The following Fedora EPEL 5 Security updates need testing:
Age URL
731 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-1626
puppet-2.7.26-1.el5
581 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849
sblim-sfcb-1.3.8-2.el5
224 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516
mcollective-2.8.4-1.el5
196 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6
thttpd-2.25b-24.el5
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-81044caedf
GraphicsMagick-1.3.24-1.el5
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ab4074f109
phpMyAdmin4-4.0.10.15-2.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bafacd5846
proftpd-1.3.3g-6.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
R-3.3.0-10.el5
proftpd-1.3.3g-6.el5
Details about builds:
================================================================================
R-3.3.0-10.el5 (FEDORA-EPEL-2016-367d157bc6)
A language for data analysis and graphics
--------------------------------------------------------------------------------
Update Information:
Fix up the last few files where the zlibhack left noise. ---- Finally remove
the last bits of the static library linking flags from the places that are
inherited into CRAN. ---- Really really really fix the el5 build to not have
random and incorrect linkflags that prevent CPAN modules from building. ----
Actually fix CRAN builds by removing invalid linkflags. ---- Fixup libR.pc to
not point to a ton of unnecessary sharedlibs.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1344718 - R-core has references to build directory
https://bugzilla.redhat.com/show_bug.cgi?id=1344718
[ 2 ] Bug #1341771 - Missing dependencies for R-core-devel in EPEL 5 and 6
https://bugzilla.redhat.com/show_bug.cgi?id=1341771
[ 3 ] Bug #1341970 - javareconf fails, because libssh2-devel is missing
https://bugzilla.redhat.com/show_bug.cgi?id=1341970
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3g-6.el5 (FEDORA-EPEL-2016-bafacd5846)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update fixes issues with selection of inappropriate DH parameters, which
could lead to encrypted traffic being more easily decrypted than it should be.
* http://bugs.proftpd.org/show_bug.cgi?id=3868 *
http://bugs.proftpd.org/show_bug.cgi?id=4230 (CVE-2016-3125) The update also
adds support for specifying TLSv1.1 and TLSv1.2, and fixes an SUID/SGID
directory permission setting regression introduced with an earlier update
addressing CVE-2012-6095.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1317420 - CVE-2016-3125 proftpd: usage of 1024 bit DH key even
with manual parameters set
https://bugzilla.redhat.com/show_bug.cgi?id=1317420
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://lists.fedoraproject.org/admin/lists/[email protected]
