The following Fedora EPEL 5 Security updates need testing:
Age URL
692
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
183
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11560/fail2ban-0...
147
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
122
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12091/bip-0.8.9-...
112
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12169/gc-7.1-6.el5
27
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2....
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0745/imapsync-1....
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0752/libssh-0.5....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0837/lighttpd-1....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0834/389-ds-base...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0840/mediawiki11...
The following builds have been pushed to Fedora EPEL 5 updates-testing
389-ds-base-1.2.11.28-1.el5
dmlite-plugins-adapter-0.6.2-2.el5
dmlite-plugins-librarian-0.6.2-2.el5
dmlite-plugins-memcache-0.6.2-2.el5
dmlite-plugins-profiler-0.6.2-2.el5
dmlite-plugins-s3-0.5.1-3.el5
dpm-dsi-1.9.3-1.el5
dpm-xrootd-3.3.5-1.el5
drupal7-entity_translation-1.0-0.4.beta3.el5
drupal7-fivestar-2.0-0.9.rc3.el5
gfal2-2.5.5-2.el5
iperf3-3.0.2-1.el5
lcgdm-1.8.8-2.el5
lcgdm-dav-0.14.1-1.el5
libsieve-2.3.1-1.el5
libyubikey-1.11-2.el5
lighttpd-1.4.35-1.el5
mediawiki119-1.19.13-1.el5
shogun-data-0.8.1-0.4.git20140303.6615cf0.el5
textcat-1.10-1.el5
Details about builds:
================================================================================
389-ds-base-1.2.11.28-1.el5 (FEDORA-EPEL-2014-0834)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
An important security bug was fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 14 2014 Noriko Hosoi <nhosoi(a)redhat.com> - 1.2.11.28-1
- bump version to 1.2.11.28 (This release is based upon 1.2.11.25 + following tickets.)
- Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI
bind
- Ticket 47731 - A tombstone entry is deleted by ldapdelete
- Ticket 47729 - Directory Server crashes if shutdown during a replication initialization
- Ticket 47637 - rsa_null_sha should not be enabled by default
- Ticket 417, 458, 47522 - Password Administrator Backport
- Ticket 47455 - valgrind - value mem leaks, uninit mem usage
- fix coverity 11915 - dead code - introduced with fix for ticket 346
- Ticket 47369 version2 - provide default syntax plugin
- Ticket 346 - version 4 Slow ldapmodify operation time for large quantities of
multi-valued attribute values
- Ticket 415 - winsync doesn't sync DN valued attributes if DS DN value doesn't
exist
- Ticket 47642 - Windows Sync group issues
- Ticket 47692 - single valued attribute replicated ADD does not work
- Ticket 47677 - Size returned by slapi_entry_size is not accurate
- Ticket 47693 - Environment variables are not passed when DS is started via service
- Ticket 47693 - Environment variables are not passed when DS is started via service
- Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not
correctly used
- Ticket 47463 - IDL-style can become mismatched during partial restoration
- Ticket 47638 - Overflow in nsslapd-disk-monitoring-threshold on 32bit platform
- Ticket 47641 - 7-bit check plugin not checking MODRDN operation
- Ticket 47678 - modify-delete userpassword
- Ticket 47516 - replication stops with excessive clock skew
- Ticket 47627 - Fix replication logging
- Ticket 47627 - changelog iteration should ignore cleaned rids when getting the minCSN
- Ticket 47623 - fix memleak caused by 47347
- Ticket 47587 - hard coded limit of 64 masters in agreement and changelog code
- Ticket 47591 - entries with empty objectclass attribute value can be hidden
- Ticket 47596 - attrcrypt fails to find unlocked key
* Mon Mar 10 2014 Noriko Hosoi <nhosoi(a)redhat.com> - 1.2.11.26-1
- bump version to 1.2.11.26
- Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI
bind
- Ticket 47704 - invalid sizelimits in aci group evaluation
- Ticket 47737 - Under heavy stress, failure of turning a tombstone into glue makes the
server hung
- Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry
- Ticket 47731 - A tombstone entry is deleted by ldapdelete
- Ticket 47729 - Directory Server crashes if shutdown during a replication initialization
- Ticket 47637 - rsa_null_sha should not be enabled by default
- Ticket 417, 458, 47522 - Password Administrator Backport
- Ticket 47455 - valgrind - value mem leaks, uninit mem usage
- fix coverity 11915 - dead code - introduced with fix for ticket 346
- Ticket 47369 version2 - provide default syntax plugin
- Ticket 346 - version 4 Slow ldapmodify operation time for large quantities of
multi-valued attribute values
- Ticket 415 - winsync doesn't sync DN valued attributes if DS DN value doesn't
exist
- Ticket 47642 - Windows Sync group issues
