The following Fedora 34 Security updates need testing: Age URL 85 https://bodhi.fedoraproject.org/updates/FEDORA-2022-6aba96e1b8 radare2-5.6.4-1.fc34 37 https://bodhi.fedoraproject.org/updates/FEDORA-2022-63de6726ce libinput-1.19.4-1.fc34 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e980dc71b1 golang-github-opencontainers-runc-1.1.2-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-6e226a21ed weechat-3.5-2.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-8ebd42ce1c thunderbird-91.9.1-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-c5a8d2c7f4 firefox-100.0.2-2.fc34
The following Fedora 34 Critical Path updates have yet to be approved: Age URL 415 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1300e131b6 ddpt-0.96-4.fc34 ledmon-0.95-4.fc34 libgpod-0.8.3-38.fc34 libzfcphbaapi-2.2.0-12.fc34 lsvpd-1.7.11-6.fc34 sg3_utils-1.46-1.fc34 udisks-1.0.5-18.fc34 137 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e3b891fe11 gdb-11.1-7.fc34 85 https://bodhi.fedoraproject.org/updates/FEDORA-2022-8f3103b973 hwdata-0.357-1.fc34 66 https://bodhi.fedoraproject.org/updates/FEDORA-2022-dab75a01b8 gnome-shell-40.10-1.fc34 gnome-shell-extensions-40.7-1.fc34 mutter-40.10-1.fc34 52 https://bodhi.fedoraproject.org/updates/FEDORA-2022-eb1d10aba3 libldb-2.3.3-1.fc34 samba-4.14.13-0.fc34 37 https://bodhi.fedoraproject.org/updates/FEDORA-2022-63de6726ce libinput-1.19.4-1.fc34 13 https://bodhi.fedoraproject.org/updates/FEDORA-2022-b9a676a6de libretls-3.5.2-1.fc34 netcat-1.218-5.fc34 rpki-client-7.8-2.fc34 13 https://bodhi.fedoraproject.org/updates/FEDORA-2022-4f0b4a4d73 linux-firmware-20220509-132.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-43cfd2bbc1 rsync-3.2.4-1.fc34 7 https://bodhi.fedoraproject.org/updates/FEDORA-2022-1180dadb39 ansible-packaging-1-5.fc34 redhat-rpm-config-184-1.fc34 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-45ea77ca58 python3-docs-3.9.13-1.fc34 python3.9-3.9.13-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-4bb6cff5a1 libdv-1.0.0-36.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-c5a8d2c7f4 firefox-100.0.2-2.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-8ebd42ce1c thunderbird-91.9.1-1.fc34
The following builds have been pushed to Fedora 34 updates-testing
ckb-next-0.5.0-1.fc34 dotnet3.1-3.1.419-1.fc34 gnome-shell-extension-system-monitor-applet-38-18.20220527gitb359d88.fc34 gnutls-3.7.6-1.fc34 logrotate-3.18.0-5.fc34 python-catkin_pkg-0.5.2-1.fc34 python-rospkg-1.4.0-1.fc34
Details about builds:
================================================================================ ckb-next-0.5.0-1.fc34 (FEDORA-2022-ae1f5ab39c) Unofficial driver for Corsair RGB keyboards -------------------------------------------------------------------------------- Update Information:
Update to v0.5.0 -------------------------------------------------------------------------------- ChangeLog:
* Fri May 27 2022 Artur Frenszek-Iwicki fedora@svgames.pl - 0.5.0-1 - Update to v0.5.0 --------------------------------------------------------------------------------
================================================================================ dotnet3.1-3.1.419-1.fc34 (FEDORA-2022-21c312c05b) .NET Core Runtime and SDK -------------------------------------------------------------------------------- Update Information:
Upstream release notes: https://github.com/dotnet/core/blob/main/release- notes/3.1/3.1.25/3.1.25.md -------------------------------------------------------------------------------- ChangeLog:
* Thu May 26 2022 Omair Majid omajid@redhat.com - 3.1.419-1 - Update to .NET SDK 3.1.419 and Runtime 3.1.25 --------------------------------------------------------------------------------
================================================================================ gnome-shell-extension-system-monitor-applet-38-18.20220527gitb359d88.fc34 (FEDORA-2022-164274ed61) A Gnome shell system monitor extension -------------------------------------------------------------------------------- Update Information:
