The following Fedora EPEL 6 Security updates need testing:
Age URL
205
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828
chicken-4.9.0.1-4.el6
187
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
181
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
113
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148 optipng-0.7.5-5.el6
113
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
101
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-68a2c2db36
python-pymongo-3.0.3-1.el6
71
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
43
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6284ed5bb5
lighttpd-1.4.39-1.el6
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-9514f006a5
mono-2.10.8-5.el6
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b654a785a7
openvpn-2.3.10-1.el6
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-83e43636a6
nodejs-ws-1.0.1-1.el6
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-819f6356ea
tomcat-7.0.65-1.el6
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-77ee2edf04
wordpress-4.4.1-1.el6
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-550132e830
flite-1.3-24.el6
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7601108cdf
keepassx-0.4.4-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-570414d664
prosody-0.9.9-2.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2b26e78b1e
owncloud-7.0.12-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-75614c9a4f
mbedtls-2.2.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
dcap-2.47.10-1.el6
libabigail-1.0-0.rc2.2.el6
mbedtls-2.2.1-1.el6
nordugrid-arc-5.0.5-1.el6
nordugrid-arc-doc-2.0.6-1.el6
owncloud-7.0.12-1.el6
perl-Date-Holidays-DE-1.7-1.el6
prosody-0.9.9-2.el6
python-ivi-0.14.9-3.el6
rubygem-sequel-4.30.0-1.el6
Details about builds:
================================================================================
dcap-2.47.10-1.el6 (FEDORA-EPEL-2016-d520ee2bea)
Client Tools for dCache
--------------------------------------------------------------------------------
Update Information:
New release with IPv6 fixes.
--------------------------------------------------------------------------------
================================================================================
libabigail-1.0-0.rc2.2.el6 (FEDORA-EPEL-2016-64ee029010)
Set of ABI analysis tools
--------------------------------------------------------------------------------
Update Information:
Add enum-val-stable-on-32-64-bits-patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1283906 - [abrt] libabigail: abigail::dwarf_reader::build_reference_type():
abipkgdiff killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1283906
--------------------------------------------------------------------------------
================================================================================
mbedtls-2.2.1-1.el6 (FEDORA-EPEL-2016-75614c9a4f)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 2.2.1 Release notes:
https://tls.mbed.org/tech-
updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released ----
- Rebase mbedTLS to 2.2.0 Release notes:
https://tls.mbed.org/tech-
updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-polarssl.1.2.18-released
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297437 - mbedtls, polarssl: potential double free during certificate
generation
https://bugzilla.redhat.com/show_bug.cgi?id=1297437
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-5.0.5-1.el6 (FEDORA-EPEL-2016-f75498ec33)
Advanced Resource Connector Grid Middleware
--------------------------------------------------------------------------------
Update Information:
NorduGrid ARC 15.03 update 6
http://www.nordugrid.org/arc/releases/15.03u6/release_notes_15.03u6.html
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-doc-2.0.6-1.el6 (FEDORA-EPEL-2016-f75498ec33)
Advanced Resource Connector Documentation
--------------------------------------------------------------------------------
Update Information:
NorduGrid ARC 15.03 update 6
http://www.nordugrid.org/arc/releases/15.03u6/release_notes_15.03u6.html
--------------------------------------------------------------------------------
================================================================================
owncloud-7.0.12-1.el6 (FEDORA-EPEL-2016-2b26e78b1e)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
This update provides the new upstream patch release of ownCloud (7.0.12 for EPEL
6, 8.0.10 for all other distributions). It also adds a 'well-known' redirect for
WebDAV (alongside the existing ones for CalDAV and CardDAV) - if you don't know
what this is, don't worry. These are bugfix updates which include fixes for some
security vulnerabilities rated 'low' and 'medium' by upstream. For full
details
on the changes, see the [upstream
changelog](https://www.owncloud.org/changelog)
and the security advisories: [OC-
SA-2016-001](https://owncloud.org/security/advisory/?id=oc-sa-2016-001), [OC-
SA-2016-002](https://owncloud.org/security/advisory/?id=oc-sa-2016-002), [OC-
SA-2016-003](https://owncloud.org/security/advisory/?id=oc-sa-2016-003), [OC-
SA-2016-004](https://owncloud.org/security/advisory/?id=oc-sa-2016-004).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297353 - CVE-2016-1498 owncloud: reflected XSS in OCS provider discovery
[epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1297353
[ 2 ] Bug #1297359 - CVE-2016-1500 owncloud: disclosure of files that begin with
".v" due to unchecked return value [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1297359
--------------------------------------------------------------------------------
================================================================================
perl-Date-Holidays-DE-1.7-1.el6 (FEDORA-EPEL-2016-5165916ded)
Perl module to determine German holidays
--------------------------------------------------------------------------------
Update Information:
Date::Holidays::DE v1.7 ======================= - Added reformation day as
one-time common federal holiday in 2017 - Thanks to Christoph Biedl
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297365 - Upgrade perl-Date-Holidays-DE to 1.7
https://bugzilla.redhat.com/show_bug.cgi?id=1297365
--------------------------------------------------------------------------------
================================================================================
prosody-0.9.9-2.el6 (FEDORA-EPEL-2016-570414d664)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.9 ============= A summary of changes: Security fixes
-------------- * Fix path traversal vulnerability in mod_http_files
(CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets
(CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix
traceback when deleting a user in some configurations (issue #496) * MUC:
restrict_room_creation could prevent users from joining rooms (issue #458) *
MUC: fix occasional dropping of iq stanzas sent privately between occupants *
Fix a potential memory leak in mod_pep Additions --------- * Add http:list()
command to telnet to view active HTTP services * Simplify IPv4/v6 address
selection code for outgoing s2s * Add support for importing SCRAM hashes from
ejabberd
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296984 - CVE-2016-1232 prosody: use of weak PRNG in generation of dialback
secrets
https://bugzilla.redhat.com/show_bug.cgi?id=1296984
[ 2 ] Bug #1296983 - CVE-2016-1231 prosody: path traversal vulnerability in
mod_http_files
https://bugzilla.redhat.com/show_bug.cgi?id=1296983
--------------------------------------------------------------------------------
================================================================================
python-ivi-0.14.9-3.el6 (FEDORA-EPEL-2016-745088385f)
Python Interchangeable Virtual Instrument Library
--------------------------------------------------------------------------------
Update Information:
- New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1294275 - Review Request: python-ivi - Python Interchangeable Virtual
Instrument Library
https://bugzilla.redhat.com/show_bug.cgi?id=1294275
--------------------------------------------------------------------------------
================================================================================
rubygem-sequel-4.30.0-1.el6 (FEDORA-EPEL-2016-102d543ed3)
The Database Toolkit for Ruby
--------------------------------------------------------------------------------
Update Information:
Upgrade to sequel 4.30.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1287389 - rubygem-sequel-4.30.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1287389
--------------------------------------------------------------------------------