The following Fedora EPEL 5 Security updates need testing: Age URL 766 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 221 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.... 101 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2.0-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1515/check-mk-1.2.4...

The following builds have been pushed to Fedora EPEL 5 updates-testing

check-mk-1.2.4p2-2.el5 hylafax+-5.5.5-1.el5 jpegoptim-1.4.1-1.el5 sys_basher-1.1.25-2.el5

Details about builds:

================================================================================ check-mk-1.2.4p2-2.el5 (FEDORA-EPEL-2014-1515) A new general purpose Nagios-plugin for retrieving data -------------------------------------------------------------------------------- Update Information:

- Install the mk-job binary on /usr/bin. - Make sure the proper permissions are given to /var/lib/check_mk_agent/job to prevent any hard or symlink to be created by a normal user and pointing to any file on the filesystem exposing it on the check-mk-agent output being run as root. -------------------------------------------------------------------------------- ChangeLog:

* Tue May 27 2014 Andrea Veri averi@fedoraproject.org - 1.2.4p2-2 - Install the mk-job binary on /usr/bin. - Make sure the proper permissions are given to /var/lib/check_mk_agent/job to prevent any hard or symlink to be created by a normal user and pointing to any file on the filesystem exposing it on the check-mk-agent output being run as root. Fixes BZ #1101669. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1101669 - CVE-2014-0243 check-mk: arbitrary file disclosure flaw as root https://bugzilla.redhat.com/show_bug.cgi?id=1101669 --------------------------------------------------------------------------------

================================================================================ hylafax+-5.5.5-1.el5 (FEDORA-EPEL-2014-1517) An enterprise-strength fax server -------------------------------------------------------------------------------- Update Information:

Update to 5.5.5 fixes several bugs plus add uucp dependency. -------------------------------------------------------------------------------- ChangeLog:

* Mon May 26 2014 Lee Howard faxguy@howardsilvan.com - 5.5.5-1 - update to 5.5.5 * Thu Apr 24 2014 Lee Howard faxguy@howardsilvan.com - 5.5.4-3 - add uucp dependency for build and install, bug 998737 * Sat Sep 14 2013 Lee Howard faxguy@howardsilvan.com - 5.5.4-2 - fix preun stop call to hylafax+ (and not hylafax) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #998737 - /var/spool/hylafax has incorrect ownership and other hylafax+ RPM problems https://bugzilla.redhat.com/show_bug.cgi?id=998737 --------------------------------------------------------------------------------

================================================================================ jpegoptim-1.4.1-1.el5 (FEDORA-EPEL-2014-1518) Utility to optimize JPEG files -------------------------------------------------------------------------------- Update Information:

Update to version 1.4.1 -------------------------------------------------------------------------------- ChangeLog:

* Wed May 28 2014 Denis Fateyev denis@fateyev.com - 1.4.1-1 - Update to version 1.4.1 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1100425 - jpegoptim-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1100425 --------------------------------------------------------------------------------

================================================================================ sys_basher-1.1.25-2.el5 (FEDORA-EPEL-2014-1513) A multithreaded hardware exerciser -------------------------------------------------------------------------------- Update Information:

Added verbose mode to memory tests -------------------------------------------------------------------------------- ChangeLog:

* Mon May 26 2014 Joshua Rosen bjrosen@polybus.com - 1.1.25-2 - Added exclude arm * Mon May 26 2014 Joshua Rosen bjrosen@polybus.com - 1.1.25-1 - Added verbose modes to memory tests. Added random data memory tests. Added double checking to memory tests * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.1.24-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Fri Feb 15 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.1.24-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Sat Jul 21 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.1.24-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sat Jan 14 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.1.24-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Wed Dec 9 2009 Joshua Rosen bjrosen@polybus.com - 1.1.24-1 - Documented the stop on error switch --------------------------------------------------------------------------------