Fedora EPEL 6 Update: lynis-1.5.3-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1496
2014-05-24 17:08:08
--------------------------------------------------------------------------------
Name : lynis
Product : Fedora EPEL 6
Version : 1.5.3
Release : 1.el6
URL : http://cisofy.com/lynis/
Summary : Security and system auditing tool
Description :
Lynis is an auditing and hardening tool for Unix/Linux and you might even call
it a compliance tool. It scans the system and installed software. Then it
performs many individual security control checks. It determines the hardening
state of the machine, detects security issues and provides suggestions to
improve the security defense of the system.
--------------------------------------------------------------------------------
Update Information:
* 1.5.3 (2014-05-19)
New:
- Support for zypper package manager
- Gather installed packages with Zypper on SuSE systems [PKGS-728]
- Check for vulnerable packages with Zypper package manager [PKGS-7330]
Changes:
- Check for aide.conf also in /etc [FINT-4315]
- Adjusted screen output for unreliable NTP peers [TIME-3120]
- Adjusted check kernel test for non-Linux systems [KRNL-5730]
- Improved screen output on AIX systems with echo command
* 1.5.2 (2014-05-05)
New:
- Support for runlevel in binaries test
Changes:
- Added suggestion for kernel availability check [KRNL-5788]
- Added suggestion for services at startup and proper binary call [BOOT-5180]
- Added suggestion to configure accounting on FreeBSD [ACCT-2754]
- Added suggestion to configure Linux process accounting [ACCT-9622]
- Several new controls listed on website
- Adjusted hardening index if total score was zero
- Added suggestion for auditd.conf file [ACCT-9632]
- Removed suggestion for audit log file [ACCT-9634]
- Removed warning from NTP falsetickers test, added data to report [TIME-3132]
- Removed warning from NTP selected time source test [TIME-3124]
* 1.5.1 (2014-04-22)
Changes:
- Extended reporting with running databases and frameworks
- Adjusted Oracle status in test [DBS-1840]
- Extended grsecurity test [RBAC-6272]
- Redirect rpcinfo errors to /dev/null
- Adjusted color scheme
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update lynis' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 10 months
Fedora EPEL 6 Update: goaccess-0.8-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1473
2014-05-24 17:06:29
--------------------------------------------------------------------------------
Name : goaccess
Product : Fedora EPEL 6
Version : 0.8
Release : 1.el6
URL : http://goaccess.prosoftcorp.com/
Summary : Apache Log Analyzer
Description :
Open source real-time web log analyzer and interactive viewer that runs
in a terminal in *nix systems. It provides fast and valuable HTTP statistics
for system administrators that require a visual server report on the fly.
--------------------------------------------------------------------------------
Update Information:
Changes to GoAccess 0.8 - Tuesday, May 20, 2014
* Added APT-HTTP to the list of browsers.
* Added data persistence and ability to load data from disk.
* Added IE11 to the list of browsers.
* Added IEMobile to the list of browsers.
* Added multiple command line options.
* Added Nagios check_http to the list of browsers.
* Added parsing progress metrics - total requests / requests per second.
* Added the ability to parse a GeoLiteCity.dat to get the city given an IPv4.
* Change the way the configuration file is parsed. This will parse all configuration options under ~/.goaccessrc or the specified config file and will feed getopt_long with the extracted key/value pairs. This also allows the ability to have comments on the config file which won't be overwritten.
* Ensure autoconf determines the location of ncurses headers.
* Fixed issue where geo_location_data was NULL.
* Fixed issue where GoAccess did not run without a tty allocated to it.
* Fixed potential memory leak on --log-file realpath().
* Fixed Solaris build errors.
* Implemented an on-memory hash database using Tokyo Cabinet. This implementation allows GoAccess not to rely on GLib's hash table if one is needed.
* Implemented large file support using an on-disk B+ Tree database. This implementation allows GoAccess not to hold everything in memory but instead it uses an on-disk B+ Tree database.
* Trimmed leading and trailing whitespaces from keyphrases module.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update goaccess' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 10 months
Fedora EPEL 6 Update: RdRand-2.0.0-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1498
2014-05-25 17:02:21
--------------------------------------------------------------------------------
Name : RdRand
Product : Fedora EPEL 6
Version : 2.0.0
Release : 1.el6
URL : http://github.com/BroukPytlik/RdRand
Summary : Library for generating random numbers using the RdRand instruction on Intel CPUs
Description :
RdRand is an instruction for returning random numbers from an Intel on-chip
hardware random number generator.RdRand is available in Ivy Bridge and later
processors.
It uses cascade construction, combining a HW RNG operating at 3Gbps with CSPRNG
with all components sealed on CPU. The entropy source is a meta-stable circuit,
with unpredictable behavior based on thermal noise. The entropy is fed into
a 3:1 compression ratio entropy extractor (whitener) based on AES-CBC-MAC.
Online statistical tests are performed at this stage and only high quality
random data are used as the seed for cryptograhically secure SP800-90 AES-CTR
DRBG compliant PRNG.
This generator is producing maximum of 512 128-bit AES blocks before it's
reseeded. According to documentation the 512 blocks is a upper limit for
reseed, in practice it reseeds much more frequently.
--------------------------------------------------------------------------------
Update Information:
Partial rewriting, added optional AES encryption of generated values.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update RdRand' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 10 months
Fedora EPEL 6 Update: python-aniso8601-0.82-2.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1486
2014-05-24 17:07:18
--------------------------------------------------------------------------------
Name : python-aniso8601
Product : Fedora EPEL 6
Version : 0.82
Release : 2.el6
URL : https://bitbucket.org/nielsenb/aniso8601
Summary : Python 2 library for parsing ISO 8601 strings
Description :
This is a Python 2 library for parsing date strings
in ISO 8601 format into datetime format.
