The following Fedora EPEL 7 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4d30ee90cd nginx-1.20.1-10.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a06d5c7af1 js-jquery-ui-1.13.2-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-d6012d25d2 drupal7-link-1.11-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-aa5b185b7b drupal7-context-3.11-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
heimdal-7.7.1-1.el7 ntfs-3g-2022.10.3-1.el7 rsnapshot-1.4.4-1.el7
Details about builds:
================================================================================ heimdal-7.7.1-1.el7 (FEDORA-EPEL-2022-30fd5a80a8) A Kerberos 5 implementation without export restrictions -------------------------------------------------------------------------------- Update Information:
This release fixes the following Security Vulnerabilities: * CVE-2022-42898 PAC parse integer overflows * CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour * CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array * CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors * CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ * CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3. -------------------------------------------------------------------------------- ChangeLog:
* Wed Nov 16 2022 Alexander Bostr��m abo@root.snowtree.se - 7.7.1-1 - Update to 7.7.1 - Remove upstreamed patch - Replace patch with sed command * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 7.7.0-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 7.7.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 7.7.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Apr 13 2021 Alexander Bostr��m abo@root.snowtree.se - 7.7.0-9 - Backport autoconf-2.70 fix * Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 7.7.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 7.7.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Mar 31 2020 Alexander Bostr��m abo@root.snowtree.se - 7.7.0-6 - Do not buildrequire openldap-servers on RHEL8+ * Sat Mar 21 2020 Alexander Bostr��m abo@root.snowtree.se - 7.7.0-5 - Add Python 3 code patch - Use Python 3 binary path - BuildRequire Python 3 * Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 7.7.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Jan 17 2020 Jeff Law law@redhat.com - 7.7.0-3 - Fix configure tests compromised by LTO --------------------------------------------------------------------------------
================================================================================ ntfs-3g-2022.10.3-1.el7 (FEDORA-EPEL-2022-9e1d9b40a7) Linux NTFS userspace driver -------------------------------------------------------------------------------- Update Information:
Update to 2022.10.3. Fixes CVE-2022-40284 -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 3 2022 Gabriel Kihlman gk@sysctl.se - 2:2022.10.3-1 - New upstream version 2022.10.3 - Fixes: CVE-2022-40284 * Fri Jul 22 2022 Fedora Release Engineering releng@fedoraproject.org - 2:2022.5.17-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2090876 - ntfs-3g-2022.10.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2090876 [ 2 ] Bug #2140031 - CVE-2022-40284: buffer overflow in NTFS-3G https://bugzilla.redhat.com/show_bug.cgi?id=2140031 --------------------------------------------------------------------------------
================================================================================ rsnapshot-1.4.4-1.el7 (FEDORA-EPEL-2022-29b37c6313) Local and remote filesystem snapshot utility -------------------------------------------------------------------------------- Update Information:
# rsnapshot 1.4.4 - Add sentence explaining rsync_long|short_args + sign to man page - Fix rsnapreport problems (incorrect header, fail when `rsync` present, fail with LVM) - Add notes about documentation, and link to the website repo - Fix for '`rsync_cleanup_after_native_cp_al()` only works on directories' fail when `sync_first on` and `cmd_cp` not set (#133), add test - Fix for `rm -rf` failing when the path contains `./` - Suppress noisy error from non-GNU `cp` on BSD-ish machines, including MacOS - Add CentOS 7 to successfully tested to docs - Minor tidy up rel `configure` options `--with-test-(true|false)` - Update travis build settings - Dont use `m4_esyscmd_s` in `configure.ac` - Update docs to remove dangling refs to HOWTO on rsnapshot.org - Skip both SSH tests (rather one) if SSH doesn't work - Use perl-5.30 for tests (used in Ubuntu 20.04 Focal) - Lower verbose level of `rsync` output to 1.3.x equivalent to work with `rsnapreport.pl` again - Fix location of true and false binaries on macOS -------------------------------------------------------------------------------- ChangeLog:
* Wed Nov 16 2022 Robert Scheck robert@fedoraproject.org - 1.4.4-1 - Upgrade to 1.4.4 (#1974006, thanks to Todd Zullinger) * Sat Jul 23 2022 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Jul 23 2021 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Jul 29 2020 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Mar 31 2020 Jitka Plesnikova jplesnik@redhat.com - 1.4.3-3 - Specify all perl dependencies needed for tests * Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1974006 - rsnapshot 1.4.4 is available. Please build for EPEL8 and Fedora34 https://bugzilla.redhat.com/show_bug.cgi?id=1974006 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org