The following Fedora EPEL 6 Security updates need testing:
Age URL
474
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
468
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
399
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
358
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
330
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
215
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-30a8346813
vtun-3.0.1-10.el6
60
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53
chicken-4.11.0-3.el6
32
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-25e30f6dc3
jansson-2.9-1.el6
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2f6f1435ed
tor-0.2.8.9-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a886ace670
tomcat-7.0.72-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-cb5398893b
nodejs-0.10.48-3.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
nodejs-0.10.48-3.el6
pcre2-10.21-8.el6
perl-Tangerine-0.23-1.el6
php-fedora-autoloader-0.1.2-1.el6
tomcat-7.0.72-1.el6
Details about builds:
================================================================================
nodejs-0.10.48-3.el6 (FEDORA-EPEL-2016-cb5398893b)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
Update to 0.10.48 (security fix) ---- Update to 0.10.47 (security fix)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1388029 - Please update nodejs to 0.10.48 because of CVE-2016-5180
https://bugzilla.redhat.com/show_bug.cgi?id=1388029
--------------------------------------------------------------------------------
================================================================================
pcre2-10.21-8.el6 (FEDORA-EPEL-2016-fb720dbe88)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release documents an existing assert capture limitination. ---- This
release fixes compilation of conditionals when a group name starts with "R". It
fixes optimization for patterns starting with lookaheads. It also corrects
displaying a callout position in pcretest output if an escape sequence is
greater than \x{ff}. It also corrects internal options documentation and
misspelllings in pcrepattern(3) manual page.
--------------------------------------------------------------------------------
================================================================================
perl-Tangerine-0.23-1.el6 (FEDORA-EPEL-2016-64393af006)
Analyse perl files and report module-related information
--------------------------------------------------------------------------------
Update Information:
A new version of Tangerine is available. This release introduces support for
Test::Needs.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387944 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1387944
--------------------------------------------------------------------------------
================================================================================
php-fedora-autoloader-0.1.2-1.el6 (FEDORA-EPEL-2016-f6b9b78cd3)
Fedora Autoloader
--------------------------------------------------------------------------------
Update Information:
Static [
PSR-4](http://www.php-fig.org/psr/psr-4/), [PSR-0](http://www.php-
fig.org/psr/psr-0/), and classmap autoloader. Includes loader for required and
optional dependencies.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1386735 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1386735
--------------------------------------------------------------------------------
================================================================================
tomcat-7.0.72-1.el6 (FEDORA-EPEL-2016-a886ace670)
Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API
--------------------------------------------------------------------------------
Update Information:
This updates includes a rebase from tomcat 7.0.70 up to 7.0.72 which resolves
one CVE: * rhbz#1375582 CVE-2016-5388 Tomcat: CGI sets environmental variable
based on user supplied Proxy request header and includes one additional CVE fix
along with two bug fixes: * rhbz#1376718 CVE-2016-1240 tomcat: Local privilege
escalation via unsafe file handling in the Tomcat init script * rhbz#1379170
jsvc script is broken * rhbz#1170797 remove tomcat6 dependency on redhat-lsb
(and any other unnecessary ones)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1170797 - remove tomcat6 dependency on redhat-lsb (and any other unnecessary
ones)
https://bugzilla.redhat.com/show_bug.cgi?id=1170797
[ 2 ] Bug #1379170 - jsvc script is broken
https://bugzilla.redhat.com/show_bug.cgi?id=1379170
[ 3 ] Bug #1376718 - CVE-2016-1240 tomcat: Local privilege escalation via unsafe file
handling in the Tomcat init script [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1376718
[ 4 ] Bug #1375582 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user
supplied Proxy request header [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1375582
--------------------------------------------------------------------------------