The following Fedora EPEL 7 Security updates need testing:
Age URL
374 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
149 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294
cinnamon-3.6.7-5.el7
115 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
113 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
50 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12067fc897
dosbox-0.74.3-2.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-26e64681f6
hostapd-2.9-1.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6e2a2d877a
nfdump-1.6.18-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-1a711333e8
nghttp2-1.31.1-2.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-e1ddf9b607
sleuthkit-4.6.7-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
clamav-0.101.4-1.el7
python3-chardet-3.0.4-1.el7
Details about builds:
================================================================================
clamav-0.101.4-1.el7 (FEDORA-EPEL-2019-ae72f875d9)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.101.4 is a security patch release that addresses the following issues.
- An out of bounds write was possible within ClamAV's NSIS bzip2 library when
attempting decompression in cases where the number of selectors exceeded the max
limit set by the library (CVE-2019-12900). The issue has been resolved by
respecting that limit. Thanks to Martin Simmons for reporting the issue
here. - The zip bomb vulnerability mitigated in 0.101.3 has been assigned
the CVE identifier CVE-2019-12625. Unfortunately, a workaround for the zip-bomb
mitigation was immediately identified. To remediate the zip-bomb scan time
issue, a scan time limit has been introduced in 0.101.4. This limit now resolves
ClamAV's vulnerability to CVE-2019-12625. The default scan time limit is 2
minutes (120000 milliseconds). To customize the time limit: - use the
clamscan --max-scantime option - use the clamd MaxScanTime config option
Libclamav users may customize the time limit using the cl_engine_set_num
function. For example: C cl_engine_set_num(engine,
CL_ENGINE_MAX_SCANTIME, time_limit_milliseconds) Thanks to David Fifield
for reviewing the zip-bomb mitigation in 0.101.3 and reporting the issue.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 22 2019 Orion Poplawski <[email protected]> - 0.101.4-1
- Update to 0.101.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1744273 - clamav-0.101.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1744273
--------------------------------------------------------------------------------
================================================================================
python3-chardet-3.0.4-1.el7 (FEDORA-EPEL-2019-25334ee372)
Character encoding auto-detection in Python
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.4
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 22 2019 Orion Poplawski <[email protected]> - 3.0.4-1
- Update to 3.0.4
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
