The following Fedora EPEL 7 Security updates need testing:
Age URL
610
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
372
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
90
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c
redis-3.2.3-1.el7
74
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3
chicken-4.11.0-3.el7
17
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-03fb3c1531
banshee-2.6.2-11.el7 dbus-sharp-0.7.0-15.el7 dbus-sharp-glib-0.5.0-13.el7
gdata-sharp-1.4.0.2-18.el7 gio-sharp-0.3-14.el7 gkeyfile-sharp-0.1-19.el7
gnome-sharp-2.24.2-12.el7 gtk-sharp-beans-2.14.0-17.el7 gtk-sharp2-2.12.26-3.el7
gtk-sharp3-2.99.3-16.el7 gudev-sharp-0.1-18.el7 libappindicator-12.10.0-11.el7
libgpod-0.8.3-14.el7 libyui-bindings-1.1.0-7.el7 mono-4.2.4-7.el7 mono-addins-1.1-3.el7
mono-cecil-0.9.6-6.el7 mono-zeroconf-0.9.0-16.el7 notify-sharp-0.4.0-0.26.20100411svn.el7
notify-sharp3-3.0.3-2.el7 nunit-3.5-1.el7 nunit2-2.6.4-14.el7 pinta-1.6-5.el7
taglib-sharp-2.1.0.0-3.el7
17
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ee3cc4d1b6
compat-guile18-1.8.8-14.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-181efcf9c4
tre-0.8.0-18.20140228gitc2f5d13.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e26faf9489
python-simplejson-3.5.3-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2fcbc39837
chromium-54.0.2840.90-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-54.0.2840.90-3.el7
php-horde-Horde-Core-2.27.2-1.el7
php-horde-Horde-Service-Weather-2.5.0-1.el7
pidgin-groupchat-typing-notifications-0-2.git33a75f9.el7
prosody-0.9.11-1.el7
python-ase-3.12.0-21.el7
python-epdb-0.15-1.el7
python-pytg-0.4.10-3.el7
suricata-3.1.3-1.el7
Details about builds:
================================================================================
chromium-54.0.2840.90-3.el7 (FEDORA-EPEL-2016-2fcbc39837)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184,
CVE-2016-5185, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5189,
CVE-2016-5186, CVE-2016-5191, CVE-2016-5190, CVE-2016-5193, CVE-2016-5194
Security fix for CVE-2016-5198 Update to new stable, 54.0.2840.90.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1384365 - CVE-2016-5194 chromium-browser: various fixes from internal audits
https://bugzilla.redhat.com/show_bug.cgi?id=1384365
[ 2 ] Bug #1384364 - CVE-2016-5193 chromium-browser: scheme bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1384364
[ 3 ] Bug #1384362 - CVE-2016-5190 chromium-browser: use after free in internals
https://bugzilla.redhat.com/show_bug.cgi?id=1384362
[ 4 ] Bug #1384361 - CVE-2016-5191 chromium-browser: universal xss in bookmarks
https://bugzilla.redhat.com/show_bug.cgi?id=1384361
[ 5 ] Bug #1384360 - CVE-2016-5186 chromium-browser: out of bounds read in devtools
https://bugzilla.redhat.com/show_bug.cgi?id=1384360
[ 6 ] Bug #1384358 - CVE-2016-5189 chromium-browser: url spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1384358
[ 7 ] Bug #1384357 - CVE-2016-5192 chromium-browser: cross-origin bypass in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384357
[ 8 ] Bug #1384355 - CVE-2016-5188 chromium-browser: ui spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1384355
[ 9 ] Bug #1384354 - CVE-2016-5187 chromium-browser: url spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1384354
[ 10 ] Bug #1384352 - CVE-2016-5185 chromium-browser: use after free in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384352
[ 11 ] Bug #1384350 - CVE-2016-5184 chromium-browser: use after free in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1384350
[ 12 ] Bug #1384349 - CVE-2016-5183 chromium-browser: use after free in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1384349
[ 13 ] Bug #1384348 - CVE-2016-5182 chromium-browser: heap overflow in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384348
[ 14 ] Bug #1384347 - CVE-2016-5181 chromium-browser: universal xss in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384347
[ 15 ] Bug #1391356 - CVE-2016-5198 chromium-browser: out of bounds memory access in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1391356
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Core-2.27.2-1.el7 (FEDORA-EPEL-2016-8bf75551d3)
Horde Core Framework libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Core 2.27.2** * [mjr] Prevent building invalid HTML when building an
