The following Fedora EPEL 7 Security updates need testing:
Age URL
212
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
108
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6813
chicken-4.9.0.1-4.el7
41
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7800
python-django-1.6.11-3.el7
16
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8155 nagios-4.0.8-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-c29d29cc8f
mediawiki123-1.23.10-2.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-925e9374c9
python-pymongo-3.0.3-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-13c5827d5c
opensmtpd-5.7.3p1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
0install-2.10-1.el7
0install-2.10-2.el7
ceph-0.80.7-0.6.el7
gnucash-2.6.8-1.el7
gnucash-docs-2.6.8-1.el7
lightdm-1.10.5-6.el7
linux_logo-5.11-12.el7
lxmenu-data-0.1.4-1.el7
mate-notification-daemon-1.10.2-1.el7
opensmtpd-5.7.3p1-1.el7
php-bartlett-PHP-CompatInfo-4.5.0-1.el7
php-mikey179-vfsstream-1.6.0-1.el7
php-myclabs-deep-copy-1.4.0-1.el7
preprocess-1.2.2-2.20150919gitd5ab9a.el7
python-flask-openid-1.2.5-1.el7
quiterss-0.18.2-1.el7
syslog-ng-3.5.6-2.el7
viewvc-1.1.24-1.el7
vile-9.8q-1.el7
Details about builds:
================================================================================
0install-2.10-1.el7 (FEDORA-EPEL-2015-113c88d6b9)
A decentralized cross-distribution software installation system
--------------------------------------------------------------------------------
Update Information:
Upstream update to 2.10. ---- 0install-2.9.1-1.el7 - Upstream update to
2.9.1. - Add buildrequires: ocaml-react-devel for EPEL. - Exclude ppc64 for
EPEL, as the build dependency ocaml-findlib-devel is not available on it.
--------------------------------------------------------------------------------
================================================================================
0install-2.10-2.el7 (FEDORA-EPEL-2015-0c7398485f)
A decentralized cross-distribution software installation system
--------------------------------------------------------------------------------
Update Information:
0install-2.10-2.fc21 - Upstream update to 2.10. 0install-2.10-2.fc22 -
Upstream update to 2.10. 0install-2.10-2.fc23 - Upstream update to 2.10.
0install-2.10-2.el7 - Upstream update to 2.10.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1070093 - 0install-2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1070093
--------------------------------------------------------------------------------
================================================================================
ceph-0.80.7-0.6.el7 (FEDORA-EPEL-2015-40bf39f476)
User space components of the Ceph file system
--------------------------------------------------------------------------------
Update Information:
ceph-0.80.7-0.6.el7 - remove python-rados and python-rbd packages to avoid
package conflicts - see
http://tracker.ceph.com/issues/11104#change-59701 for
details ---- This update adds version numbers to Ceph's RPM "Obsoletes"
directives. This should reduce the conflict between newer
ceph.com releases
where the python- and -devel RPMs have not yet been split. See also
http://tracker.ceph.com/issues/11104
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1269416 - [ceph] yum-plugin-priorities does not blacklist all the obsoleted
packages
https://bugzilla.redhat.com/show_bug.cgi?id=1269416
[ 2 ] Bug #1193182 - ceph has unversioned obsoletes
https://bugzilla.redhat.com/show_bug.cgi?id=1193182
--------------------------------------------------------------------------------
================================================================================
gnucash-2.6.8-1.el7 (FEDORA-EPEL-2015-121c7f7daa)
Finance management application
--------------------------------------------------------------------------------
Update Information:
This updates GnuCash to 2.6.8, the latest upstream release. For a list of bugs
fixed in this release, see the upstream release notes at:
http://gnucash.org/#n-150927-2.6.8.news ---- This updates GnuCash to the
latest upstream release, 2.6.7. For a detailed list of fixed bugs, see the
upstream release notes at:
http://gnucash.org/#n-150628-2.6.7.news
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1266794 - gnucash-2.6.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1266794
[ 2 ] Bug #1236432 - gnucash-2.6.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1236432
--------------------------------------------------------------------------------
================================================================================
gnucash-docs-2.6.8-1.el7 (FEDORA-EPEL-2015-121c7f7daa)
Help files and documentation for the GnuCash personal finanace manager
--------------------------------------------------------------------------------
Update Information:
This updates GnuCash to 2.6.8, the latest upstream release. For a list of bugs
