The following Fedora EPEL 6 Security updates need testing:
Age URL
955
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
174
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7....
45
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3....
20
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binut...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4151/lsyncd-2.1....
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4144/nodejs-0.10...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4165/python-eyed...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4237/drupal7-7.3...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4192/wordpress-4...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4233/drupal6-6.3...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4242/facter-1.6....
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4243/asterisk-1....
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2069/php-channel...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4281/docker-io-1...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4404/perl-YAML-L...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4384/antiword-0....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4407/pkcs11-help...
The following builds have been pushed to Fedora EPEL 6 updates-testing
antiword-0.37-17.el6
cp2k-2.4-3.20140428svn13818.el6
openvpn-2.3.6-1.el6
perl-YAML-LibYAML-0.38-5.el6
php-aws-sdk-2.7.6-1.el6
pkcs11-helper-1.11-3.el6
pyhoca-gui-0.5.0.3-1.el6
python-cliapp-1.20140719-1.el6
python-x2go-0.5.0.2-1.el6
scotch-6.0.3-2.el6
statsd-0.7.2-3.el6
xpdf-3.04-6.el6
Details about builds:
================================================================================
antiword-0.37-17.el6 (FEDORA-EPEL-2014-4384)
MS Word to ASCII/Postscript converter
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2014-8123
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Adrian Reber <adrian(a)lisas.de> - 0.37-17
- added patch for "CVE-2014-8123 antiword: buffer overflow of
atPPSlist[].szName[]" (#1169665)
- fixed dates in changelog
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.37-16
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.37-15
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.37-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.37-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.37-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.37-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.37-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169665 - CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[]
https://bugzilla.redhat.com/show_bug.cgi?id=1169665
--------------------------------------------------------------------------------
================================================================================
cp2k-2.4-3.20140428svn13818.el6 (FEDORA-EPEL-2014-4396)
Ab Initio Molecular Dynamics
--------------------------------------------------------------------------------
Update Information:
This update fixes the broken dependencies caused by RHEL/CentOS 6.6 upgrade and updates
the code to latest snapshot from the stable 2.4 branch.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 30 2014 Dominik Mierzejewski <rpm(a)greysector.net> -
2.4-3.20140428svn13818
- update to latest 2.4 branch snapshot
- fix build against current blacs/scalapack
- mpich2 got renamed to mpich
- fix description (cp2k doesn't implement Car-Parinello Molecular Dynamics)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1155075 - cp2k-mpich2 and cp2k-openmpi got broken by rhel 6.6 update
https://bugzilla.redhat.com/show_bug.cgi?id=1155075
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.6-1.el6 (FEDORA-EPEL-2014-4407)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Jon Ciesla <limburgher(a)gmail.com> 2.3.6-1
- 2.3.6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by
sending a too-short control channel packet to server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169487
[ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by
sending a too-short control channel packet to server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------
================================================================================
perl-YAML-LibYAML-0.38-5.el6 (FEDORA-EPEL-2014-4404)
Perl YAML Serialization using XS and libyaml
--------------------------------------------------------------------------------
Update Information:
An assertion failure was found in the way the libyaml library parsed wrapped strings. An
attacker able to load specially crafted YAML input into an application using libyaml could
cause the application to crash.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Paul Howarth <paul(a)city-fan.org> - 0.38-5
- Fix assert failure when parsing wrapped strings (CVE-2014-9130)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169369 - CVE-2014-9130 libyaml: assert failure when processing wrapped
strings
https://bugzilla.redhat.com/show_bug.cgi?id=1169369
--------------------------------------------------------------------------------
================================================================================
php-aws-sdk-2.7.6-1.el6 (FEDORA-EPEL-2014-4391)
Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:
## 2.7.6 - 2014-11-20
* Added support for AWS KMS integration to the Amazon Redshift Client.
* Fixed cn-north-1 endpoint for AWS Identity and Access Management.
* Updated `S3Client::getBucketLocation` method to work cross-region regardless of the
region's signature requirements.
* Fixed an issue with the DynamoDbClient that allows it to work better with with DynamoDB
Local.
## 2.7.5 - 2014-11-13
* Added support for AWS Lambda.
* Added support for event notifications to the Amazon S3 client.
* Fixed an issue with S3 pre-signed URLs when using Signature V4.
## 2.7.4 - 2014-11-12
* Added support for the AWS Key Management Service (AWS KMS).
* Added support for AWS CodeDeploy.
* Added support for AWS Config.
* Added support for AWS KMS encryption to the Amazon S3 client.
* Added support for AWS KMS encryption to the Amazon EC2 client.
