The following Fedora EPEL 8 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-8d638fabd8
restic-0.13.1-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
chromium-102.0.5005.115-1.el8
glances-3.2.5-1.el8
packit-0.53.0-1.el8
resalloc-aws-1.3-1.el8
scitokens-cpp-0.7.1-1.el8
tio-1.40-1.el8
Details about builds:
================================================================================
chromium-102.0.5005.115-1.el8 (FEDORA-EPEL-2022-3a6675bd1a)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to Chromium 102.0.5005.115 (yes, I know there is a newer one, but we need
to get something out now). This also adds the first build of Chromium for
EPEL9, many thanks to all the folks who got the many dependencies built. Fixes:
CVE-2022-1232 CVE-2022-1364 CVE-2022-1633 CVE-2022-1634 CVE-2022-1635
CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640
CVE-2022-1641 CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856
CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861
CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866
CVE-2022-1867 CVE-2022-1868 CVE-2022-1869 CVE-2022-1870 CVE-2022-1871
CVE-2022-1872 CVE-2022-1873 CVE-2022-1874 CVE-2022-1875 CVE-2022-1876
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 10 2022 Tom Callaway <[email protected]> - 102.0.5005.115-1
- update to 102.0.5005.115
* Fri Jun 3 2022 Tom Callaway <[email protected]> - 102.0.5005.61-1
- update to 102.0.5005.61
* Wed Apr 27 2022 Tom Callaway <[email protected]> - 101.0.4951.41-1
- update to 101.0.4951.41
* Thu Apr 21 2022 Tom Callaway <[email protected]> - 100.0.4896.127-1
- update to 100.0.4896.127
* Tue Apr 5 2022 Tom Callaway <[email protected]> - 100.0.4896.75-1
- update to 100.0.4896.75
* Sat Apr 2 2022 Tom Callaway <[email protected]> - 100.0.4896.60-1
- update to 100.0.4896.60
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2071876 - CVE-2022-1232 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2071876
[ 2 ] Bug #2076274 - CVE-2022-1364 Chromium-browser: Type Confusion in V8.
https://bugzilla.redhat.com/show_bug.cgi?id=2076274
[ 3 ] Bug #2084016 - CVE-2022-1633 chromium-browser: Use after free in
Sharesheet
https://bugzilla.redhat.com/show_bug.cgi?id=2084016
[ 4 ] Bug #2084017 - CVE-2022-1634 chromium-browser: Use after free in
Browser UI
https://bugzilla.redhat.com/show_bug.cgi?id=2084017
[ 5 ] Bug #2084018 - CVE-2022-1635 chromium-browser: Use after free in
Permission Prompts
https://bugzilla.redhat.com/show_bug.cgi?id=2084018
[ 6 ] Bug #2084019 - CVE-2022-1636 chromium-browser: Use after free in
Performance APIs
https://bugzilla.redhat.com/show_bug.cgi?id=2084019
[ 7 ] Bug #2084020 - CVE-2022-1637 chromium-browser: Inappropriate
implementation in Web Contents
https://bugzilla.redhat.com/show_bug.cgi?id=2084020
[ 8 ] Bug #2084021 - CVE-2022-1638 chromium-browser: Heap buffer overflow in
V8 Internationalization
https://bugzilla.redhat.com/show_bug.cgi?id=2084021
[ 9 ] Bug #2084022 - CVE-2022-1639 chromium-browser: Use after free in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=2084022
[ 10 ] Bug #2084023 - CVE-2022-1640 chromium-browser: Use after free in
Sharing
https://bugzilla.redhat.com/show_bug.cgi?id=2084023
[ 11 ] Bug #2084024 - CVE-2022-1641 chromium-browser: Use after free in Web
UI Diagnostics
https://bugzilla.redhat.com/show_bug.cgi?id=2084024
[ 12 ] Bug #2090284 - CVE-2022-1853 chromium-browser: Use after free in
Indexed DB
https://bugzilla.redhat.com/show_bug.cgi?id=2090284
[ 13 ] Bug #2090285 - CVE-2022-1854 chromium-browser: Use after free in ANGLE
https://bugzilla.redhat.com/show_bug.cgi?id=2090285
[ 14 ] Bug #2090286 - CVE-2022-1855 chromium-browser: Use after free in
Messaging
https://bugzilla.redhat.com/show_bug.cgi?id=2090286
[ 15 ] Bug #2090287 - CVE-2022-1856 chromium-browser: Use after free in User
Education
https://bugzilla.redhat.com/show_bug.cgi?id=2090287
[ 16 ] Bug #2090288 - CVE-2022-1857 chromium-browser: Insufficient policy
enforcement in File System API
https://bugzilla.redhat.com/show_bug.cgi?id=2090288
[ 17 ] Bug #2090289 - CVE-2022-1858 chromium-browser: Out of bounds read in
