The following Fedora 26 Security updates need testing: Age URL 187 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01 python-XStatic-jquery-ui-1.12.0.1-2.fc26 126 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2522df3526 nodejs-brace-expansion-1.1.7-1.fc26 80 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1c053de325 memcached-1.4.39-1.fc26 76 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-efeb59171d chromium-61.0.3163.100-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5c2a294fba weechat-1.9.1-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d9d8173df mingw-poppler-0.52.0-4.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4248ba346 botan-1.10.17-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-213ebf97c8 xen-4.8.2-3.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f244168d7f recode-3.6-44.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1179268a20 tor-0.3.1.7-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e6f4f95e6 ruby-2.4.2-84.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-45625fecca openvswitch-2.7.3-2.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9f36da1aac check-mk-1.2.8p26-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f1b90dbb7 golang-1.8.4-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b52f851dea calamares-3.1.5-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d22c391318 upx-3.94-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-afb05e0873 nodejs-forwarded-0.1.2-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-36eb36ea71 procmail-3.22-44.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9b0095a6f2 SDL2_image-2.0.1-8.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-21293887a2 poppler-0.52.0-8.fc26
The following Fedora 26 Critical Path updates have yet to be approved: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0b189f2107 nspr-4.17.0-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-621a9b4828 iproute-4.13.0-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6271764d02 menu-cache-1.0.2-7.D20170914git8c8534159d.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebef90185e libgudev-232-1.fc26 iio-sensor-proxy-2.3-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff8aeb8db8 fontconfig-2.12.6-3.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cd46d09a72 breeze-icon-theme-5.38.0-2.fc26 extra-cmake-modules-5.38.0-2.fc26 kf5-5.38.0-1.fc26 kf5-attica-5.38.0-1.fc26 kf5-baloo-5.38.0-1.fc26 kf5-bluez-qt-5.38.0-1.fc26 kf5-frameworkintegration-5.38.0-1.fc26 kf5-kactivities-5.38.0-1.fc26 kf5-kactivities-stats-5.38.0-1.fc26 kf5-kapidox-5.38.0-1.fc26 kf5-karchive-5.38.0-1.fc26 kf5-kauth-5.38.0-1.fc26 kf5-kbookmarks-5.38.0-1.fc26 kf5-kcmutils-5.38.0-1.fc26 kf5-kcodecs-5.38.0-1.fc26 kf5-kcompletion-5.38.0-1.fc26 kf5-kconfig-5.38.0-5.fc26 kf5-kconfigwidgets-5.38.0-1.fc26 kf5-kcoreaddons-5.38.0-1.fc26 kf5-kcrash-5.38.0-1.fc26 kf5-kdbusaddons-5.38.0-1.fc26 kf5-kdeclarative-5.38.0-1.fc26 kf5-kded-5.38.0-1.fc26 kf5-kdelibs4support-5.38.0-1.fc26 kf5-kdesignerplugin-5.38.0-1.fc26 kf5-kdesu-5.38.0-1.fc26 kf5-kdewebkit-5.38.0-1.fc26 kf5-kdnssd-5.38.0-1.fc26 kf5-kdoctools-5.38.0-1.fc26 kf5-kemoticons-5.38.0-1.fc26 kf5-kfilemetadata-5.38.0-1.fc26 kf5-kglobalaccel-5.38.1-1.fc26 kf5-kguiad dons-5.38.0-1.fc26 kf5-khtml-5.38.0-1.fc26 kf5-ki18n-5.38.0-1.fc26 kf5-kiconthemes-5.38.0-1.fc26 kf5-kidletime-5.38.0-1.fc26 kf5-kimageformats-5.38.0-1.fc26 kf5-kinit-5.38.0-1.fc26 kf5-kio-5.38.0-1.fc26 kf5-kitemmodels-5.38.0-1.fc26 kf5-kitemviews-5.38.0-1.fc26 kf5-kjobwidgets-5.38.0-1.fc26 kf5-kjs-5.38.0-1.fc26 kf5-kjsembed-5.38.0-1.fc26 kf5-kmediaplayer-5.38.0-1.fc26 kf5-knewstuff-5.38.0-1.fc26 kf5-knotifications-5.38.0-1.fc26 kf5-knotifyconfig-5.38.0-1.fc26 kf5-kpackage-5.38.0-1.fc26 kf5-kparts-5.38.0-1.fc26 kf5-kpeople-5.38.0-1.fc26 kf5-kplotting-5.38.0-1.fc26 kf5-kpty-5.38.0-1.fc26 kf5-kross-5.38.0-1.fc26 kf5-krunner-5.38.0-1.fc26 kf5-kservice-5.38.0-1.fc26 kf5-ktexteditor-5.38.0-1.fc26 kf5-ktextwidgets-5.38.0-1.fc26 kf5-kunitconversion-5.38.0-1.fc26 kf5-kwallet-5.38.0-1.fc26 kf5-kwayland-5.38.0-1.fc26 kf5-kwidgetsaddons-5.38.0-1.fc26 kf5-kwindowsystem-5.38.0-1.fc26 kf5-kxmlgui-5.38.0-1.fc26 kf5-kxmlrpcclient-5.38.0-1.fc26 kf5-modemmanager-qt-5.38.0-1.fc26 kf5-networkmanager-qt -5.38.0-1.fc26 kf5-plasma-5.38.0-1.fc26 kf5-solid-5.38.0-1.fc26 kf5-sonnet-5.38.0-1.fc26 kf5-syntax-highlighting-5.38.0-1.fc26 kf5-threadweaver-5.38.0-1.fc26 oxygen-icon-theme-5.38.0-2.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-02be915e88 p11-kit-0.23.9-2.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b843cc1876 libguestfs-1.36.7-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-621c36fcb8 nss-3.33.0-1.0.fc26 nss-softokn-3.33.0-1.0.fc26 nss-util-3.33.0-1.0.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-213ebf97c8 xen-4.8.2-3.