The following Fedora EPEL 8 Security updates need testing:
Age URL
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-bfde2b0c7c
libspf2-1.2.11-11.20210922git4915c308.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-35a1e9b1b2
exim-4.96.1-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
HepMC3-3.2.7-1.el8
cacti-1.2.25-1.el8
cacti-spine-1.2.25-1.el8
munin-2.0.74-1.el8
nmon-16p-5.el8
partclone-0.3.27-1.el8
rpki-client-8.6-1.el8
rs-20200313-4.el8
Details about builds:
================================================================================
HepMC3-3.2.7-1.el8 (FEDORA-EPEL-2023-bdbacc31e0)
C++ Event Record for Monte Carlo Generators
--------------------------------------------------------------------------------
Update Information:
HepMC3 3.2.7
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Mattias Ellert <[email protected]> - 3.2.7-1
- Update to version 3.2.7
* Wed Jul 19 2023 Fedora Release Engineering <[email protected]> -
3.2.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <[email protected]> - 3.2.6-2
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------
================================================================================
cacti-1.2.25-1.el8 (FEDORA-EPEL-2023-522c9cf128)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
Update cacti and cacti-spine to version 1.2.25. This includes the upstream
fixes for many CVEs.
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Carl George <[email protected]> - 1.2.25-1
- Update to version 1.2.25
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2237580 - CVE-2023-39514 cacti: Cross-Site Scripting vulnerability
with Data Source Name when managing Graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237580
[ 2 ] Bug #2237581 - CVE-2023-39513 cacti: Cross-Site Scripting vulnerability
with Device Name when debugging data queries [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237581
[ 3 ] Bug #2237586 - CVE-2023-39515 cacti: Cross-Site Scripting vulnerability
with Data Source Name when debugging Data Queries [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237586
[ 4 ] Bug #2237589 - CVE-2023-39359 cacti: Authenticated SQL injection
vulnerability when managing graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237589
[ 5 ] Bug #2237591 - CVE-2023-39360 cacti: Cross-Site Scripting vulnerability
when creating new graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237591
[ 6 ] Bug #2237596 - CVE-2023-39361 cacti: Unauthenticated SQL Injection when
viewing graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237596
[ 7 ] Bug #2237599 - CVE-2023-39366 cacti: Cross-Site Scripting vulnerability
with Device Name when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237599
[ 8 ] Bug #2237602 - CVE-2023-39510 cacti: Cross-Site Scripting vulnerability
with Device Name when administrating Reports [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237602
[ 9 ] Bug #2237605 - CVE-2023-39357 cacti: SQL Injection when saving data
with sql_save() [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237605
[ 10 ] Bug #2237608 - CVE-2023-39358 cacti: Authenticated SQL injection
vulnerability when managing reports [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237608
[ 11 ] Bug #2237612 - CVE-2023-39364 cacti: Open redirect in change password
functionality [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237612
[ 12 ] Bug #2237614 - CVE-2023-39365 cacti: SQL Injection when using regular
expressions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237614
[ 13 ] Bug #2237617 - CVE-2023-30534 cacti: Insecure deserialization of
filter data [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237617
[ 14 ] Bug #2237620 - CVE-2023-31132 cacti: Privilege escalation when Cacti
installed using Windows Installer defaults [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237620
[ 15 ] Bug #2237623 - CVE-2023-39362 cacti: Authenticated command injection
when using SNMP options [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237623
[ 16 ] Bug #2237626 - CVE-2023-39516 cacti: Cross-Site Scripting
vulnerability with Data Source Information when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237626
[ 17 ] Bug #2237818 - CVE-2023-39511 cacti: Cross-Site Scripting
vulnerability with Device Name when editing Graphs whilst managing Reports
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237818
[ 18 ] Bug #2242048 - CVE-2023-39512 cacti: Cross-Site Scripting
vulnerability with Device Name when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242048
--------------------------------------------------------------------------------
================================================================================
cacti-spine-1.2.25-1.el8 (FEDORA-EPEL-2023-522c9cf128)
Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:
Update cacti and cacti-spine to version 1.2.25. This includes the upstream
fixes for many CVEs.