fixed in this release, see the upstream release notes at:
http://gnucash.org/#n-150927-2.6.8.news ---- This updates GnuCash to the
latest upstream release, 2.6.7. For a detailed list of fixed bugs, see the
upstream release notes at:
http://gnucash.org/#n-150628-2.6.7.news
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1266794 - gnucash-2.6.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1266794
[ 2 ] Bug #1236432 - gnucash-2.6.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1236432
--------------------------------------------------------------------------------
================================================================================
lightdm-1.10.5-6.el7 (FEDORA-EPEL-2015-dccbf33063)
A cross-desktop Display Manager
--------------------------------------------------------------------------------
Update Information:
drop listen.patch for < f22 (and epel-7)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1269247 - xserver-allow-tcp=true doesn't work anymore
https://bugzilla.redhat.com/show_bug.cgi?id=1269247
--------------------------------------------------------------------------------
================================================================================
linux_logo-5.11-12.el7 (FEDORA-EPEL-2015-db29761127)
Show a logo with some system info on the console
--------------------------------------------------------------------------------
Update Information:
linux_logo-5.11-12.el6 - Include patch to have a consistent default logo, the
banner logo (#1268065). linux_logo-5.11-12.fc23 - Include patch to have a
consistent default logo, the banner logo (#1268065). linux_logo-5.11-12.el7 -
Include patch to have a consistent default logo, the banner logo (#1268065).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1268065 - linux_logo uses an arbitrary (possibly non-Linux) logo by default
https://bugzilla.redhat.com/show_bug.cgi?id=1268065
--------------------------------------------------------------------------------
================================================================================
lxmenu-data-0.1.4-1.el7 (FEDORA-EPEL-2015-d984c9b4d7)
Data files for the LXDE menu
--------------------------------------------------------------------------------
Update Information:
initial package (v0.1.4)
--------------------------------------------------------------------------------
================================================================================
mate-notification-daemon-1.10.2-1.el7 (FEDORA-EPEL-2015-8a12fcb39d)
Notification daemon for MATE Desktop
--------------------------------------------------------------------------------
Update Information:
mate-notification-daemon-1.10.2-1.el7 - update to 1.10.2 release - remove
upstreamed patches
--------------------------------------------------------------------------------
================================================================================
opensmtpd-5.7.3p1-1.el7 (FEDORA-EPEL-2015-13c5827d5c)
Free implementation of the server-side SMTP protocol as defined by RFC 5321
--------------------------------------------------------------------------------
Update Information:
Issues fixed in this release (since 5.7.2): - fix an mda buffer truncation bug
which allows a user to create forward files that pass session checks but fail
delivery later down the chain, within the user mda; - fix remote buffer
overflow in unprivileged pony process; - reworked offline enqueue to better
protect against hardlink attacks. ---- Several vulnerabilities have been fixed
in OpenSMTPD 5.7.2: - an oversight in the portable version of fgetln() that
allows attackers to read and write out-of-bounds memory; - multiple denial-of-
service vulnerabilities that allow local users to kill or hang OpenSMTPD; - a
stack-based buffer overflow that allows local users to crash OpenSMTPD, or
execute arbitrary code as the non-chrooted _smtpd user; - a hardlink attack (or
race-conditioned symlink attack) that allows local users to unset the chflags()
of arbitrary files; - a hardlink attack that allows local users to read the
first line of arbitrary files (for example, root's hash from
/etc/master.passwd); - a denial-of-service vulnerability that allows remote
attackers to fill OpenSMTPD's queue or mailbox hard-disk partition; - an out-
of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leak
information and defeat the ASLR protection; - a use-after-free vulnerability
that allows remote attackers to crash OpenSMTPD, or execute arbitrary code as
the non-chrooted _smtpd user; Further details can be found in Qualys' audit
report:
http://seclists.org/oss-sec/2015/q4/17 MITRE has assigned one CVE for
the use-after-free vulnerability; additional CVEs may be assigned:
http://seclists.org/oss-sec/2015/q4/23 External References:
https://www.opensmtpd.org/announces/release-5.7.2.txt http://seclists.org/oss-
