The following Fedora EPEL 7 Security updates need testing:
Age URL
568 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
309 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
307 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5f252e8e10
kea-1.6.0-4.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ea579d7782
proftpd-1.3.5e-9.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b57b954fde
openfortivpn-1.12.0-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-1f5dbc1cd7
cacti-1.2.10-1.el7 cacti-spine-1.2.10-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-471d8a7abd
sympa-6.2.54-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b3684de763
mbedtls-2.7.14-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ddrescue-1.25-1.el7
kronosnet-1.15-1.el7
monit-5.26.0-1.el7
nodejs-rhea-1.0.19-2.el7
qpid-dispatch-1.10.0-2.el7
qpid-proton-0.30.0-2.el7
rubygem-qpid_proton-0.30.0-2.el7
seamonkey-2.53.1-2.el7
Details about builds:
ddrescue-1.25-1.el7 (FEDORA-EPEL-2020-c0e2e15418)
Data recovery tool trying hard to rescue data in case of read errors
Update Information:
update to bugfix release 1.25
ChangeLog:
* Tue Mar 3 2020 Michal Ambroz - 1.25-1
- Update to 1.25.
* Tue Jan 28 2020 Fedora Release Engineering - 1.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
References:
[ 1 ] Bug #1809276 - ddrescue-1.25 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1809276
kronosnet-1.15-1.el7 (FEDORA-EPEL-2020-43990b0cd5)
Multipoint-to-Multipoint VPN daemon
Update Information:
- New upstream release - Fix major interaction issues between stats gathering
and PMTUd - Fix UDP socket options that could lead to knet not being properly
functional - Man pages updates - Minor bug fixes
ChangeLog:
* Wed Mar 4 2020 Fabio M. Di Nitto - 1.14-1
- New upstream release
- Fix major interaction issues between stats gathering and PMTUd
- Fix UDP socket options that could lead to knet not being properly
functional
- Man pages updates
- Minor bug fixes
* Fri Jan 31 2020 Fabio M. Di Nitto - 1.14-1
- New upstream release
- Fixes several major issues with newer kernels
- Fix build with gcc10
monit-5.26.0-1.el7 (FEDORA-EPEL-2020-fbd804208a)
Manages and monitors processes, files, directories and devices
Update Information:
Update to 5.26.0 (includes security fix for CVE-2019-11454 and CVE-2019-11455)
ChangeLog:
* Tue Mar 3 2020 Stewart Adam - 5.26.0-1
- Update to 5.26.0
References:
[ 1 ] Bug #1663929 - monit: Use-after-free in function _handleEvent()
https://bugzilla.redhat.com/show_bug.cgi?id=1663929
[ 2 ] Bug #1691391 - monit: Multiple issues fixed in 5.25.3
https://bugzilla.redhat.com/show_bug.cgi?id=1691391
[ 3 ] Bug #1702637 - CVE-2019-11455 monit: buffer over-read in function
Util_urlDecode in util.c
https://bugzilla.redhat.com/show_bug.cgi?id=1702637
[ 4 ] Bug #1702682 - CVE-2019-11454 monit: cross-site scripting (XSS) in
http/cervlet.c
https://bugzilla.redhat.com/show_bug.cgi?id=1702682
[ 5 ] Bug #1695987 - monit: Multiple vulnerabilities fixed in monit 5.25.3
https://bugzilla.redhat.com/show_bug.cgi?id=1695987
nodejs-rhea-1.0.19-2.el7 (FEDORA-EPEL-2020-82da7f7f21)
A reactive messaging library based on the AMQP protocol