The following Fedora 34 Security updates need testing: Age URL 13 https://bodhi.fedoraproject.org/updates/FEDORA-2021-7cd749f133 libslirp-4.4.0-4.fc34 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-031436cb0e nginx-1.20.1-3.fc34 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b9187c535c php-league-flysystem-1.1.4-1.fc34 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-208340a217 dovecot-2.3.15-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-bf942f1fa3 rabbitmq-server-3.8.18-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-3f62e7d125 nodejs-svgo-2.3.1-1.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-d867b595d1 php-7.4.21-1.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a6bde7ab18 python-urllib3-1.25.10-5.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-f94dadff78 chromium-91.0.4472.114-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-eac0e52f88 nextcloud-20.0.10-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-fe826f202e kernel-5.12.14-300.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-5bbf51d86d perl-Mojolicious-8.73-2.fc34 0 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a8ebb71068 suricata-6.0.3-1.fc34
The following Fedora 34 Critical Path updates have yet to be approved: Age URL 86 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1300e131b6 ddpt-0.96-4.fc34 ledmon-0.95-4.fc34 libgpod-0.8.3-38.fc34 libzfcphbaapi-2.2.0-12.fc34 lsvpd-1.7.11-6.fc34 sg3_utils-1.46-1.fc34 udisks-1.0.5-18.fc34 13 https://bodhi.fedoraproject.org/updates/FEDORA-2021-7cd749f133 libslirp-4.4.0-4.fc34 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-67645ae09f xkeyboard-config-2.33-1.fc34 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-5c9193be36 osinfo-db-20210621-1.fc34 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e8b161d0ee nfs-utils-2.5.4-0.fc34 8 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6845aff447 gnome-software-40.2-2.fc34 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b80df3fe09 totem-pl-parser-3.26.6-1.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-3954e86d9e mtools-4.0.31-1.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-d5ca678639 annobin-9.79-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-fe826f202e kernel-5.12.14-300.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ff79992346 gnome-autoar-0.3.3-1.fc34
The following builds have been pushed to Fedora 34 updates-testing
appstream-data-34-2.fc34 cockpit-podman-32-1.fc34 distribution-gpg-keys-1.55-1.fc34 djvulibre-3.5.27-30.fc34 ec2-hibinit-agent-1.0.4-1.fc34 fish-3.3.0-1.fc34 golang-github-sgreben-flagvar-1.10.1-1.fc34 hplip-3.21.2-8.fc34 koji-1.25.1-1.fc34 libvirt-7.0.0-6.fc34 mame-0.233-1.fc34 open-policy-agent-0.30.1-1.fc34 php-masterminds-html5-2.7.5-1.fc34 python-libnacl-1.7.2-3.fc34 qt5-qtbase-5.15.2-16.fc34 rust-az-1.1.1-1.fc34 rust-cordic-0.1.5-1.fc34 rust-fixed-1.9.0-1.fc34 rust-msgbox-0.6.1-1.fc34 rust-oxipng-4.0.3-1.fc34 rust-plotters-backend-0.3.2-1.fc34 rust-target-1.0.0-1.fc34 selinux-policy-34.13-1.fc34 umockdev-0.16.1-1.fc34 unrealircd-5.2.0.2-1.fc34
Details about builds:
================================================================================ appstream-data-34-2.fc34 (FEDORA-2021-7a2a6e0178) Fedora AppStream metadata -------------------------------------------------------------------------------- Update Information:
- New metadata version -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 2 2021 Richard Hughes richard@hughsie.com 34-2 - New metadata version --------------------------------------------------------------------------------
================================================================================ cockpit-podman-32-1.fc34 (FEDORA-2021-9f1a5b994b) Cockpit component for Podman containers -------------------------------------------------------------------------------- Update Information:
- PatternFly and other npm module updates -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 2 2021 Martin Pitt martin@piware.de - 32-1 - PatternFly and other npm module updates --------------------------------------------------------------------------------
================================================================================ distribution-gpg-keys-1.55-1.fc34 (FEDORA-2021-38df5b27cb) GPG keys of various Linux distributions -------------------------------------------------------------------------------- Update Information:
- update copr keys - Add Rocky Linux Keys -------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 28 2021 Miroslav Such�� msuchy@redhat.com 1.55-1 - update copr keys - Add Rocky Linux Keys --------------------------------------------------------------------------------
================================================================================ djvulibre-3.5.27-30.fc34 (FEDORA-2021-7514c11a37) DjVu viewers, encoders, and utilities -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2021-3630 -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 2 2021 Marek Kasik mkasik@redhat.com - 3.5.27-30 - Improve previous commit - Resolves: #1977428 * Fri Jul 2 2021 Marek Kasik mkasik@redhat.com - 3.5.27-29 - Fix out-of-bounds write in djvutext - Resolves: #1977428 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1977427 - CVE-2021-3630 djvulibre: out-of-bounds write in DJVU::DjVuTXT::decode() in DjVuText.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1977427 --------------------------------------------------------------------------------
