The following Fedora EPEL 7 Security updates need testing:
Age URL
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-568a1eb67d
btrbk-0.31.3-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-2d515d4692
binaryen-104-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-673d6fb241
libmetalink-0.1.3-5.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4dd661d32b
prosody-0.11.12-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-04da0327c7
clamav-0.103.5-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-f37ca1b24a
guacamole-server-1.4.0-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
R-Rcpp-1.0.8-1.el7
zabbix40-4.0.37-1.el7
zabbix50-5.0.19-1.el7
Details about builds:
================================================================================
R-Rcpp-1.0.8-1.el7 (FEDORA-EPEL-2022-b960664faa)
Seamless R and C++ Integration
--------------------------------------------------------------------------------
Update Information:
Rcpp 1.0.8
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2022 Mattias Ellert <[email protected]> - 1.0.8-1
- Update to 1.0.8
* Wed Jul 21 2021 Fedora Release Engineering <[email protected]> -
1.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jul 21 2021 Tom Callaway <[email protected]> - 1.0.7-2
- rebuild for R 4.1.0 (epel8)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2041330 - Version 1.0.8 was released, please update it.
https://bugzilla.redhat.com/show_bug.cgi?id=2041330
--------------------------------------------------------------------------------
================================================================================
zabbix40-4.0.37-1.el7 (FEDORA-EPEL-2022-92a697e332)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
Update to 4.0.37 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2022 Orion Poplawski <[email protected]> - 4.0.37-1
- Update to 4.0.37 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2040749 - CVE-2022-23131 zabbix: Unsafe client-side session
storage leading to authentication bypass / instance takeover via Zabbix
Frontend with configured SAML
https://bugzilla.redhat.com/show_bug.cgi?id=2040749
--------------------------------------------------------------------------------
================================================================================
zabbix50-5.0.19-1.el7 (FEDORA-EPEL-2022-c99f63fce9)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
Update to 5.0.19 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2022 Orion Poplawski <[email protected]> - 5.0.19-1
- Update to 5.0.19 (CVE-2022-23132, CVE-2022-23133, CVE-2022-23134)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2040748 - CVE-2022-23134 zabbix50: zabbix: Possible view of the
setup pages by unauthenticated users if config file already exists [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2040748
[ 2 ] Bug #2040752 - CVE-2022-23131 zabbix50: zabbix: Unsafe client-side
session storage leading to authentication bypass / instance takeover via Zabbix
Frontend with configured SAML [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2040752
[ 3 ] Bug #2040757 - CVE-2022-23132 zabbix50: zabbix: Incorrect permissions
of [/var/run/zabbix] forces dac_override [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2040757
[ 4 ] Bug #2040761 - CVE-2022-23133 zabbix50: zabbix: Stored XSS in host
groups configuration window in Zabbix Frontend [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2040761
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
