The following Fedora EPEL 5 Security updates need testing:
Age URL
654
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
419
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-1.el5
268
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3.8-2.el5
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7293/mantis-1.2.19-3.el5
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7340/drupal6-cck-2.10-1.el5
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7337/lighttpd-1.4.36-1.el5
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7370/wordpress-4.2.4-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
globus-gass-cache-9.7-1.el5
globus-gram-job-manager-14.27-1.el5
globus-proxy-utils-6.13-1.el5
globus-simple-ca-4.22-1.el5
openvpn-2.3.8-1.el5
pcp-3.10.6-1.el5
wordpress-4.2.4-1.el5
Details about builds:
================================================================================
globus-gass-cache-9.7-1.el5 (FEDORA-EPEL-2015-7508)
Globus Toolkit - Globus Gass Cache
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for
globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling
causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager
cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <[email protected]> - 9.7-1
- GT6 update: GT-618: GASS Cache error mishandling causes crash
* Wed Jun 17 2015 Fedora Release Engineering <[email protected]>
- 9.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-14.27-1.el5 (FEDORA-EPEL-2015-7508)
Globus Toolkit - GRAM Jobmanager
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for
globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling
causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager
cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <[email protected]> - 14.27-1
- GT6 update: GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
================================================================================
globus-proxy-utils-6.13-1.el5 (FEDORA-EPEL-2015-7508)
Globus Toolkit - Globus GSI Proxy Utility Programs
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for
globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling
causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager
cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <[email protected]> - 6.13-1
- GT6 update: Add explicit name comparison mode selection option
--------------------------------------------------------------------------------
================================================================================
globus-simple-ca-4.22-1.el5 (FEDORA-EPEL-2015-7508)
Globus Toolkit - Simple CA Utility
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for
globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling
causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager
cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <[email protected]> - 4.22-1
- GT6 update: Use 4096-bit RSA key for globus-simple-ca
* Wed Jun 17 2015 Fedora Release Engineering <[email protected]>
- 4.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.8-1.el5 (FEDORA-EPEL-2015-7510)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Jon Ciesla <[email protected]> 2.3.8-1
- 2.3.8
--------------------------------------------------------------------------------
================================================================================
pcp-3.10.6-1.el5 (FEDORA-EPEL-2015-7514)
System-level performance monitoring and performance management
--------------------------------------------------------------------------------
Update Information:
Primarily bugfix release of Performance Co-Pilot.
Most notable change is the packaging split, but there are also a lot of other
new features and bug fixes; see CHANGELOG for details.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Nathan Scott <[email protected]> - 3.10.6-1
- Fix pcp2graphite write method invocation failure (BZ 1243123)
- Reduce diagnostics in pmdaproc unknown state case (BZ 1224431)
- Derived metrics via multiple files, directory expansion (BZ 1235556)
- Update to latest PCP sources.
* Mon Jun 15 2015 Mark Goodwin <[email protected]> - 3.10.5-1
- Provide and use non-exit(1)ing pmGetConfig(3) variant (BZ 1187588)
- Resolve a pmdaproc.sh pmlogger restart regression (BZ 1229458)
- Replacement of pmatop/pcp-atop(1) utility (BZ 1160811, BZ 1018575)
- Reduced installation size for minimal applications (BZ 1182184)
- Ensure pmlogger start scripts wait on pmcd startup (BZ 1185760)
- Need to run pmcd at least once before pmval -L will work (BZ 185749)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1224431 - /var/log/pcp/pmcd/proc.log grows 1MB/day
https://bugzilla.redhat.com/show_bug.cgi?id=1224431
[ 2 ] Bug #1243123 - [abrt] pcp: pcp2graphite:269:<module>:TypeError: write()
takes no keyword arguments
https://bugzilla.redhat.com/show_bug.cgi?id=1243123
[ 3 ] Bug #1229458 - pmda Install should not start pmlogger
https://bugzilla.redhat.com/show_bug.cgi?id=1229458
[ 4 ] Bug #1182184 - reduced installation footprint for minimal pcp
applications
https://bugzilla.redhat.com/show_bug.cgi?id=1182184
[ 5 ] Bug #185749 - Package Updater can't resolve dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=185749
[ 6 ] Bug #1235556 - RFE: Allow inclusion of derived metrics files
https://bugzilla.redhat.com/show_bug.cgi?id=1235556
[ 7 ] Bug #1187588 - PM_CONTEXT_LOCAL crashes process when /etc/pcp.conf is
unreadable
https://bugzilla.redhat.com/show_bug.cgi?id=1187588
[ 8 ] Bug #1018575 - pmatop exceptions need better catching
https://bugzilla.redhat.com/show_bug.cgi?id=1018575
[ 9 ] Bug #1185760 - Default pmlogger config depends on pmcd but doesn't
ensure it is running
https://bugzilla.redhat.com/show_bug.cgi?id=1185760
--------------------------------------------------------------------------------
================================================================================
wordpress-4.2.4-1.el5 (FEDORA-EPEL-2015-7370)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.2.4 Security and Maintenance Release**
WordPress 4.2.4 is now available. This is a security release for all previous
versions and we strongly encourage you to update your sites immediately.
This release addresses six issues, including three cross-site scripting
vulnerabilities and a potential SQL injection that could be used to compromise
a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen
Hou-SandĂ of the WordPress security team, Netanel Rubin of Check Point, and
Ivan Grigorov. It also includes a fix for a potential timing side-channel
attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker
from locking a post from being edited, discovered by Mohamed A. Baset.
Our thanks to those who have practiced responsible disclosure of security
issues.
WordPress 4.2.4 also fixes four bugs. For more information, see:
the release notes or consult the list of changes.
* the release notes: https://codex.wordpress.org/Version_4.2.4
* the list of changes:
https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396
**WordPress 4.2.3 Security and Maintenance Release**
WordPress 4.2.3 is now available. This is a security release for all previous
versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting
vulnerability, which could allow users with the Contributor or Author role to
compromise a site. This was initially reported by Jon Cave and fixed by Robert
Chapin, both of the WordPress security team, and later reported by Jouko
Pynnönen.
We also fixed an issue where it was possible for a user with Subscriber
permissions to create a draft through Quick Draft. Reported by Netanel Rubin
from Check Point Software Technologies.
Our thanks to those who have practiced responsible disclosure of security
issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information,
see:
* the release notes: https://codex.wordpress.org/Version_4.2.3
* the list of changes:
https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 4 2015 Remi Collet <[email protected]> - 4.2.4-1
- WordPress 4.2.4 Security and Maintenance Release
* Fri Jul 24 2015 Remi Collet <[email protected]> - 4.2.3-1
- WordPress 4.2.3 Security and Maintenance Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246396 - CVE-2015-5622 CVE-2015-5623 wordpress: cross-site
scripting and permission issue fixed in wordpress 4.2.3
https://bugzilla.redhat.com/show_bug.cgi?id=1246396
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
