The following Fedora 27 Security updates need testing: Age URL 215 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 147 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408 dpdk-17.08.2-1.fc27 110 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01 nodejs-brace-expansion-1.1.11-1.fc27 102 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219 unrtf-0.21.9-8.fc27 78 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750 mailman-2.1.21-9.fc27 78 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1 openslp-2.0.0-15.fc27 36 https://bodhi.fedoraproject.org/updates/FEDORA-2018-21ffebf41c tomcat-8.0.53-1.fc27 36 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8533a3ef1 unixODBC-2.3.7-1.fc27 35 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7051d682fa ntp-4.2.8p12-1.fc27 25 https://bodhi.fedoraproject.org/updates/FEDORA-2018-11ed8d95e2 libxkbcommon-0.8.2-1.fc27 19 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3aafb854a9 yum-utils-1.1.31-514.fc27 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3a7916c8b9 thunderbird-60.0-1.fc27 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bf613d82be CImg-2.3.6-1.fc27 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a82282e4e gmic-2.3.6-1.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9a4d7ec61e glusterfs-3.12.14-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7993dea41b gitolite3-3.6.9-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-25100b492c php-7.1.22-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-239a12d7aa php-tcpdf-6.2.22-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-34fac89d51 visualboyadvance-m-2.1.0-2.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2499e6025 yaml-cpp-0.6.1-4.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-09c51bbcec mozilla-noscript-10.1.9.6-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a16e37c81 chromium-69.0.3497.92-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-43ff5f6e5b moodle-3.3.8-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-11b966722a hylafax+-5.6.1-1.fc27
The following Fedora 27 Critical Path updates have yet to be approved: Age URL 131 https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27 mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1 91 https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93 upower-0.99.8-1.fc27 55 https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e geoclue2-2.4.11-1.fc27 36 https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c3deae24 iproute-4.17.0-1.fc27 25 https://bodhi.fedoraproject.org/updates/FEDORA-2018-11ed8d95e2 libxkbcommon-0.8.2-1.fc27 21 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c223c11259 libldb-1.3.2-2.fc27.1.2.3 samba-4.7.10-0.fc27 19 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3aafb854a9 yum-utils-1.1.31-514.fc27 17 https://bodhi.fedoraproject.org/updates/FEDORA-2018-db7b8aabc5 edk2-20180815gitcb5f4f45ce-1.fc27 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-73bc9229ee webkitgtk4-2.22.0-1.fc27 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3a7916c8b9 thunderbird-60.0-1.fc27 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d2f0264871 perl-File-Path-2.16-1.fc27 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c1a73a9e0 osinfo-db-20180903-1.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9a4d7ec61e glusterfs-3.12.14-1.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-60b107e6b6 gnome-software-3.28.2-2.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5de433cf0f pungi-4.1.28-1.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dba618394 btrfs-progs-4.17.1-1.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-35efb2e3e1 rpm-4.14.2-1.fc27 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-227775ff3a ceph-12.2.8-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-afc61ca113 p11-kit-0.23.14-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ec2c424b8 flatpak-1.0.2-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ca54aecfc8 highlight-3.44-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-14a1773017 koji-1.16.1-2.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b2c23b946 kernel-headers-4.18.8-100.fc27 kernel-4.18.8-100.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-07054ad6d9 firefox-62.0-3.fc27
The following builds have been pushed to Fedora 27 updates-testing
dash-0.5.10.2-1.fc27 elementary-shortcut-overlay-1.0.1-1.fc27 elementary-wallpapers-5.3-1.fc27 fldigi-4.0.18-2.fc27 gsequencer-2.0.12-0.fc27 ktikz-0.12-3.fc27 lcms2-2.8-6.fc27 libbson-1.9.5-3.fc27 libmodulemd-1.6.4-1.fc27 openssl-pkcs11-0.4.8-2.fc27 recoll-1.23.7-8.fc27 spamassassin-3.4.2-1.fc27 twa-1.3.1-1.fc27 wingpanel-applications-menu-2.4.0-1.fc27 xorgxrdp-0.2.8-1.fc27 zchunk-0.9.10-1.fc27
Details about builds:
================================================================================ dash-0.5.10.2-1.fc27 (FEDORA-2018-ede34350d8) Small and fast POSIX-compliant shell -------------------------------------------------------------------------------- Update Information:
- upgrade to latest upstream 0.5.10.2 fixes RHBZ #1379016 and #1381509 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 19 2018 Filipe Rosset rosset.filipe@gmail.com - 0.5.10.2-1 - upgrade to latest upstream 0.5.10.2 fixes RHBZ #1379016 and #1381509 * Wed Sep 19 2018 Filipe Rosset rosset.filipe@gmail.com - 0.5.9-8 - spec cleanup and modernization * Fri Jul 20 2018 Stephen Gallagher sgallagh@redhat.com - 0.5.9-7 - Add BuildRequires: gcc * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 0.5.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 0.5.9-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1381509 - RFE: dash for EPEL https://bugzilla.redhat.com/show_bug.cgi?id=1381509 [ 2 ] Bug #1379016 - dash-0.5.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1379016 --------------------------------------------------------------------------------
