The following Fedora EPEL 6 Security updates need testing:
Age URL
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b1a8a3c29a
putty-0.74-1.el6
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-8c3e76982e
python-rsa-3.4.2-1.el6
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-7b550f6ce5
python-gnupg-0.4.6-1.el6
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e44380bc7a
php-horde-kronolith-4.2.29-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
mbedtls-2.7.16-1.el6
singularity-3.6.0-1.el6
Details about builds:
================================================================================
mbedtls-2.7.16-1.el6 (FEDORA-EPEL-2020-f275c3fe6a)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 2.7.16 Security advisory:
https://tls.mbed.org/tech-
updates/security-advisories/mbedtls-security-advisory-2020-07
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 14 2020 Morten Stevens <mstevens(a)fedoraproject.org> - 2.7.16-1
- Update to 2.7.16
- Security Advisory 2020-07
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1851867 - CVE-2020-10941 mbedtls: cache attack against RSA key import in SGX
https://bugzilla.redhat.com/show_bug.cgi?id=1851867
--------------------------------------------------------------------------------
================================================================================
singularity-3.6.0-1.el6 (FEDORA-EPEL-2020-e54cfb4880)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream 3.6.0. Remove patch #4679 for el8.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 14 2020 Dave Dykstra <dwd(a)fedoraproject.org> - 3.6.0-1
- Upgrade to upstream 3.6.0. Remove patch #4679 for el8, since
golang-12 is now available for that build machine.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1828680 - singularity-3.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1828680
--------------------------------------------------------------------------------