The following Fedora 18 Security updates need testing: Age URL 229 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.... 75 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.f... 72 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9... 70 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4... 68 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc1... 11 https://admin.fedoraproject.org/updates/FEDORA-2013-21875/389-ds-base-1.3.0.... 6 https://admin.fedoraproject.org/updates/FEDORA-2013-22312/xen-4.2.3-10.fc18 6 https://admin.fedoraproject.org/updates/FEDORA-2013-22315/ruby-1.9.3.484-32.... 6 https://admin.fedoraproject.org/updates/FEDORA-2013-22313/subversion-1.7.14-... 4 https://admin.fedoraproject.org/updates/FEDORA-2013-22422/php-symfony2-Secur... 4 https://admin.fedoraproject.org/updates/FEDORA-2013-22456/seamonkey-2.22.1-1... 4 https://admin.fedoraproject.org/updates/FEDORA-2013-22497/ganglia-3.6.0-3.fc... 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22607/nbd-3.5-1.fc18 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22606/maradns-2.0.07d-1.... 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22686/tuxcut-5.0-15.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22695/kernel-3.11.10-100... 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22758/lynis-1.3.6-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22771/gimp-2.8.10-4.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22786/mod_nss-1.0.8-27.f...
The following Fedora 18 Critical Path updates have yet to be approved: Age URL 298 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc... 11 https://admin.fedoraproject.org/updates/FEDORA-2013-21825/gvfs-1.14.2-5.fc18 11 https://admin.fedoraproject.org/updates/FEDORA-2013-21847/sane-backends-1.0.... 8 https://admin.fedoraproject.org/updates/FEDORA-2013-22215/taglib-1.9.1-2.fc1... 8 https://admin.fedoraproject.org/updates/FEDORA-2013-22253/kde-settings-4.9-2... 6 https://admin.fedoraproject.org/updates/FEDORA-2013-22299/fedora-bookmarks-1... 4 https://admin.fedoraproject.org/updates/FEDORA-2013-22457/libbluray-0.4.0-2.... 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22690/libfm-1.1.3-1.fc18 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22695/kernel-3.11.10-100...
The following builds have been pushed to Fedora 18 updates-testing
dropbear-2013.62-1.fc18 gimp-2.8.10-4.fc18 lynis-1.3.6-1.fc18 mod_nss-1.0.8-27.fc18 pythia8-8.1.80-1.fc18 qmidiarp-0.5.3-1.fc18 root-5.34.13-1.fc18 xrootd-3.3.5-1.fc18
Details about builds:
================================================================================ dropbear-2013.62-1.fc18 (FEDORA-2013-22788) A lightweight SSH server and client -------------------------------------------------------------------------------- Update Information:
2013.62 - Tuesday 3 December 2013
- Disable "interactive" QoS connection options when a connection doesn't have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch.
- Log when a hostkey is generated with -R, fix some bugs in handling server hostkey commandline options
- Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe
- Update config.guess and config.sub again
2013.61test - Thursday 14 November 2013
- ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to be generated) and ECDH for setting up encryption keys (no intervention required). This is significantly faster.
- curve25519-sha256@libssh.org support for setting up encryption keys. This is another elliptic curve mode with less potential of NSA interference in algorithm parameters. curve25519-donna code thanks to Adam Langley
- -R option to automatically generate hostkeys. This is recommended for embedded platforms since it allows the system random number device /dev/urandom a longer startup time to generate a secure seed before the hostkey is required.
- Compile fixes for old vendor compilers like Tru64 from Daniel Richard G.
