[EPEL-devel] Fedora EPEL 8 updates-testing report

updates Tue, 09 Aug 2022 18:41:35 -0700

The following Fedora EPEL 8 Security updates need testing:
 Age  URL
  20  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-89ad385971   
chromium-103.0.5060.114-1.el8



The following builds have been pushed to Fedora EPEL 8 updates-testing

    gsi-openssh-8.0p1-10.el8
    ntfs-3g-2022.5.17-2.el8

Details about builds:


================================================================================
 gsi-openssh-8.0p1-10.el8 (FEDORA-EPEL-2022-394ad1e696)
 An implementation of the SSH protocol with GSI authentication
--------------------------------------------------------------------------------
Update Information:

Sync patches with openssh
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug  9 2022 Mattias Ellert <mattias.ell...@physics.uu.se> - 8.0p1-10
- Based on openssh-8.0p1-13.el8
--------------------------------------------------------------------------------


================================================================================
 ntfs-3g-2022.5.17-2.el8 (FEDORA-EPEL-2022-111c0bd3f5)
 Linux NTFS userspace driver
--------------------------------------------------------------------------------
Update Information:

Update to 2022.5.17.  Fixes: CVE-2021-46790, CVE-2022-30783, CVE-2022-30784,
CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 22 2022 Fedora Release Engineering <rel...@fedoraproject.org> - 
2:2022.5.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jun  8 2022 Richard W.M. Jones <rjo...@redhat.com> - 2:2022.5.17-1
- New upstream version 2022.5.17
- Fixes: CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785,
  CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789
* Thu Jan 20 2022 Fedora Release Engineering <rel...@fedoraproject.org> - 
2:2021.8.22-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Sep 15 2021 Neal Gompa <ngo...@datto.com> - 2:2021.8.22-4
- Restyle the spec for legibility
* Mon Sep 13 2021 Richard W.M. Jones <rjo...@redhat.com> - 2:2021.8.22-3
- Remove unused ntfsprogs/boot.c replacement
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2093307 - CVE-2022-30783 ntfs-3g: invalid return code in 
fuse_kern_mount enables intercepting of libfuse-lite protocol traffic [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2093307
  [ 2 ] Bug #2093317 - CVE-2022-30784 ntfs-3g: crafted NTFS image can cause 
heap exhaustion in ntfs_get_attribute_value [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2093317
  [ 3 ] Bug #2093322 - CVE-2022-30785 ntfs-3g: a file handle created in 
fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory 
read and write operations [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2093322
  [ 4 ] Bug #2093330 - CVE-2022-30786 ntfs-3g: crafted NTFS image can cause a 
heap-based buffer overflow in ntfs_names_full_collate [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2093330
  [ 5 ] Bug #2093335 - CVE-2022-30787 ntfs-3g: integer underflow in 
fuse_lib_readdir enables arbitrary memory read operations [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2093335
  [ 6 ] Bug #2093342 - CVE-2022-30788 ntfs-3g: crafted NTFS image can cause a 
heap-based buffer overflow in ntfs_mft_rec_alloc [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2093342
  [ 7 ] Bug #2093350 - CVE-2022-30789 ntfs-3g: crafted NTFS image can cause a 
heap-based buffer overflow in ntfs_check_log_client_array [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2093350
  [ 8 ] Bug #2093362 - CVE-2021-46790 ntfs-3g: heap-based buffer overflow in 
ntfsck [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2093362
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Fedora EPEL 8 updates-testing report

Reply via email to