[EPEL-devel] Fedora EPEL 6 updates-testing report

updates Tue, 04 Apr 2017 14:18:12 -0700

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 636  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031   
python-virtualenv-12.0.7-1.el6
 630  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168   
rubygem-crack-0.3.2-2.el6
 520  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb   
mcollective-2.8.4-1.el6
 491  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9   
thttpd-2.25b-24.el6
 222  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53   
chicken-4.11.0-3.el6
 102  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac   
libbsd-0.8.3-2.el6
  52  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-acd2c2af0d   
nagios-4.2.4-4.el6
  11  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-da3e5ef08f   
tcpreplay-4.2.1-1.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-68aef427a4   
php-horde-Horde-Crypt-2.7.6-1.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-def12f5099   
libupnp-1.6.21-1.el6



The following builds have been pushed to Fedora EPEL 6 updates-testing

    libglvnd-0.2.999-14.20170308git8e6e102.el6
    libupnp-1.6.21-1.el6
    open-vm-tools-10.1.5-6.el6
    php-horde-Horde-Crypt-2.7.6-1.el6

Details about builds:


================================================================================
 libglvnd-0.2.999-14.20170308git8e6e102.el6 (FEDORA-EPEL-2017-fe81b727ea)
 The GL Vendor-Neutral Dispatch library
--------------------------------------------------------------------------------
Update Information:

* Fix conditionals for _without_mesa_glvnd_default * Fix other RHEL-
conditionals, too * Update RPM filters for private libraries (includes GLX,
fixes RHEL 6). * Update to latest snapshot, remove upstreamed patches. * Update
release to packaging guidelines format. * Make sure that for Fedora 24 and RHEL
the libraries are always private.
--------------------------------------------------------------------------------


================================================================================
 libupnp-1.6.21-1.el6 (FEDORA-EPEL-2017-def12f5099)
 Universal Plug and Play (UPnP) SDK
--------------------------------------------------------------------------------
Update Information:

Long standing security bugs fixed through update to version 1.6.21.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1437143 - Plans for EPEL 6
        https://bugzilla.redhat.com/show_bug.cgi?id=1437143
  [ 2 ] Bug #1388774 - CVE-2016-8863 libupnp: Heap buffer overflow in the 
create_url_list function [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1388774
  [ 3 ] Bug #1358614 - CVE-2016-6255 libupnp: Unhandled POSTs can write to the 
filesystem by default [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1358614
  [ 4 ] Bug #1358352 - libupnp: Upload arbitrary file via POST [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1358352
  [ 5 ] Bug #1146033 - libupnp: security and critical bug fixes [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1146033
  [ 6 ] Bug #905578 - CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 
CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 ibupnp: Multiple 
stack-based buffer overflows in unique_service_name() by processing 
specially-crafted SSDP request (VU#922681) [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=905578
--------------------------------------------------------------------------------


================================================================================
 open-vm-tools-10.1.5-6.el6 (FEDORA-EPEL-2017-cdcc212f16)
 Open Virtual Machine Tools for virtual machines hosted on VMware
--------------------------------------------------------------------------------
Update Information:

Fix incorrect udev rules installation.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1438481 - open-vm-tools 10.1.5 installs 99-vmware-scsi-udev.rules 
to wrong location
        https://bugzilla.redhat.com/show_bug.cgi?id=1438481
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Crypt-2.7.6-1.el6 (FEDORA-EPEL-2017-68aef427a4)
 Horde Cryptography API
--------------------------------------------------------------------------------
Update Information:

**Horde_Crypt 2.7.6**  * [mjr] SECURITY: Fix remote code execution vulnerability
(**CVE-2017-7413**, and **CVE-2017-7414**).
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[EPEL-devel] Fedora EPEL 6 updates-testing report

Reply via email to