[EPEL-devel] Fedora EPEL 5 updates-testing report

updates Tue, 22 Dec 2015 14:48:54 -0800

The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 794  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-11893   
libguestfs-1.20.12-1.el5
 558  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626   
puppet-2.7.26-1.el5
 408  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849   
sblim-sfcb-1.3.8-2.el5
  51  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516   
mcollective-2.8.4-1.el5
  50  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-10d919912b   
git-1.8.2.1-2.el5
  23  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6   
thttpd-2.25b-24.el5
  10  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-481f9cfb21   
shellinabox-2.19-1.el5
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-d1309b0eb2   
libsndfile-1.0.17-8.el5
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-11c5c57d59   
openssl101e-1.0.1e-5.el5



The following builds have been pushed to Fedora EPEL 5 updates-testing

    arprec-2.2.18-1.el5
    openssl101e-1.0.1e-5.el5
    qd-2.3.15-3.el5
    sagator-1.3.1-1.el5
    tcl-mysqltcl-3.052-1.el5

Details about builds:


================================================================================
 arprec-2.2.18-1.el5 (FEDORA-EPEL-2015-ceb0d0c1cc)
 Software package for performing arbitrary precision arithmetic
--------------------------------------------------------------------------------
Update Information:

update qd and arprec to recent version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1290979 - arprec-2.2.18 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1290979
--------------------------------------------------------------------------------


================================================================================
 openssl101e-1.0.1e-5.el5 (FEDORA-EPEL-2015-11c5c57d59)
 A general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:

A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures
using the RSA PSS algorithm. A remote attacked could possibly use this flaw to
crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it
enabled client authentication. (CVE-2015-3194)  A memory leak vulnerability was
found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use
this flaw to cause an application that parses PKCS#7 or CMS data from untrusted
sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)
A race condition flaw, leading to a double free, was found in the way OpenSSL
handled pre-shared key (PSK) identify hints. A remote attacker could use this
flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)
----  The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared libraries
which provide various cryptographic algorithms and protocols.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK 
identify hint
        https://bugzilla.redhat.com/show_bug.cgi?id=1288326
  [ 2 ] Bug #1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak
        https://bugzilla.redhat.com/show_bug.cgi?id=1288322
  [ 3 ] Bug #1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with 
missing PSS parameter
        https://bugzilla.redhat.com/show_bug.cgi?id=1288320
--------------------------------------------------------------------------------


================================================================================
 qd-2.3.15-3.el5 (FEDORA-EPEL-2015-ceb0d0c1cc)
 Double-Double and Quad-Double Arithmetic
--------------------------------------------------------------------------------
Update Information:

update qd and arprec to recent version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1290979 - arprec-2.2.18 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1290979
--------------------------------------------------------------------------------


================================================================================
 sagator-1.3.1-1.el5 (FEDORA-EPEL-2015-9aa897f045)
 Antivirus/anti-spam gateway for smtp server
--------------------------------------------------------------------------------
Update Information:

Update to upstream with clamav-0.99 support.
--------------------------------------------------------------------------------


================================================================================
 tcl-mysqltcl-3.052-1.el5 (FEDORA-EPEL-2015-92439702b4)
 MySQL interface for Tcl
--------------------------------------------------------------------------------
Update Information:

Update to release 3.052 to bugfix an issue related to multi-statement selects
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
http://lists.fedoraproject.org/admin/lists/[email protected]

[EPEL-devel] Fedora EPEL 5 updates-testing report

Reply via email to