The following Fedora EPEL 7 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ffb6e04eb7
drupal7-7.98-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c283911e27
ckeditor-4.22.1-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-97dd2d11b6
xrdp-0.9.23.1-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3ee7f851c6
composer-1.10.27-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a99c56df6a
libptytty-2.0-4.el7 rxvt-unicode-9.31-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
exim-4.96.1-1.el7
libspf2-1.2.11-11.20210922git4915c308.el7
sasutils-0.5.0-1.el7
Details about builds:
================================================================================
exim-4.96.1-1.el7 (FEDORA-EPEL-2023-458a169f82)
The exim mail transfer agent
--------------------------------------------------------------------------------
Update Information:
This is an exim update fixing several security problems.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 2 2023 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.96.1-1
- New version
Resolves: rhbz#2241735
Resolves: rhbz#2241538
Resolves: rhbz#2241540
Resolves: rhbz#2241525
Resolves: rhbz#2241526
Resolves: rhbz#2241528
Resolves: rhbz#2241530
Resolves: rhbz#2241531
Resolves: rhbz#2241533
Resolves: rhbz#2241542
Resolves: rhbz#2241543
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2241525 - CVE-2023-42115 Exim: AUTH Out-Of-Bounds Write Remote Code Execution
Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2241525
[ 2 ] Bug #2241528 - CVE-2023-42116 Exim: SMTP Challenge Stack-based Buffer Overflow
Remote Code Execution Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2241528
[ 3 ] Bug #2241531 - CVE-2023-42117 Exim: Improper Neutralization of Special Elements
Remote Code Execution Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2241531
[ 4 ] Bug #2241538 - CVE-2023-42114 Exim: NTLM Challenge Out-Of-Bounds Read Information
Disclosure Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2241538
[ 5 ] Bug #2241542 - CVE-2023-42119 Exim: dnsdb Out-Of-Bounds Read Information
Disclosure Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2241542
--------------------------------------------------------------------------------
================================================================================
libspf2-1.2.11-11.20210922git4915c308.el7 (FEDORA-EPEL-2023-2661620873)
An implementation of the SPF specification
--------------------------------------------------------------------------------
Update Information:
Patch CVE-2023-42118, plus some other fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 3 2023 Bojan Smojver <bojan(a)rexursive.com> -
1.2.11-11.20210922git4915c308
- Add fixes from pull request 47
* Mon Oct 2 2023 Bojan Smojver <bojan(a)rexursive.com> -
1.2.11-10.20210922git4915c308
- CVE-2023-42118
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.2.11-8.20210922git4915c308
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jul 11 2023 Jitka Plesnikova <jplesnik(a)redhat.com> -
1.2.11-7.20210922git4915c308
- Perl 5.38 rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.2.11-6.20210922git4915c308
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jan 6 2023 Peter Fordham <peter.fordham(a)gmail.com> -
1.2.11-5.20210922git4915c308
- Add missing include of string.h for memset in spf_utils.c
https://github.com/shevek/libspf2/issues/41
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.2.11-4.20210922git4915c308
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue May 31 2022 Jitka Plesnikova <jplesnik(a)redhat.com> -
1.2.11-3.20210922git4915c308
- Perl 5.36 rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.2.11-2.20210922git4915c308
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2241536 - CVE-2023-42118 libspf2: Integer Underflow Remote Code Execution
Vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2241536
[ 2 ] Bug #2241537 - CVE-2023-42118 libspf2: Integer Underflow Remote Code Execution
Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2241537
--------------------------------------------------------------------------------
================================================================================
sasutils-0.5.0-1.el7 (FEDORA-EPEL-2023-d25ca42a21)
Serial Attached SCSI (SAS) utilities
--------------------------------------------------------------------------------
Update Information:
Update to upstream release sasutils 0.5.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 2 2023 Stephane Thiell <sthiell(a)stanford.edu> 0.5.0-1
- update version
- add sas_st_snic_alias
--------------------------------------------------------------------------------