The following Fedora EPEL 7 Security updates need testing:
Age URL
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-0859a9d61e
x11vnc-0.9.13-12.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-9fbe0750f7
privoxy-3.0.32-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-580891d7f4
chromium-88.0.4324.182-2.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f1e9ccd247
zabbix40-4.0.29-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-04cc5bcb08
nagios-4.4.6-4.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
beakerlib-1.26-1.el7
cabextract-1.9-7.el7
charliecloud-0.22-2.el7
python3-pillow-6.2.2-2.el7
Details about builds:
================================================================================
beakerlib-1.26-1.el7 (FEDORA-EPEL-2021-420574d469)
A shell-level integration testing library
--------------------------------------------------------------------------------
Update Information:
- fixed rlServiceDisable if called without rlServiceEnable beforehand - few
internal fixes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 9 2021 Dalibor Pospisil <dapospis(a)redhat.com> - 1.26-1
- fixed rlServiceDisable if called without rlServiceEnable beforehand
- few internal fixes
--------------------------------------------------------------------------------
================================================================================
cabextract-1.9-7.el7 (FEDORA-EPEL-2021-780cd884ad)
Utility for extracting cabinet (.cab) archives
--------------------------------------------------------------------------------
Update Information:
cabextract 1.9 ============== * Fixed invisible bad extraction when using
`cabextract -F` (broken in 1.8) * Fixed configure `--with-external-libmspack`
which was broken in 1.8 * `configure --with-external-libmspack` will now use
`pkg-config`. To configure it manually, set environment variables
`libmspack_CFLAGS` and `libmspack_LIBS` before running `configure`. * Now
includes the test suite (`make check`) cabextract 1.8 ============== *
`cabextract -f` now extracts even more badly damaged files than before
cabextract 1.7 ============== * `cabextract` now supports an `--encoding`
parameter, to specify the character encoding of CAB filenames if they are not
ASCII or UTF8 * `cabextract -L` now lowercases non-ASCII characters
cabextract 1.6 ============== * `cabextract` now prevents archive files
giving themselves absolute path access using badly UTF-8 encoded slashes. *
Because Cygwin allows both `/` and `\` as path separators, cabextract now
removes both leading `/`s and `\`s and changes both `../` and `..\` in CAB
filenames to `xx`. You can no longer have a CAB filename called e.g. `\/t`
(file `t` in the directory `\`). If you need this, create a CAB file where the
filename is `./\/t` instead.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 7 2021 Rex Dieter <rdieter(a)fedoraproject.org> - 1.9-7
- use bundled libmspack on epel
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Nov 6 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.9-1
- 1.9
* Tue Oct 30 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.8-1
- 1.8
* Wed Jul 25 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.7-1
- 1.7 (#1186186)
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 2 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Feb 3 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Thu Apr 9 2015 Juan Orti Alcaine <jorti(a)fedoraproject.org> - 1.5-2
- Use license macro
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644222 - CVE-2018-18584 CVE-2018-18585 cabextract: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1644222
--------------------------------------------------------------------------------
================================================================================
charliecloud-0.22-2.el7 (FEDORA-EPEL-2021-0007e8c188)
Lightweight user-defined software stacks for high-performance computing
--------------------------------------------------------------------------------
Update Information:
Fix source0 path. Make man7 available in the base package.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 8 2021 Dave Love <loveshack(a)fedoraproject.org> <jogas(a)lanl.gov> -
0.22-2
- Fix source0 path
- Put man7 in base package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1927476 - charliecloud.7 seems misplaced
https://bugzilla.redhat.com/show_bug.cgi?id=1927476
[ 2 ] Bug #1934036 - invalid source0
https://bugzilla.redhat.com/show_bug.cgi?id=1934036
--------------------------------------------------------------------------------
================================================================================
python3-pillow-6.2.2-2.el7 (FEDORA-EPEL-2021-32d4f4a583)
Python image processing library
--------------------------------------------------------------------------------
Update Information:
Backport CVE fixes for CVE-2020-35655, CVE-2020-35654, CVE-2021-25289
(bz#1934684), CVE-2021-25290 (bz#1934689), CVE-2021-25291 (bz#1934696),
CVE-2020-35655, CVE-2021-25293 (bz#1934709), CVE-2021-25292 (bz#1934703),
CVE-2021-27921 (bz#1935387), CVE-2021-27922 (bz#1935400), CVE-2021-27923
(bz#1935404)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 4 2021 Orion Poplawski <orion(a)nwra.com> - 6.2.2-2
- Backport CVE fixes for CVE-2020-35655, CVE-2020-35654, CVE-2021-25289
(bz#1934684), CVE-2021-25290 (bz#1934689), CVE-2021-25291 (bz#1934696),
CVE-2020-35655, CVE-2021-25293 (bz#1934709), CVE-2021-25292 (bz#1934703),
CVE-2021-27921 (bz#1935387), CVE-2021-27922 (bz#1935400),
CVE-2021-27923 (bz#1935404)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1934684 - CVE-2021-25289 python3-pillow: python-pillow: insufficent fix for
CVE-2020-35654 due to incorrect error checking in TiffDecode.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1934684
[ 2 ] Bug #1934689 - CVE-2021-25290 python3-pillow: python-pillow: negative-offset
memcpy with an invalid size in TiffDecode.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1934689
[ 3 ] Bug #1934696 - CVE-2021-25291 python3-pillow: python-pillow: out-of-bounds read in
TiffReadRGBATile in TiffDecode.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1934696
[ 4 ] Bug #1934703 - CVE-2021-25292 python3-pillow: python-pillow: backtracking regex in
PDF parser could be used as a DOS attack [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1934703
[ 5 ] Bug #1934709 - CVE-2021-25293 python3-pillow: python-pillow: out-of-bounds read in
SGIRleDecode.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1934709
[ 6 ] Bug #1935387 - CVE-2021-27921 python3-pillow: python-pillow: reported size of a
contained image is not properly checked for a BLP container [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1935387
[ 7 ] Bug #1935400 - CVE-2021-27922 python3-pillow: python-pillow: reported size of a
contained image is not properly checked for an ICNS container [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1935400
[ 8 ] Bug #1935404 - CVE-2021-27923 python3-pillow: python-pillow: reported size of a
contained image is not properly checked for an ICO container [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1935404
--------------------------------------------------------------------------------