- Ticket 47692 - single valued attribute replicated ADD does not work
- Ticket 47677 - Size returned by slapi_entry_size is not accurate
- Ticket 47693 - Environment variables are not passed when DS is started via service
- Ticket 47693 - Environment variables are not passed when DS is started via service
- Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not
correctly used
- Ticket 47463 - IDL-style can become mismatched during partial restoration
- Ticket 47638 - Overflow in nsslapd-disk-monitoring-threshold on 32bit platform
- Ticket 47641 - 7-bit check plugin not checking MODRDN operation
- Ticket 47678 - modify-delete userpassword
- Ticket 47516 - replication stops with excessive clock skew
- Ticket 47627 - Fix replication logging
- Ticket 47627 - changelog iteration should ignore cleaned rids when getting the minCSN
- Ticket 47623 - fix memleak caused by 47347
- Ticket 47587 - hard coded limit of 64 masters in agreement and changelog code
- Ticket 47591 - entries with empty objectclass attribute value can be hidden
- Ticket 47596 - attrcrypt fails to find unlocked key
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1076118 - CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead
to privilege escalation [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=1076118
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-adapter-0.6.2-2.el5 (FEDORA-EPEL-2014-0873)
Adapter plug-in for dmlite
--------------------------------------------------------------------------------
Update Information:
bugfixes and synchronization with dmlite 0.6.2
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Push dmlite adapter 0.6.2 on EPEL/fedora
* Thu Feb 20 2014 Fabrizio Furano <fabrizio.furano(a)cern.ch> - 0.6.2-1
- Update for new upstream release
- Version alignment with dmlite
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.6.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 28 2013 Petr Machata <pmachata(a)redhat.com> - 0.6.1-2
- Rebuild for boost 1.54.0
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-librarian-0.6.2-2.el5 (FEDORA-EPEL-2014-0876)
Librarian plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Update for synchronization with dmlite 0.6.2
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Update for synchronization with dmlite 0.6.2
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-memcache-0.6.2-2.el5 (FEDORA-EPEL-2014-0844)
Memcached plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Update 0.6.2, bugfixes and synchronization with dmlite 0.6.2
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Update for synchronization with dmlite 0.6.2
* Fri Feb 21 2014 Martin Hellmich <mhellmic(a)cern.ch> - 0.6.2-1
- Update for new upstream release
* Wed Sep 25 2013 Martin Hellmich <mhellmic(a)cern.ch> - 0.5.1-1
- Update for new upstream release
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 28 2013 Petr Machata <pmachata(a)redhat.com> - 0.5.0-6
- Rebuild for boost 1.54.0
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-profiler-0.6.2-2.el5 (FEDORA-EPEL-2014-0865)
Profiler plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Push 0.6.2 on fedora/EPEL
Update to new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Update for synchronization with dmlite 0.6.2
* Thu Feb 20 2014 Fabrizio Furano <fabrizio.furano(a)cern.ch> - 0.6.2-1
- Rebuild for dmlite core 0.6 update
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.0-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 28 2013 Petr Machata <pmachata(a)redhat.com> - 0.5.0-5
- Rebuild for boost 1.54.0
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-s3-0.5.1-3.el5 (FEDORA-EPEL-2014-0878)
S3 plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Release 0.5.1 for dmlite 0.6.2 synchronization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.5.1-3
- Release 0.5.1 for dmlite 0.6.2 synchronization
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dpm-dsi-1.9.3-1.el5 (FEDORA-EPEL-2014-0856)
Disk Pool Manager (DPM) plugin for the Globus GridFTP server
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 1.9.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez(a)cern.ch> - 1.9.3-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
dpm-xrootd-3.3.5-1.el5 (FEDORA-EPEL-2014-0836)
XROOT interface to the Disk Pool Manager (DPM)
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 3.3.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez(a)cern.ch> - 3.3.5-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
drupal7-entity_translation-1.0-0.4.beta3.el5 (FEDORA-EPEL-2014-0826)
Allows entities to be translated into different languages
--------------------------------------------------------------------------------
Update Information:
Allows (fieldable) entities to be translated into different languages, by introducing
entity/field translation for the new translatable fields capability in Drupal 7.
