The following Fedora EPEL 5 Security updates need testing:
Age URL
811
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893
libguestfs-1.20.12-1.el5
575
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626 puppet-2.7.26-1.el5
425
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849
sblim-sfcb-1.3.8-2.el5
68
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516
mcollective-2.8.4-1.el5
39
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6
thttpd-2.25b-24.el5
21
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2
libsndfile-1.0.17-8.el5
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d712fb2a08
phpMyAdmin4-4.0.10.12-1.el5
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-01879cfdd3
lighttpd-1.4.39-1.el5
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7750a31388
openvpn-2.3.10-1.el5
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-512e1f2343
wordpress-4.4.1-1.el5
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7191918aa5
openssl101e-1.0.1e-6.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
dislocker-0.5.1-1.el5
dpm-dsi-1.9.7-1.el5
openssl101e-1.0.1e-6.el5
python-messaging-1.1-1.el5
wordpress-4.4.1-1.el5
Details about builds:
================================================================================
dislocker-0.5.1-1.el5 (FEDORA-EPEL-2016-a4dfb73532)
Utility to access BitLocker encrypted volumes
--------------------------------------------------------------------------------
Update Information:
dislocker 0.5.1 =============== This version is only used to update dislocker's
brew file for OSX users to be able to download v0.5. If you're not an OSX user,
you can use either v0.5 or v0.5.1, this won't make any difference. dislocker
0.5 ============= Bugfixes -------- * Support for old and new versions of
PolarSSL (now called mbedTLS); * Various crashes have been fixed. Features
improvement -------------------- * Read/write on FAT-formatted volumes
encrypted by BitLocker; * Some Ruby bindings have been added to the library;
* A Ruby script has thus been added to look for BitLocker-encrypted volumes.
Notable changes --------------- * Compilation/installation now goes through
cmake, be sure to review the INSTALL.md file.
--------------------------------------------------------------------------------
================================================================================
dpm-dsi-1.9.7-1.el5 (FEDORA-EPEL-2016-530d9d8b17)
Disk Pool Manager (DPM) plugin for the Globus GridFTP server
--------------------------------------------------------------------------------
Update Information:
- fix for Gridftp Redirection: transfers with checksums fail when delayed
passive is enabled - fix for Gridftp Redirection: transfer overwrite fails -
fix for Gridftp logs not compressed - Implemented checksum calculation on the
disknodes with Gridftp Redirection enabled
--------------------------------------------------------------------------------
================================================================================
openssl101e-1.0.1e-6.el5 (FEDORA-EPEL-2016-7191918aa5)
A general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing
ServerKeyExchange and Client Authentication packets during a TLS handshake. A
man-in-the-middle attacker able to force a TLS connection to use the MD5 hash
function could use this flaw to conduct collision attacks to impersonate a TLS
server or an authenticated TLS client. (CVE-2015-7575)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in
key exchange protocol (SLOTH)
https://bugzilla.redhat.com/show_bug.cgi?id=1289841
--------------------------------------------------------------------------------
================================================================================
python-messaging-1.1-1.el5 (FEDORA-EPEL-2016-ac308d811d)
Python abstraction of a "message"
--------------------------------------------------------------------------------
Update Information:
Updated to upstream version 1.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296742 - python-messaging-1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1296742
--------------------------------------------------------------------------------
================================================================================
wordpress-4.4.1-1.el5 (FEDORA-EPEL-2016-512e1f2343)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.4.1 Security and Maintenance Release** WordPress versions 4.4 and
earlier are affected by a cross-site scripting vulnerability that could allow a
site to be compromised. This was reported by Crtc4L. There were also several
non-security bug fixes: * Emoji support has been updated to include all of the
latest emoji characters, including the new diverse emoji! ������������ * Some sites with
older versions of OpenSSL installed were unable to communicate with other
services provided through some plugins. * If a post URL was ever re-used, the
site could redirect to the wrong post. WordPress 4.4.1 fixes 52 bugs from 4.4.
For more information, see the [release
notes](https://codex.wordpress.org/Version_4.4.1) or consult the [list of
changes](https://core.trac.wordpress.org/query?milestone=4.4.1).
--------------------------------------------------------------------------------