April 2020 - epel-package-announce - Fedora Mailing-Lists

Fedora EPEL 7 Update: php-phpseclib-2.0.27-1.el7

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-2221f62c60 2020-04-22 19:13:04.000918 -------------------------------------------------------------------------------- Name : php-phpseclib Product : Fedora EPEL 7 Version : 2.0.27 Release : 1.el7 URL : https://github.com/phpseclib/phpseclib Summary : PHP Secure Communications Library Description : MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509 -------------------------------------------------------------------------------- Update Information: **Version 2.0.27** * SFTP: change the mode with a SETSTAT instead of MKDIR (#1463) * SFTP: make it so extending SFTP class doesn't cause a segfault (#1465) * Random::string didn't always return all the requested bytes (#1466) ---- **Version 2.0.26** * SFTP: another attempt at speeding up uploads (#1455) * SSH2: try logging in with none as an auth method first (#1454) * ASN1: fix for malformed ASN1 strings (#1456) -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 6 2020 Remi Collet <remi(a)remirepo.net> - 2.0.27-1 - update to 2.0.27 * Mon Mar 23 2020 Remi Collet <remi(a)remirepo.net> - 2.0.26-1 - update to 2.0.26 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update php-phpseclib' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora EPEL 7 Update: python-jmespath-0.9.4-1.el7

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-89cb0d7bbb 2020-04-22 19:13:04.000843 -------------------------------------------------------------------------------- Name : python-jmespath Product : Fedora EPEL 7 Version : 0.9.4 Release : 1.el7 URL : https://github.com/jmespath/jmespath.py Summary : JSON Matching Expressions Description : JMESPath allows you to declaratively specify how to extract elements from a JSON document. -------------------------------------------------------------------------------- Update Information: # Ansible * Add python3 subpackage. # python-jmespath * Update to 0.9.4. * Add python3 subpackage. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 5 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 0.9.4-1 - Update to 0.9.4 - Add python3 subpackage * Wed Jan 6 2016 Fabio Alessandro Locati <fabio(a)locati.cc> - 0.9.0-2 - Improve to set the Provides tag for EL6 too -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update python-jmespath' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora EPEL 7 Update: ansible-2.9.6-3.el7

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-89cb0d7bbb 2020-04-22 19:13:04.000843 -------------------------------------------------------------------------------- Name : ansible Product : Fedora EPEL 7 Version : 2.9.6 Release : 3.el7 URL : http://ansible.com Summary : SSH-based configuration management, deployment, and task execution system Description : Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. -------------------------------------------------------------------------------- Update Information: # Ansible * Add python3 subpackage. # python-jmespath * Update to 0.9.4. * Add python3 subpackage. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 6 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 2.9.6-3 - Ship ansible-test in both (py2 and py3) variants * Sun Apr 5 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 2.9.6-2 - Enable python3 subpackage -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update ansible' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

[SECURITY] Fedora EPEL 6 Update: nrpe-4.0.2-1.el6

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-fc983d39e7 2020-04-22 19:09:22.593593 -------------------------------------------------------------------------------- Name : nrpe Product : Fedora EPEL 6 Version : 4.0.2 Release : 1.el6 URL : http://www.nagios.org Summary : Host/service/network monitoring agent for Nagios Description : Nrpe is a system daemon that will execute various Nagios plugins locally on behalf of a remote (monitoring) host that uses the check_nrpe plugin. Various plugins that can be executed by the daemon are available at: http://sourceforge.net/projects/nagiosplug This package provides the core agent. -------------------------------------------------------------------------------- Update Information: New upstream version fixes CVEs -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 7 2020 Martin Jackson <mhjacks(a)swbell.net> - 4.0.2-1 - New upstream version - Update patch for indlude_dir - Fix BZ#1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion - Fix BZ#1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection -------------------------------------------------------------------------------- References: [ 1 ] Bug #1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1816805 [ 2 ] Bug #1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1816816 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update nrpe' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora EPEL 6 Update: prosody-0.11.5-1.el6

