The following Fedora 31 Security updates need testing: Age URL 54 https://bodhi.fedoraproject.org/updates/FEDORA-2020-fcd5fd47bd qutebrowser-1.11.1-1.fc31 9 https://bodhi.fedoraproject.org/updates/FEDORA-2020-76cf2b0f0a xen-4.12.3-3.fc31 7 https://bodhi.fedoraproject.org/updates/FEDORA-2020-218ab035b1 knot-resolver-5.1.2-1.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-07f0a49a9e mingw-LibRaw-0.19.5-4.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-62f2df3ca4 mailman-2.1.34-1.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0fbd043bcf php-horde-kronolith-4.2.29-1.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-7dddce530c cacti-1.2.13-1.fc31 cacti-spine-1.2.13-1.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-198fdb12a1 singularity-3.6.0-1.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5b60029fe2 mbedtls-2.16.7-1.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-fe82e2a834 python38-3.8.4-1.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-45041afb19 evolution-data-server-3.34.4-2.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e30a990f5a tor-0.4.3.6-1.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-16741ac7ff nspr-4.26.0-1.fc31 nss-3.54.0-1.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-54e4356732 bashtop-0.9.24-1.fc31
The following Fedora 31 Critical Path updates have yet to be approved: Age URL 48 https://bodhi.fedoraproject.org/updates/FEDORA-2020-03e14f6120 dracut-050-61.git20200529.fc31 33 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5ccd452c8e gnutls-3.6.14-2.fc31 14 https://bodhi.fedoraproject.org/updates/FEDORA-2020-56e5d11739 python3-3.7.8-1.fc31 python3-docs-3.7.8-1.fc31 13 https://bodhi.fedoraproject.org/updates/FEDORA-2020-62819fae01 dbus-1.12.20-1.fc31 9 https://bodhi.fedoraproject.org/updates/FEDORA-2020-76cf2b0f0a xen-4.12.3-3.fc31 9 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e53a8f609e net-snmp-5.8-23.fc31 9 https://bodhi.fedoraproject.org/updates/FEDORA-2020-ae00b3db48 perl-Socket-2.030-1.fc31 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-1f26a8f191 firewalld-0.7.5-2.fc31 7 https://bodhi.fedoraproject.org/updates/FEDORA-2020-8a6ee2aa06 thunderbird-68.10.0-1.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-025ab83d69 pam-1.3.1-25.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-83b2ee6e63 nfs-utils-2.5.1-0.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-54c4dc151a perl-5.30.3-454.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4567712788 tar-1.32-3.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-16741ac7ff nspr-4.26.0-1.fc31 nss-3.54.0-1.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-45041afb19 evolution-data-server-3.34.4-2.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-6502a12961 pcre2-10.35-4.fc31
The following builds have been pushed to Fedora 31 updates-testing
armadillo-9.900.2-1.fc31 bind-9.11.21-1.fc31 clamav-0.102.4-1.fc31 crawl-0.25.1-1.fc31 crun-0.14.1-1.fc31 glibc-2.30-13.fc31 ibus-table-1.10.1-1.fc31 keylime-5.7.2-1.fc31 oci-seccomp-bpf-hook-1.1.2-1.fc31 python-pikepdf-1.17.2-1.fc31 python-rx-3.1.1-1.fc31 rust-1.45.0-1.fc31 usbip-5.7.9-1.fc31 wabt-1.0.17-1.fc31
Details about builds:
================================================================================ armadillo-9.900.2-1.fc31 (FEDORA-2020-da8be75378) Fast C++ matrix library with syntax similar to MATLAB and Octave -------------------------------------------------------------------------------- Update Information:
Update to the latest stable release, this is a minor update. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 17 2020 Jos�� Matos jamatos@fedoraproject.org - 9.900.2-1 - update to 9.900.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1858156 - armadillo-9.900.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1858156 --------------------------------------------------------------------------------
================================================================================ bind-9.11.21-1.fc31 (FEDORA-2020-b6696b7825) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information:
Update to new bugfix [release](https://downloads.isc.org/isc/bind9/9.11.21/RELEASE-NOTES- bind-9.11.21.html). -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 15 2020 Petr Men����k pemensik@redhat.com - 32:9.11.21-1 - Update to 9.11.21 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1854794 - bind-9.11.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1854794 --------------------------------------------------------------------------------
================================================================================ clamav-0.102.4-1.fc31 (FEDORA-2020-dd0c20d985) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information:
ClamAV 0.102.4 is a bug patch release to address the following issues: CVE-2020-3350 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350 Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc. For more information about AV quarantine attacks using links, see RACK911 Lab's report https://www.rack911labs.com/research/exploiting-almost-every-antivirus- software. CVE-2020-3327 https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2020-3327 Fixed a vulnerability in the ARJ archive- parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue. CVE-2020-3481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481 Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 17 2020 Orion Poplawski orion@nwra.com - 0.102.4-1 - Update to 0.102.4 (bz#1857867,1858262,1858263,1858265,1858266) - Security fixes CVE-2020-3327 CVE-2020-3350 CVE-2020-3481 * Thu May 28 2020 Orion Poplawski orion@nwra.com - 0.102.3-2 - Update clamd README file (bz#1798369) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1858261 - CVE-2020-3350 clamav: malicious user exploit to replace scan target's directory with symlink https://bugzilla.redhat.com/show_bug.cgi?id=1858261 [ 2 ] Bug #1858264 - CVE-2020-3481 clamav: improper error handling causing crash due to NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1858264 --------------------------------------------------------------------------------
================================================================================ crawl-0.25.1-1.fc31 (FEDORA-2020-862f1bed99) Roguelike dungeon exploration game -------------------------------------------------------------------------------- Update Information:
- Release 0.25.1 -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 17 2020 Antonio Trande sagitter@fedoraproject.org - 0.25.1-1 - Release 0.25.1 --------------------------------------------------------------------------------
================================================================================ crun-0.14.1-1.fc31 (FEDORA-2020-00c234e7ff) OCI runtime written in C -------------------------------------------------------------------------------- Update Information:
autobuilt 0.14.1 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jul 13 2020 RH Container Bot rhcontainerbot@fedoraproject.org - 0.14.1-1 - autobuilt 0.14.1 * Tue Jul 7 2020 RH Container Bot rhcontainerbot@fedoraproject.org - 0.14-1 - autobuilt 0.14 * Mon May 18 2020 RH Container Bot rhcontainerbot@fedoraproject.org - 0.13-1 - autobuilt 0.13 --------------------------------------------------------------------------------
================================================================================ glibc-2.30-13.fc31 (FEDORA-2020-4e92a61688) The GNU libc libraries -------------------------------------------------------------------------------- Update Information:
This update incorporates fixes from the upstream glibc 2.30 stable release branch, including a fix for a medium severity security vulnerability. (CVE-2020-6096) -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 16 2020 Patsy Griffin patsy@redhat.com - 2.30-13 - Upload new source file for previous sync. * Thu Jul 16 2020 Patsy Griffin patsy@redhat.com - 2.30-12 - Auto-sync with upstream branch release/2.30/master, commit d59630f9959b0bb8991964758ab854ff4378b20d. - arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620] - arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620] - NEWS: Mention BZ 25933 fix - Fix avx2 strncmp offset compare condition check [BZ #25933] - nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976] - NEWS: Merge two bug lists in the glibc 2.30.1 section - NEWS: Mention fixes for BZ 25810/25896/25902/25966 - x86-64: Use RDX_LP on __x86_shared_non_temporal_threshold [BZ #25966] - Add a C wrapper for prctl [BZ #25896] - powerpc: Rename argN to _argN in LOADARGS_N [BZ #25902] - Add C wrappers for process_vm_readv/process_vm_writev [BZ #25810] - Mark unsigned long arguments with U in more syscalls [BZ #25810] - Add a syscall test for [BZ #25810] - Add SYSCALL_ULONG_ARG_[12] to pass long to syscall [BZ #25810] - x32: Properly pass long to syscall [BZ #25810] - Add new file missed in previous hppa commit. - Fix data race in setting function descriptors during lazy binding on hppa. - stdlib: Move tst-system to tests-container - support/shell-container.c: Add builtin kill - support/shell-container.c: Add builtin exit - support/shell-container.c: Return 127 if execve fails - Add NEWS entry for CVE-2020-1751 (bug 25423) - posix: Fix system error return value [BZ #25715] - sparc: Move sigreturn stub to assembly - arm: Fix softp-fp Implies (BZ #25635) - i386: Use comdat instead of .gnu.linkonce for i386 setup pic register (BZ #20543) - Add NEWS entry for CVE-2020-1752 (bug 25414) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1820332 - CVE-2020-6096 glibc: signed comparison vulnerability in the ARMv7 memcpy function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1820332 --------------------------------------------------------------------------------