sec/2015/q4/17
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1268837 - opensmtpd-5.7.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1268837
[ 2 ] Bug #1268509 - opensmtpd: 5.7.2 release available
https://bugzilla.redhat.com/show_bug.cgi?id=1268509
[ 3 ] Bug #1268795 - CVE-2015-7687 OpenSMTPD: multiple vulnerabilities fixed in 5.7.2
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1268795
[ 4 ] Bug #1268858 - opensmtpd: Remotely triggerable buffer overflow vulnerability in
filter_tx_io [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1268858
--------------------------------------------------------------------------------
================================================================================
php-bartlett-PHP-CompatInfo-4.5.0-1.el7 (FEDORA-EPEL-2015-2dacc072cd)
Find out version and the extensions required for a piece of code to run
--------------------------------------------------------------------------------
Update Information:
**PHP_CompatInfo 4.5.0** * Add support of PHP 5.6.14, PHP 5.5.30 and PHP 5.4.45
* GH-209 : PHP feature detection versions overridden if any function defined
after usage
--------------------------------------------------------------------------------
================================================================================
php-mikey179-vfsstream-1.6.0-1.el7 (FEDORA-EPEL-2015-74d708e6bf)
PHP stream wrapper for a virtual file system
--------------------------------------------------------------------------------
Update Information:
** Release 1.6.0 ** * added vfsStreamWrapper::unregister(), provided by
@malkusch with #114 * fixed #115: incorrect handling of .. in root directory
on PHP 5.5, fix provided by @acoulton with #116
--------------------------------------------------------------------------------
================================================================================
php-myclabs-deep-copy-1.4.0-1.el7 (FEDORA-EPEL-2015-374d2d1a38)
Create deep copies (clones) of your objects
--------------------------------------------------------------------------------
Update Information:
** myclabs/deep-copy 1.4.0** * Support private properties of parent classes
--------------------------------------------------------------------------------
================================================================================
preprocess-1.2.2-2.20150919gitd5ab9a.el7 (FEDORA-EPEL-2015-c014bcdbb4)
A portable multi-language file Python2 preprocessor
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.2 - Added 'python-setuptools' as BR on EPEL
--------------------------------------------------------------------------------
================================================================================
python-flask-openid-1.2.5-1.el7 (FEDORA-EPEL-2015-8915c1ed71)
OpenID support for Flask
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.5 (#1269019)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1269019 - Rebase to 1.2.5
https://bugzilla.redhat.com/show_bug.cgi?id=1269019
--------------------------------------------------------------------------------
================================================================================
quiterss-0.18.2-1.el7 (FEDORA-EPEL-2015-4df7c41533)
RSS/Atom aggregator
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
================================================================================
syslog-ng-3.5.6-2.el7 (FEDORA-EPEL-2015-33ade2e7d6)
Next-generation syslog server
--------------------------------------------------------------------------------
Update Information:
syslog-ng-3.5.6-2.el7 - rebuilt for hiredis
--------------------------------------------------------------------------------
================================================================================
viewvc-1.1.24-1.el7 (FEDORA-EPEL-2015-aec52bbb03)
Browser interface for CVS and SVN version control repositories
--------------------------------------------------------------------------------
Update Information:
This is a maintenance release which includes all the bug fixes and enhancements
that we've made thus far to our 1.1.x line. ---- Initial release for EPEL7.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1220829 - viewvc package request for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1220829
--------------------------------------------------------------------------------
================================================================================
vile-9.8q-1.el7 (FEDORA-EPEL-2015-ddb64f8c64)
VI Like Emacs
--------------------------------------------------------------------------------
Update Information:
upgrade to 9.8q (RHBZ#1260817)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1260817 - vile-9.8q is available
https://bugzilla.redhat.com/show_bug.cgi?id=1260817
--------------------------------------------------------------------------------