DevTools
https://bugzilla.redhat.com/show_bug.cgi?id=2090289
[ 18 ] Bug #2090290 - CVE-2022-1859 chromium-browser: Use after free in
Performance Manager
https://bugzilla.redhat.com/show_bug.cgi?id=2090290
[ 19 ] Bug #2090291 - CVE-2022-1860 chromium-browser: Use after free in UI
Foundations
https://bugzilla.redhat.com/show_bug.cgi?id=2090291
[ 20 ] Bug #2090292 - CVE-2022-1861 chromium-browser: Use after free in
Sharing
https://bugzilla.redhat.com/show_bug.cgi?id=2090292
[ 21 ] Bug #2090293 - CVE-2022-1862 chromium-browser: Inappropriate
implementation in Extensions
https://bugzilla.redhat.com/show_bug.cgi?id=2090293
[ 22 ] Bug #2090294 - CVE-2022-1863 chromium-browser: Use after free in Tab
Groups
https://bugzilla.redhat.com/show_bug.cgi?id=2090294
[ 23 ] Bug #2090295 - CVE-2022-1864 chromium-browser: Use after free in
WebApp Installs
https://bugzilla.redhat.com/show_bug.cgi?id=2090295
[ 24 ] Bug #2090296 - CVE-2022-1865 chromium-browser: Use after free in
Bookmarks
https://bugzilla.redhat.com/show_bug.cgi?id=2090296
[ 25 ] Bug #2090297 - CVE-2022-1866 chromium-browser: Use after free in
Tablet Mode
https://bugzilla.redhat.com/show_bug.cgi?id=2090297
[ 26 ] Bug #2090298 - CVE-2022-1867 chromium-browser: Insufficient validation
of untrusted input in Data Transfer
https://bugzilla.redhat.com/show_bug.cgi?id=2090298
[ 27 ] Bug #2090299 - CVE-2022-1868 chromium-browser: Inappropriate
implementation in Extensions API
https://bugzilla.redhat.com/show_bug.cgi?id=2090299
[ 28 ] Bug #2090300 - CVE-2022-1869 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2090300
[ 29 ] Bug #2090303 - CVE-2022-1870 chromium-browser: Use after free in App
Service
https://bugzilla.redhat.com/show_bug.cgi?id=2090303
[ 30 ] Bug #2090304 - CVE-2022-1871 chromium-browser: Insufficient policy
enforcement in File System API
https://bugzilla.redhat.com/show_bug.cgi?id=2090304
[ 31 ] Bug #2090305 - CVE-2022-1872 chromium-browser: Insufficient policy
enforcement in Extensions API
https://bugzilla.redhat.com/show_bug.cgi?id=2090305
[ 32 ] Bug #2090306 - CVE-2022-1873 chromium-browser: Insufficient policy
enforcement in COOP
https://bugzilla.redhat.com/show_bug.cgi?id=2090306
[ 33 ] Bug #2090307 - CVE-2022-1874 chromium-browser: Insufficient policy
enforcement in Safe Browsing
https://bugzilla.redhat.com/show_bug.cgi?id=2090307
[ 34 ] Bug #2090308 - CVE-2022-1875 chromium-browser: Inappropriate
implementation in PDF
https://bugzilla.redhat.com/show_bug.cgi?id=2090308
[ 35 ] Bug #2090309 - CVE-2022-1876 chromium-browser: Heap buffer overflow in
DevTools
https://bugzilla.redhat.com/show_bug.cgi?id=2090309
--------------------------------------------------------------------------------
================================================================================
glances-3.2.5-1.el8 (FEDORA-EPEL-2022-59cdfb46c4)
A cross-platform curses-based monitoring tool
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2021-23418
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 22 2022 Ali Erdinc Koroglu <[email protected]> - 3.2.5-1
- Update to 3.2.5 (rhbz #1963987 and #1988545)
* Thu Jan 20 2022 Fedora Release Engineering <[email protected]> -
3.1.4.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <[email protected]> -
3.1.4.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <[email protected]> - 3.1.4.1-10
- Rebuilt for Python 3.10
* Tue Jan 26 2021 Fedora Release Engineering <[email protected]> -
3.1.4.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <[email protected]> -
3.1.4.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1963987 - glances: Unsafe XML parsing [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1963987
[ 2 ] Bug #1988545 - CVE-2021-23418 glances: XEE injection via the use of
Fault to parse untrusted XML data [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1988545
--------------------------------------------------------------------------------
================================================================================
packit-0.53.0-1.el8 (FEDORA-EPEL-2022-546f3ae714)
