The following Fedora EPEL 6 Security updates need testing:
Age URL
33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b7556983e8
tomcat-7.0.92-1.el6
29 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a0ddb153b8
game-music-emu-0.6.2-1.el6
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f49d74241e
php-horde-Horde-Form-2.0.19-1.el6
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5fba945293
gitolite3-3.6.11-1.el6
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-13717fa751
golang-1.11.4-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
R-3.5.2-2.el6
nagios-4.4.3-1.el6
Details about builds:
R-3.5.2-2.el6 (FEDORA-EPEL-2019-4af4dd7943)
A language for data analysis and graphics
Update Information:
Update R to 3.5.2, update rpy to 2.9.5, rebuild rkward.
ChangeLog:
* Tue Jan 8 2019 Tom Callaway - 3.5.2-2
- handle pcre2 use/detection
* Mon Jan 7 2019 Tom Callaway - 3.5.2-1
- update to 3.5.2
* Fri Dec 7 2018 Tom Callaway - 3.5.1-2
- use absolute path in symlink for latex dir (bz1594102)
nagios-4.4.3-1.el6 (FEDORA-EPEL-2019-17b388679b)
Host/service/network monitoring program
Update Information:
Incorporate many fixes from Justin Paulsen THANKS!!!
Updates to nagios-4.4.2 which is a major update. Fixes CVE's CVE-2018-13441
CVE-2016-8641 Remove section which unset nagios Fix BZ#1568273
ChangeLog:
* Wed Jan 16 2019 Stephen Smoogen - 4.4.3-1
- Incorporate many fixes from Justin Paulsen THANKS!!!
- Update to 4.4.3 for CVE fixes
- BZ#1661479
- BZ#1661480
- BZ#1665200
- BZ#1665201
- BZ#1665206
- BZ#1665207
- BZ#1665209
- BZ#1665210
- Fix BZ#1666209 Add RuntimeDirectory too systemd
* Fri Nov 30 2018 Stephen Smoogen - 4.4.2-3
- Remove systemd startup since built in works properly
- Incorporate fixes from patch14 into patch9
* Thu Nov 29 2018 Stephen Smoogen - 4.4.2-2
- Fix init-type and initdir for systemd and sysv
* Wed Nov 28 2018 Justin Paulsen 4.4.2-1
- Bumped to version 4.4.2
- Updated patches 0001,0002,0003,0006,0009,0010,0011 to reflect upstream changes
- Updates to nagios.spec (this file) to cleanup un-needed elements and
adjust/fix as required
- As a result of the cleanup I have added a patch
nagios-0014-fix-resource.cfg-path.patch
* Tue Jul 24 2018 Stephen Smoogen - 4.3.4-13
- Remove section which unset nagios Fix BZ#1568273
- Remove /etc/nagios/conf.d Fix BZ#1504306
- Change perms on dir Fix BZ#1579935
- Close BZ#1273154
- Hopefully Fix BZ#1201849
- Hopefully Fix BZ#1476238
- Hopefully Fix BZ#1494292
* Fri Jul 13 2018 Fedora Release Engineering -
4.3.4-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Jitka Plesnikova - 4.3.4-11
- Perl 5.28 rebuild
* Thu Apr 26 2018 Stephen Smoogen - 4.3.4-10
- Fix systemd failures due to old versioning.
* Tue Feb 20 2018 Stephen Smoogen - 4.3.4-9
- Add buildrequires for gcc
* Thu Feb 8 2018 Fedora Release Engineering -
4.3.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
References:
[ 1 ] Bug #1661479 - CVE-2018-18245 nagios: Stored XSS via Plugin Output
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1661479
[ 2 ] Bug #1661480 - CVE-2018-18245 nagios: Stored XSS via Plugin Output
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1661480
[ 3 ] Bug #1665200 - CVE-2018-13441 nagios: NULL pointer dereference in
qh_help in base/query-handler.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1665200
[ 4 ] Bug #1665201 - CVE-2018-13441 nagios: NULL pointer dereference in
qh_help in base/query-handler.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1665201
[ 5 ] Bug #1665206 - CVE-2018-13457 nagios: NULL pointer dereference in
qh_echo in base/query-handler.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1665206
[ 6 ] Bug #1665207 - CVE-2018-13457 nagios: NULL pointer dereference in
qh_echo in base/query-handler.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1665207
[ 7 ] Bug #1665209 - CVE-2018-13458 nagios: NULL pointer dereference in
qh_core in base/query-handler.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1665209
[ 8 ] Bug #1665210 - CVE-2018-13458 nagios: NULL pointer