5-bluez-qt-5.31.0-1.el7
kf5-frameworkintegration-5.31.0-1.el7 kf5-kactivities-5.31.0-1.el7
kf5-kactivities-stats-5.31.0-1.el7 kf5-kapidox-5.31.0-1.el7 kf5-karchive-5.31.0-1.el7
kf5-kauth-5.31.0-1.el7 kf5-kbookmarks-5.31.0-1.el7 kf5-kcmutils-5.31.0-1.el7
kf5-kcodecs-5.31.0-1.el7 kf5-kcompletion-5.31.0-1.el7 kf5-kconfig-5.31.0-1.el7
kf5-kconfigwidgets-5.31.0-1.el7 kf5-kcoreaddons-5.31.0-1.el7 kf5-kcrash-5.31.0-1.el7
kf5-kdbusaddons-5.31.0-1.el7 kf5-kdeclarative-5.31.0-1.el7 kf5-kded-5.31.0-1.el7
kf5-kdelibs4support-5.31.0-1.el7 kf5-kdesignerplugin-5.31.0-1.el7 kf5-kdesu-5.31.0-1.el7
kf5-kdewebkit-5.31.0-1.el7 kf5-kdnssd-5.31.0-1.el7 kf5-kdoctools-5.31.0-1.el7
kf5-kemoticons-5.31.0-1.el7 kf5-kfilemetadata-5.31.0-1.el7 kf5-kglobalaccel-5.31.0-1.el7
kf5-kguiaddons-5.31.0-1.el7 kf5-khtml
-5.31.0-1.el7 kf5-ki18n-5.31.0-1.el7 kf5-kiconthemes-5.31.0-1.el7
kf5-kidletime-5.31.0-1.el7 kf5-kimageformats-5.31.0-1.el7 kf5-kinit-5.31.0-1.el7
kf5-kio-5.31.0-2.el7 kf5-kitemmodels-5.31.0-1.el7 kf5-kitemviews-5.31.0-1.el7
kf5-kjobwidgets-5.31.0-1.el7 kf5-kjs-5.31.0-1.el7 kf5-kjsembed-5.31.0-1.el7
kf5-kmediaplayer-5.31.0-1.el7 kf5-knewstuff-5.31.0-1.el7 kf5-knotifications-5.31.0-1.el7
kf5-knotifyconfig-5.31.0-1.el7 kf5-kpackage-5.31.0-1.el7 kf5-kparts-5.31.0-1.el7
kf5-kpeople-5.31.0-1.el7 kf5-kplotting-5.31.0-1.el7 kf5-kpty-5.31.0-1.el7
kf5-kross-5.31.0-1.el7 kf5-krunner-5.31.0-1.el7 kf5-kservice-5.31.0-1.el7
kf5-ktexteditor-5.31.0-2.el7 kf5-ktextwidgets-5.31.0-1.el7
kf5-kunitconversion-5.31.0-1.el7 kf5-kwallet-5.31.0-1.el7 kf5-kwidgetsaddons-5.31.0-1.el7
kf5-kwindowsystem-5.31.0-1.el7 kf5-kxmlgui-5.31.0-1.el7 kf5-kxmlrpcclient-5.31.0-1.el7
kf5-modemmanager-qt-5.31.0-1.el7 kf5-networkmanager-qt-5.31.0-1.el7
kf5-plasma-5.31.0-1.el7 kf5-solid-5.31.0-1.el7 kf5-sonnet-5.31.0-1.el7 kf5
-syntax-highlighting-5.31.0-1.el7 kf5-threadweaver-5.31.0-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c01d41d83
php-pear-PHP-CodeSniffer-2.8.1-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9701d0e0dd
GraphicsMagick-1.3.25-6.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d2049ca0d4
tor-0.2.9.10-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-19578898e6
w3m-0.5.3-30.git20170102.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c73452ca27
tcpreplay-4.1.2-3.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-769c60931f
wordpress-4.7.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
beaker-24.1-2.el7
ddrescue-1.22-1.el7
golang-github-circonus-labs-circonusllhist-0-0.1.git365d370.el7
golang-github-hashicorp-go-sockaddr-0-0.1.gitaf174a6.el7
golang-github-mitchellh-copystructure-0-0.1.gitcdac825.el7
golang-github-mitchellh-go-wordwrap-0-0.1.gitad45545.el7
lynis-2.4.4-1.el7
python-volatility-2.6.0-2.el7
tcpreplay-4.1.2-3.el7
vulkan-1.0.42.0-1.el7
wordpress-4.7.3-1.el7
Details about builds:
================================================================================
beaker-24.1-2.el7 (FEDORA-EPEL-2017-0bc12c3889)
Full-stack software and hardware integration testing system
--------------------------------------------------------------------------------
Update Information:
Fixed broken dependency
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410594 - Review Request: beaker - Full-stack software and hardware
integration testing system
https://bugzilla.redhat.com/show_bug.cgi?id=1410594
--------------------------------------------------------------------------------
================================================================================
ddrescue-1.22-1.el7 (FEDORA-EPEL-2017-c014017cbc)
Data recovery tool trying hard to rescue data in case of read errors
--------------------------------------------------------------------------------
Update Information:
Update to bugfix release 1.22 of ddrescue
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1419216 - ddrescue-1.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1419216
--------------------------------------------------------------------------------
================================================================================
golang-github-circonus-labs-circonusllhist-0-0.1.git365d370.el7
(FEDORA-EPEL-2017-09e36abcac)
A go implementation of Circonus log-linear histograms
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410356 - Review Request: golang-github-circonus-labs-circonusllhist - A go
implementation of Circonus log-linear histograms
https://bugzilla.redhat.com/show_bug.cgi?id=1410356
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-go-sockaddr-0-0.1.gitaf174a6.el7 (FEDORA-EPEL-2017-83beb6ff97)
IP Address/UNIX Socket convenience functions for Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410393 - Review Request: golang-github-hashicorp-go-sockaddr - IP
Address/UNIX Socket convenience functions for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1410393
--------------------------------------------------------------------------------
================================================================================
