The following Fedora EPEL 8 Security updates need testing:
Age URL
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2
xpdf-4.06-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f1e00653f9
suricata-7.0.13-1.el8
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-3e0de9b3c4
tinyproxy-1.11.2-5.el8
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-730a1d821d
apptainer-1.4.5-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
nordugrid-arc-nagios-plugins-3.2.3-2.el8
openssl3-3.5.1-6.1.el8
singularity-ce-4.3.5-1.el8
Details about builds:
================================================================================
nordugrid-arc-nagios-plugins-3.2.3-2.el8 (FEDORA-EPEL-2025-d41660755e)
Nagios plugins for ARC
--------------------------------------------------------------------------------
Update Information:
Add dependecy on nordugrid-arc-plugins-gridftp to EGI configuration
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Mattias Ellert <[email protected]> - 3.2.3-2
- Add dependecy on nordugrid-arc-plugins-gridftp to EGI configuration
--------------------------------------------------------------------------------
================================================================================
openssl3-3.5.1-6.1.el8 (FEDORA-EPEL-2025-8e15323af1)
Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Rebase to latest c9s openssl
Security Fix(es):
openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Michel Lind <[email protected]> - 3.5.1-6.1
- Merge c9s openssl changes to pick up CVE fixes
Resolves: RHBZ#2400659
* Thu Oct 23 2025 Pavol ŽáÄik <[email protected]> - 1:3.5.1-6
- Fix CVE-2025-9230
Resolves: RHEL-115928
* Fri Sep 5 2025 Pavol ŽáÄik <[email protected]> - 1:3.5.1-5
- Fix globally disabled LTO
Related: RHEL-111633
* Thu Aug 28 2025 Pavol ŽáÄik <[email protected]> - 1:3.5.1-4
- Make openssl speed test signatures without errors
Resolves: RHEL-95502
- Build tests in check and without LTO
Resolves: RHEL-111633
* Thu Jul 17 2025 Simo Sorce <[email protected]> - 1:3.5.1-3
- Add custom define to disable symbol versioning in downstream patched code
Also add stricter Suggests for openssl-fips-provider
Resolves: RHEL-104236
- Fix Requires/Provider to fix default install of fips providers
Resolves: RHEL-104856
* Wed Jul 16 2025 Simo Sorce <[email protected]> - 1:3.5.1-2
- Move fips.so to a seprate subpackage
Reverts FIPS self test for SLH-DSA
Add Suggests to try to prefer the openssl-fips-provider package
over the fips-provider-next package by default
Revolves: RHEL-102408
Related: RHEL-80854
* Tue Jul 1 2025 Dmitry Belyavskiy <[email protected]> - 1:3.5.1-1
- Rebasing to OpenSSL 3.5.1
Resolves: RHEL-97797
Resolves: RHEL-98723
Resolves: RHEL-99352
* Mon Jun 2 2025 Dmitry Belyavskiy <[email protected]> - 1:3.5.0-4
- Compact patches for better maintainability
Related: RHEL-80854
- Make hybrid MLKEM work with our FIPS provider (3.0.7)
Resolves: RHEL-95239
* Thu May 22 2025 Dmitry Belyavskiy <[email protected]> - 1:3.5.0-3
- Fix regressions caused by rebase to OpenSSL 3.5
Related: RHEL-80854
* Fri May 2 2025 Dmitry Belyavskiy <[email protected]> - 1:3.5.0-2
- OpenSSL ignores "rh-allow-sha1-signatures = yes" option on RHEL-9
Resolves: RHEL-88910
- PKCS#12 should not default to pbmac1 in FIPS mode in RHEL-9
Resolves: RHEL-88912
- Fix `openssl speed` running in FIPS mode
Resolves: RHEL-89860
- pkeyutl ecdsa signature with sha1 shouldn't work by default
Resolves: RHEL-89861
- Expose settable params for EVP_SKEY
Resolves: RHEL-89862
- Restore RHEL9-style indicators defines
Resolves: RHEL-89859
- Enable sslkeylog support
Resolves: RHEL-90854
* Wed Apr 16 2025 Dmitry Belyavskiy <[email protected]> - 1:3.5.0-1
- Rebasing OpenSSL to 3.5
Resolves: RHEL-80854
Resolves: RHEL-50208
Resolves: RHEL-50210
Resolves: RHEL-50211
Resolves: RHEL-85954
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400659 - CVE-2025-9230 openssl3: Out-of-bounds read & write in
RFC 3211 KEK Unwrap [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2400659
--------------------------------------------------------------------------------
================================================================================
singularity-ce-4.3.5-1.el8 (FEDORA-EPEL-2025-160e69562b)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Upgrade to 4.3.5 upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 David Trudgian <[email protected]> - 4.3.5-1
- Upgrade to 4.3.5 upstream version.
- Fixes CVE-2025-64750
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