A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:
New upstream release: 0.53.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 22 2022 Packit <[email protected]> - 0.53.0-1
- Packit now works with Bodhi 5 and Bodhi 6 authentication mechanism. (#1629)
- Git ref name that Packit works with during `propose-downstream` is now made
more obvious in logs. (#1626)
- Packit now correctly handles creation of custom archives in root while a
specfile is in a subdirectory. (#1622)
- Creation of a Bodhi update will not timeout anymore as Packit is now using a
more efficient way of obtaining the latest build in a release. (#1612)
--------------------------------------------------------------------------------
================================================================================
resalloc-aws-1.3-1.el8 (FEDORA-EPEL-2022-34c999ec63)
Resource allocator scripts for AWS
--------------------------------------------------------------------------------
Update Information:
New script resalloc-aws-list
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 22 2022 Pavel Raiskup <[email protected]> 1.3-1
- New script resalloc-aws-list
--------------------------------------------------------------------------------
================================================================================
scitokens-cpp-0.7.1-1.el8 (FEDORA-EPEL-2022-033762bcf7)
C++ Implementation of the SciTokens Library
--------------------------------------------------------------------------------
Update Information:
- Enabling unit tests should not disable install of libraries and binaries -
Warnings as errors option - Convert CMakeLists.txt to "modern" cmake style -
fix apparent fd-leak of sqlite handle
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 22 2022 Derek Weitzel <[email protected]> - 0.7.1-1
- Add scitokens-* binaries to the package
- Bug: close sqlite db handle on return
--------------------------------------------------------------------------------
================================================================================
tio-1.40-1.el8 (FEDORA-EPEL-2022-2acb5da6bf)
Simple TTY terminal I/O application
--------------------------------------------------------------------------------
Update Information:
# tio v1.40 * Add config support for log-strip * Add config support for
hex-mode * Rename `--hex` to `--hex-mode` * Fix completion for `-e`,
`--local-echo` * Ignore newlines in hex output * Fix newline in
`warning_printf()` * Fix `ansi_printf_raw()` in no color mode * Enter non-
interactive mode when piping to tio Add support for a non interactive mode
which allows other application to pipe data to tio which then forwards the data
to the connected serial device. Non ineractive means that tio does not
react to interactive key commands in the incoming stream. This allows users to
pipe binary data directly to the connected serial device. Example use: `$
cat commands.txt | tio /dev/ttyUSB0` * Also strip backspace from log To
make log strip feature consistent so that we remove all unprintable control
characters and escape sequences. * Socket code cleanup * Cleanup man page
* Rename `--log-filename` to `--log-file` * Allow strip escape sequence
characters from log file The log without escape key stripped is like: ```
^M[12:47:17] ACRN:\> ^M[12:47:17] ACRN:\>lasdfjklsdjf ^M ^M[12:47:18] Error:
Invalid command. ^M[12:47:19] ACRN:\> ^M[12:47:26] ACRN:\> ^M[12:47:26]
ACRN:\>sdafkljsdkaljfklsadjflksdjafjsda^H ^H^H... ^M ^M[12:47:31] Error: Invalid
command. ``` After strip escape key, the log is like: ``` [12:49:18]
ACRN:\> [12:49:19] ACRN:\> [12:49:19] ACRN:\>ls [12:49:19] Error: Invalid
command. [12:49:19] ACRN:\> [12:49:19] ACRN:\>dfaslhj [12:49:24] Error: Invalid
command. ``` Beside escape key, it also handle backspace key as well.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Robert Scheck <[email protected]> 1.40-1
- Upgrade to 1.40 (#2098148)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2098148 - tio-1.40 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2098148
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