Maintained by the Drupal core i18n team.
This project does not replace the Internationalization (
http://drupal.org/project/i18n)
project, which focuses on enabling a full multilingual workflow for site admins/builders.
Some features, e.g. content language negotiation or taxonomy translation, might overlap
but most of them are unrelated.
This package provides the following Drupal modules:
* entity_translation
* entity_translation_i18n_menu
* entity_translation_upgrade
--------------------------------------------------------------------------------
================================================================================
drupal7-fivestar-2.0-0.9.rc3.el5 (FEDORA-EPEL-2014-0860)
Enables fivestar ratings on content, users, etc
--------------------------------------------------------------------------------
Update Information:
- Updated to 2.0-rc3 (BZ #1074882; release notes
https://drupal.org/node/2215277)
Updated to 2.0-rc1
* Release notes:
https://drupal.org/node/2208927
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 14 2014 Peter Borsa <peter.borsa(a)gmail.com> - 2.0-0.9.rc3
- Updated to 2.0-rc3 (BZ #1074882; release notes
https://drupal.org/node/2215277)
* Thu Mar 6 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.0-0.8.rc1
- Updated to 2.0-rc1 (BZ #1066281; release notes
https://drupal.org/node/2208927)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074882 - drupal7-fivestar-2.0-rc2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1074882
[ 2 ] Bug #1066281 - drupal7-fivestar-2.0-rc1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1066281
--------------------------------------------------------------------------------
================================================================================
gfal2-2.5.5-2.el5 (FEDORA-EPEL-2014-0857)
Grid file access library 2.0
--------------------------------------------------------------------------------
Update Information:
Backported fix for segfault on the srm plugin
Release 2.5.5 of GFAL2
Release 2.5.5 of GFAL2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 Alejandro Alvarez <aalvarez at cern.ch> - 2.5.5-2
- Backported patch that fixes segfault on the SRM plugin when
listing empty directories
* Wed Feb 26 2014 Adrien Devresse <adevress at cern.ch> - 2.5.5-1
- Release 2.5.5 of GFAL2
--------------------------------------------------------------------------------
================================================================================
iperf3-3.0.2-1.el5 (FEDORA-EPEL-2014-0862)
Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
Update Information:
iperf3-3.0.2 is available
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2014 Susant Sahani <ssahani(a)redhat.com> 3.0.2-1
- Update to 3.0.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074900 - iperf3-3.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1074900
--------------------------------------------------------------------------------
================================================================================
lcgdm-1.8.8-2.el5 (FEDORA-EPEL-2014-0849)
LHC Computing Grid Data Management
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 1.8.8
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 14 2014 Alejandro Alvarez <aalvarez(a)cern.ch> - 1.8.8-2
- Upstream provided a wrong tag by mistake. Rebuild with the new code
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez(a)cern.ch> - 1.8.8-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
lcgdm-dav-0.14.1-1.el5 (FEDORA-EPEL-2014-0861)
HTTP/DAV front end to the DPM/LFC services
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 0.14.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez(a)cern.ch> - 0.14.1-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
libsieve-2.3.1-1.el5 (FEDORA-EPEL-2014-0835)
A library for parsing, sorting and filtering your mail
--------------------------------------------------------------------------------
Update Information:
v 2.3.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1004370 - Please update it to 2.3.1
https://bugzilla.redhat.com/show_bug.cgi?id=1004370
--------------------------------------------------------------------------------
================================================================================
libyubikey-1.11-2.el5 (FEDORA-EPEL-2014-0877)
C library for decrypting and parsing Yubikey One-time passwords
--------------------------------------------------------------------------------
Update Information:
Update to latest release
New upstream release 1.10; enables build warnings
New upstream release 1.10; enables build warnings