================================================================================ ec2-hibinit-agent-1.0.4-1.fc34 (FEDORA-2021-f42263702e) Hibernation setup utility for Amazon EC2 -------------------------------------------------------------------------------- Update Information:
Update to v1.0.4 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 1 2021 David Duncan davdunc@amazon.com - 1.0.4-1 - Update to v1.0.4 * Sat Jun 5 2021 Python Maint python-maint@redhat.com - 1.0.3-8 - Rebuilt for Python 3.10 * Fri Jun 4 2021 Python Maint python-maint@redhat.com - 1.0.3-7 - Rebuilt for Python 3.10 * Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 1.0.3-6 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1978489 - Update to v1.0.4 for f34 https://bugzilla.redhat.com/show_bug.cgi?id=1978489 --------------------------------------------------------------------------------
================================================================================ fish-3.3.0-1.fc34 (FEDORA-2021-f31d6bcea4) Friendly interactive shell -------------------------------------------------------------------------------- Update Information:
Update to 3.3.0 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 1 2021 Siteshwar Vashisht svashisht@redhat.com - 3.3.0-1 - Update to 3.3.0 Resolves: #1947062 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1947062 - fish-3.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1947062 --------------------------------------------------------------------------------
================================================================================ golang-github-sgreben-flagvar-1.10.1-1.fc34 (FEDORA-2021-4d087e6324) A collection of CLI argument types for the Go `flag` package -------------------------------------------------------------------------------- Update Information:
Initial release -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1976038 - Review Request: golang-github-sgreben-flagvar - A collection of CLI argument types for the Go `flag` package https://bugzilla.redhat.com/show_bug.cgi?id=1976038 --------------------------------------------------------------------------------
================================================================================ hplip-3.21.2-8.fc34 (FEDORA-2021-547a66e937) HP Linux Imaging and Printing Project -------------------------------------------------------------------------------- Update Information:
1976465 - [hplip] PY_SSIZE_T_CLEAN macro must be defined for '#' formats require usbutils - needed by hp-diagnose_queues ---- sleep after utils.run() (related #1963114) -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 2 2021 Zdenek Dohnal zdohnal@redhat.com - 3.21.2-8 - 1976465 - [hplip] PY_SSIZE_T_CLEAN macro must be defined for '#' formats - require usbutils - needed by hp-diagnose_queues * Mon Jun 28 2021 Zdenek Dohnal zdohnal@redhat.com - 3.21.2-7 - sleep after utils.run() (related #1963114) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1963114 - patch for hplip firmware load timeout fix https://bugzilla.redhat.com/show_bug.cgi?id=1963114 [ 2 ] Bug #1976465 - [hplip] PY_SSIZE_T_CLEAN macro must be defined for '#' formats https://bugzilla.redhat.com/show_bug.cgi?id=1976465 --------------------------------------------------------------------------------
================================================================================ koji-1.25.1-1.fc34 (FEDORA-2021-832598ada1) Build system tools -------------------------------------------------------------------------------- Update Information:
Update to bugfix release 1.25.1. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 1 2021 Kevin Fenzi kevin@scrye.com - 1.25.1-1 - Update to 1.25.1. Fixes rhbz#1978116 * Tue Jun 15 2021 Jiri Popelka jpopelka@redhat.com - 1.25.0-3 - Python egginfo. Fixes rhbz#1968618 * Fri Jun 4 2021 Python Maint python-maint@redhat.com - 1.25.0-2 - Rebuilt for Python 3.10 --------------------------------------------------------------------------------
================================================================================ libvirt-7.0.0-6.fc34 (FEDORA-2021-bc6ad65da0) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information:
* CVE-2021-3631 libvirt: insecure sVirt label generation (bz #1977760) ---- * Crash in udev driver populate_vendor (bz #1966851) * Fix CAP_SETPCAP syslog warning (bz #1924218) -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 2 2021 Cole Robinson crobinso@redhat.com - 7.0.0-6 - CVE-2021-3631 libvirt: insecure sVirt label generation (bz #1977760) * Tue Jun 29 2021 Cole Robinson crobinso@redhat.com - 7.0.0-5 - Crash in udev driver populate_vendor (bz #1966851) - Fix CAP_SETPCAP syslog warning (bz #1924218) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1977726 - CVE-2021-3631 libvirt: insecure sVirt label generation https://bugzilla.redhat.com/show_bug.cgi?id=1977726 --------------------------------------------------------------------------------