* Added support for Amazon CloudWatch Logs delivery to the AWS CloudTrail client.
* Added the GetTemplateSummary operation to the AWS CloudFormation client.
* Fixed an issue with sending signature version 4 Amazon S3 requests that contained a 0
length body.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 25 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.7.6-1
- Updated to 2.7.6 (BZ #1164158)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164158 - php-aws-sdk-2.7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1164158
--------------------------------------------------------------------------------
================================================================================
pkcs11-helper-1.11-3.el6 (FEDORA-EPEL-2014-4407)
A library for using PKCS#11 providers
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.11-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.11-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Apr 11 2014 Jon Ciesla <limburgher(a)gmail.com> - 1.11-1
- Latest upstream, required for openvpn 2.3.3.
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.10-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Apr 2 2013 Kalev Lember <kalevlember(a)gmail.com> - 1.10-1
- Update to 1.10
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.09-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.09-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.09-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Wed Aug 17 2011 Kalev Lember <kalevlember(a)gmail.com> - 1.09-1
- Update to 1.09
* Sun Jun 19 2011 Kalev Lember <kalev(a)smartlink.ee> - 1.08-1
- Update to 1.08
- Clean up the spec file for modern rpmbuild
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.07-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by
sending a too-short control channel packet to server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169487
[ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by
sending a too-short control channel packet to server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------
================================================================================
pyhoca-gui-0.5.0.3-1.el6 (FEDORA-EPEL-2014-4383)
Graphical X2Go client written in (wx)Python
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2014 Orion Poplawski <orion(a)cora.nwra.com> - 0.5.0.3-1
- Update to 0.5.0.3
--------------------------------------------------------------------------------
================================================================================
python-cliapp-1.20140719-1.el6 (FEDORA-EPEL-2014-4405)
Python framework for Unix command line programs
--------------------------------------------------------------------------------
Update Information:
Version 1.20140719
* The way logging is set up has been split into smaller methods, to allow overriding
better.
* Plugins no longer need to define a `disable` method: the default implementation is now a
no-op.
Bug fixes:
* When getting help for a subcommand, cliapp would crash saying
`get_help_text_formatter` couldn't be found. This has been fixed.
Version 1.20140315
------------------
* `cliapp` now logs the current working directory, uid, effective uid, gid, and effective
gid at startup.
* `cliapp` (`Settings.load_configs`) now reports an unknown
variable in a configuration file with a nice error message, rather than a stack trace.
* Allow overriding how the full help text for a subcommand is to be formatted.
* The `cliapp.Settings.require` method now accepts many setting names, and check for all
of them.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Michel Alexandre Salim <salimma(a)fedoraproject.org> - 1.20140719-1
- Update to 1.20140719
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1077600 - python-cliapp-1.20140719 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1077600
--------------------------------------------------------------------------------
================================================================================
python-x2go-0.5.0.2-1.el6 (FEDORA-EPEL-2014-4383)
Python module providing X2Go client API
--------------------------------------------------------------------------------
Update Information:
python-x2go-0.5.0.2:
- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption
pyhoca-gui-0.5.0.3:
- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 27 2014 Orion Poplawski <orion(a)cora.nwra.com> - 0.5.0.2-1
- Update to 0.5.0.2
--------------------------------------------------------------------------------
================================================================================
scotch-6.0.3-2.el6 (FEDORA-EPEL-2014-4381)
Graph, mesh and hypergraph partitioning library
--------------------------------------------------------------------------------
Update Information:
New package for el6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1112738 - please build for EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=1112738
--------------------------------------------------------------------------------
================================================================================
statsd-0.7.2-3.el6 (FEDORA-EPEL-2014-4401)
A simple, lightweight network daemon to collect metrics over UDP
--------------------------------------------------------------------------------
Update Information:
fix end of line encodings
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1164496 - Review Request: statsd - A simple, lightweight network daemon to
collect metrics over UDP
https://bugzilla.redhat.com/show_bug.cgi?id=1164496
--------------------------------------------------------------------------------
================================================================================
xpdf-3.04-6.el6 (FEDORA-EPEL-2014-4399)
A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:
fix proper display of international strings in the title
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2014 Tom Callaway <spot(a)fedoraproject.org> - 1:3.04-6
- fix proper display of international strings in the title (bz 1169301)
* Fri Sep 12 2014 Tom Callaway <spot(a)fedoraproject.org> - 1:3.04-5
- fix .desktop file
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1:3.04-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1:3.04-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169301 - xpdf does not show non-ASCII paths correctly
https://bugzilla.redhat.com/show_bug.cgi?id=1169301
--------------------------------------------------------------------------------