The following Fedora EPEL 8 Security updates need testing:
Age URL
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a32cbcaa37
tcpreplay-4.3.3-1.el8
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-232e4f7411
python-django-2.2.13-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-18fb909316
znc-1.8.1-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-3c9503ab68
libmp4v2-2.1.0-0.21.trunkREV507.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f64e687c3f
lynis-3.0.0-1.el8
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c047cbdfd0
hostapd-2.9-4.el8
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4d185f6e16
alpine-2.23-2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
chromium-83.0.4103.116-2.el8
gnucobol-3.1-3.el8
libconfuse-3.3-1.el8
libxsmm-1.16-2.el8
perl-DateTime-Set-0.3900-12.el8
perl-Set-Infinite-0.65-29.el8
python-catkin_pkg-0.4.22-1.el8
python-rosinstall_generator-0.1.21-1.el8
resalloc-3.3-1.el8
snapd-2.45.1-1.el8
trojan-1.16.0-4.el8
Details about builds:
================================================================================
chromium-83.0.4103.116-2.el8 (FEDORA-EPEL-2020-6e0d8564ec)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Update to 83.0.4103.116. Fixes CVE-2020-6509. ---- Black Lives Matter. Saying
this does not mean that other lives do not matter. It should not be
controversial to say this. If I say Chromium updates matter, it does not mean
that other Fedora packages do not matter, it means that a Chromium update is
needed to fix this giant pile of severe security vulnerabilities, here, today,
now: CVE-2020-6463 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468
CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473
CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479
CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484
CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489
CVE-2020-6490 CVE-2020-6491 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 In making
that analogy, I do not intend to trivialize BLM. In no way do I mean to compare
the lives of people to a silly web browser update. People are infinitely
important than software. But since I'm here to push this software update out, I
am also choosing to say clearly and unambiguously that Black Lives Matter.
Open Source proves that many voices, many contributions, together can change the
world. It depends on it. This is my voice.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 23 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.116-2
- do not force ozone into x11
* Tue Jun 23 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.116-1
- update to 83.0.4103.116
* Thu Jun 18 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.106-1
- update to 83.0.4103.106
- remove duplicate ServiceWorker fix
- add fix to work around gcc bug on aarch64
- disable python byte compiling (we do not need it)
* Tue Jun 16 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.97-5
- add ServiceWorker fix
* Mon Jun 15 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.97-4
- use old cups handling on epel7
- fix skia attribute overrides with gcc
* Wed Jun 10 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.97-3
- fix issue on epel7 where linux/kcmp.h does not exist
* Mon Jun 8 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.97-2
- more fixes from gentoo
* Sun Jun 7 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.97-1
- update to 83.0.4103.97
* Tue Jun 2 2020 Tom Callaway <spot(a)fedoraproject.org> - 83.0.4103.61-1
- update to 83.0.4103.61
- conditionalize and disable remoting
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1837877 - CVE-2020-6465 chromium-browser: Use after free in reader mode
https://bugzilla.redhat.com/show_bug.cgi?id=1837877
[ 2 ] Bug #1837878 - CVE-2020-6466 chromium-browser: Use after free in media
https://bugzilla.redhat.com/show_bug.cgi?id=1837878
[ 3 ] Bug #1837879 - CVE-2020-6467 chromium-browser: Use after free in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1837879
[ 4 ] Bug #1837880 - CVE-2020-6468 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1837880
[ 5 ] Bug #1837882 - CVE-2020-6470 chromium-browser: Insufficient validation of
untrusted input in clipboard
https://bugzilla.redhat.com/show_bug.cgi?id=1837882
[ 6 ] Bug #1837883 - CVE-2020-6471 chromium-browser: Insufficient policy enforcement in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1837883
[ 7 ] Bug #1837884 - CVE-2020-6472 chromium-browser: Insufficient policy enforcement in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1837884
[ 8 ] Bug #1837885 - CVE-2020-6473 chromium-browser: Insufficient policy enforcement in
Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1837885
[ 9 ] Bug #1837886 - CVE-2020-6474 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1837886
[ 10 ] Bug #1837887 - CVE-2020-6475 chromium-browser: Incorrect security UI in full
screen
https://bugzilla.redhat.com/show_bug.cgi?id=1837887
[ 11 ] Bug #1837888 - CVE-2020-6477 chromium-browser: Inappropriate implementation in
installer
https://bugzilla.redhat.com/show_bug.cgi?id=1837888
