The following Fedora EPEL 5 Security updates need testing:
Age URL
811
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893
libguestfs-1.20.12-1.el5
576
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5
426
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849
sblim-sfcb-1.3.8-2.el5
69
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516
mcollective-2.8.4-1.el5
40
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6
thttpd-2.25b-24.el5
22
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2
libsndfile-1.0.17-8.el5
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d712fb2a08
phpMyAdmin4-4.0.10.12-1.el5
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-01879cfdd3
lighttpd-1.4.39-1.el5
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7750a31388
openvpn-2.3.10-1.el5
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-512e1f2343
wordpress-4.4.1-1.el5
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7191918aa5
openssl101e-1.0.1e-6.el5
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d4bdacdc4a
prosody-0.9.9-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
prosody-0.9.9-1.el5
Details about builds:
================================================================================
prosody-0.9.9-1.el5 (FEDORA-EPEL-2016-d4bdacdc4a)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.9 ============= A summary of changes: Security fixes
-------------- * Fix path traversal vulnerability in mod_http_files
(CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets
(CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix
traceback when deleting a user in some configurations (issue #496) * MUC:
restrict_room_creation could prevent users from joining rooms (issue #458) *
MUC: fix occasional dropping of iq stanzas sent privately between occupants *
Fix a potential memory leak in mod_pep Additions --------- * Add http:list()
command to telnet to view active HTTP services * Simplify IPv4/v6 address
selection code for outgoing s2s * Add support for importing SCRAM hashes from
ejabberd
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296984 - CVE-2016-1232 prosody: Use of weak PRNG in generation of dialback
secrets
https://bugzilla.redhat.com/show_bug.cgi?id=1296984
[ 2 ] Bug #1296983 - CVE-2016-1231 prosody: Path traversal vulnerability in
mod_http_files
https://bugzilla.redhat.com/show_bug.cgi?id=1296983
--------------------------------------------------------------------------------