The following Fedora EPEL 7 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-afd7021128
ipython-3.2.3-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-08427e256d
seamonkey-2.53.15-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2b409ccc37
imlib2-1.4.9-8.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
R-qtl-1.58-1.el7
golang-1.18.9-1.el7
ipmctl-03.00.00.0468-3.el7
knot-resolver-5.6.0-1.el7
Details about builds:
================================================================================
R-qtl-1.58-1.el7 (FEDORA-EPEL-2023-12c98cc766)
Tools for analyzing QTL experiments
--------------------------------------------------------------------------------
Update Information:
R-qtl 1.58
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 25 2023 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1.58-1
- Update to 1.58
- Workaround broken openblas on aarch64 in RHEL 8 and 9
* Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.52-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Sep 1 2022 Tom Callaway <spot(a)fedoraprojet.org> - 1.52-3
- rebuild for R 4.2.1
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.52-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
golang-1.18.9-1.el7 (FEDORA-EPEL-2023-970698785b)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Update to golang-1.18.9 using the same patches as on EL8, including security
fixes for CVE-2022-32189, CVE-2022-27664, CVE-2022-27664, CVE-2022-32190,
CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2022-41720, and CVE-2022-41717
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 25 2023 Dave Dykstra <dwd(a)fedoraproject.org> - 1.18.9-1
- Update to 1.18.9 by doing the equivalent changes as centos8-stream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat
types can panic if the encoded message is too short, potentially allowing a denial of
service
https://bugzilla.redhat.com/show_bug.cgi?id=2113814
[ 2 ] Bug #2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative
path components in all circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=2124668
[ 3 ] Bug #2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending
GOAWAY
https://bugzilla.redhat.com/show_bug.cgi?id=2124669
[ 4 ] Bug #2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption
when reading headers
https://bugzilla.redhat.com/show_bug.cgi?id=2132867
[ 5 ] Bug #2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not
forward unparseable query parameters
https://bugzilla.redhat.com/show_bug.cgi?id=2132868
[ 6 ] Bug #2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing
regexps
https://bugzilla.redhat.com/show_bug.cgi?id=2132872
[ 7 ] Bug #2161271 - CVE-2022-41720 golang: os, net/http: avoid escapes from os.DirFS
and http.Dir on Windows
https://bugzilla.redhat.com/show_bug.cgi?id=2161271
[ 8 ] Bug #2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive
memory growth in a Go server accepting HTTP/2 requests
https://bugzilla.redhat.com/show_bug.cgi?id=2161274
--------------------------------------------------------------------------------
================================================================================
ipmctl-03.00.00.0468-3.el7 (FEDORA-EPEL-2023-e53f5e87f4)
Utility for managing Intel Optane DC persistent memory modules
--------------------------------------------------------------------------------
Update Information:
Update to version 03.00.00.0468
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 25 2023 Steven Pontsler <steven.pontsler(a)intel.com> - 03.00.00.0468-3
- revert changes to call cmake
* Wed Jan 25 2023 Steven Pontsler <steven.pontsler(a)intel.com> - 03.00.00.0468-2
- Revert required package from python3 to python
* Wed Jan 25 2023 Steven Pontsler <steven.pontsler(a)intel.com> - 03.00.00.0468-1
- Release 03.00.00.0468
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2160195 - build ipmctl v03.00.00.0468
https://bugzilla.redhat.com/show_bug.cgi?id=2160195
--------------------------------------------------------------------------------
================================================================================
knot-resolver-5.6.0-1.el7 (FEDORA-EPEL-2023-8621d18e27)
Caching full DNS Resolver
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 5.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 26 2023 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 5.6.0-1
- update to upstream version 5.6.0
--------------------------------------------------------------------------------