The following Fedora 28 Security updates need testing: Age URL 117 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 89 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c75a37ae9b blktrace-1.2.0-6.fc28 76 https://bodhi.fedoraproject.org/updates/FEDORA-2018-202c536f70 gifsicle-1.91-1.fc28 67 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 65 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 58 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dd3f7c013 unrtf-0.21.9-8.fc28 26 https://bodhi.fedoraproject.org/updates/FEDORA-2018-28e9841baf docker-latest-1.13.1-37.git9cb56fd.fc28 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0c586e5178 quazip-0.7.6-1.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-33fef25ed1 ghc-hakyll-4.10.0.0-3.fc28 pandoc-citeproc-0.12.2.5-4.fc28 ghc-hs-bibutils-6.6.0.0-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7a9777480c python-uranium-lulzbot-3.2.23-1.fc28 CuraEngine-lulzbot-3.2.23-1.fc28 cura-lulzbot-3.2.23-1.fc28 lulzbot-marlin-firmware-1.1.8.62-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-64955716d6 moodle-3.4.4-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f37cbaafdf mingw-LibRaw-0.18.13-2.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-74fb8b257b qemu-2.11.2-2.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b48e0b8761 libpng15-1.5.30-6.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9b54497b6e php-symfony-2.8.44-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9c38d1dc1d php-symfony3-3.4.14-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3238d4da59 mingw-glibmm24-2.56.0-1.fc28 mingw-glib2-2.56.1-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b7d774a7c1 knot-resolver-2.4.1-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-732f45d43e php-symfony4-4.0.14-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a606489ae php-zendframework-zend-diactoros-1.8.4-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-71e9650fa9 php-zendframework-zend-http-2.8.1-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7da5983771 php-zendframework-zend-feed-2.10.3-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0c85690ba7 python2-django1.11-1.11.15-2.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a5a7f83e1b cgit-1.1-11.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ca0e10fc6e kernel-headers-4.17.12-1.fc28 kernel-tools-4.17.12-200.fc28 kernel-4.17.12-200.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-22c1b7e738 thunderbird-enigmail-2.0.8-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c3a2174314 python34-3.4.9-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bb965553f9 mozilla-privacy-badger-2018.8.1-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-99ff4c8f80 python35-3.5.6-1.fc28
The following Fedora 28 Critical Path updates have yet to be approved: Age URL 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4b3f72d8c9 perl-5.26.2-413.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0dd9176f34 pcre2-10.31-8.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-74fb8b257b qemu-2.11.2-2.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ca0e10fc6e kernel-headers-4.17.12-1.fc28 kernel-tools-4.17.12-200.fc28 kernel-4.17.12-200.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2eac5b6cb4 perl-HTTP-Tiny-0.076-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b55dc6f3bd vim-8.1.240-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
R-rgdal-1.3.4-1.fc28 copr-rpmbuild-0.20-1.fc28 cri-o-1.11.1-1.git1759204.fc28 cups-2.2.6-18.fc28 fedmod-0.2-1.fc28 libgit2-0.26.6-1.fc28 libusbx-1.0.22-1.fc28 mariadb-java-client-2.2.6-1.fc28 mingw-libusbx-1.0.22-1.fc28 mingw-usbredir-0.8.0-1.fc28 perl-Pod-Markdown-3.101-1.fc28 poedit-2.1.1-1.fc28 python-abimap-0.3.0-1.fc28 stlink-1.5.1-0.1.20180802gitae717b9.fc28 unboundid-ldapsdk-4.0.7-1.fc28 usbredir-0.8.0-1.fc28
Details about builds:
================================================================================ R-rgdal-1.3.4-1.fc28 (FEDORA-2018-efeae192a8) Bindings for the 'Geospatial' Data Abstraction Library -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 6 2018 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.3.4-1 - Update to latest version * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 1.3.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ copr-rpmbuild-0.20-1.fc28 (FEDORA-2018-fcd54eff78) Run COPR build tasks -------------------------------------------------------------------------------- Update Information:
- for py3 use unittest.mock, otherwise mock from python2-mock - avoid subprocess.communicate(timeout=..) - BlockingIOError, IOError -> OSError - hack for optional argparse subparser - fix shebang for epel7 - use fcntl.lockf (works with python 2.7, too) - make copr-rpmbuild installable/buildable on el7 -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 6 2018 clime clime@redhat.com 0.20-1 - for py3 use unittest.mock, otherwise mock from python2-mock - avoid subprocess.communicate(timeout=..) - BlockingIOError, IOError -> OSError - hack for optional argparse subparser - fix shebang for epel7 - use fcntl.lockf (works with python 2.7, too) - make copr-rpmbuild installable/buildable on el7 --------------------------------------------------------------------------------
