The following Fedora EPEL 5 Security updates need testing:
Age URL
838
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3....
292
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs...
57
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7....
47
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1696/perl-Email-...
41
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1747/mediawiki11...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1996/fail2ban-0....
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2087/drupal7-dat...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2155/wordpress-3...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2165/iodine-0.7....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2153/drupal6-6.3...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2150/drupal7-7.3...
The following builds have been pushed to Fedora EPEL 5 updates-testing
amavisd-new-2.5.2-3.el5
bitlbee-3.2.2-4.el5
drupal6-6.33-1.el5
drupal7-7.31-1.el5
iodine-0.7.0-1.el5
wordpress-3.9.2-2.el5
Details about builds:
================================================================================
amavisd-new-2.5.2-3.el5 (FEDORA-EPEL-2014-2152)
Email filter with virus scanner and spamassassin support
--------------------------------------------------------------------------------
Update Information:
Change permissions of /var/spool/amavisd folders to 750
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #430177 - clamd.d/amavisd.conf configuration directives require boolean
arguments
https://bugzilla.redhat.com/show_bug.cgi?id=430177
--------------------------------------------------------------------------------
================================================================================
bitlbee-3.2.2-4.el5 (FEDORA-EPEL-2014-2154)
IRC to other chat networks gateway
--------------------------------------------------------------------------------
Update Information:
Disable libpurple due to dbus issues also in EPEL (#1126930)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 7 2014 Robert Scheck <robert(a)fedoraproject.org> 3.2.2-4
- Disable libpurple due to dbus issues also in EPEL (#1126930)
* Tue Jul 22 2014 Robert Scheck <robert(a)fedoraproject.org> 3.2.2-3
- Really disable libpurple support for Fedora except Rawhide
* Mon Jul 14 2014 Robert Scheck <robert(a)fedoraproject.org> 3.2.2-2
- Enable forkdaemon due lacking SELinux policy in Rawhide only
- Disable libpurple conflicting with the daemon mode (#1117553)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1126930 - bitlbee 3.2.2 dbus problem on centos 6
https://bugzilla.redhat.com/show_bug.cgi?id=1126930
--------------------------------------------------------------------------------
================================================================================
drupal6-6.33-1.el5 (FEDORA-EPEL-2014-2153)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
- Update to Drupal 6.33.
- Drupal 6.33 release notes can be found here,
https://www.drupal.org/drupal-6.33-release-notes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 7 2014 Peter Borsa <peter.borsa(a)gmail.com> - 6.33-1
- 6.33, SA-CORE-2014-004
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1127538 - drupal: denial of service issue (SA-CORE-2014-004)
https://bugzilla.redhat.com/show_bug.cgi?id=1127538
--------------------------------------------------------------------------------
================================================================================
drupal7-7.31-1.el5 (FEDORA-EPEL-2014-2150)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
Update to upstream 7.31 release for SA-CORE-2014-004
This is a bugfix release. For complete details refer to:
https://www.drupal.org/drupal-7.30-release-notes
Fixes SA-CORE-2014-003. For details refer to:
https://www.drupal.org/drupal-7.29-release-notes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 7 2014 Jared Smith <jsmith(a)fedoraproject.org> - 7.31-1
- Update to upstream 7.31 release for SA-CORE-2014-004
* Mon Jul 28 2014 Paul W. Frields <stickster(a)gmail.com> - 7.30-1
- 7.30
* Wed Jul 16 2014 Paul W. Frields <stickster(a)gmail.com> - 7.29-1
- 7.29, SA-CORE-2014-003
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
7.28-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1120641 - CVE-2014-5019 CVE-2014-5020 CVE-2014-5021 CVE-2014-5022 drupal7:
multiple vulnerabilities (SA-CORE-2014-003)
https://bugzilla.redhat.com/show_bug.cgi?id=1120641
[ 2 ] Bug #1127538 - drupal: denial of service issue (SA-CORE-2014-004)
https://bugzilla.redhat.com/show_bug.cgi?id=1127538
--------------------------------------------------------------------------------
================================================================================
iodine-0.7.0-1.el5 (FEDORA-EPEL-2014-2165)
Solution to tunnel IPv4 data through a DNS server
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.0 to fix CVE-2014-4168 iodine: authentication bypass vulnerability
(bz#1110339, bz#1110338 [bz#1110340, bz#1110341, bz#1110342]).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 22 2014 Pavel Alexeev <Pahan(a)Hubbitus.info> - 0.7.0-1
- Update to 0.7.0 to fix CVE-2014-4168 iodine: authentication bypass vulnerability
(bz#1110339, bz#1110338 [bz#1110340, bz#1110341, bz#1110342]).
- Drop old Patch0: iodine-0.5.2-prefix.patch
- Rebase iodine-0.6.0-rc1.split-man.patch -> iodine-0.7.0.split-man.patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110338 - CVE-2014-4168 iodine: authentication bypass vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1110338
--------------------------------------------------------------------------------
================================================================================
wordpress-3.9.2-2.el5 (FEDORA-EPEL-2014-2155)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
Upstream annoucement:
http://wordpress.org/news/2014/08/wordpress-3-9-2/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 7 2014 Remi Collet <remi(a)fedoraproject.org> - 3.9.2-1
- update to 3.9.2 Security Release #1127547
- config file only readable by apache user (httpd or php-fpm) #1124582
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1127547 - wordpress: security issues fixed in version 3.9.2
https://bugzilla.redhat.com/show_bug.cgi?id=1127547
--------------------------------------------------------------------------------