================================================================================ mame-0.233-1.fc34 (FEDORA-2021-6b0e9f68dd) Multiple Arcade Machine Emulator -------------------------------------------------------------------------------- Update Information:
An update to the latest upstream release: * https://www.mamedev.org/?p=501 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 1 2021 Julian Sikorski belegdol@fedoraproject.org - 0.233-1 - Update to 0.233 --------------------------------------------------------------------------------
================================================================================ open-policy-agent-0.30.1-1.fc34 (FEDORA-2021-72b4e72ecc) Open source, general-purpose policy engine -------------------------------------------------------------------------------- Update Information:
Update to latest upstream 0.30.1 (fixes rhbz#1978733) ---- - Update to latest upstream 0.30.0 (fixes rhbz#1966363) - Fix license (internal/jwx is licensed under MIT license) -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 2 2021 Olivier Lemasle o.lemasle@gmail.com - 0.30.1-1 - Update to latest upstream 0.30.1 (fixes rhbz#1978733) * Thu Jul 1 2021 Olivier Lemasle o.lemasle@gmail.com - 0.30.0-1 - Update to latest upstream 0.30.0 (fixes rhbz#1966363) - Fix license (internal/jwx is licensed under MIT license) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1966363 - open-policy-agent-0.30.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1966363 [ 2 ] Bug #1978733 - open-policy-agent-0.30.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1978733 --------------------------------------------------------------------------------
================================================================================ php-masterminds-html5-2.7.5-1.fc34 (FEDORA-2021-b813fcfa8f) An HTML5 parser and serializer -------------------------------------------------------------------------------- Update Information:
**Version 2.7.5** * Fix PHP 8.1 deprecations -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 2 2021 Remi Collet remi@remirepo.net - 2.7.5-1 - update to 2.7.5 --------------------------------------------------------------------------------
================================================================================ python-libnacl-1.7.2-3.fc34 (FEDORA-2021-23692092b3) Python bindings for libsodium based on ctypes -------------------------------------------------------------------------------- Update Information:
(#1820150) Fix for TestRandomBytes.test_crypto_kdf_derive_from_key fails on 32-bit x86 -------------------------------------------------------------------------------- ChangeLog:
* Fri May 7 2021 S��rgio Basto sergio@serjux.com - 1.7.2-3 - (#1820150) Fix for TestRandomBytes.test_crypto_kdf_derive_from_key fails on 32-bit x86 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1820150 - crypto_kdf_derive_from_key segfaults on ARM https://bugzilla.redhat.com/show_bug.cgi?id=1820150 --------------------------------------------------------------------------------
================================================================================ qt5-qtbase-5.15.2-16.fc34 (FEDORA-2021-fb4b704f36) Qt5 - QtBase components -------------------------------------------------------------------------------- Update Information:
Backport upstream fix for QTBUG-91909 -------------------------------------------------------------------------------- ChangeLog:
* Sat May 1 2021 Alessandro Astone ales.astone@gmail.com - 5.15.2-16 - Backport upstream fix for QTBUG-91909 --------------------------------------------------------------------------------
================================================================================ rust-az-1.1.1-1.fc34 (FEDORA-2021-93e583c2bb) Casts and checked casts -------------------------------------------------------------------------------- Update Information:
New packages -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1973987 - Review Request: rust-az - Casts and checked casts https://bugzilla.redhat.com/show_bug.cgi?id=1973987 [ 2 ] Bug #1973992 - Review Request: rust-fixed - Fixed-point numbers https://bugzilla.redhat.com/show_bug.cgi?id=1973992 [ 3 ] Bug #1973993 - Review Request: rust-cordic - fixed-point numbers using the CORDIC method. https://bugzilla.redhat.com/show_bug.cgi?id=1973993 --------------------------------------------------------------------------------
================================================================================ rust-cordic-0.1.5-1.fc34 (FEDORA-2021-93e583c2bb) Special functions for fixed-point numbers using the CORDIC method -------------------------------------------------------------------------------- Update Information:
New packages -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1973987 - Review Request: rust-az - Casts and checked casts https://bugzilla.redhat.com/show_bug.cgi?id=1973987 [ 2 ] Bug #1973992 - Review Request: rust-fixed - Fixed-point numbers https://bugzilla.redhat.com/show_bug.cgi?id=1973992 [ 3 ] Bug #1973993 - Review Request: rust-cordic - fixed-point numbers using the CORDIC method. https://bugzilla.redhat.com/show_bug.cgi?id=1973993 --------------------------------------------------------------------------------
================================================================================ rust-fixed-1.9.0-1.fc34 (FEDORA-2021-93e583c2bb) Fixed-point numbers -------------------------------------------------------------------------------- Update Information:
New packages -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1973987 - Review Request: rust-az - Casts and checked casts https://bugzilla.redhat.com/show_bug.cgi?id=1973987 [ 2 ] Bug #1973992 - Review Request: rust-fixed - Fixed-point numbers https://bugzilla.redhat.com/show_bug.cgi?id=1973992 [ 3 ] Bug #1973993 - Review Request: rust-cordic - fixed-point numbers using the CORDIC method. https://bugzilla.redhat.com/show_bug.cgi?id=1973993 --------------------------------------------------------------------------------
================================================================================ rust-msgbox-0.6.1-1.fc34 (FEDORA-2021-ab2b88fe88) Multi-platform message box modal, which runs synchronously -------------------------------------------------------------------------------- Update Information:
Update to 0.6.1. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 2 2021 R��mi Lauzier remilauzier@protonmail.com - 0.6.1-1 - Update to 0.6.1. - Fixes RHBZ#1978521 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1978521 - rust-msgbox-0.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1978521 --------------------------------------------------------------------------------
================================================================================ rust-oxipng-4.0.3-1.fc34 (FEDORA-2021-fd30df9fff) Lossless PNG compression optimizer -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1966385 - Review Request: rust-oxipng - Oxipng is a multithreaded lossless PNG compression optimizer https://bugzilla.redhat.com/show_bug.cgi?id=1966385 --------------------------------------------------------------------------------
================================================================================ rust-plotters-backend-0.3.2-1.fc34 (FEDORA-2021-3fb6193e3e) Plotters Backend API -------------------------------------------------------------------------------- Update Information:
Update to version 0.3.2. ---- Update to 0.3.1. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 2 2021 R��mi Lauzier remilauzier@protonmail.com - 0.3.2-1 - Update to version 0.3.2. - Fixes RHBZ#1978751 * Wed Jun 30 2021 R��mi Lauzier remilauzier@protonmail.com - 0.3.1-1 - Update to version 0.3.1. - Fixes RHBZ#1977505 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1977505 - rust-plotters-backend-0.3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1977505 [ 2 ] Bug #1978751 - rust-plotters-backend-0.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1978751 --------------------------------------------------------------------------------
================================================================================ rust-target-1.0.0-1.fc34 (FEDORA-2021-c1dffd09dc) Get information on compilation target -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1974793 - Review Request: rust-target - Get information on compilation target https://bugzilla.redhat.com/show_bug.cgi?id=1974793 --------------------------------------------------------------------------------
================================================================================ selinux-policy-34.13-1.fc34 (FEDORA-2021-d343fed37a) SELinux policy configuration -------------------------------------------------------------------------------- Update Information:
New F34 selinux-policy build -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 1 2021 Zdenek Pytela zpytela@redhat.com - 34.13-1 - Allow radius map its library files - Allow nftables read NetworkManager unnamed pipes - Allow logrotate rotate container log files --------------------------------------------------------------------------------
================================================================================ umockdev-0.16.1-1.fc34 (FEDORA-2021-b05e2a9f3c) Mock hardware devices -------------------------------------------------------------------------------- Update Information:
This update implements better support for mocking USB and SPI devices. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 2 2021 Bastien Nocera bnocera@redhat.com - 0.16.1-1 + umockdev-0.16.1-1 - Update to 0.16.1 * Thu Jul 1 2021 Bastien Nocera bnocera@redhat.com - 0.16.0-1 + umockdev-0.16.0-1 - Update to 0.16.0 - Drop gphoto2 build dependency (rhbz#1962633) --------------------------------------------------------------------------------
================================================================================ unrealircd-5.2.0.2-1.fc34 (FEDORA-2021-bdb2fded28) Open Source IRC server -------------------------------------------------------------------------------- Update Information:
UnrealIRCd 5.2.0.2 ================== Removal of a debug message that was logged quite often. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 25 2021 Robert Scheck robert@fedoraproject.org 5.2.0.2-1 - Upgrade to 5.2.0.2 (#1976246) * Wed Jun 16 2021 Robert Scheck robert@fedoraproject.org 5.2.0.1-1 - Upgrade to 5.2.0.1 (#1972543) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1976246 - unrealircd-5.2.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1976246 --------------------------------------------------------------------------------