The following Fedora EPEL 8 Security updates need testing:
Age URL
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-610589457a
prosody-0.11.8-1.el8
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-bfa4482ae0
libmysofa-1.2-4.el8
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-3428ca1a34
ansible-2.9.18-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-71d1af6aca
isync-1.4.1-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-525253c896
chromium-88.0.4324.182-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
ceres-solver-1.14.0-3.el8
clamav-0.103.1-1.el8
nagios-4.4.6-3.el8
python-aiohttp-3.7.4-1.el8
python-tkrzw-0.1.4-2.el8
stacer-1.1.0-12.el8
urdfdom-headers-1.0.5-1.el8
Details about builds:
================================================================================
ceres-solver-1.14.0-3.el8 (FEDORA-EPEL-2021-da889f4309)
A non-linear least squares minimizer
--------------------------------------------------------------------------------
Update Information:
Introduce ceres-solver to EPEL8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1927572 - Please build ceres-solver for EPEL 8
https://bugzilla.redhat.com/show_bug.cgi?id=1927572
--------------------------------------------------------------------------------
================================================================================
clamav-0.103.1-1.el8 (FEDORA-EPEL-2021-10c83ba6bf)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.103.1 patch release
https://blog.clamav.net/2021/02/clamav-01031-patch-
release.html Notable changes Added a new scan option to alert on broken
media (graphics) file formats. This feature mitigates the risk of malformed
media files intended to exploit vulnerabilities in other software. At present,
media validation exists for JPEG, TIFF, PNG and GIF files. To enable this
feature, set AlertBrokenMedia yes in clamd.conf for use with ClamD, or use the
--alert-broken-media option when using ClamScan. These options are disabled by
default in this patch release but may be enabled in a subsequent release.
Application developers may enable this scan option by enabling
CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field.
Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF and PNG typing behavior. BMP
and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS because ClamAV
does not yet have BMP or JPEG 2000 format-checking capabilities. Bug fixes
Fixed PNG parser logic bugs that caused an excess of parsing errors and fixed a
stack exhaustion issue affecting some systems when scanning PNG files. PNG file
type detection was disabled via signature database update for ClamAV version
0.103.0 to mitigate the effects from these bugs. Fixed an issue where PNG
and GIF files no longer work with Target:5 graphics signatures if detected as
CL_TYPE_PNG or CL_TYPE_GIF rather than as CL_TYPE_GRAPHICS. Target types now
support up to 10 possible file types to make way for additional graphics types
in future releases. Fixed ClamOnAcc's --fdpass option. File descriptor
passing (or "FD-passing") is a mechanism by which ClamOnAcc and ClamDScan may
transfer an open file to ClamD to scan, even if ClamD is running as a non-
privileged user and wouldn't otherwise have read-access to the file. This
enables ClamD to scan all files without having to run ClamD as root. If
possible, ClamD should never be run as root to mitigate the risk in case ClamD
is somehow compromised while scanning malware. Interprocess file descriptor
passing for ClamOnAcc was broken since version 0.102.0 due to a bug introduced
by the switch to cURL for communicating with ClamD. On Linux, passing file
descriptors from one process to another is handled by the kernel, so we reverted
ClamOnAcc to use standard system calls for socket communication when FD-passing
is enabled. Fixed a ClamOnAcc stack corruption issue on some systems when
using an older version of libcurl. Patch courtesy of Emilio Pozuelo Monfort.
Allow ClamScan and ClamDScan scans to proceed even if the realpath lookup
failed. This alleviates an issue on Windows scanning files hosted on file-
systems that do not support the GetMappedFileNameW() API, such as on ImDisk RAM-
disks. Fixed FreshClam's --on-update-execute=EXIT_1 temporary directory
cleanup issue. ClamD's log output and VirusEvent feature now provide the
scan target's file path instead of a file descriptor. The ClamD socket API for
submitting a scan by FD-passing doesn't include a file path. This feature works
by looking up the file path by the file descriptor. This feature works on Mac
and Linux but is not yet implemented for other UNIX operating systems. FD-
passing is not available for Windows. Fixed an issue where FreshClam
database validation didn't work correctly when run in daemon mode on Linux/Unix.
Fixed scan speed performance issues accidentally introduced in ClamAV 0.103.0
caused by hashing file maps more than once when parsing a file as a new type,
and caused by frequent scanning of non-HTML text data with the HTML parser.