- Make authorized_keys handling more robust, don't exit encountering malformed lines. Thanks to Lorin Hochstein and Mark Stillwell
2013.60 - Wednesday 16 October 2013
- Fix "make install" so that it doesn't always install to /bin and /sbin
- Fix "make install MULTI=1", installing manpages failed
- Fix "make install" when scp is included since it has no manpage
- Make --disable-bundled-libtom work -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 4 2013 Christopher Meng rpm@cicku.me - 2013.62-1 - Update to 2013.62 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1020251 - dropbear-2013.60 is available https://bugzilla.redhat.com/show_bug.cgi?id=1020251 --------------------------------------------------------------------------------
================================================================================ gimp-2.8.10-4.fc18 (FEDORA-2013-22771) GNU Image Manipulation Program -------------------------------------------------------------------------------- Update Information:
Overview of Changes from GIMP 2.8.8 to GIMP 2.8.10 ==================================================
GUI:
- Indicate if a file was exported in the Quit dialog - Add shortcuts and hint labels to the close and quit dialogs that make closing and quitting easier and more consistent - Rename the File->Export menu labels to match Save/Save as - Fix keyboard shortcuts on OSX Mavericks - Don't open lots of progress popups when opening many files - Correctly restore the hidden state of docks in single window mode
Libgimp:
- Fix exporting an image consisting of a single layer group - Don't attempt to pick transparent colors
Plug-ins:
- Fix crash in LCMS plugin if RGB profile was missing
General:
- Bug fixes - Translation updates Overview of Changes from GIMP 2.8.8 to GIMP 2.8.10 ==================================================
GUI:
- Indicate if a file was exported in the Quit dialog - Add shortcuts and hint labels to the close and quit dialogs that make closing and quitting easier and more consistent - Rename the File->Export menu labels to match Save/Save as - Fix keyboard shortcuts on OSX Mavericks - Don't open lots of progress popups when opening many files - Correctly restore the hidden state of docks in single window mode
Libgimp:
- Fix exporting an image consisting of a single layer group - Don't attempt to pick transparent colors
Plug-ins:
- Fix crash in LCMS plugin if RGB profile was missing
General:
- Bug fixes - Translation updates
Additionally, this update fixes buffer overflows in the XWD loader. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 4 2013 Nils Philippsen nils@redhat.com - 2:2.8.10-4 - avoid buffer overflows in file-xwd plug-in (CVE-2013-1913, CVE-2013-1978) * Fri Nov 29 2013 Nils Philippsen nils@redhat.com - 2:2.8.10-1 - version 2.8.10 * Tue Nov 26 2013 Nils Philippsen nils@redhat.com - 2:2.8.10-1 - use grep -E instead of egrep -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1037720 - CVE-2013-1913 CVE-2013-1978 gimp: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1037720 --------------------------------------------------------------------------------
================================================================================ lynis-1.3.6-1.fc18 (FEDORA-2013-22758) Security and system auditing tool -------------------------------------------------------------------------------- Update Information:
* 1.3.6 (2013-12-03)
New: - Support for the dntpd time daemon - New Apache test for modules [HTTP-6632] - Apache test for mod_evasive [HTTP-6640] - Apache test for mod_qos [HTTP-6641] - Apache test for mod_spamhaus [HTTP-6642] - Apache test for ModSecurity [HTTP-6643] - Check for installed package audit tool [PKGS-7398] - Added initial support for new pkgng and related tools [PKGS-7381] - Check for ssh-keyscan binary - ZFS support for FreeBSD [FILE-6330] - Test for passwordless accounts [AUTH-9283] - Initial OS support for DragonFly BSD - Initial OS support for TrueOS (FreeBSD based) - Initial OS support for elementary OS (Luna) - GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD - Check for DHCP client [NETW-3030] - Initial support for OSSEC (system integrity) [FINT-4328] - New parameter --log-file to adjust log file location - New function IsRunning() to check status of processes - New function RealFilename() to determine file name - New function CheckItem() for parsing files - New function ReportManual() and ReportException() to simplify code - New function DirectoryExists() to check existence of a directory - Support for dntpd [TIME-3104]
Changes: - Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518] - Extended test to gather listening network ports for Linux [NETW-3012] - Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190] - Added suggestion for discovered shells on FreeBSD [AUTH-9218] - Extended core dump test with additional details [KRNL-5820] - Properly display suggestion if portaudit is not installed [PKGS-7382] - Ignore message if no packages are installed (pkg_info) [PKGS-7320] - Also try using apt-check on Debian systems [PKGS-7392] - Adjusted logging for RPM binary on systems not using it [PKGS-7308] - Extended search in cron directories for rdate/ntpdate [TIME-3104] - Adjusted PHP check to find ini files [PHP-2211] - Skip Apache test for NetBSD [HTTP-6622] - Skip test http version check for NetBSD [HTTP-6624] - Additional check to surpress sort error [HTTP-6626] - Improved the way binaries are checked (less disk reads) - Adjusted ReportWarning() function to skip impact rating - Improved report on screen by leaving out date/time and type - Redirect errors while checking for OpenSSL version - Extended reporting with firewall status and software - Adjusted naming of some operating systems to make them more consistent - Extended update check by using host binary if dig is not installed - Count number of installed binaries/packages and report them - Report about log rotation tool and status - Updated man page Belated update after 4 years. Belated update after 4 years. Belated update after 4 years. Update. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 4 2013 Christopher Meng rpm@cicku.me - 1.3.6-1 - Update to 1.3.6 * Tue Nov 26 2013 Christopher Meng rpm@cicku.me - 1.3.5-1 - Update to 1.3.5 * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.2.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.2.9-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #469317 - Review request: lynis - Security and system auditing tool https://bugzilla.redhat.com/show_bug.cgi?id=469317 [ 2 ] Bug #1037866 - lynis-1.3.5-1.fc19.noarch: broken permissions https://bugzilla.redhat.com/show_bug.cgi?id=1037866 --------------------------------------------------------------------------------