email from a SMART_REPLY (Bug #14500). ---- **Horde_Core 2.27.1** * [jan]
Allow administrators to log in if preference backend is not available. * [mjr]
Log message headers on error when sending email via ActiveSync. * [jan] Fix
warning if an old locale is longer than 255 characters (Bug #14489). * [jan] Fix
abbreviated Norwegian month names in JavaScript to include trailing dot (Bug
#14488). * [jan] Fix reading session data from the command line with PHP 7.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Service-Weather-2.5.0-1.el7 (FEDORA-EPEL-2016-6ac96ee499)
Horde Weather Provider
--------------------------------------------------------------------------------
Update Information:
**Horde_Service_Weather 2.5.0** * [mjr] Replace defunct data source for surface
station data (Bug #14502). ---- ** Horde_Service_Weather 2.4.1** * [jan]
Update location of METAR stations.
--------------------------------------------------------------------------------
================================================================================
pidgin-groupchat-typing-notifications-0-2.git33a75f9.el7 (FEDORA-EPEL-2016-33073b2523)
Adds typing notifications for group chats in Pidgin
--------------------------------------------------------------------------------
Update Information:
Initial upload.
--------------------------------------------------------------------------------
================================================================================
prosody-0.9.11-1.el7 (FEDORA-EPEL-2016-efbe2e6951)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.11 ============== A summary of changes in this release: * HTTP
parser: Improve buffering of incoming HTTP data and add size limits (#603) *
sessionmanager: Fix for an issue which caused people to be kicked from
conferences if mod_smacks was enabled (#648) * Dependencies: Workaround for
compatibility with LuaSec 0.6 (#749) * MUC: Accept missing form as "instant
room" request (#377) * C2S: Fix issues with destroying disconnected
connections (#590, #641) * mod_privacy: Fix selection of the top resource(s)
(#694) * mod_presence: Make sure both users get each others presence after
adding each other (#673) * mod_http_files: Fix traceback when serving a non-
wildcard path (#611) * mod_http_files: Preserve a trailing slash in paths
(#639) * util.datamanager: Fix error handling (#632) * net.server_event: Fix
internal socket API to allow writing from socket.ondrain callback (#661) *
net.server_event: Fix timeout (commit) * net.server_event: Fix traceback due
to write during TLS handshake (commit) * net.server_event: Fix buffer length
check (commit)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1391802 - prosody-0.9.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1391802
--------------------------------------------------------------------------------
================================================================================
python-ase-3.12.0-21.el7 (FEDORA-EPEL-2016-2f2ccf14db)
Atomic Simulation Environment
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
================================================================================
python-epdb-0.15-1.el7 (FEDORA-EPEL-2016-5e871cdf9f)
Extended Python debugger
--------------------------------------------------------------------------------
Update Information:
Update to 0.15
--------------------------------------------------------------------------------
================================================================================
python-pytg-0.4.10-3.el7 (FEDORA-EPEL-2016-952ce47753)
Python package that communicates with the Telegram CLI
--------------------------------------------------------------------------------
Update Information:
- Exclude ppc64 s390x for dependence
--------------------------------------------------------------------------------
================================================================================
suricata-3.1.3-1.el7 (FEDORA-EPEL-2016-4d9f018c45)
Intrusion Detection System
--------------------------------------------------------------------------------
Update Information:
This release improves DNS logging accuracy. Other than that it is mostly a
collection of smaller fixes.
--------------------------------------------------------------------------------