The following Fedora 29 Security updates need testing: Age URL 208 https://bodhi.fedoraproject.org/updates/FEDORA-2019-fa5843e0e1 asterisk-16.2.1-1.fc29 194 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c84f291592 WALinuxAgent-2.2.38-1.fc29 189 https://bodhi.fedoraproject.org/updates/FEDORA-2019-7528388823 chicken-5.0.0-2.fc29 148 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9839aded3f python-gnupg-0.4.4-1.fc29 144 https://bodhi.fedoraproject.org/updates/FEDORA-2019-35cb5a4785 kubernetes-1.13.5-1.fc29 82 https://bodhi.fedoraproject.org/updates/FEDORA-2019-32f7cd9b66 dosbox-0.74.3-2.fc29 26 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e00c65ec6f httpd-2.4.41-1.fc29 mod_md-2.0.8-3.fc29 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-32c48d9a5f thunderbird-68.1.0-1.fc29 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-f2a520135e curl-7.61.1-12.fc29 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-5bf13218a5 ibus-1.5.19-17.fc29 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-672ae0f060 expat-2.2.8-1.fc29 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d51641f152 openssl-1.1.1d-1.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4349fc0afb dcmtk-3.6.2-6.fc29 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8a85a90af6 varnish-6.0.4-3.fc29 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ebd6c4f15a ghostscript-9.27-1.fc29 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-708f4d88de firefox-69.0.1-3.fc29 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ac3b1d7930 nbdkit-1.12.8-1.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3b5a7abe17 phpMyAdmin-4.9.1-1.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4d8f9a9235 zeromq-4.1.7-1.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-15d61c1f7f memcached-1.5.14-2.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a570a92d5a kernel-5.2.17-100.fc29 kernel-headers-5.2.17-100.fc29 kernel-tools-5.2.17-100.fc29
The following Fedora 29 Critical Path updates have yet to be approved: Age URL 120 https://bodhi.fedoraproject.org/updates/FEDORA-2019-06a2d1c7fb anaconda-29.24.7-3.fc29 118 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4cefd3161a nfs-utils-2.3.3-4.rc2.fc29 91 https://bodhi.fedoraproject.org/updates/FEDORA-2019-583d9d5a56 mutter-3.30.2-3.fc29 77 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6f13c38d0d python-urllib3-1.24.3-2.fc29 75 https://bodhi.fedoraproject.org/updates/FEDORA-2019-62e681b68b ipset-7.2-1.fc29 19 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0755eb7d6d vim-8.1.1991-2.fc29 13 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d4dd43f749 dnf-4.2.5-5.fc29 libdnf-0.31.0-7.fc29 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-5bf13218a5 ibus-1.5.19-17.fc29 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-f2a520135e curl-7.61.1-12.fc29 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-32c48d9a5f thunderbird-68.1.0-1.fc29 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d51641f152 openssl-1.1.1d-1.fc29 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ec78e35d5f selinux-policy-3.14.2-65.fc29 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0df9161614 pcre2-10.33-14.fc29 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-672ae0f060 expat-2.2.8-1.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3bdedf56fb sssd-2.2.2-1.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-37eca7383b lldpad-1.0.1-13.git036e314.fc29 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-829fa80e83 rpcbind-1.2.5-2.fc29 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-802e9178eb flatpak-1.2.5-1.fc29 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-506bca5486 osinfo-db-20190920-1.fc29 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-708f4d88de firefox-69.0.1-3.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9da65e88d4 bluez-5.51-1.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3defb8f617 linux-firmware-20190923-102.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a570a92d5a kernel-5.2.17-100.fc29 kernel-headers-5.2.17-100.fc29 kernel-tools-5.2.17-100.fc29
The following builds have been pushed to Fedora 29 updates-testing
NetworkManager-openconnect-1.2.6-2.fc29 R-microbenchmark-1.4.7-1.fc29 SDL2-2.0.10-1.fc29 cascadia-code-fonts-1909.16-1.fc29 chromium-77.0.3865.90-2.fc29 conmon-2.0.1-1.fc29 containernetworking-plugins-0.8.2-2.git485be65.fc29 ethtool-5.3-1.fc29 fuse-zip-0.7.0-1.fc29 krb5-1.16.1-26.fc29 mate-common-1.22.1-1.fc29 mate-optimus-19.10.4-1.fc29 mosquitto-1.6.7-1.fc29 perl-Server-Starter-0.35-1.fc29 perl-Test-Directory-0.051-1.fc29 php-7.2.23-1.fc29 recap-2.1.0-3.fc29 suricata-4.1.5-2.fc29 switchboard-plug-about-2.6.0-1.fc29 ucx-1.6.1-1.fc29
Details about builds:
================================================================================ NetworkManager-openconnect-1.2.6-2.fc29 (FEDORA-2019-71424ab2b9) NetworkManager VPN plugin for openconnect -------------------------------------------------------------------------------- Update Information:
Fix IPv6 nameserver support (#1753422) -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 25 2019 David Woodhouse dwmw2@infradead.org - 1.2.6-2 - Fix IPv6 nameserver support (#1753422) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1753422 - DNS settings not populated for openconnect vpn https://bugzilla.redhat.com/show_bug.cgi?id=1753422 --------------------------------------------------------------------------------