--------------------------------------------------------------------------------
Update Information:
After small correction in specfile, python-aniso8601 is now able to be built for EL6, so this is new package for EL6.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-aniso8601' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 10 months
[SECURITY] Fedora EPEL 6 Update: moodle-2.4.10-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1475
2014-05-24 17:06:40
--------------------------------------------------------------------------------
Name : moodle
Product : Fedora EPEL 6
Version : 2.4.10
Release : 1.el6
URL : http://moodle.org/
Summary : A Course Management System
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.
--------------------------------------------------------------------------------
Update Information:
Moodle upstream has released versions 2.7, 2.6.3, 2.5.6, and 2.4.10 to fix the following security flaws:
CVE-2014-0213 MSA-14-0014: Cross-site request forgery possible in Assignment
CVE-2014-0214 MSA-14-0015: Web service token expiry issue for MoodleMobile
CVE-2014-0215 MSA-14-0016: Anonymous student identity revealed in assignment
CVE-2014-0216 MSA-14-0017: File access issue in HTML block
CVE-2014-0217 MSA-14-0018: Information leak in courses
CVE-2014-0218 MSA-14-0019: Reflected XSS in URL downloader repository
For a full summary and patch links, refer to the following:
http://seclists.org/oss-sec/2014/q2/329
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1099766 - CVE-2014-0218 CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1099766
[ 2 ] Bug #1099765 - CVE-2014-0218 CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1099765
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update moodle' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 10 months
Fedora EPEL 6 Update: mimedefang-2.75-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1490
2014-05-24 17:07:30
--------------------------------------------------------------------------------
Name : mimedefang
Product : Fedora EPEL 6
Version : 2.75
Release : 1.el6
URL : http://www.mimedefang.org/
Summary : E-Mail filtering framework using Sendmail's Milter interface
Description :
MIMEDefang is an e-mail filter program which works with Sendmail 8.12
and later. It filters all e-mail messages sent via SMTP. MIMEDefang
splits multi-part MIME messages into their components and potentially
deletes or modifies the various parts. It then reassembles the parts
back into an e-mail message and sends it on its way.
There are some caveats you should be aware of before using MIMEDefang.
MIMEDefang potentially alters e-mail messages. This breaks a "gentleman's
agreement" that mail transfer agents do not modify message bodies. This
could cause problems, for example, with encrypted or signed messages.
--------------------------------------------------------------------------------
Update Information:
Upstream changes for MIMEDefang 2.75:
* Many cosmetic improvements to watch-multiple-mimedefangs.tcl
* Fix md_get_bogus_mx_hosts so it checks A records iff a domain has no MX records
* Add a forward declaration of rebuild_entity to avoid warnings on recent Perl versions
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update mimedefang' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 10 months
Fedora EPEL 6 Update: thunderbird-lightning-2.6.5-2.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1468
2014-05-20 16:19:26
--------------------------------------------------------------------------------
Name : thunderbird-lightning
Product : Fedora EPEL 6
Version : 2.6.5
Release : 2.el6
URL : http://www.mozilla.org/projects/calendar/lightning/
Summary : The calendar extension to Thunderbird
Description :
Lightning brings the Sunbird calendar to the popular email client,
Mozilla Thunderbird. Since it's an extension, Lightning is tightly
integrated with Thunderbird, allowing it to easily perform email-related
calendaring tasks.
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.5
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update thunderbird-lightning' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 10 months
Fedora EPEL 6 Update: pigz-2.3.1-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1470
2014-05-20 16:19:30
--------------------------------------------------------------------------------
Name : pigz
Product : Fedora EPEL 6
Version : 2.3.1
Release : 1.el6
URL : http://www.zlib.net/pigz/
Summary : Parallel implementation of gzip
Description :
pigz, which stands for parallel implementation of gzip,
is a fully functional replacement for gzip that exploits
multiple processors and multiple cores to the hilt when compressing data.
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.1
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update pigz' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 10 months
Fedora EPEL 6 Update: python-junitxml-0.7-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1430
2014-05-16 02:23:20
--------------------------------------------------------------------------------
Name : python-junitxml
Product : Fedora EPEL 6
Version : 0.7
Release : 1.el6
URL : https://launchpad.net/pyjunitxml
Summary : PyJUnitXML, a pyunit extension to output JUnit compatible XML
Description :
PyJUnitXML
==========
A Python unittest TestResult that outputs JUnit
compatible XML.
--------------------------------------------------------------------------------
Update Information:
Initial package. pyunit extension to output JUnit compatible XML
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1093406 - Review Request: python-junitxml - pyunit extension to output JUnit compatible XML
https://bugzilla.redhat.com/show_bug.cgi?id=1093406
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-junitxml' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 10 months
Fedora EPEL 5 Update: thunderbird-lightning-2.6.5-2.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1467
2014-05-20 16:19:24
--------------------------------------------------------------------------------
Name : thunderbird-lightning
Product : Fedora EPEL 5
Version : 2.6.5
Release : 2.el5
URL : http://www.mozilla.org/projects/calendar/lightning/
Summary : The calendar extension to Thunderbird
Description :
Lightning brings the Sunbird calendar to the popular email client,
Mozilla Thunderbird. Since it's an extension, Lightning is tightly
integrated with Thunderbird, allowing it to easily perform email-related
calendaring tasks.
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.5
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update thunderbird-lightning' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 10 months