The following Fedora EPEL 6 Security updates need testing:
Age URL
785
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
132
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6...
117
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolki...
76
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1011/php-ZendFra...
31
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1414/gajim-0.14....
26
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1471/chicken-4.8...
22
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1477/drupal7-vie...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1563/mono-2.10.8...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1572/chkrootkit-...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1584/python-djbl...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1627/php-horde-H...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1608/mcollective...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1612/tor-0.2.4.2...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1628/hiera-1.0.0...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1634/python-djan...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1648/owncloud-6....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1649/python-jinj...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1657/lynis-1.5.6...
The following builds have been pushed to Fedora EPEL 6 updates-testing
docker-io-1.0.0-3.el6
ioprocess-0.5.0-1.el6
lynis-1.5.6-1.el6
pynag-0.8.9-2.el6
vertica-python-0.2.3-1.el6
Details about builds:
================================================================================
docker-io-1.0.0-3.el6 (FEDORA-EPEL-2014-1655)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
correct bogus date
switch back to the native execdriver, not lxc. bz1103323
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 14 2014 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 1.0.0-3
- correct bogus date
* Sat Jun 14 2014 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 1.0.0-2
- RHBZ#1109533 patch libcontainer for finalize namespace error
- RHBZ#1109039 build with updated golang-github-syndtr-gocapability
- install Dockerfile.5 manpage
* Sat Jun 14 2014 Hushan Jia <hushan(a)zelin.io> - 1.0.0-2
- fix for build on epel6
* Tue Jun 10 2014 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 1.0.0-1
- upstream version bump to v1.0.0
* Fri May 30 2014 Vincent Batts <vbatts(a)redhat.com> - 0.11.1-5
- switch back to the native execdriver, not lxc. bz1103323
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1109533 - finalize namespace errors with docker run
https://bugzilla.redhat.com/show_bug.cgi?id=1109533
[ 2 ] Bug #1103323 - docker on RHEL6.5 no longer needs to default to lxc
https://bugzilla.redhat.com/show_bug.cgi?id=1103323
--------------------------------------------------------------------------------
================================================================================
ioprocess-0.5.0-1.el6 (FEDORA-EPEL-2014-1656)
Slave process to perform risky IO
--------------------------------------------------------------------------------
Update Information:
Fixed missing error check in readfile()
Fixed missing dependcy for python bindings
--------------------------------------------------------------------------------
================================================================================
lynis-1.5.6-1.el6 (FEDORA-EPEL-2014-1657)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
== 1.5.6 (2014-06-12) ==
New:
- Test for PHP binary and PHP version
- Don't perform register_global test for systems running PHP 5.4.0 and later
[PHP-2368]
- Debug function (can be activated via --debug or profile)
Changes:
- Extended IsRunning function
- Removed suggestion from secure shell test [SHLL-6202]
- Check for idle session handlers [SHLL-6220]
- Also check for apache2 binary (file instead of directory)
- New report values: session_timeout_enabled and session_timeout_method
- New report value for plugins: plugins_enabled
- Fixed test to determine active TCP sessions on Linux [NETW-3012]
== 1.5.5 (2014-06-08) ==
New:
- Check for nginx access logging [HTTP-6712]
- Check for missing error logs in nginx [HTTP-6714]
- Check for debug mode in nginx [HTTP-6716]
Changes:
- Extended SSL test for nginx when using listen statements
- Allow debugging via profile (config:debug:yes)
- Check if discovered httpd file is actually a file
- Improved temporary file creation related to security notice
- Adjustments to screen output
Security Note:
This releases solves two issues regarding the usage of temporary
files (predictability of the file names). You are advised to upgrade to this version as
soon as possible. For more information see the our blog post:
http://linux-audit.com/lynis-security-notice-154-and-older/
== 1.5.4 (2014-06-04) ==
New:
- Check additional configuration files for nginx [HTTP-6706]
- Analysis of nginx settings [HTTP-6708]
- New test for SSL configuration of nginx [HTTP-6710]
Changes:
- Altered SMBD version check for Mac OS
- Small adjustments to report for readability
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 16 2014 Christopher Meng <rpm(a)cicku.me> - 1.5.6-1
- Update to 1.5.6
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.5.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1104999 - CVE-2014-3982 CVE-2014-3986 lynis: insecure temporary file issues
leading to privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1104999
--------------------------------------------------------------------------------
================================================================================
pynag-0.8.9-2.el6 (FEDORA-EPEL-2014-1653)
Python modules and utilities for Nagios plugins and configuration
--------------------------------------------------------------------------------
Update Information:
Updated to latest upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 15 2014 Tomas Edwardsson <tommi(a)tommi.org> 0.8.9-1
- Updated to latest upstream version
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.8.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
vertica-python-0.2.3-1.el6 (FEDORA-EPEL-2014-1654)
A native Python adapter for the Vertica database
--------------------------------------------------------------------------------
Update Information:
update to new version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 13 2014 Jakub Jedelsky <jakub.jedelsky(a)gmail.com> - 0.2.3-1
- update to new version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1103263 - vertica-python-0.2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1103263
--------------------------------------------------------------------------------