The following Fedora EPEL 6 Security updates need testing: Age URL 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e44380bc7a php-horde-kronolith-4.2.29-1.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e54cfb4880 singularity-3.6.0-1.el6 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f275c3fe6a mbedtls-2.7.16-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
golang-1.13.14-1.el6 python-regex-2020.7.14-1.el6 snmptt-1.4.2-1.el6
Details about builds:
================================================================================ golang-1.13.14-1.el6 (FEDORA-EPEL-2020-713ebad0a1) The Go Programming Language -------------------------------------------------------------------------------- Update Information:
* Rebase to go1.13.14 * Security fix for CVE-2020-15586 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jul 20 2020 Jakub ��ajka jcajka@redhat.com - 1.13.14-1 - Rebase to go1.13.14 - Fix for CVE-2020-15586 - Resolves: BZ#1856956 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1856953 --------------------------------------------------------------------------------
================================================================================ python-regex-2020.7.14-1.el6 (FEDORA-EPEL-2020-707d92e43f) Alternative regular expression module, to replace re -------------------------------------------------------------------------------- Update Information:
Update to 2020.7.14. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 23 2020 Thomas Moschny thomas.moschny@gmx.de - 2020.7.14-1 - Update to 2020.7.14. --------------------------------------------------------------------------------
================================================================================ snmptt-1.4.2-1.el6 (FEDORA-EPEL-2020-d1b24a2a25) An SNMP trap handler written in Perl -------------------------------------------------------------------------------- Update Information:
- Removed the daemon_gid option and enhanced the daemon_uid option so that it retreives the group membership for daemon_uid from the OS. This fixes a bug in 1.4.1 where it was not possible to define multiple group members with daemon_gid. - Fixed a security issue with EXEC / PREXEC / unknown_trap_exec that could allow malicious shell code to be executed. - Fixed a bug with EXEC / PREXEC / unknown_trap_exec that caused commands to be run as root instead of the user defined in daemon_uid. - Added the snmptt.ini option daemon_gid to allow the gid to be set in addition to the uid. Defaults to 'nobody' if not defined. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 23 2020 Volker Fr��hlich volker27@gmx.at - 1.4.2-1 - New upstream version --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org