================================================================================ elementary-shortcut-overlay-1.0.1-1.fc27 (FEDORA-2018-7382063d60) Native, OS-wide shortcut overlay -------------------------------------------------------------------------------- Update Information:
Update to version 1.0.1. Release notes: https://github.com/elementary/shortcut- overlay/releases/tag/1.0.1 -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ elementary-wallpapers-5.3-1.fc27 (FEDORA-2018-bd70883c42) Collection of wallpapers from the elementary project -------------------------------------------------------------------------------- Update Information:
Update to version 5.3. Release notes: https://github.com/elementary/wallpapers/releases/tag/5.3 -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Fabio Valentini decathorpe@gmail.com - 5.3-1 - Update to version 5.3. --------------------------------------------------------------------------------
================================================================================ fldigi-4.0.18-2.fc27 (FEDORA-2018-c24b1ce4e6) Digital modem program for Linux -------------------------------------------------------------------------------- Update Information:
Update to hamlib 3.3 and rebuild dependencies. -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1623903 - hamlib-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1623903 --------------------------------------------------------------------------------
================================================================================ gsequencer-2.0.12-0.fc27 (FEDORA-2018-d1a6157cfc) Audio processing engine -------------------------------------------------------------------------------- Update Information:
provide patch to disable functional tests ---- provide patch to disable functional tests -------------------------------------------------------------------------------- ChangeLog:
* Sun Sep 9 2018 Jo��l Kr��hemann jkraehemann@gmail.com 2.0.1-1 - provide patch to disable functional tests * Sun Sep 9 2018 Jo��l Kr��hemann jkraehemann@gmail.com 2.0.1-0 - updated Source to point to new major version directory --------------------------------------------------------------------------------
================================================================================ ktikz-0.12-3.fc27 (FEDORA-2018-901e3584cd) KDE Editor for the TikZ language -------------------------------------------------------------------------------- Update Information:
Fixing typo in node-option "text height" -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Mohamed El Morabity melmorabity@fedoraproject.org - 0.12-3 - Fix RHBZ #1565806 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1565806 - Typo in ktikz auto-completion https://bugzilla.redhat.com/show_bug.cgi?id=1565806 --------------------------------------------------------------------------------
================================================================================ lcms2-2.8-6.fc27 (FEDORA-2018-3e9f26489b) Color Management Engine -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2018-16435 -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Rex Dieter rdieter@fedoraproject.org - 2.8-6 - (branch) CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (#1628969) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1628969 - CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile https://bugzilla.redhat.com/show_bug.cgi?id=1628969 --------------------------------------------------------------------------------
================================================================================ libbson-1.9.5-3.fc27 (FEDORA-2018-77d864ff39) Building, parsing, and iterating BSON documents -------------------------------------------------------------------------------- Update Information:
This release fixes a heap-based buffer over-read when parsing a mallformed BSON document (CVE-2018-16790). -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Petr Pisar ppisar@redhat.com - 1.9.5-3 - Fix CVE-2018-16790 (heap-based buffer over-read in _bson_iter_next_internal()) (bug #1627924) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1627923 - CVE-2018-16790 libbson: Heap-based buffer over-read in _bson_iter_next_internal in bson-iter.c https://bugzilla.redhat.com/show_bug.cgi?id=1627923 --------------------------------------------------------------------------------
================================================================================ libmodulemd-1.6.4-1.fc27 (FEDORA-2018-6a058bd54e) Module metadata manipulation library -------------------------------------------------------------------------------- Update Information:
- Update to 1.6.4 - Add Buildopts to the documentation. - Deduplicate module streams when merging. - Drop upstreamed patches. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Stephen Gallagher sgallagh@redhat.com - 1.6.4-1 - Update to 1.6.4. - Add Buildopts to the documentation. - Deduplicate module streams when merging. - Drop upstreamed patches. * Thu Sep 6 2018 Stephen Gallagher sgallagh@redhat.com - 1.6.3-2 - Fix generation of module component YAML - Output NSVC information using decimal version * Tue Sep 4 2018 Stephen Gallagher sgallagh@redhat.com - 1.6.3-1 - Update to 1.6.3 - Drop upstreamed patch - Don't return ModuleStream objects from modulemd_module_new_all_from_*_ext() - Ensure that Component buildorder property is signed - Work around optimization bug - Don't crash dumping translation events without summary or desc --------------------------------------------------------------------------------
================================================================================ openssl-pkcs11-0.4.8-2.fc27 (FEDORA-2018-e3ec0456aa) A PKCS#11 engine for use with OpenSSL -------------------------------------------------------------------------------- Update Information:
Require OpenSSL >= 1.0.2; Add support to use EC keys and tests; Changed package description; Allow engine to use private key without PIN; Exposed check_fork() API; -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Anderson Sasaki ansasaki@redhat.com - 0.4.8-2 - Require OpenSSL >= 1.0.2 - Fixed missing declaration of ERR_get_CKR_code() - Add support to use EC keys and tests (#1619184) - Exposed check_fork() API - Fixed memory leak of RSA objects in pkcs11_store_key() - Updated OpenSSL license in eng_front.c - Fixed build for old C dialects - Allow engine to use private key without PIN - Require DEBUG to be defined to print debug messages - Changed package description (#1614699) --------------------------------------------------------------------------------
================================================================================ recoll-1.23.7-8.fc27 (FEDORA-2018-6baaf41137) Desktop full text search tool with Qt GUI -------------------------------------------------------------------------------- Update Information:
Fix a minor issue causing unwanted error messages showing up. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Terje Rosten terje.rosten@ntnu.no - 1.23.7-8 - Add patch from upstream to fix rhbz#1625313 * Tue Jul 31 2018 Florian Weimer fweimer@redhat.com - 1.23.7-7 - Rebuild with fixed binutils * Mon Jul 30 2018 Terje Rosten terje.rosten@ntnu.no - 1.23.7-6 - Add patch from upstream to fix FTBFS * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 1.23.7-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 1.23.7-4 - Rebuilt for Python 3.7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1625313 - stderr messages (Textsplit UTF-8 errors) when hovering on the results https://bugzilla.redhat.com/show_bug.cgi?id=1625313 --------------------------------------------------------------------------------
================================================================================ spamassassin-3.4.2-1.fc27 (FEDORA-2018-1bf4c5356f) Spam filter for email which can be invoked from mail delivery agents -------------------------------------------------------------------------------- Update Information:
Update to 3.4.2. Fixes CVE-2017-15705, CVE-2018-11780 and CVE-2018-11781 along with many other bugfixes and improvements. See https://www.mail- archive.com/announce@apache.org/msg04823.html for more information. -------------------------------------------------------------------------------- ChangeLog:
* Sun Sep 16 2018 Kevin Fenzi kevin@scrye.com - 3.4.2-1 - Update to 3.4.2 - Fixes: CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 * Mon Jul 23 2018 Jaroslav ��karvada jskarvad@redhat.com - 3.4.1-25 - perl-Razor-Agent and perl-Net-Patricia not used on RHEL * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 3.4.1-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jul 10 2018 Tomas Korbar tkorbar@redhat.com - 3.4.1-23 - Fix daemonize subroutine - See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7594 * Fri Jun 29 2018 Jitka Plesnikova jplesnik@redhat.com - 3.4.1-22 - Perl 5.28 rebuild * Wed Jun 20 2018 Kevin Fenzi kevin@scrye.com - 3.4.1-21 - Conditionalize Requires for /sbin/service and /sbin/chkconfig. Fixes bug #1592390 * Thu Jun 7 2018 Tomas Korbar tomas.korb@seznam.cz - 3.4.1-20 - Add razor log path and home directory option * Tue Apr 10 2018 Rafael Santos rdossant@redhat.com - 3.4.1-19 - Use standard Fedora linker flags (bug #1548561) * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 3.4.1-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1629537 - CVE-2018-11781 spamassassin: Local user code injection in the meta rule syntax [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629537 [ 2 ] Bug #1629534 - CVE-2018-11780 spamassassin: Potential remote code execution vulnerability in PDFInfo plugin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629534 [ 3 ] Bug #1629522 - CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and resulting denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629522 [ 4 ] Bug #1629491 - SpamAssassin 3.4.2 released with CVE disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1629491 [ 5 ] Bug #1590592 - Need spamassassin release with patch for bug 7208 included https://bugzilla.redhat.com/show_bug.cgi?id=1590592 --------------------------------------------------------------------------------
================================================================================ twa-1.3.1-1.fc27 (FEDORA-2018-52aef16045) Tiny web auditor with strong opinions -------------------------------------------------------------------------------- Update Information:
New package - first bodhi update -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1629446 - Review Request: twa - tiny web auditor https://bugzilla.redhat.com/show_bug.cgi?id=1629446 --------------------------------------------------------------------------------
================================================================================ wingpanel-applications-menu-2.4.0-1.fc27 (FEDORA-2018-357c552f4a) Lightweight and stylish app launcher -------------------------------------------------------------------------------- Update Information:
Update to version 2.4.0. Release notes: https://github.com/elementary /applications-menu/releases/tag/2.4.0 -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ xorgxrdp-0.2.8-1.fc27 (FEDORA-2018-cd5081ec54) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information:
This release includes some invalid memory access issue, #124 and #125. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 19 2018 Bojan Smojver bojan@rexursive.com - 0.2.8-1 - Bump up to 0.2.8 * Thu Sep 6 2018 Bojan Smojver bojan@rexursive.com - 0.2.7-3 - Rebuild against Xorg 1.20.1 * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 0.2.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ zchunk-0.9.10-1.fc27 (FEDORA-2018-6a92b4f75c) Compressed file format that allows easy deltas -------------------------------------------------------------------------------- Update Information:
Fixes security bugs identified by Coverity -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Jonathan Dieter jdieter@gmail.com - 0.9.10-1 - Update to 0.9.10 - Fixes security bugs found by Coverity --------------------------------------------------------------------------------