Fedora EPEL 6 updates-testing report - epel-devel - Fedora mailing-lists

3 Mar 2018


      The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 963  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168   rubygem-crack-0.3.2-2.el6
 853  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb   mcollective-2.8.4-1.el6
 824  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9   thttpd-2.25b-24.el6
 435  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac   libbsd-0.8.3-2.el6
 164  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92   libmspack-0.6-0.1.alpha.el6
  83  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e   optipng-0.7.6-6.el6
  55  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462   heimdal-7.5.0-1.el6
  50  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4   rootsh-1.5.3-17.el6
  18  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f742513635   jhead-3.00-9.el6
  13  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-87b20f1b26   exim-4.90.1-2.el6
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-76121890f9   seamonkey-2.49.2-2.el6
  11  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c8346d8e5   mbedtls-2.7.0-1.el6
  10  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-6ac908eac8   openjpeg2-2.3.0-6.el6
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2ffe688829   freexl-1.0.5-1.el6
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-5d12c76136   drupal7-7.57-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
clamav-0.99.4-1.el6
Details about builds:
================================================================================
 clamav-0.99.4-1.el6 (FEDORA-EPEL-2018-7e91105260)
 Anti-virus software
--------------------------------------------------------------------------------
Update Information:
Update to 0.99.4  0.99.4 addresses a few outstanding vulnerability bugs.  It
includes fixes for:  -    CVE-2012-6706 -    CVE-2017-6419 -    CVE-2017-11423
-    CVE-2018-1000085    There are also a few bug fixes that were not assigned
CVE���s, but were important enough to address while we had the chance.  One of
these was the notorious file descriptor exhaustion bug that caused outages late
last January.  In addition to the above, 0.99.4 fixes:  -    CVE-2018-0202: Two
newly reported vulnerabilities in the PDF parsing code.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1549071 - CVE-2018-1000085 clamav: Out-of-bounds heap read in XAR parser [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1549071
  [ 2 ] Bug #1550747 - clamav-0.99.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1550747
--------------------------------------------------------------------------------