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Carl George <[email protected]> - 1.2.25-1
- Update to version 1.2.25
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2237580 - CVE-2023-39514 cacti: Cross-Site Scripting vulnerability
with Data Source Name when managing Graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237580
[ 2 ] Bug #2237581 - CVE-2023-39513 cacti: Cross-Site Scripting vulnerability
with Device Name when debugging data queries [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237581
[ 3 ] Bug #2237586 - CVE-2023-39515 cacti: Cross-Site Scripting vulnerability
with Data Source Name when debugging Data Queries [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237586
[ 4 ] Bug #2237589 - CVE-2023-39359 cacti: Authenticated SQL injection
vulnerability when managing graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237589
[ 5 ] Bug #2237591 - CVE-2023-39360 cacti: Cross-Site Scripting vulnerability
when creating new graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237591
[ 6 ] Bug #2237596 - CVE-2023-39361 cacti: Unauthenticated SQL Injection when
viewing graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237596
[ 7 ] Bug #2237599 - CVE-2023-39366 cacti: Cross-Site Scripting vulnerability
with Device Name when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237599
[ 8 ] Bug #2237602 - CVE-2023-39510 cacti: Cross-Site Scripting vulnerability
with Device Name when administrating Reports [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237602
[ 9 ] Bug #2237605 - CVE-2023-39357 cacti: SQL Injection when saving data
with sql_save() [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237605
[ 10 ] Bug #2237608 - CVE-2023-39358 cacti: Authenticated SQL injection
vulnerability when managing reports [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237608
[ 11 ] Bug #2237612 - CVE-2023-39364 cacti: Open redirect in change password
functionality [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237612
[ 12 ] Bug #2237614 - CVE-2023-39365 cacti: SQL Injection when using regular
expressions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237614
[ 13 ] Bug #2237617 - CVE-2023-30534 cacti: Insecure deserialization of
filter data [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237617
[ 14 ] Bug #2237620 - CVE-2023-31132 cacti: Privilege escalation when Cacti
installed using Windows Installer defaults [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237620
[ 15 ] Bug #2237623 - CVE-2023-39362 cacti: Authenticated command injection
when using SNMP options [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237623
[ 16 ] Bug #2237626 - CVE-2023-39516 cacti: Cross-Site Scripting
vulnerability with Data Source Information when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237626
[ 17 ] Bug #2237818 - CVE-2023-39511 cacti: Cross-Site Scripting
vulnerability with Device Name when editing Graphs whilst managing Reports
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237818
[ 18 ] Bug #2242048 - CVE-2023-39512 cacti: Cross-Site Scripting
vulnerability with Device Name when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242048
--------------------------------------------------------------------------------
================================================================================
munin-2.0.74-1.el8 (FEDORA-EPEL-2023-1ee01b34f6)
Network-wide resource monitoring tool
--------------------------------------------------------------------------------
Update Information:
Upstream update to 2.0.74.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Kim B. Heino <[email protected]> - 2.0.74-1
- Upgrade to 2.0.74
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> -
2.0.73-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
nmon-16p-5.el8 (FEDORA-EPEL-2023-4d55b587e1)
Nigel's performance Monitor for Linux
--------------------------------------------------------------------------------
Update Information:
Update build options and website URL.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 10 2023 Peter Oliver <[email protected]> - 16p-4
- Update build options
- Drop obsolete options.
- Specify the correct build flags for ARM and zSeries.
* Sun Sep 10 2023 Peter Oliver <[email protected]> - 16p-3
- Update website URL.
* Sun Sep 10 2023 Peter Oliver <[email protected]> - 16p-2
- Tidy up old source file.
--------------------------------------------------------------------------------
================================================================================
partclone-0.3.27-1.el8 (FEDORA-EPEL-2023-63c79a4022)
Utility to clone and restore a partition
--------------------------------------------------------------------------------
Update Information:
# partclone v0.3.27 - Update docs - Add read-direct-io and write-direct-op
options for `O_DIRECT` flag - Add date time to log file
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Robert Scheck <[email protected]> 0.3.27-1
- Upgrade to 0.3.27 (#2242163)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242163 - partclone-0.3.27 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2242163
--------------------------------------------------------------------------------
================================================================================
rpki-client-8.6-1.el8 (FEDORA-EPEL-2023-c3bb64683a)
OpenBSD RPKI validator to support BGP Origin Validation
--------------------------------------------------------------------------------
Update Information:
# rpki-client 8.6 - A compliance check was added to ensure the X.509 Subject
only contains `commonName` and optionally `serialNumber`. - A compliance check
was added to ensure the CMS SignedData and SignerInfo versions to be 3. -
Fisher-Yates shuffle the order in which Manifest entries are processed.
Previously, work items were enqueued in the order the CA intended them to appear
on a Manifest. However, there is no obvious benefit to third parties deciding
the order in which things are processed. Now the Manifest ordering is randomized
(as the order has no meaning anyway), and the number of concurrent repository
synchronization operations is limited & timeboxed. - Various refactoring work.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Robert Scheck <[email protected]> 8.6-1
- Upgrade to 8.6 (#2242194)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242194 - rpki-client-8.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2242194
--------------------------------------------------------------------------------
================================================================================
rs-20200313-4.el8 (FEDORA-EPEL-2023-7fe23b07a7)
Reshape a data array
--------------------------------------------------------------------------------
Update Information:
rs reads the standard input, interpreting each line as a row of blank-separated
entries in an array, transforms the array according to the options, and writes
it on the standard output. Numerous options control input, reshaping and output
processing; the simplest usage example is `ls -1 | rs`, which outputs the same
(on an 80-column terminal) as the modern `ls` with no `-1` argument.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 22 2023 Robert Scheck <[email protected]> 20200313-4
- Justify workarounds for Red Hat Enterprise Linux 7 (#2110814 #c3)
* Sat Sep 17 2022 Robert Scheck <[email protected]> 20200313-3
- Update license to SPDX expression
* Wed Jul 27 2022 Robert Scheck <[email protected]> 20200313-2
- Support for Red Hat Enterprise Linux 7 (thanks to Thorsten Glaser)
* Tue Jul 26 2022 Robert Scheck <[email protected]> 20200313-1
- Update to 20200313 (#2110814)
- Initial spec file for Fedora and Red Hat Enterprise Linux
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2110814 - Review Request: rs - Reshape a data array
https://bugzilla.redhat.com/show_bug.cgi?id=2110814
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
