The following Fedora EPEL 6 Security updates need testing:
Age URL
974 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
864 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
836 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
447 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
176 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4c76ddcc92
libmspack-0.6-0.1.alpha.el6
95 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6aaee32b7e
optipng-0.7.6-6.el6
67 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c9006d462
heimdal-7.5.0-1.el6
62 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4
rootsh-1.5.3-17.el6
18 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-5d12c76136
drupal7-7.57-1.el6
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a27d71c715
pax-utils-1.2.3-1.el6
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-4bcfff2d5e
tor-0.2.9.15-1.el6
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-0f3319c1ea
php-simplesamlphp-saml2_1-1.10.6-1.el6
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-57cbc61216
php-simplesamlphp-saml2-2.3.8-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-910749f9c8
exim-4.90.1-3.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
dictd-1.12.1-20.el6
monitorix-3.10.1-1.el6
Details about builds:
================================================================================
dictd-1.12.1-20.el6 (FEDORA-EPEL-2018-229e4b4653)
DICT protocol (RFC 2229) server and command-line client
--------------------------------------------------------------------------------
Update Information:
Fix packaging for EL-6 (don't confuse systemd service with the old initd
script).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1444555 - dictd-server includes a wrong kind of initscript
https://bugzilla.redhat.com/show_bug.cgi?id=1444555
--------------------------------------------------------------------------------
================================================================================
monitorix-3.10.1-1.el6 (FEDORA-EPEL-2018-10ff026fa8)
A free, open source, lightweight system monitoring tool
--------------------------------------------------------------------------------
Update Information:
Prior Monitorix versions are vulnerable to cross-site scripting (XSS), caused by
improper validation of user-supplied input by the monitorix.cgi file. A remote
attacker could exploit this vulnerability using some of the arguments provided
(graph= or when=) in a specially-crafted URL to execute script in a victim's Web
browser within the security context of the hosting Web site, once the URL is
clicked. An attacker could use this vulnerability to steal the victim's cookie-
based authentication credentials. I would like to thank Sebastian Gilon from
TestArmy for reporting that issue. The rest of bugs fixed are, as always,
reflected in the Changes file. All users still using older versions are advised
and encouraged to upgrade to this version, which resolves this security issue.
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
