The following Fedora EPEL 8 Security updates need testing:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-1563c1eaf3
chromium-78.0.3904.97-1.el8
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d9bc350179
mingw-libidn2-2.3.0-1.el8
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-288e46f2d9
jhead-3.04-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
clamav-0.101.5-1.el8
pspg-2.6.0-1.el8
Details about builds:
================================================================================
clamav-0.101.5-1.el8 (FEDORA-EPEL-2019-52445f11c2)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
- Drop clamd(a)scan.service file (bz#1725810) ClamAV 0.101.5 is a security patch
release that addresses the following issues. - CVE-2019-15961:
A Denial-of-Service (DoS) vulnerability may occur when scanning a specially
crafted email file as a result of excessively long scan times. The issue is
resolved by implementing several maximums in parsing MIME messages and by
optimizing use of memory allocation. - Added the zip scanning improvements
found in v0.102.0 where it scans files using zip records from a sorted catalogue
which provides deduplication of file records resulting in faster extraction and
scan time and reducing the likelihood of alerting on non-malicious duplicate
file entries as overlapping files. - Signature load time is significantly
reduced by changing to a more efficient algorithm for loading signature patterns
and allocating the AC trie. Patch courtesy of Alberto Wu. - Introduced a new
configure option to statically link libjson-c with libclamav. Static linking
with libjson is highly recommended to prevent crashes in applications that use
libclamav alongside another JSON parsing library. - Null-dereference fix in
email parser when using the --gen-json metadata option. ---- Add
TimeoutStartSec=420 to clamd@.service to match upstream
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 23 2019 Orion Poplawski <orion(a)nwra.com> - 0.101.5-1
- Update to 0.101.5 (CVE-2019-15961) (bz#1775550)
* Mon Nov 18 2019 Orion Poplawski <orion(a)nwra.com> - 0.101.4-3
- Drop clamd(a)scan.service file (bz#1725810)
- Change /var/run to /run
* Mon Nov 18 2019 Orion Poplawski <orion(a)nwra.com> - 0.101.4-2
- Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1631525 - clamav: clamscan --get-json does not output JSON
https://bugzilla.redhat.com/show_bug.cgi?id=1631525
[ 2 ] Bug #1775550 - Request to build clamav 0.101.5 for EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1775550
[ 3 ] Bug #1725810 - /usr/lib/systemd/system/clamd@scan.service:1: .include directives
are deprecated
https://bugzilla.redhat.com/show_bug.cgi?id=1725810
[ 4 ] Bug #1764835 - clamd at 100% CPU and SystemD keeps restarting clamd
https://bugzilla.redhat.com/show_bug.cgi?id=1764835
--------------------------------------------------------------------------------
================================================================================
pspg-2.6.0-1.el8 (FEDORA-EPEL-2019-72ef432359)
A unix pager optimized for psql
--------------------------------------------------------------------------------
Update Information:
new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/2.6.0 ---- new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 24 2019 Pavel Raiskup <praiskup(a)redhat.com> - 2.6.0-1
- new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/2.6.0
* Tue Nov 19 2019 Pavel Raiskup <praiskup(a)redhat.com> - 2.5.5-1
- new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/2.5.3
https://github.com/okbob/pspg/releases/tag/2.5.4
https://github.com/okbob/pspg/releases/tag/2.5.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1775977 - pspg-2.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1775977
[ 2 ] Bug #1768349 - pspg-2.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1768349
--------------------------------------------------------------------------------