The following Fedora EPEL 6 Security updates need testing:
Age URL
636
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031
python-virtualenv-12.0.7-1.el6
630
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168
rubygem-crack-0.3.2-2.el6
520
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb
mcollective-2.8.4-1.el6
491
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9
thttpd-2.25b-24.el6
222
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53
chicken-4.11.0-3.el6
102
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac
libbsd-0.8.3-2.el6
52
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-acd2c2af0d
nagios-4.2.4-4.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-da3e5ef08f
tcpreplay-4.2.1-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-68aef427a4
php-horde-Horde-Crypt-2.7.6-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-def12f5099
libupnp-1.6.21-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
libglvnd-0.2.999-14.20170308git8e6e102.el6
libupnp-1.6.21-1.el6
open-vm-tools-10.1.5-6.el6
php-horde-Horde-Crypt-2.7.6-1.el6
Details about builds:
================================================================================
libglvnd-0.2.999-14.20170308git8e6e102.el6 (FEDORA-EPEL-2017-fe81b727ea)
The GL Vendor-Neutral Dispatch library
--------------------------------------------------------------------------------
Update Information:
* Fix conditionals for _without_mesa_glvnd_default * Fix other RHEL-
conditionals, too * Update RPM filters for private libraries (includes GLX,
fixes RHEL 6). * Update to latest snapshot, remove upstreamed patches. * Update
release to packaging guidelines format. * Make sure that for Fedora 24 and RHEL
the libraries are always private.
--------------------------------------------------------------------------------
================================================================================
libupnp-1.6.21-1.el6 (FEDORA-EPEL-2017-def12f5099)
Universal Plug and Play (UPnP) SDK
--------------------------------------------------------------------------------
Update Information:
Long standing security bugs fixed through update to version 1.6.21.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437143 - Plans for EPEL 6
https://bugzilla.redhat.com/show_bug.cgi?id=1437143
[ 2 ] Bug #1388774 - CVE-2016-8863 libupnp: Heap buffer overflow in the create_url_list
function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1388774
[ 3 ] Bug #1358614 - CVE-2016-6255 libupnp: Unhandled POSTs can write to the filesystem
by default [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1358614
[ 4 ] Bug #1358352 - libupnp: Upload arbitrary file via POST [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1358352
[ 5 ] Bug #1146033 - libupnp: security and critical bug fixes [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1146033
[ 6 ] Bug #905578 - CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961
CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 ibupnp: Multiple stack-based
buffer overflows in unique_service_name() by processing specially-crafted SSDP request
(VU#922681) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=905578
--------------------------------------------------------------------------------
================================================================================
open-vm-tools-10.1.5-6.el6 (FEDORA-EPEL-2017-cdcc212f16)
Open Virtual Machine Tools for virtual machines hosted on VMware
--------------------------------------------------------------------------------
Update Information:
Fix incorrect udev rules installation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438481 - open-vm-tools 10.1.5 installs 99-vmware-scsi-udev.rules to wrong
location
https://bugzilla.redhat.com/show_bug.cgi?id=1438481
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Crypt-2.7.6-1.el6 (FEDORA-EPEL-2017-68aef427a4)
Horde Cryptography API
--------------------------------------------------------------------------------
Update Information:
**Horde_Crypt 2.7.6** * [mjr] SECURITY: Fix remote code execution vulnerability
(**CVE-2017-7413**, and **CVE-2017-7414**).
--------------------------------------------------------------------------------