Other improvements Scanning JPEG, TIFF, PNG and GIF files will no longer
return "parse" errors when file format validation fails. Instead, the scan will
alert with the "Heuristics.Broken.Media" signature prefix and a descriptive
suffix to indicate the issue, provided that the "alert broken media" feature is
enabled. GIF format validation will no longer fail if the GIF image is
missing the trailer byte, as this appears to be a relatively common issue in
otherwise functional GIFs. Added a TIFF dynamic configuration (DCONF)
option that was missing. This will allow us to disable TIFF format validation
via signature database update in the event that it proves to be problematic.
This feature already exists for many other file types.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 17 2021 S��rgio Basto <sergio(a)serjux.com> - 0.103.1-1
- Update to 0.103.1
* Wed Jan 27 2021 S��rgio Basto <sergio(a)serjux.com> - 0.103.0-3
- Add upstream patch clamonacc: Fix stack buffer overflow with old curl
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.103.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1909184 - clamdscan in 0.103.0 version seems to consume too much memory
https://bugzilla.redhat.com/show_bug.cgi?id=1909184
--------------------------------------------------------------------------------
================================================================================
nagios-4.4.6-3.el8 (FEDORA-EPEL-2021-6fed4b5ffb)
Host/service/network monitoring program
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2020-13977 BZ1849087 Require plugins needed for localhost monitoring
(#1932297) Update to 4.4.6
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 27 2021 Guido Aulisi <guido.aulisi(a)gmail.com> - 4.4.6-3
- Require plugins needed for localhost monitoring (#1932297)
* Tue Feb 23 2021 Guido Aulisi <guido.aulisi(a)gmail.com> - 4.4.6-2
- Fix systemd unit file permissions #1676334
* Sat Feb 20 2021 Guido Aulisi <guido.aulisi(a)gmail.com> - 4.4.6-1
- Update to 4.4.6
- Fix for CVE-2020-13977 #BZ1849087
- Some spec cleanup
* Tue Feb 18 2020 Stephen Smoogen <smooge(a)fedoraproject.org> - 4.4.5-3
- Add change to allow for problems found in mass rebuild and gcc10.
- Fix BZ#1793909
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1829114 - nagios-4.4.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1829114
[ 2 ] Bug #1849087 - CVE-2020-13977 nagios: URL injection (post-authentication)
vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1849087
[ 3 ] Bug #1932297 - Nagios server rpm missing some nagios-plugins-* dependency
https://bugzilla.redhat.com/show_bug.cgi?id=1932297
--------------------------------------------------------------------------------
================================================================================
python-aiohttp-3.7.4-1.el8 (FEDORA-EPEL-2021-fedb6fa69d)
Python HTTP client/server for asyncio
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 3.7.4
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 27 2021 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.7.4-1
- Update to latest upstream release 3.7.4
* Thu Feb 4 2021 Miro Hron��ok <mhroncok(a)redhat.com> - 3.7.3-3
- Allow installation with chardet 4
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.7.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Dec 11 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.7.3-1
- Update to latest upstream release 3.7.3
* Wed Dec 9 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.7.2-1
- Update to latest upstream release 3.7.2
* Mon Oct 26 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.7.1-1
- Update to new upstream version 3.7.1
* Wed Oct 14 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.6.3-1
- Update to new upstream version 3.6.3
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.6.2-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sun May 24 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 3.6.2-4
- Rebuilt for Python 3.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1933364 - python-aiohttp: Open redirect in
aiohttp.web_middlewares.normalize_path_middleware
https://bugzilla.redhat.com/show_bug.cgi?id=1933364
--------------------------------------------------------------------------------
================================================================================
python-tkrzw-0.1.4-2.el8 (FEDORA-EPEL-2021-ee18e697bf)
TKRZW Python bindings
--------------------------------------------------------------------------------
Update Information:
python_provide fix
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
stacer-1.1.0-12.el8 (FEDORA-EPEL-2021-9f9f9c3668)
Linux system optimizer and monitoring
--------------------------------------------------------------------------------
Update Information:
build: Add `qt5-qtcharts` dep | RH#1933328
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 27 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.1.0-12
- build: Add qt5-qtcharts dep | RH#1933328
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.0-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.0-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1933328 - Stacer does not work after being installed by dnf package manager
https://bugzilla.redhat.com/show_bug.cgi?id=1933328
--------------------------------------------------------------------------------
================================================================================
urdfdom-headers-1.0.5-1.el8 (FEDORA-EPEL-2021-56f9b1b656)
The URDF (U-Robot Description Format) headers
--------------------------------------------------------------------------------
Update Information:
Introduce urdfdom-headers to epel8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1918537 - Please build urdfdom-headers for EPEL 8
https://bugzilla.redhat.com/show_bug.cgi?id=1918537
--------------------------------------------------------------------------------