The following Fedora EPEL 7 Security updates need testing:
Age URL
746
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
509
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
211
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3
chicken-4.11.0-3.el7
91
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
18
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-19578898e6
w3m-0.5.3-30.git20170102.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6950a0884d R-3.3.3-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-956d05f9c4
mbedtls-2.4.2-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-05ac8b1dc4
php-onelogin-php-saml-2.10.5-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3d518cd4b9
libgit2-0.24.6-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5794ee2486
moodle-3.1.5-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7e4f45cad3
tcpreplay-4.2.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
fetch-crl-3.0.19-1.el7
kstart-4.2-3.el7
nodejs-6.10.1-1.el7
openvpn-2.4.1-1.el7
perl-Crypt-SMIME-0.19-2.el7
perl-Email-MIME-1.926-2.el7
rabbitmq-server-3.3.5-34.el7
rubygem-ox-2.4.11-2.el7
tcpreplay-4.2.1-1.el7
Details about builds:
================================================================================
fetch-crl-3.0.19-1.el7 (FEDORA-EPEL-2017-447aa9dc30)
Downloads Certificate Revocation Lists
--------------------------------------------------------------------------------
Update Information:
Changes in 3.0.19-1 ---------------------- * Do not add spurious newline to DER-
format files (fixes report 201670320-01) * run a script after the completion of
every fetch-crl run (uses postexec directive in config file)
--------------------------------------------------------------------------------
================================================================================
kstart-4.2-3.el7 (FEDORA-EPEL-2017-54c94cfea6)
Daemon version of kinit for Kerberos v5
--------------------------------------------------------------------------------
Update Information:
See [upstream
changelog](https://www.eyrie.org/~eagle/software/kstart/news.html)
for details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1411073 - kstart-4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1411073
--------------------------------------------------------------------------------
================================================================================
nodejs-6.10.1-1.el7 (FEDORA-EPEL-2017-8fd63f8774)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
Update to 6.10.1 ----
https://github.com/nodejs/node/blob/master/doc/changelog
s/CHANGELOG_V6.md#2017-02-21-version-6100-boron-lts-mylesborins ---- Update to
v6.9.5(security)
--------------------------------------------------------------------------------
================================================================================
openvpn-2.4.1-1.el7 (FEDORA-EPEL-2017-5c642f8063)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Updating to upstream OpenVPN v2.4.1. This update re-introduces a **DEPRECATED**
feature to, **--tls-remote** to enable v2.3 installations to upgrade. Users are
**STRONGLY** encouraged to update their configurations to use the newer option,
**--verify-x509-name**.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1435036 - openvpn-2.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1435036
--------------------------------------------------------------------------------
================================================================================
perl-Crypt-SMIME-0.19-2.el7 (FEDORA-EPEL-2017-8df7ee3530)
S/MIME message signing, verification, encryption and decryption
--------------------------------------------------------------------------------
Update Information:
New version.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1347302 - Please build perl-Crypt-SMIME for EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1347302
--------------------------------------------------------------------------------
================================================================================
perl-Email-MIME-1.926-2.el7 (FEDORA-EPEL-2017-a5f430edf2)
Easy MIME message parsing
--------------------------------------------------------------------------------
Update Information:
Backported upstream patch from 1.928 to update subparts in walk_parts if
stringification changes
--------------------------------------------------------------------------------
================================================================================
rabbitmq-server-3.3.5-34.el7 (FEDORA-EPEL-2017-4f102d2905)
The RabbitMQ server
--------------------------------------------------------------------------------
Update Information:
* Fix for GH#544
--------------------------------------------------------------------------------
================================================================================
rubygem-ox-2.4.11-2.el7 (FEDORA-EPEL-2017-e75b3e27d4)
Fast XML parser and object serializer
--------------------------------------------------------------------------------
Update Information:
New upstream release with new options, fixes, and improvements.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433806 - rubygem-ox-2.4.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1433806
--------------------------------------------------------------------------------
================================================================================
tcpreplay-4.2.1-1.el7 (FEDORA-EPEL-2017-7e4f45cad3)
Replay captured network traffic
--------------------------------------------------------------------------------
Update Information:
Here is what is fixed in this release: - Fix reporting of rates < 1Mbps (#348)
- Option --unique-ip not working properly (#346) ---- Features and fixes
include: - MAC rewriting capabilities by Pedro Arthur (#313) - Fix several
issues identified by Coverity (#305) - Packet distortion --fuzz-seed option by
Gabriel Ganne (#302) - Add --unique-ip-loops option to modify IPs every few
loops (#296) - Netmap startup delay increase (#290) - tcpcapinfo buffer overflow
vulnerablily (#278) - Update git-clone instructions by Kyle McDonald (#277) -
Allow fractions for --pps option (#270) - Print per-loop stats with --stats=0
(#269) - Add protection against packet drift by Guillaume Scott (#268) - Print
flow stats periodically with --stats output (#262) - Include Travis-CI build
support by Ilya Shipitsin (#264) (#285) - tcpreplay won't replay all packets in
a pcap file with --netmap (#255) - First and last packet times in --stats
output (#239) - Switch to wire speed after 30 minutes at 6 Gbps (#210) -
tcprewrite fix checksum properly for fragmented packets (#190) ---- Patch
CVE-2017-6429. Tcpcapinfo utility of Tcpreplay has a buffer overflow
vulnerability associated with parsing a crafted pcap file. This occurs in the
src/tcpcapinfo.c file when capture has a packet that is too large to handle.
References:
http://seclists.org/bugtraq/2017/Mar/22 Upstream bug:
https://github.com/appneta/tcpreplay/issues/278
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429521 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1429521
[ 2 ] Bug #1429522 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1429522
--------------------------------------------------------------------------------