Added built for RHEL9 -------------------------------------------------------------------------------- ChangeLog:
* Fri May 27 2022 Nicolas Vi��ville nicolas.vieville@uphf.fr - 1:38-18.20220527gitb359d88 - Added built for RHEL9 - Updated to last upstream commits - Updated Brazilian Portuguese and Portuguese translations - Updated README.md file * Tue Mar 1 2022 Nicolas Vi��ville nicolas.vieville@uphf.fr - 1:38-17.20220301git2c6eb0a - Updated to last upstream commits - Added support for gnome 42 - Fixes SPEC file for rpmlint error rpm-buildroot-usage * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 1:38-16.20211103git11d43a8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ gnutls-3.7.6-1.fc34 (FEDORA-2022-d46bf7581b) A TLS protocol implementation -------------------------------------------------------------------------------- Update Information:
Rebase gnutls to version 3.7.6 ---- Rebase gnutls to version 3.7.5 -------------------------------------------------------------------------------- ChangeLog:
* Fri May 27 2022 Zoltan Fridrich zfridric@redhat.com 3.7.6-1 - [packit] 3.7.6 upstream release * Tue May 17 2022 Zoltan Fridrich zfridric@redhat.com 3.7.5-1 - [packit] 3.7.5 upstream release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2084825 - gnutls-3.7.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2084825 [ 2 ] Bug #2087520 - anaconda (Python) crashes with gnutls 3.7.5: free(): invalid next size (fast) https://bugzilla.redhat.com/show_bug.cgi?id=2087520 --------------------------------------------------------------------------------
================================================================================ logrotate-3.18.0-5.fc34 (FEDORA-2022-14f7b1a698) Rotates, compresses, removes and mails system log files -------------------------------------------------------------------------------- Update Information:
- lockState: do not print `error:` when exit code is unaffected (#2090926) ---- - fix potential DoS from unprivileged users via the state file (CVE-2022-1348) -------------------------------------------------------------------------------- ChangeLog:
* Fri May 27 2022 Kamil Dudka kdudka@redhat.com - 3.18.0-5 - lockState: do not print `error:` when exit code is unaffected (#2090926) * Wed May 25 2022 Kamil Dudka kdudka@redhat.com - 3.18.0-4 - fix potential DoS from unprivileged users via the state file (CVE-2022-1348) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2090272 - CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2090272 [ 2 ] Bug #2090926 - error: state file /var/lib/logrotate/logrotate.status is world-readable and thus can be locked from other unprivileged users. Skipping lock acquisition https://bugzilla.redhat.com/show_bug.cgi?id=2090926 --------------------------------------------------------------------------------
================================================================================ python-catkin_pkg-0.5.2-1.fc34 (FEDORA-2022-5a7d09bd92) Library for retrieving information about catkin packages -------------------------------------------------------------------------------- Update Information:
Update to the latest ROS infrastructure package releases -------------------------------------------------------------------------------- ChangeLog:
* Fri May 27 2022 Scott K Logan logans@cottsay.net - 0.5.2-1 - Update to 0.5.2 (rhbz#2090928) --------------------------------------------------------------------------------
================================================================================ python-rospkg-1.4.0-1.fc34 (FEDORA-2022-5a7d09bd92) Utilities for ROS package, stack, and distribution information -------------------------------------------------------------------------------- Update Information:
Update to the latest ROS infrastructure package releases -------------------------------------------------------------------------------- ChangeLog:
* Fri May 27 2022 Scott K Logan logans@cottsay.net - 1.4.0-1 - Update to 1.4.0 --------------------------------------------------------------------------------