The following Fedora EPEL 8 Security updates need testing:
Age URL
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-13c6cbc484
python-gnupg-0.4.6-1.el8
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-2f1d845c76
python-rsa-3.4.2-15.el8
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-9239b6fa50
botan2-2.12.1-2.el8
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ff58160b15
libslirp-4.3.1-1.el8
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-672e6676c7
seamonkey-2.53.3-1.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-12d0e14fab
cacti-1.2.13-1.el8 cacti-spine-1.2.13-1.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-1c906e59bb
mbedtls-2.16.7-1.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-442e619b4a
singularity-3.6.0-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-31b5963358
tor-0.4.3.6-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a0f28fffcf
bashtop-0.9.24-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
clamav-0.102.4-1.el8
hxtools-20150304-10.el8
libHX-3.22-12.el8
pam_mount-2.16-10.el8
python-pytest-arraydiff-0.3-6.el8
python-pytest-astropy-0.5.0-4.el8
python-pytest-doctestplus-0.5.0-1.el8
python-pytest-openfiles-0.4.0-1.el8
python-pytest-remotedata-0.3.2-1.el8
Details about builds:
================================================================================
clamav-0.102.4-1.el8 (FEDORA-EPEL-2020-cf34e230c7)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.102.4 is a bug patch release to address the following issues:
CVE-2020-3350 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350>
Fixed a vulnerability a malicious user could exploit to replace a scan target's
directory with a symlink to another path to trick clamscan, clamdscan, or
clamonacc into removing or moving a different file (such as a critical system
file). The issue would affect users that use the --move or --remove options for
clamscan, clamdscan and clamonacc. For more information about AV quarantine
attacks using links, see RACK911 Lab's report
<https://www.rack911labs.com/research/exploiting-almost-every-antivirus-
software>. CVE-2020-3327 <https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2020-3327> Fixed a vulnerability in the ARJ archive-
parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS)
condition. Improper bounds checking resulted in an out-of-bounds read that could
cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete.
This fix correctly resolves the issue. CVE-2020-3481
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481> Fixed a
vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could
cause a denial-of-service (DoS) condition. Improper error handling could cause a
crash due to a NULL pointer dereference. This vulnerability is mitigated for
those using the official ClamAV signature databases because the file type
signatures in daily.cvd will not enable the EGG archive parser in affected
versions.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 17 2020 Orion Poplawski <[email protected]> - 0.102.4-1
- Update to 0.102.4 (bz#1857867,1858262,1858263,1858265,1858266)
- Security fixes CVE-2020-3327 CVE-2020-3350 CVE-2020-3481
* Thu May 28 2020 Orion Poplawski <[email protected]> - 0.102.3-2
- Update clamd README file (bz#1798369)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1858261 - CVE-2020-3350 clamav: malicious user exploit to replace
scan target's directory with symlink
https://bugzilla.redhat.com/show_bug.cgi?id=1858261
[ 2 ] Bug #1858264 - CVE-2020-3481 clamav: improper error handling causing
crash due to NULL pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=1858264
--------------------------------------------------------------------------------
================================================================================
hxtools-20150304-10.el8 (FEDORA-EPEL-2020-3a77a398c3)
A collection of several tools
--------------------------------------------------------------------------------
Update Information:
Add pam_mount and its dependencies hxtools and libHX to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1831692 - Please build pam_mount for epel 8
https://bugzilla.redhat.com/show_bug.cgi?id=1831692
--------------------------------------------------------------------------------
================================================================================
libHX-3.22-12.el8 (FEDORA-EPEL-2020-3a77a398c3)
Useful collection of routines for C and C++ programming
--------------------------------------------------------------------------------
Update Information:
Add pam_mount and its dependencies hxtools and libHX to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1831692 - Please build pam_mount for epel 8
https://bugzilla.redhat.com/show_bug.cgi?id=1831692
--------------------------------------------------------------------------------
================================================================================
pam_mount-2.16-10.el8 (FEDORA-EPEL-2020-3a77a398c3)
A PAM module that can mount volumes for a user session
--------------------------------------------------------------------------------
Update Information:
Add pam_mount and its dependencies hxtools and libHX to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1831692 - Please build pam_mount for epel 8
https://bugzilla.redhat.com/show_bug.cgi?id=1831692
--------------------------------------------------------------------------------
================================================================================
python-pytest-arraydiff-0.3-6.el8 (FEDORA-EPEL-2020-852f880a42)
The py.test arraydiff plugin
--------------------------------------------------------------------------------
Update Information:
Initial EPEL8 package for pytest-arraydiff
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1839559 - Please build python-pytest-arraydiff for EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=1839559
--------------------------------------------------------------------------------
================================================================================
python-pytest-astropy-0.5.0-4.el8 (FEDORA-EPEL-2020-e98f78af82)
The py.test astropy plugin
--------------------------------------------------------------------------------
Update Information:
Initial EPEL8 package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1839558 - Please build python-pytest-astropy for EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=1839558
--------------------------------------------------------------------------------
================================================================================
python-pytest-doctestplus-0.5.0-1.el8 (FEDORA-EPEL-2020-6e520b544d)
The py.test doctestplus plugin
--------------------------------------------------------------------------------
Update Information:
Initial EPEL8 package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1839560 - Please build python-pytest-doctestplus for EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=1839560
--------------------------------------------------------------------------------
================================================================================
python-pytest-openfiles-0.4.0-1.el8 (FEDORA-EPEL-2020-a9d4555e51)
The py.test openfiles plugin
--------------------------------------------------------------------------------
Update Information:
Initial EPEL8 package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1839561 - Please build python-pytest-openfiles for EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=1839561
--------------------------------------------------------------------------------
================================================================================
python-pytest-remotedata-0.3.2-1.el8 (FEDORA-EPEL-2020-3ae64ea8b6)
The py.test remotedata plugin
--------------------------------------------------------------------------------
Update Information:
Initial EPEL8 package for pytest-remotedata
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1839562 - Please build python-pytest-remotedata for EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=1839562
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