================================================================================ R-microbenchmark-1.4.7-1.fc29 (FEDORA-2019-5a4245cc7e) Accurate Timing Functions -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 24 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.4.7-1 - Update to latest version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1754951 - R-microbenchmark-1.4-7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1754951 --------------------------------------------------------------------------------
================================================================================ SDL2-2.0.10-1.fc29 (FEDORA-2019-8ef33a69ca) Cross-platform multimedia library -------------------------------------------------------------------------------- Update Information:
Update to 2.0.10 to fix security issues. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 26 2019 Pete Walter pwalter@fedoraproject.org - 2.0.10-1 - Update to 2.0.10 * Wed Jul 24 2019 Fedora Release Engineering releng@fedoraproject.org - 2.0.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri Feb 15 2019 Tom Callaway spot@fedoraproject.org - 2.0.9-3 - use khrplatform defines, not ptrdiff_t * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 2.0.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1747237 - CVE-2019-13616 SDL: Heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c https://bugzilla.redhat.com/show_bug.cgi?id=1747237 --------------------------------------------------------------------------------
================================================================================ cascadia-code-fonts-1909.16-1.fc29 (FEDORA-2019-77686bae09) A monospaced font designed for programming and terminal emulation -------------------------------------------------------------------------------- Update Information:
New package: cascadia-code-fonts - A monospaced font designed for programming and terminal emulation -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1753744 - Review Request: cascadia-code-fonts - A monospaced font designed for programming and terminal emulation https://bugzilla.redhat.com/show_bug.cgi?id=1753744 --------------------------------------------------------------------------------
================================================================================ chromium-77.0.3865.90-2.fc29 (FEDORA-2019-c47099eb44) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information:
Chromium 77.0.3865.90 update. See the official announcement on https://chromereleases.googleblog.com/2019/09/stable-channel-update-for- desktop.html and https://chromereleases.googleblog.com/2019/09/stable-channel- update-for-desktop_18.html -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 23 2019 Tomas Popela tpopela@redhat.com - 77.0.3865.90-2 - Fix the icon - Remove quite a few of downstream patches - Fix the crashes by backporting an upstream bug - Resolves: rhbz#1754179 * Thu Sep 19 2019 Tomas Popela tpopela@redhat.com - 77.0.3865.90-1 - Update to 77.0.3865.90 * Mon Sep 16 2019 Tomas Popela tpopela@redhat.com - 77.0.3865.75-2 - Update the list of private libraries * Fri Sep 13 2019 Tomas Popela tpopela@redhat.com - 77.0.3865.75-1 - Update to 77.0.3865.75 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1754914 - Weird black icon is used for Chromium https://bugzilla.redhat.com/show_bug.cgi?id=1754914 [ 2 ] Bug #1754179 - All pages fail to load with "Aw, Snap!" https://bugzilla.redhat.com/show_bug.cgi?id=1754179 --------------------------------------------------------------------------------
================================================================================ conmon-2.0.1-1.fc29 (FEDORA-2019-69e5da219e) OCI container runtime monitor -------------------------------------------------------------------------------- Update Information:
Resolves: #1753594, #1753671 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 25 2019 Lokesh Mandvekar lsm5@fedoraproject.org - 2:2.0.1-1 - Resolves: #1753594, #1753671 - bump to v2.0.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1753594 - Unable to deploy openshift-infra metrics with glusterfs-block https://bugzilla.redhat.com/show_bug.cgi?id=1753594 [ 2 ] Bug #1753671 - Update conmon to 2.0.1 https://bugzilla.redhat.com/show_bug.cgi?id=1753671 --------------------------------------------------------------------------------
================================================================================ containernetworking-plugins-0.8.2-2.git485be65.fc29 (FEDORA-2019-46159f42bd) Libraries for writing CNI plugin -------------------------------------------------------------------------------- Update Information:
bump to v0.8.2 -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 15 2019 Lokesh Mandvekar (Bot) lsm5+bot@fedoraproject.org - 0.8.2-2.git485be65 - bump to v0.8.2 - autobuilt 485be65 --------------------------------------------------------------------------------
================================================================================ ethtool-5.3-1.fc29 (FEDORA-2019-4b3dd5babe) Settings tool for Ethernet NICs -------------------------------------------------------------------------------- Update Information:
ethtool 5.3 =========== * Feature: igb: dump RR2DCDELAY register * Feature: dump nested registers -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 26 2019 Robert Scheck robert@fedoraproject.org - 2:5.3-1 - Upgrade to 5.3 (#1754625) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1754625 - ethtool-5.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1754625 --------------------------------------------------------------------------------
================================================================================ fuse-zip-0.7.0-1.fc29 (FEDORA-2019-12cac9155c) Filesystem to navigate, extract, create and modify ZIP archives -------------------------------------------------------------------------------- Update Information:
Update to 0.7.0. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 25 2019 Vasiliy N. Glazov vascom2@gmail.com - 0.7.0-1 - Update to 0.7.0 --------------------------------------------------------------------------------
================================================================================ krb5-1.16.1-26.fc29 (FEDORA-2019-dc4e1d0fb6) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information:
Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844) This is a purely denial-of-service issue, though it is unauthenticated, and is unlikely to trigger by accident. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 25 2019 Robbie Harwood rharwood@redhat.com - 1.16.1-26 - Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844) --------------------------------------------------------------------------------
================================================================================ mate-common-1.22.1-1.fc29 (FEDORA-2019-96a2052b9a) mate common build files -------------------------------------------------------------------------------- Update Information:
- update to 1.22.1 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 25 2019 Wolfgang Ulbrich fedora@raveit.de - 1.22.1-1 - update to 1.22.1 --------------------------------------------------------------------------------
================================================================================ mate-optimus-19.10.4-1.fc29 (FEDORA-2019-faaea1b802) NVIDIA Optimus GPU switcher -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Sat Sep 14 2019 Artem Polishchuk ego.cordatus@gmail.com - 19.10.4-1 - Update to 19.10.4 --------------------------------------------------------------------------------
================================================================================ mosquitto-1.6.7-1.fc29 (FEDORA-2019-d99e2329cb) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information:
1.6.7 ===== Broker: * Add workaround for working with libwebsockets 3.2.0. * Fix potential crash when reloading config. Client library: * Don't use / in autogenerated client ids, to avoid confusing with topics. * Fix mosquitto_max_inflight_messages_set() and mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...) behaviour. * Fix regression on use of mosquitto_connect_async() not working. Clients: * mosquitto_sub: Fix -E incorrectly not working unless -d was also specified. * Updated documentation around automatic client ids. 1.6.6 ===== Security: * CVE-2019-11779 * Restrict topic hierarchy to 200 levels to prevent possible stack overflow. Broker: * Restrict topic hierarchy to 200 levels to prevent possible stack overflow. * mosquitto_passwd now returns 1 when attempting to update a user that does not exist. 1.6.5 ===== Broker: * Fix v5 DISCONNECT packets with remaining length == 2 being treated as a protocol error. * Fix support for libwebsockets 3.x. * Fix slow websockets performance when sending large messages. * Fix bridges potentially not connecting on Windows. * Fix clients authorised using `use_identity_as_username` or `use_subject_as_username` being disconnected on SIGHUP. * Improve error messages in some situations when clients disconnect. Reduces the number of "Socket error on client X, disconnecting" messages. * Fix Will for v5 clients not being sent if will delay interval was greater than the session expiry interval. * Fix CRL file not being reloaded on HUP. * Fix repeated "Error in poll" messages on Windows when only websockets listeners are defined. Client library: * Fix reconnect backoff for the situation where connections are dropped rather than refused. * Fix missing locks on `mosq->state`. Documentation: * Improve details on global/per listener options in the mosquitto.conf man page. * Clarify behaviour when clients exceed the `message_size_limit`. * Improve documentation for `max_inflight_bytes`, `max_inflight_messages`, and `max_queued_messages`. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 25 2019 Peter Robinson pbrobinson@fedoraproject.org 1.6.7-1 - 1.6.7 release * Tue Sep 24 2019 Fabian Affolter mail@fabian-affolter.ch - 1.6.6-1 - Update to new upstream version 1.6.6 * Sat Sep 14 2019 Peter Robinson pbrobinson@fedoraproject.org 1.6.5-1 - 1.6.5 release * Mon Sep 2 2019 Peter Robinson pbrobinson@fedoraproject.org 1.6.4-2 - Rebuild for libwebsockets 3.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1753846 - CVE-2019-11779 mosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow https://bugzilla.redhat.com/show_bug.cgi?id=1753846 --------------------------------------------------------------------------------