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-45a9490ce0 geocode-glib-3.24.0-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2ab6fac68e glusterfs-3.10.6-3.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9099d5f81c gst-devtools-1.12.3-2.fc26 gst-editing-services-1.12.3-1.fc26 gstreamer1-1.12.3-1.fc26 gstreamer1-plugins-bad-free-1.12.3-1.fc26 gstreamer1-plugins-base-1.12.3-1.fc26 gstreamer1-plugins-good-1.12.3-1.fc26 pitivi-0.99-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-21293887a2 poppler-0.52.0-8.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f491ba90a python-productmd-1.8-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5e475c0b0d audit-2.8-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2f0f66ceca firefox-57.0-0.2.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-018cffeab4 ding-libs-0.6.1-34.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8e91b32f31 python3-3.6.3-2.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3a93bf495e flatpak-builder-0.9.99-1.fc26 flatpak-0.9.99-1.fc26
The following builds have been pushed to Fedora 26 updates-testing
SDL2_image-2.0.1-8.fc26 audit-2.8-1.fc26 bodhi-2.12.0-1.fc26 evince-3.24.2-1.fc26 findbugs-contrib-7.0.5-1.fc26 gdouros-symbola-fonts-10.03-1.fc26 gsequencer-1.0.4-1.fc26 libstoragemgmt-1.5.0-2.fc26 manifest-tool-0.7.0-1.fc26 mate-themes-3.22.14-2.fc26 php-justinrainbow-json-schema5-5.2.5-1.fc26 php-phpmyadmin-sql-parser-4.2.3-1.fc26 poppler-0.52.0-8.fc26 procmail-3.22-44.fc26 python-productmd-1.8-1.fc26 python-streamlink-0.8.1-3.fc26 python3-bsddb3-6.2.5-3.fc26 pywbem-0.11.0-1.fc26 rakudo-zef-0.1.30-1.fc26 skopeo-0.1.24-3.dev.git28d4e08.fc26
Details about builds:
================================================================================ SDL2_image-2.0.1-8.fc26 (FEDORA-2017-9b0095a6f2) Image loading library for SDL -------------------------------------------------------------------------------- Update Information:
Fix CVE-2017-2887 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1500455 - CVE-2017-2887 SDL_image: Multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1500455 --------------------------------------------------------------------------------
================================================================================ audit-2.8-1.fc26 (FEDORA-2017-5e475c0b0d) User space tools for 2.6 kernel auditing -------------------------------------------------------------------------------- Update Information:
Lots of updates for the auparse_normalizer to improve support on many events. Remote logging now supports IPv6 and other remote logging improvements. Fix bugs in auvirt that prevented locating AVC's for the VM. Add command line option to auditd & audispd for config dir path. --------------------------------------------------------------------------------
================================================================================ bodhi-2.12.0-1.fc26 (FEDORA-2017-08c952f151) A modular framework that facilitates publishing software updates -------------------------------------------------------------------------------- Update Information:
Update to [2.12.0](https://github.com/fedora-infra/bodhi/releases/tag/2.12.0) (#1500515). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1500515 - bodhi-2.12.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1500515 --------------------------------------------------------------------------------
================================================================================ evince-3.24.2-1.fc26 (FEDORA-2017-f130dbcb87) Document viewer -------------------------------------------------------------------------------- Update Information:
Resolves: rhbz#1499852 update to 3.24.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1499852 - Please update to 3.24.2 https://bugzilla.redhat.com/show_bug.cgi?id=1499852 --------------------------------------------------------------------------------
================================================================================ findbugs-contrib-7.0.5-1.fc26 (FEDORA-2017-1d9cc27f89) Extra findbugs detectors -------------------------------------------------------------------------------- Update Information:
Update to version 7.0.5. New detectors: * `LO_TOSTRING_PARAMETER` * Method explicitly calls `toString()` on a logger parameter * `OI_OPTIONAL_ISSUES_USES_ORELSEGET_WITH_NULL` * Method uses `Optional.orElseGet(null)` -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1488265 - findbugs-contrib-7.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1488265 --------------------------------------------------------------------------------
================================================================================ gdouros-symbola-fonts-10.03-1.fc26 (FEDORA-2017-38cb38f42a) A symbol font -------------------------------------------------------------------------------- Update Information:
New upstream release, properly versioned and documented. ---- Fixes for the following characters: ��� 1D3F MODIFIER LETTER CAPITAL R ��������� 1DED COMBINING LATIN SMALL LETTER O WITH LIGHT CENTRALIZATION STROKE ��������� 1DF0 COMBINING LATIN SMALL LETTER U WITH LIGHT CENTRALIZATION STROKE ��� 213A ROTATED CAPITAL Q ��� 2A52 LOGICAL OR WITH DOT ABOVE ��� 2AF2 PARALLEL WITH HORIZONTAL STROKE ---- Minor edits to some glyphs. --------------------------------------------------------------------------------
================================================================================ gsequencer-1.0.4-1.fc26 (FEDORA-2017-081c58e219) Audio processing engine -------------------------------------------------------------------------------- Update Information:
updated gsequencer.0-makefile-am.patch to fix globbing issue --------------------------------------------------------------------------------
================================================================================ libstoragemgmt-1.5.0-2.fc26 (FEDORA-2017-fa5cfad679) Storage array management library -------------------------------------------------------------------------------- Update Information:
Fixed the multilib issue of NFS plugin. ---- Upgrade to 1.5.0: - New plugin -- LibstorageMgmt NFS server plugin(`nfs://`). - New plugin -- LibstorageMgmt Local Pseudo plugin(`local://`). - New plugin -- LibstorageMgmt Microsemi storage plugin(`arcconf://`). - Removed support of lmiwbem due to missing self- signed CA verification and inactive upstream of lmiwbem. - Support SES actions on kernel `bsg` module(old code was using `sg` kernel module). - Add manpages for every C API using kernel-doc. - Using docker of Fedora and Centos for Travis CI test. - New URI parameter `ca_cert_file` for ONTAP, SMI-S, targetd plugin. - Bug fixes: * Fix the ONTAP SSL connection. * Sim plugin: Fix sqlite3 transaction of fs_child_dependency_rm(). * MegaRAID: Handle when both perccli and storcli are installed. * MegaRAID plugin: Support pool status for rebuild and check. * Fixed C++ code compile warnings. - Library adds: * Query health status of local disk: lsm_local_disk_health_status_get()/lsm.LocalDisk.health_status_get() --------------------------------------------------------------------------------
================================================================================ manifest-tool-0.7.0-1.fc26 (FEDORA-2017-77e24bb0a1) A command line tool used for creating manifest list objects -------------------------------------------------------------------------------- Update Information:
Update to latest upstream release --------------------------------------------------------------------------------
================================================================================ mate-themes-3.22.14-2.fc26 (FEDORA-2017-d19690d6a2) MATE Desktop themes -------------------------------------------------------------------------------- Update Information:
- add some upstream patches --------------------------------------------------------------------------------
================================================================================ php-justinrainbow-json-schema5-5.2.5-1.fc26 (FEDORA-2017-c3b70a3ead) A library to validate a json schema -------------------------------------------------------------------------------- Update Information:
**Version 5.2.5** * Backports for 5.2.5 * 452 (Don't add a file:// prefix to URI that already have a scheme) ---- **Version 5.2.4** * Fresh tag to rectify 5.2.3 mistag. ----- **Version 5.2.3** * 453 Backports for 5.2.3 * 452 (bugfix for id double-resolution introduced in 5.2.2) ---- **Version 5.2.2** * 431 Backports for 5.2.2 (Part 1) * 425 (bugfix for #424 - make uri splitting reversable) * 429 (adjust hhvm platform for Travis, remove phpdocumentor dependency) * 432 Added property name in draft-3 required error * 433 Backports for 5.2.2 (Part 2) * 432 (fix missing property in boolean required error) * 450 Backports for 5.2.2 (Part 3) * 449 (Update config for php-cs-fixer & travis) * 448 (add proper recursive handling for $ref - fixes #447) --------------------------------------------------------------------------------
================================================================================ php-phpmyadmin-sql-parser-4.2.3-1.fc26 (FEDORA-2017-74caec216c) A validating SQL lexer and parser with a focus on MySQL dialect -------------------------------------------------------------------------------- Update Information:
**Version 4.2.3** - 2017-10-10 * Fixed build CREATE TABLE query with PARTITIONS having ENGINE but not VALUES. --------------------------------------------------------------------------------
================================================================================ poppler-0.52.0-8.fc26 (FEDORA-2017-21293887a2) PDF rendering library -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2017-14926, CVE-2017-14927 and CVE-2017-14928. ---- Security fix for CVE-2017-14617 ---- Security fix for CVE-2017-14517, CVE-2017-14518, CVE-2017-14519 and CVE-2017-14929. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1500322 - CVE-2017-14928 poppler: NULL pointer dereference in the AnnotRichMedia::Configuration::Configuration https://bugzilla.redhat.com/show_bug.cgi?id=1500322 [ 2 ] Bug #1500323 - CVE-2017-14926 poppler: NULL pointer dereference in the AnnotRichMedia::Content::Content https://bugzilla.redhat.com/show_bug.cgi?id=1500323 [ 3 ] Bug #1500324 - CVE-2017-14927 poppler: NULL pointer dereference in the SplashOutputDev::type3D0() function https://bugzilla.redhat.com/show_bug.cgi?id=1500324 [ 4 ] Bug #1499905 - CVE-2017-14617 poppler: Floating point exception in the ImageStream class https://bugzilla.redhat.com/show_bug.cgi?id=1499905 [ 5 ] Bug #1499162 - CVE-2017-14517 poppler: NULL pointer dereference in the XRef::parseEntry() function https://bugzilla.redhat.com/show_bug.cgi?id=1499162 [ 6 ] Bug #1499163 - CVE-2017-14518 poppler: Floating point exception in the isImageInterpolationRequired() function https://bugzilla.redhat.com/show_bug.cgi?id=1499163 [ 7 ] Bug #1499165 - CVE-2017-14519 poppler: Memory corruption via Gfx.cc infinite loop https://bugzilla.redhat.com/show_bug.cgi?id=1499165 [ 8 ] Bug #1499167 - CVE-2017-14929 poppler: Memory corruption via Gfx.cc infinite loop https://bugzilla.redhat.com/show_bug.cgi?id=1499167 --------------------------------------------------------------------------------
================================================================================ procmail-3.22-44.fc26 (FEDORA-2017-36eb36ea71) Mail processing program -------------------------------------------------------------------------------- Update Information:
This is security update fixing possible buffer overflow in loadbuf function. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1500070 - procmail: Heap-based buffer overflow in loadbuf function in formisc.c https://bugzilla.redhat.com/show_bug.cgi?id=1500070 --------------------------------------------------------------------------------
================================================================================ python-productmd-1.8-1.fc26 (FEDORA-2017-0f491ba90a) Library providing parsers for metadata related to OS installation -------------------------------------------------------------------------------- Update Information:
Improved error reporting when encountering invalid metadata files. --------------------------------------------------------------------------------
================================================================================ python-streamlink-0.8.1-3.fc26 (FEDORA-2017-5ec0c7e980) Python library for extracting streams from various websites -------------------------------------------------------------------------------- Update Information:
Fix missing dependency on python-websocket-client package --------------------------------------------------------------------------------
================================================================================ python3-bsddb3-6.2.5-3.fc26 (FEDORA-2017-8434d8f3c1) Python 3 bindings for BerkleyDB -------------------------------------------------------------------------------- Update Information:
Simplify the fix for shebangs and actually apply it to the right files. ---- Fix for ambiguous python shebangs (`#!/usr/bin/env python` and similar). ---- Update to the latest upstream version. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1489988 - python3-bsddb3-6.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1489988 --------------------------------------------------------------------------------
================================================================================ pywbem-0.11.0-1.fc26 (FEDORA-2017-89c7af39ab) Python2 WBEM Client and Provider Interface -------------------------------------------------------------------------------- Update Information:
Upgrade to 0.11.0. --------------------------------------------------------------------------------
================================================================================ rakudo-zef-0.1.30-1.fc26 (FEDORA-2017-ef7c7474c0) Perl6 Module Management -------------------------------------------------------------------------------- Update Information:
update to 0.1.30 --------------------------------------------------------------------------------
================================================================================ skopeo-0.1.24-3.dev.git28d4e08.fc26 (FEDORA-2017-51e432bd4d) Inspect Docker images and repositories on registries -------------------------------------------------------------------------------- Update Information:
built commit 28d4e08 --------------------------------------------------------------------------------