golang-github-mitchellh-copystructure-0-0.1.gitcdac825.el7 (FEDORA-EPEL-2017-0bff3d44c2)
Go library for deep copying values in Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410401 - Review Request: golang-github-mitchellh-copystructure - Go library
for deep copying values in Go
https://bugzilla.redhat.com/show_bug.cgi?id=1410401
--------------------------------------------------------------------------------
================================================================================
golang-github-mitchellh-go-wordwrap-0-0.1.gitad45545.el7 (FEDORA-EPEL-2017-931df2ba91)
A Go library for wrapping words in a string
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410394 - Review Request: golang-github-mitchellh-go-wordwrap - A Go library
for wrapping words in a string
https://bugzilla.redhat.com/show_bug.cgi?id=1410394
--------------------------------------------------------------------------------
================================================================================
lynis-2.4.4-1.el7 (FEDORA-EPEL-2017-982b9c9126)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.4 ---- Update to 2.4.2 ---- Update to 2.4.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1426200 - lynis-2.4.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1426200
[ 2 ] Bug #1422705 - lynis-2.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1422705
[ 3 ] Bug #1421133 - lynis-2.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1421133
--------------------------------------------------------------------------------
================================================================================
python-volatility-2.6.0-2.el7 (FEDORA-EPEL-2017-7cfa077091)
Volatile memory extraction utility framework
--------------------------------------------------------------------------------
Update Information:
Update to bugfix release 2.6 of volatility framework.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409170 - python-volatility-2.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1409170
--------------------------------------------------------------------------------
================================================================================
tcpreplay-4.1.2-3.el7 (FEDORA-EPEL-2017-c73452ca27)
Replay captured network traffic
--------------------------------------------------------------------------------
Update Information:
Patch CVE-2017-6429. Tcpcapinfo utility of Tcpreplay has a buffer overflow
vulnerability associated with parsing a crafted pcap file. This occurs in the
src/tcpcapinfo.c file when capture has a packet that is too large to handle.
References:
http://seclists.org/bugtraq/2017/Mar/22 Upstream bug:
https://github.com/appneta/tcpreplay/issues/278
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429521 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1429521
[ 2 ] Bug #1429522 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1429522
--------------------------------------------------------------------------------
================================================================================
vulkan-1.0.42.0-1.el7 (FEDORA-EPEL-2017-1eb80b8852)
Vulkan loader and validation layers
--------------------------------------------------------------------------------
Update Information:
Update
--------------------------------------------------------------------------------
================================================================================
wordpress-4.7.3-1.el7 (FEDORA-EPEL-2017-769c60931f)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.7.3 is now available**. This is a security release for all
previous versions and we strongly encourage you to update your sites
immediately. WordPress versions 4.7.2 and earlier are affected by six security
issues: * Cross-site scripting (XSS) via media file metadata. Reported by
Chris Andr�� Dale, Yorick Koster, and Simon P. Briggs. * Control characters
can trick redirect URL validation. Reported by Daniel Chatfield. *
Unintended files can be deleted by administrators using the plugin deletion
functionality. Reported by xuliang. * Cross-site scripting (XSS) via video
URL in YouTube embeds. Reported by Marc Montpas. * Cross-site scripting
(XSS) via taxonomy term names. Reported by Delta. * Cross-site request
forgery (CSRF) in Press This leading to excessive use of server resources.
Reported by Sipke Mellema. Thank you to the reporters for practicing
responsible disclosure. In addition to the security issues above, WordPress
4.7.3 contains 39 maintenance fixes to the 4.7 release series. For more
information, see the [release
notes](https://codex.wordpress.org/Version_4.7.3)
or consult the [list of
changes](https://core.trac.wordpress.org/query?status=cl
osed&milestone=4.7.3&group=component&col=id&col=summary&col=component&col=status
&col=owner&col=type&col=priority&col=keywords&order=priority).
--------------------------------------------------------------------------------