Comments

14 Comments
karma

Works fine, fixes critical security issue

karma

Agreed. See comment for EPEL: FEDORA-EPEL-2018-f449b2a7c2

karma

Breaking change - caused quite a bit of support effort. 2.0 removes the GUI and has issues talking to older versions of the Windows counterpart.

New version works perfectly fine

BZ#1495409 CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies
BZ#1495410 CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code
BZ#1495411 CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code
BZ#1495412 CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code
BZ#1495415 CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code
BZ#1495416 CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code
BZ#1497691 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 dnsmasq: various flaws [fedora-all]
karma

Successfully tested "oc cluster up" on a clean Fedora 25 install and installed a template.

Or a dependency that is installed by pip is broken? Anyhow, something is weird.

karma

This update is, in fact, not functional and breaks pip.

See bug report: https://bugs.centos.org/view.php?id=12722&history=1

Probably requires a pyparsing update as well.

All works well. Has critical security fix - EPEL7 is out already.

BZ#1412357 CVE-2016-9587 Ansible: Compromised remote hosts can lead to running commands on the Ansible controller [epel-all]
karma

We ran it in production for a few days. No issues whatsoever.

karma

Everything works fine for us.

BZ#1390564 ansible-2.2.0.0 is available
BZ#1390652 CVE-2016-8614 ansible: Improper verification of key fingerprints in apt_key module [epel-all]
BZ#1390648 CVE-2016-8628 ansible: Command injection by compromised server via ansible_ssh_executable or ssh_args [epel-all]
karma

Everything works fine for us.

BZ#1390650 CVE-2016-8614 ansible: Improper verification of key fingerprints in apt_key module [fedora-all]
BZ#1390646 CVE-2016-8628 ansible: Command injection by compromised server via ansible_ssh_executable or ssh_args [fedora-all]
BZ#1390564 ansible-2.2.0.0 is available