================================================================================ mod_nss-1.0.8-27.fc18 (FEDORA-2013-22786) SSL/TLS module for the Apache HTTP server -------------------------------------------------------------------------------- Update Information:
A flaw was found in the way NSSVerifyClient was handled when used in both server / vhost context as well as directory context (specified either via <Directory> or <Location> directive). If 'NSSVerifyClient none' was set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication was expected to be required for a specific directory via 'NSSVerifyClient require' setting, mod_nss failed to properly require expected certificate authentication. Remote attacker able to connect to the web server using such mod_nss configuration and without a valid client certificate could possibly use this flaw to access content of the restricted directories. -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 3 2013 Rob Crittenden rcritten@redhat.com - 1.0.8-27 - Resolves: CVE-2013-4566 - [mod_nss-nssverifyclient.patch] - Bugzilla Bug #1037722 - CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context [fedora-all] - Bugzilla Bug #1037761 - mod_nss does not respect `NSSVerifyClient` in Directory -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1016832 - CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context https://bugzilla.redhat.com/show_bug.cgi?id=1016832 --------------------------------------------------------------------------------
================================================================================ pythia8-8.1.80-1.fc18 (FEDORA-2013-22790) Pythia Event Generator for High Energy Physics -------------------------------------------------------------------------------- Update Information:
* root 5.34.13 ** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes * xrootd 3.3.5 ** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes * pythia8 8.1.80 ** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 30 2013 Mattias Ellert mattias.ellert@fysast.uu.se - 8.1.80-1 - Update to version 8.1.80 - Use full version in soname * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 8.1.76-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ qmidiarp-0.5.3-1.fc18 (FEDORA-2013-22780) An arpeggiator, sequencer and MIDI LFO for ALSA -------------------------------------------------------------------------------- Update Information:
New Features o Random functions for sequencer and LFO steps and arp repeat mode (feature request #5 Keith Milner)
Improvements o NSM support now handles import/export/clear to facilitate getting started (Roy Vegard Ovesen) o Tempo is now MIDI-controllable (MIDI-learn) o Sequencer transpose slider is now MIDI controllable (MIDI-learn) (feature request #7) o Sequencer pattern maximum length extended to 32 bars (feature request #6)
Fixed Bugs o LFO offset jumped back to fixed value when MIDI controlled (bug #6 distrozapper) o Arp trigger behavior was not practical with chords pressed on keyboard (bug #7 Burkhard Ritter) o JACK Transport no longer worked when no JT Master tempo was present (bug #5 Barney Holmes) o Deleting an arp pattern in text window while running caused crash o Note lengths were not consistent between alsa and jack backends o Note lengths did not account for current tempo o Sequencer did not honor "D" button when MIDI controlled o Seq note length is now a 16th at half slider scale
-------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 4 2013 Brendan Jones brendan.jones.it@gmail.com 0.5.3-1 - Update to 0.5.3 * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.5.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ root-5.34.13-1.fc18 (FEDORA-2013-22790) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information:
* root 5.34.13 ** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes * xrootd 3.3.5 ** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes * pythia8 8.1.80 ** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 3 2013 Mattias Ellert mattias.ellert@fysast.uu.se - 5.34.13-1 - Update to 5.34.13 - Remove java-devel build dependency (not needed with Fedora's libhdfs) - Adapt to pythia8 >= 8.1.80 * Mon Nov 25 2013 Orion Poplawski orion@cora.nwra.com - 5.34.10-3 - Fix hadoop lib location * Mon Nov 18 2013 Dave Airlie airlied@redhat.com - 5.34.10-2 - rebuilt for GLEW 1.10 --------------------------------------------------------------------------------
================================================================================ xrootd-3.3.5-1.fc18 (FEDORA-2013-22790) Extended ROOT file server -------------------------------------------------------------------------------- Update Information:
* root 5.34.13 ** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes * xrootd 3.3.5 ** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes * pythia8 8.1.80 ** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 3 2013 Mattias Ellert mattias.ellert@fysast.uu.se - 1:3.3.5-1 - Update to version 3.3.5 --------------------------------------------------------------------------------