The following Fedora EPEL 5 Security updates need testing:
Age URL
801 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849
sblim-sfcb-1.3.8-2.el5
444 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516
mcollective-2.8.4-1.el5
416 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6
thttpd-2.25b-24.el5
26 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ce45574ab6
libbsd-0.8.3-2.el5
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e541856e99
wordpress-4.7.1-1.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cfdd99a20e
opus-1.0.3-2.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9ec4289f01
python-crypto-2.0.1-6.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
GeoIP-GeoLite-data-2017.01-1.el5
gfal2-python-1.8.5-1.el5
opus-1.0.3-2.el5
python-crypto-2.0.1-6.el5
Details about builds:
================================================================================
GeoIP-GeoLite-data-2017.01-1.el5 (FEDORA-EPEL-2017-39e7e7c55d)
Free GeoLite IP geolocation country database
--------------------------------------------------------------------------------
Update Information:
Periodic database update.
--------------------------------------------------------------------------------
================================================================================
gfal2-python-1.8.5-1.el5 (FEDORA-EPEL-2017-782211f0d1)
Python bindings for gfal 2
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
opus-1.0.3-2.el5 (FEDORA-EPEL-2017-cfdd99a20e)
An audio codec for use in low-delay speech and audio communication
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-0381
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413604 - CVE-2017-0381 opus: Memory corruption during media file
and data processing
https://bugzilla.redhat.com/show_bug.cgi?id=1413604
--------------------------------------------------------------------------------
================================================================================
python-crypto-2.0.1-6.el5 (FEDORA-EPEL-2017-9ec4289f01)
Cryptography library for Python
--------------------------------------------------------------------------------
Update Information:
A heap-buffer overflow vulnerability was discovered in pycrypto leading to
arbitrary code execution. All users of pycrypto's AES module that allow the mode
of operation to be specified by an attacker, check for ECB explicitly and create
the objects without specifying an IV are vulnerable to this issue. This is
CVE-2013-7459.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409754 - CVE-2013-7459 pycrypto: Heap-buffer overflow in
ALGobject structure
https://bugzilla.redhat.com/show_bug.cgi?id=1409754
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