================================================================================ cri-o-1.11.1-1.git1759204.fc28 (FEDORA-2018-28f30efaf6) Kubernetes Container Runtime Interface for OCI-based containers -------------------------------------------------------------------------------- Update Information:
Update to latest version. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 11 2018 Dan Walsh dwalsh@redhat.com - 2:1.11.1-1.rhaos3.11.git76a48bd - bump to v1.11.1 * Mon Jul 2 2018 Dan Walsh dwalsh@redhat.com - 2:1.11.0-1.git441bd3d - bump to v1.11.0 * Wed Jun 27 2018 Dan Walsh dwalsh@redhat.com - 2:1.10.4-1.rhaos3.10.gitebaa77a - bump to v1.10.4 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1599131 - CVE-2018-10892 cri-o: docker: container breakout without selinux in enforcing mode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1599131 --------------------------------------------------------------------------------
================================================================================ cups-2.2.6-18.fc28 (FEDORA-2018-55836ac1ad) CUPS printing system -------------------------------------------------------------------------------- Update Information:
1613251 - Remove weak SSL/TLS ciphers from CUPS ---- 1612935 - cups doesn't restart after cupsctl command -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Zdenek Dohnal zdohnal@redhat.com - 1:2.2.6-18 - 1613251 - Remove weak SSL/TLS ciphers from CUPS * Mon Aug 6 2018 Zdenek Dohnal zdohnal@redhat.com - 1:2.2.6-17 - 1612935 - cups doesn't restart after cupsctl command -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1613251 - None https://bugzilla.redhat.com/show_bug.cgi?id=1613251 [ 2 ] Bug #1612935 - None https://bugzilla.redhat.com/show_bug.cgi?id=1612935 --------------------------------------------------------------------------------
================================================================================ fedmod-0.2-1.fc28 (FEDORA-2018-b8bc528ad4) Utilities for generating & maintaining modulemd files -------------------------------------------------------------------------------- Update Information:
This updated introduces the `rpm2flatpak` command. -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Nils Philippsen nils@redhat.com 0.2-1 - Update version metadata for release 0.2 (nils@redhat.com) - ignore untracked files for releases (nils@redhat.com) - reset release when tagging (nils@redhat.com) - fix typo (nils@redhat.com) - Add flatpak-report command (otaylor@fishsoup.net) - Add rpm2flatpak (otaylor@fishsoup.net) - Factor out a rpm_name_only utility functio (otaylor@fishsoup.net) --------------------------------------------------------------------------------
================================================================================ libgit2-0.26.6-1.fc28 (FEDORA-2018-3e021c6c2e) C implementation of the Git core methods as a library with a solid API -------------------------------------------------------------------------------- Update Information:
This is a security release fixing out-of-bounds reads when processing smart- protocol "ng" packets. When parsing an "ng" packet, we keep track of both the current position as well as the remaining length of the packet itself. But instead of taking care not to exceed the length, we pass the current pointer's position to strchr, which will search for a certain character until hitting NUL. It is thus possible to create a crafted packet which doesn't contain a NUL byte to trigger an out-of-bounds read. The issue was discovered by the oss-fuzz project, issue 9406. -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Pete Walter pwalter@fedoraproject.org - 0.26.6-1 - Update to 0.26.6 --------------------------------------------------------------------------------
================================================================================ libusbx-1.0.22-1.fc28 (FEDORA-2018-83cf562cce) Library for accessing USB devices -------------------------------------------------------------------------------- Update Information:
Update to 1.0.22 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Victor Toso victortoso@redhat.com - 1.0.22-1 - Update to 1.0.22 --------------------------------------------------------------------------------
================================================================================ mariadb-java-client-2.2.6-1.fc28 (FEDORA-2018-215876350b) Connects applications developed in Java to MariaDB and MySQL databases -------------------------------------------------------------------------------- Update Information:
Minor change: [CONJ-623] Increase connection logging when Primary node connection fails [CONJ-384] Permit knowing affected rows number, not only real changed rows Bug correction: [CONJ-624] MariaDbPoolDataSource possible NPE on configuration getter [CONJ-622] The option "connectTimeout" must take in account DriverManager.getLoginTimeout() when set [CONJ-621] wrong escaping when having curly bracket in table/field name [CONJ-618] Client preparestatement parsing error on escaped ' / " in query -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Jakub Janco jjanco@redhat.com - 2.2.6-1 - new version * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 2.2.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ mingw-libusbx-1.0.22-1.fc28 (FEDORA-2018-00616865ff) MinGW library which allows userspace access to USB devices -------------------------------------------------------------------------------- Update Information:
Update to 1.0.22 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Victor Toso victortoso@redhat.com - 1.0.22-1 - Update to 1.0.22 * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 1.0.21-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1417637 - libusbx should provide a DLL with WinUSB backend as well https://bugzilla.redhat.com/show_bug.cgi?id=1417637 --------------------------------------------------------------------------------
================================================================================ mingw-usbredir-0.8.0-1.fc28 (FEDORA-2018-2c8666e92d) MinGW USB network redirection protocol libraries -------------------------------------------------------------------------------- Update Information:
Update to 0.8.0 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Victor Toso victortoso@redhat.com - 0.8.0-1 - Update to 0.8.0 * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 0.7.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ perl-Pod-Markdown-3.101-1.fc28 (FEDORA-2018-85781fd810) Convert POD to Markdown -------------------------------------------------------------------------------- Update Information:
Updated to the latest version -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Jitka Plesnikova jplesnik@redhat.com - 3.101-1 - 3.101 bump * Mon Aug 6 2018 Jitka Plesnikova jplesnik@redhat.com - 3.100-1 - 3.100 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1613088 - perl-Pod-Markdown-3.101 is available https://bugzilla.redhat.com/show_bug.cgi?id=1613088 --------------------------------------------------------------------------------
================================================================================ poedit-2.1.1-1.fc28 (FEDORA-2018-d5e3b75dd0) GUI editor for GNU gettext .po files -------------------------------------------------------------------------------- Update Information:
New upstream version 2.1.1 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Wolfgang St��ggl c72578@yahoo.de - 2.1.1-1 - New upstream version --------------------------------------------------------------------------------
================================================================================ python-abimap-0.3.0-1.fc28 (FEDORA-2018-937b095bb0) A helper for library maintainers to use symbol versioning -------------------------------------------------------------------------------- Update Information:
Initial package. --------------------------------------------------------------------------------
================================================================================ stlink-1.5.1-0.1.20180802gitae717b9.fc28 (FEDORA-2018-e7971c05d2) STM32 discovery line Linux programmer -------------------------------------------------------------------------------- Update Information:
Update to latest git version. -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Vasiliy N. Glazov vascom2@gmail.com - 1.5.1-0.1.20180802gitae717b9 - Update to latest git * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ unboundid-ldapsdk-4.0.7-1.fc28 (FEDORA-2018-70434f9708) UnboundID LDAP SDK for Java -------------------------------------------------------------------------------- Update Information:
Rebase package(s) to version: 4.0.7 Highlights, important fixes, or notable enhancements: bugfixing and improvements are detailed in 4.0.7 release notes at https://github.com/pingidentity/ldapsdk/releases/tag/4.0.7 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Sandro Bonazzola sbonazzo@redhat.com - 4.0.7-1 - Update to 4.0.7 (#1613079) * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 4.0.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1613079 - unboundid-ldapsdk-4.0.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1613079 --------------------------------------------------------------------------------
================================================================================ usbredir-0.8.0-1.fc28 (FEDORA-2018-d200332c07) USB network redirection protocol libraries -------------------------------------------------------------------------------- Update Information:
Update to 0.8.0 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 7 2018 Victor Toso victortoso@redhat.com - 0.8.0-1 - Update to 0.8.0 --------------------------------------------------------------------------------