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-6804a5d4bf 2020-04-22 19:09:22.593569 -------------------------------------------------------------------------------- Name : prosody Product : Fedora EPEL 6 Version : 0.11.5 Release : 1.el6 URL : https://prosody.im/ Summary : Flexible communications server for Jabber/XMPP Description : Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols. -------------------------------------------------------------------------------- Update Information: Prosody 0.11.5 ============== This release mostly adds command line flags to force foreground or background operation, which replaces and deprecates the `daemonize` option in the config file. Fixes and improvements ---------------------- * prosody / mod_posix: Support for command-line flags to override `daemonize` config option Minor changes ------------- * mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484: Websocket masks pong answer) -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 6 2020 Robert Scheck <robert(a)fedoraproject.org> 0.11.5-1 - Upgrade to 0.11.5 (#1816855) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1816855 - prosody-0.11.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1816855 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update prosody' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora EPEL 6 Update: php-phpseclib-2.0.27-1.el6

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-cdd04820fb 2020-04-22 19:09:22.593284 -------------------------------------------------------------------------------- Name : php-phpseclib Product : Fedora EPEL 6 Version : 2.0.27 Release : 1.el6 URL : https://github.com/phpseclib/phpseclib Summary : PHP Secure Communications Library Description : MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509 -------------------------------------------------------------------------------- Update Information: **Version 2.0.27** * SFTP: change the mode with a SETSTAT instead of MKDIR (#1463) * SFTP: make it so extending SFTP class doesn't cause a segfault (#1465) * Random::string didn't always return all the requested bytes (#1466) ---- **Version 2.0.26** * SFTP: another attempt at speeding up uploads (#1455) * SSH2: try logging in with none as an auth method first (#1454) * ASN1: fix for malformed ASN1 strings (#1456) -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 6 2020 Remi Collet <remi(a)remirepo.net> - 2.0.27-1 - update to 2.0.27 * Mon Mar 23 2020 Remi Collet <remi(a)remirepo.net> - 2.0.26-1 - update to 2.0.26 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update php-phpseclib' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora EPEL 8 Update: debbuild-20.04.0-1.el8

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-23531c7f4b 2020-04-22 18:41:46.272377 -------------------------------------------------------------------------------- Name : debbuild Product : Fedora EPEL 8 Version : 20.04.0 Release : 1.el8 URL : https://github.com/debbuild/debbuild Summary : Build Debian-compatible .deb packages from RPM .spec files Description : debbuild attempts to build Debian-friendly semi-native packages from RPM spec files, RPM-friendly tarballs, and RPM source packages (.src.rpm files). It accepts most of the options rpmbuild does, and should be able to interpret most spec files usefully. -------------------------------------------------------------------------------- Update Information: ## Fixes * Shell escaping support has been improved to handle more complex cases * `%patchNNN` macros work, just as `%patch -P NNN` does * Fix processing of `Requires(pre)` and `Requires(preun)` for subpackages * Process `Supplements` in subpackages * Overriding OS macros works as intended now ## Features * New `%__sed_i` macro for using `sed` with inline replacement * `Requires(post)` and `Requires(postun)` now are processed and map to `Depends` * Native support for unpacking Ruby Gem (`.gem`) archives ## Packaging * Switch from `pax` to `spax` for `/usr/bin/pax` to make installable on EL8 -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 20 2020 Neal Gompa <ngompa13(a)gmail.com> - 20.04.0-1 - Rebase to 20.04.0 - Switch pax dependency to spax to fix installability on EL8 * Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 19.11.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1796403 - debbuild-20.04.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1796403 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update debbuild' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