[ 12 ] Bug #1837889 - CVE-2020-6478 chromium-browser: Inappropriate implementation in
full screen
https://bugzilla.redhat.com/show_bug.cgi?id=1837889
[ 13 ] Bug #1837890 - CVE-2020-6480 chromium-browser: Insufficient policy enforcement in
enterprise
https://bugzilla.redhat.com/show_bug.cgi?id=1837890
[ 14 ] Bug #1837891 - CVE-2020-6481 chromium-browser: Insufficient policy enforcement in
URL formatting
https://bugzilla.redhat.com/show_bug.cgi?id=1837891
[ 15 ] Bug #1837892 - CVE-2020-6482 chromium-browser: Insufficient policy enforcement in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1837892
[ 16 ] Bug #1837893 - CVE-2020-6483 chromium-browser: Insufficient policy enforcement in
payments
https://bugzilla.redhat.com/show_bug.cgi?id=1837893
[ 17 ] Bug #1837894 - CVE-2020-6484 chromium-browser: Insufficient data validation in
ChromeDriver
https://bugzilla.redhat.com/show_bug.cgi?id=1837894
[ 18 ] Bug #1837896 - CVE-2020-6485 chromium-browser: Insufficient data validation in
media router
https://bugzilla.redhat.com/show_bug.cgi?id=1837896
[ 19 ] Bug #1837897 - CVE-2020-6486 chromium-browser: Insufficient policy enforcement in
navigations
https://bugzilla.redhat.com/show_bug.cgi?id=1837897
[ 20 ] Bug #1837898 - CVE-2020-6487 chromium-browser: Insufficient policy enforcement in
downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1837898
[ 21 ] Bug #1837899 - CVE-2020-6488 chromium-browser: Insufficient policy enforcement in
downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1837899
[ 22 ] Bug #1837900 - CVE-2020-6489 chromium-browser: Inappropriate implementation in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1837900
[ 23 ] Bug #1837901 - CVE-2020-6490 chromium-browser: Insufficient data validation in
loader
https://bugzilla.redhat.com/show_bug.cgi?id=1837901
[ 24 ] Bug #1837902 - CVE-2020-6491 chromium-browser: Incorrect security UI in site
information
https://bugzilla.redhat.com/show_bug.cgi?id=1837902
[ 25 ] Bug #1837907 - CVE-2020-6469 chromium-browser: Insufficient policy enforcement in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1837907
[ 26 ] Bug #1837912 - CVE-2020-6476 chromium-browser: Insufficient policy enforcement in
tab strip
https://bugzilla.redhat.com/show_bug.cgi?id=1837912
[ 27 ] Bug #1837927 - CVE-2020-6479 chromium-browser: Inappropriate implementation in
sharing
https://bugzilla.redhat.com/show_bug.cgi?id=1837927
[ 28 ] Bug #1840893 - CVE-2020-6463 chromium-browser: Use after free in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=1840893
[ 29 ] Bug #1847268 - CVE-2020-6505 chromium-browser: Use after free in speech
https://bugzilla.redhat.com/show_bug.cgi?id=1847268
[ 30 ] Bug #1847269 - CVE-2020-6506 chromium-browser: Insufficient policy enforcement in
WebView
https://bugzilla.redhat.com/show_bug.cgi?id=1847269
[ 31 ] Bug #1847270 - CVE-2020-6507 chromium-browser: Out of bounds write in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1847270
[ 32 ] Bug #1849947 - CVE-2020-6509 chromium-browser: Use after free in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1849947
--------------------------------------------------------------------------------
================================================================================
gnucobol-3.1-3.el8 (FEDORA-EPEL-2020-9ee16640e9)
COBOL compiler
--------------------------------------------------------------------------------
Update Information:
Initial build.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1823419 - Review Request: gnucobol - COBOL compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1823419
--------------------------------------------------------------------------------
================================================================================
libconfuse-3.3-1.el8 (FEDORA-EPEL-2020-728b57bd69)
A configuration file parser library
--------------------------------------------------------------------------------
Update Information:
3.3
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 25 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 3.3-1
- 3.3
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1850898 - libconfuse-3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1850898
--------------------------------------------------------------------------------
================================================================================
libxsmm-1.16-2.el8 (FEDORA-EPEL-2020-182089eebc)
Small dense or sparse matrix multiplications and convolutions for x86_64
--------------------------------------------------------------------------------
Update Information:
New version with fairly minor improvements:
https://github.com/hfp/libxsmm/releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 24 2020 Dave Love <loveshack(a)fedoraproject.org> - 1.16-2
- Clean samples/cp2k/obj
- Maybe use devtoolset-9, not -6
* Fri Jun 19 2020 Dave Love <loveshack(a)fedoraproject.org> - 1.16-1
- New version
* Sat Mar 14 2020 Dave love <loveshack(a)fedoraproject.org> - 1.15-1
- New version
- Drop _legacy_common_support
- Remove installed modules file
- Fix cleanup in %check
- Define OMPLIB for backport to EL7
* Wed Feb 5 2020 Dave love <loveshack(a)fedoraproject.org> - 1.14-3