================================================================================ perl-Server-Starter-0.35-1.fc29 (FEDORA-2019-319f5019e7) Superdaemon for hot-deploying server programs -------------------------------------------------------------------------------- Update Information:
-------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 25 2019 Ralf Cors��pius corsepiu@fedoraproject.org - 0.35-1 - Upstream update to 0.35. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1754415 - Upgrade perl-Server-Starter to 0.35 https://bugzilla.redhat.com/show_bug.cgi?id=1754415 --------------------------------------------------------------------------------
================================================================================ perl-Test-Directory-0.051-1.fc29 (FEDORA-2019-b031ce96d0) Perl extension for maintaining test directories -------------------------------------------------------------------------------- Update Information:
This release corrects fixing deep diretory trees and reports an error in case of an failure. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 25 2019 Petr Pisar ppisar@redhat.com - 0.051-1 - 0.051 bump * Mon Sep 23 2019 Petr Pisar ppisar@redhat.com - 0.050-1 - 0.050 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1754235 - perl-Test-Directory-0.051 is available https://bugzilla.redhat.com/show_bug.cgi?id=1754235 --------------------------------------------------------------------------------
================================================================================ php-7.2.23-1.fc29 (FEDORA-2019-aac03463e4) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information:
**PHP version 7.2.23** (26 Sep 2019) **Core:** * Fixed bug php#78220 (Can't access OneDrive folder). (cmb, ab) * Fixed bug php#78412 (Generator incorrectly reports non-releasable $this as GC child). (Nikita) **FastCGI:** * Fixed bug php#78469 (FastCGI on_accept hook is not called when using named pipes on Windows). (Sergei Turchanov) **MySQLnd:** * Fixed connect_attr issues and added the _server_host connection attribute. (Qianqian Bu) **ODBC:** * Fixed bug php#78473 (odbc_close() closes arbitrary resources). (cmb) **PDO_MySQL:** * Fixed bug php#41997 (SP call yields additional empty result set). (cmb) **sodium:** * Fixed bug php#78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init()). (Frank Denis, cmb) **SPL:** * Fixed bug php#72884 (SplObject isCloneable() returns true but errs on clone). (Chu Zhaowei) -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 25 2019 Remi Collet remi@remirepo.net - 7.2.23-1 - Update to 7.2.23 - http://www.php.net/releases/7_2_23.php --------------------------------------------------------------------------------
================================================================================ recap-2.1.0-3.fc29 (FEDORA-2019-a321ee9ff7) Generates reports of various system information -------------------------------------------------------------------------------- Update Information:
Adding two new packages: f31 and epel8, both now use timers. -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 20 2019 Tony Garcia tony.garcia@rackspace.com - 2.1.0-3 - Update dependencies when using timers * Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 2.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ suricata-4.1.5-2.fc29 (FEDORA-2019-c680ecbf8b) Intrusion Detection System -------------------------------------------------------------------------------- Update Information:
This is a bugfix release where some of the bugs fixed are security bugs. Please update. ---- This is a bugfix release where some of the bugs fixed are security bugs. Please update. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 25 2019 Steve Grubb sgrubb@redhat.com 4.1.5-2 - Hardcode python 2 * Tue Sep 24 2019 Steve Grubb sgrubb@redhat.com 4.1.5-1 - New upstream bug and security release. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1736756 - suricata.service file uses unknown options on EL7 https://bugzilla.redhat.com/show_bug.cgi?id=1736756 --------------------------------------------------------------------------------
================================================================================ switchboard-plug-about-2.6.0-1.fc29 (FEDORA-2019-4c522e9cd9) Switchboard System Information plug -------------------------------------------------------------------------------- Update Information:
Update to version 2.6.0. Release notes: https://github.com/elementary/switchboard-plug-about/releases/tag/2.6.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 25 2019 Fabio Valentini decathorpe@gmail.com - 2.6.0-1 - Update to version 2.6.0. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1752931 - switchboard-plug-about-2.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1752931 --------------------------------------------------------------------------------
================================================================================ ucx-1.6.1-1.fc29 (FEDORA-2019-57bca0039a) UCX is a communication library implementing high-performance messaging -------------------------------------------------------------------------------- Update Information:
See NEWS -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 20 2019 Yossi Itigin yosefe@mellanox.com 1.6.1-1 - Bump version to 1.6.1 --------------------------------------------------------------------------------