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 - Nick Bebout <nb(a)fedoraproject.org> - 1.11-2
- Bump release so I can rebuild deleted build
* Thu Nov 28 2013 - Maxim Burgerhout <wzzrd(a)fedoraproject.org> - 1.11-1
- New upstream release 1.11; adds man pages
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.10-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon May 13 2013 - Maxim Burgerhout <wzzrd(a)fedoraproject.org> - 1.10-1
- New upstream release 1.10; enables build warnings
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.35-1.el5 (FEDORA-EPEL-2014-0837)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
1.4.35, fixes SA-2014-01, CVE-2014-2323, CVE-2014-2324
[1]
http://seclists.org/oss-sec/2014/q1/561
[2]
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
[3]
http://www.lighttpd.net/2014/3/12/1.4.35/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Jon Ciesla <limburgher(a)gmail.com> - 1.4.35-1
- 1.4.35, SA-2014-01
- Typo patch upstreamed.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1075711 - CVE-2014-2324 CVE-2014-2323 lighttpd: SQL injection and directory
traversal vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1075711
[ 2 ] Bug #1075710 - CVE-2014-2324 CVE-2014-2323 lighttpd: SQL injection and directory
traversal vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1075710
--------------------------------------------------------------------------------
================================================================================
mediawiki119-1.19.13-1.el5 (FEDORA-EPEL-2014-0840)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
Update to 1.19.13
Fix permissions on cache and images directories.
Update to 1.19.12
Update to 1.19.12
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 Patrick Uiterwijk <puiterwijk(a)redhat.com> - 1.19.13-1
- Update to 1.19.13
* Mon Mar 3 2014 Patrick Uiterwijk <puiterwijk(a)redhat.com> - 1.19.12-2
- Fix directory permissions
* Fri Feb 28 2014 Patrick Uiterwijk <puiterwijk(a)redhat.com> - 1.19.12-1
- Update to 1.19.12
- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces.
Also disallow iframe elements. User will get an error including the namespace name if they
use a non- whitelisted namespace.
- (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token
comparison would be vulnerable to timing attacks. This will take constant time.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1062131 - Unable to open CDB file for write
https://bugzilla.redhat.com/show_bug.cgi?id=1062131
--------------------------------------------------------------------------------
================================================================================
shogun-data-0.8.1-0.4.git20140303.6615cf0.el5 (FEDORA-EPEL-2014-0868)
Data-files for the SHOGUN machine learning toolbox
--------------------------------------------------------------------------------
Update Information:
* updated to new snapshot git20140303.6615cf007634595d459853bf4dc6f1a227d2450c
* added a macro for use in other spec-files
* place rpm-macros into proper location
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1068941 - shogun-data 0.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1068941
[ 2 ] Bug #1074285 - shogun-data installs macros files to /etc/rpm
https://bugzilla.redhat.com/show_bug.cgi?id=1074285
--------------------------------------------------------------------------------
================================================================================
textcat-1.10-1.el5 (FEDORA-EPEL-2014-0831)
Written language identification
--------------------------------------------------------------------------------
Update Information:
initial rpm release (#1075662)
-----
TextCat is an implementation of the text categorization algorithm presented in Cavnar, W.
B. and J. M. Trenkle, "N-Gram-Based Text Categorization". TextCat uses this the
technique to implement a written language identification. At the moment, it knows about 69
natural languages (counting Esperanto as a natural language).
-----
Testing is quite easy: Take a sample text in some language with a few sentences and save
it as plain text. Invoke `textcat $yourtext` and it should give you the name of the
language the text is written in to stdout. If it doesn't know the language you will
get message about, too. If there are different possibilities of languages to will give
you the list of possible languages concaternated by 'or'.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1075662 - Review Request: textcat - Written language identification
https://bugzilla.redhat.com/show_bug.cgi?id=1075662
--------------------------------------------------------------------------------