The following Fedora EPEL 8 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f52b6219ca python39-jinja2-epel-3.1.3-1.2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
dummy-package-canary-2-1.el8 openssl3-3.2.2-2.1.el8 voms-2.1.0-0.35.rc5.el8
Details about builds:
================================================================================ dummy-package-canary-2-1.el8 (FEDORA-EPEL-2024-0b3b721744) Dummy package to exercise the packaging stack -------------------------------------------------------------------------------- Update Information:
Initial import; Fixes: RHBZ#2075583 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 18 2024 Davide Cavalca dcavalca@fedoraproject.org - 2-1 - Initial import; Fixes: RHBZ#2075583 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2075583 - Review Request: dummy-package-canary - Dummy package to exercise the packaging stack https://bugzilla.redhat.com/show_bug.cgi?id=2075583 --------------------------------------------------------------------------------
================================================================================ openssl3-3.2.2-2.1.el8 (FEDORA-EPEL-2024-c58045d54f) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2024-4741 openssl3: openssl: Use After Free with SSL_free_buffers -------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 17 2024 Michel Lind salimma@fedoraproject.org - 3.2.2-2.1 - Merge c9s openssl changes to pick up CVE fixes * Wed Jun 12 2024 Daiki Ueno dueno@redhat.com - 1:3.2.2-2 - Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers Resolves: RHEL-40823 * Wed Jun 5 2024 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.2.2-1 - Rebase to OpenSSL 3.2.2. Fixes CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, and Minerva attack. Resolves: RHEL-32148 Resolves: RHEL-36792 Resolves: RHEL-38514 Resolves: RHEL-39111 * Thu May 23 2024 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.2.1-2 - Update RNG changing for FIPS purpose Resolves: RHEL-35380 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2283763 - CVE-2024-4741 openssl3: openssl: Use After Free with SSL_free_buffers [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2283763 --------------------------------------------------------------------------------
================================================================================ voms-2.1.0-0.35.rc5.el8 (FEDORA-EPEL-2024-1ae5d490cd) Virtual Organization Membership Service -------------------------------------------------------------------------------- Update Information:
VOMS 2.1.0rc5 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 18 2024 Mattias Ellert mattias.ellert@physics.uu.se - 2.1.0-0.35.rc5 - Update to version 2.1.0-rc5 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org