- Fix FTBFS with GCC 10
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.14-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-Set-0.3900-12.el8 (FEDORA-EPEL-2020-1a69cd3a87)
Datetime sets and set math
--------------------------------------------------------------------------------
Update Information:
Added new package to EPEL 8.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1850767 - Add perl-DateTime-Set to EPEL8 / co-maintainer request
https://bugzilla.redhat.com/show_bug.cgi?id=1850767
--------------------------------------------------------------------------------
================================================================================
perl-Set-Infinite-0.65-29.el8 (FEDORA-EPEL-2020-1a69cd3a87)
Sets of intervals
--------------------------------------------------------------------------------
Update Information:
Added new package to EPEL 8.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1850767 - Add perl-DateTime-Set to EPEL8 / co-maintainer request
https://bugzilla.redhat.com/show_bug.cgi?id=1850767
--------------------------------------------------------------------------------
================================================================================
python-catkin_pkg-0.4.22-1.el8 (FEDORA-EPEL-2020-a21a592637)
Library for retrieving information about catkin packages
--------------------------------------------------------------------------------
Update Information:
Update to the latest `catkin_pkg` release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 25 2020 Scott K Logan <logans(a)cottsay.net> - 0.4.22-1
- Update to 0.4.22 (rhbz#1850827)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1850827 - python-catkin_pkg-0.4.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1850827
--------------------------------------------------------------------------------
================================================================================
python-rosinstall_generator-0.1.21-1.el8 (FEDORA-EPEL-2020-19b2a47519)
Generates rosinstall files
--------------------------------------------------------------------------------
Update Information:
Update to the latest `rosinstall_generator` release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 25 2020 Scott K Logan <logans(a)cottsay.net> - 0.1.21-1
- Update to 0.1.21 (rhbz#1850826)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1850826 - python-rosinstall_generator-0.1.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1850826
--------------------------------------------------------------------------------
================================================================================
resalloc-3.3-1.el8 (FEDORA-EPEL-2020-05bf544012)
Resource allocator for expensive resources - client tooling
--------------------------------------------------------------------------------
Update Information:
new release, mostly fixing one bug causing traceback on too-long stdout output
from cmd_alloc
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 25 2020 Pavel Raiskup <praiskup(a)redhat.com> - 3.3-1
- new release, mostly fixing one bug causing traceback on too-long stdout output
from AllocWorker script
--------------------------------------------------------------------------------
================================================================================
snapd-2.45.1-1.el8 (FEDORA-EPEL-2020-458674250d)
A transactional software package manager
--------------------------------------------------------------------------------
Update Information:
Update to 2.45.1 for bugfixes.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 8 2020 Maciek Borzecki <maciek.borzecki(a)gmail.com> - 2.45.1-1
- Release 2.45.1 to Fedora (RHBZ#1844628)
- Drop cherry-picked patches that are part of the release
* Fri Jun 5 2020 Michael Vogt <mvo(a)ubuntu.com>
- New upstream release 2.45.1
- data/selinux: allow checking /var/cache/app-info
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellanious policy updates xlv
- snap-bootstrap: remove sealed key file on reinstall
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- gadget: make ext4 filesystems with or without metadata checksum
- interfaces/fwupd: allow bind mount to /boot on core
- tests: cherry-pick test fixes from master
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- data/completion, packaging: cherry-pick zsh completion
- state: log task errors in the journal too
- devicestate: do not report "ErrNoState" for seeded up
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- packaging: stop depending on python-docutils
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1844628 - snapd-2.45.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1844628
--------------------------------------------------------------------------------
================================================================================
trojan-1.16.0-4.el8 (FEDORA-EPEL-2020-d287e1297a)
An unidentifiable mechanism that helps you avoid censorship
--------------------------------------------------------------------------------
Update Information:
Release Trojan for EPEL
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------