[SECURITY] Fedora EPEL 8 Update: ansible-2.9.7-1.el8

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-5af12f8767 2020-04-22 18:41:46.272359 -------------------------------------------------------------------------------- Name : ansible Product : Fedora EPEL 8 Version : 2.9.7 Release : 1.el8 URL : http://ansible.com Summary : SSH-based configuration management, deployment, and task execution system Description : Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. -------------------------------------------------------------------------------- Update Information: Update to bugfix and security update 2.9.7. See https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v... for detailed changes. ---- Update to upstream 2.9.6 and fix for 2 CVES: CVE-2020-1737, CVE-2020-1739 -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 18 2020 Kevin Fenzi <kevin(a)scrye.com> - 2.9.7-1 - Update to 2.9.7. - fixes CVE-2020-1733 CVE-2020-1735 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753 CVE-2020-10684 CVE-2020-10685 CVE-2020-10691 - Drop the -s from the shebang to allow ansible to use locally installed modules. * Fri Mar 6 2020 Kevin Fenzi <kevin(a)scrye.com> - 2.9.6-1 - Update to 2.9.6. Fixes bug #1810373 - fixes for CVE-2020-1737, CVE-2020-1739 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1805319 - CVE-2020-1740 ansible: secrets readable after ansible-vault edit [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805319 [ 2 ] Bug #1805322 - CVE-2020-1739 ansible: svn module leaks password when specified as a parameter [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805322 [ 3 ] Bug #1805326 - CVE-2020-1738 ansible: module package can be selected by the ansible facts [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805326 [ 4 ] Bug #1805329 - CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not check extracted path [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805329 [ 5 ] Bug #1805332 - CVE-2020-1736 ansible: atomic_move primitive sets permissive permissions [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805332 [ 6 ] Bug #1805336 - CVE-2020-1735 ansible: path injection on dest parameter in fetch module [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805336 [ 7 ] Bug #1805339 - CVE-2020-1734 ansible: shell enabled by default in a pipe lookup plugin subprocess [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805339 [ 8 ] Bug #1805342 - CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805342 [ 9 ] Bug #1808472 - CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and ldap_entry modules [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1808472 [ 10 ] Bug #1810373 - ansible-2.9.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1810373 [ 11 ] Bug #1811933 - CVE-2020-1753 ansible: kubectl connection plugin leaks sensitive information [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1811933 [ 12 ] Bug #1816311 - CVE-2020-10684 ansible: code injection when using ansible_facts as a subkey [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1816311 [ 13 ] Bug #1816312 - CVE-2020-10685 ansible: modules which use files encrypted with vault are not properly cleaned up [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1816312 [ 14 ] Bug #1817979 - CVE-2020-10691 ansible: archive traversal vulnerability in ansible-galaxy collection install [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1817979 [ 15 ] Bug #1825070 - ansible-2.9.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825070 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update ansible' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora EPEL 8 Update: js-jquery-3.5.0-3.el8

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-c1cbf6e822 2020-04-22 18:41:46.272304 -------------------------------------------------------------------------------- Name : js-jquery Product : Fedora EPEL 8 Version : 3.5.0 Release : 3.el8 URL : https://jquery.com/ Summary : JavaScript DOM manipulation, event handling, and AJAX library Description : jQuery is a fast, small, and feature-rich JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility, jQuery has changed the way that millions of people write JavaScript. -------------------------------------------------------------------------------- Update Information: Release Jquery for EPEL 8 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1757437 - jquery for EPEL 8? https://bugzilla.redhat.com/show_bug.cgi?id=1757437 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update js-jquery' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora EPEL 8 Update: ucarp-1.5.2-27.el8

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-bb0d702440 2020-04-22 18:41:46.272289 -------------------------------------------------------------------------------- Name : ucarp Product : Fedora EPEL 8 Version : 1.5.2 Release : 27.el8 URL : http://www.ucarp.org/ Summary : Common Address Redundancy Protocol (CARP) for Unix Description : UCARP allows a couple of hosts to share common virtual IP addresses in order to provide automatic failover. It is a portable userland implementation of the secure and patent-free Common Address Redundancy Protocol (CARP, OpenBSD's alternative to the patents-bloated VRRP). Strong points of the CARP protocol are: very low overhead, cryptographically signed messages, interoperability between different operating systems and no need for any dedicated extra network link between redundant hosts. -------------------------------------------------------------------------------- Update Information: Initial EL-8 build -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1821863 - Please add EPEL8 branch https://bugzilla.redhat.com/show_bug.cgi?id=1821863 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update ucarp' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

epel-package-announce April 2020