================================================================================ ibus-table-1.10.1-1.fc31 (FEDORA-2020-9d70224550) The Table engine for IBus platform -------------------------------------------------------------------------------- Update Information:
Update to 1.10.1; add GUI test; make output of ibus-table-createdb deterministic; Update translations from Weblate (updated fr, tr, zh_CN) -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 15 2020 Mike FABIAN mfabian@redhat.com - 1.10.1-1 - Update to 1.10.1 - Add GUI test - Make output of ibus-table-createdb deterministic - Update translations from Weblate (updated fr, tr, zh_CN) --------------------------------------------------------------------------------
================================================================================ keylime-5.7.2-1.fc31 (FEDORA-2020-091ddf6d49) Open source TPM software for Bootstrapping and Maintaining Trust -------------------------------------------------------------------------------- Update Information:
Multiple fixes made to main keylime, difficult to test without understanding the application well, how ever we run full unit and integration tests on every pull request. This is a backwards compatible release. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 17 2020 Luke Hinds lhinds@redhat.com 5.7.2-1 - Updating for Keylime release v5.7.2 * Tue May 26 2020 Miro Hron��ok mhroncok@redhat.com - 5.6.2-2 - Rebuilt for Python 3.9 --------------------------------------------------------------------------------
================================================================================ oci-seccomp-bpf-hook-1.1.2-1.fc31 (FEDORA-2020-783c5994fd) OCI Hook to generate seccomp json files based on EBF syscalls used by container -------------------------------------------------------------------------------- Update Information:
Autobuilt v1.1.2 -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 17 2020 RH Container Bot rhcontainerbot@fedoraproject.org - 1.1.2-1 - autobuilt v1.1.2 --------------------------------------------------------------------------------
================================================================================ python-pikepdf-1.17.2-1.fc31 (FEDORA-2020-142c49afac) Read and write PDFs with Python, powered by qpdf -------------------------------------------------------------------------------- Update Information:
Update to latest version ---- Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 17 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.17.2-1 - Update to latest version * Tue Jul 14 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.17.1-1 - Update to latest version * Mon Jul 13 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.17.0-1 - Update to latest version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1854361 - python-pikepdf-1.17.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1854361 [ 2 ] Bug #1858131 - python-pikepdf-1.17.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1858131 --------------------------------------------------------------------------------
================================================================================ python-rx-3.1.1-1.fc31 (FEDORA-2020-a5d54ea8f5) Reactive Extensions (Rx) for Python -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 17 2020 Artem Polishchuk ego.cordatus@gmail.com - 3.1.1-1 - Update to 3.1.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1858050 - python-rx-3.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1858050 --------------------------------------------------------------------------------
================================================================================ rust-1.45.0-1.fc31 (FEDORA-2020-6908cb859a) The Rust Programming Language -------------------------------------------------------------------------------- Update Information:
Update to Rust 1.45.0: - Fixing unsoundness in casts - Stabilizing function- like procedural macros in expressions, patterns, and statements - Library changes See the [blog post](https://blog.rust- lang.org/2020/07/16/Rust-1.45.0.html) and [release notes](https://github.com/rust- lang/rust/blob/master/RELEASES.md#version-1450-2020-07-16) for more details. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 16 2020 Josh Stone jistone@redhat.com - 1.45.0-1 - Update to 1.45.0. * Wed Jul 1 2020 Jeff Law law@redhat.com - 1.44.1-2 - Disable LTO --------------------------------------------------------------------------------
================================================================================ usbip-5.7.9-1.fc31 (FEDORA-2020-6399a5a53a) USB/IP user-space -------------------------------------------------------------------------------- Update Information:
Update to 5.7.9 in hopes of fixing #1856443 -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 17 2020 Jonathan Dieter jdieter@gmail.com - 5-7.9-1 - Update to 5.7.9 to hopefully fix #1856443 * Mon Feb 3 2020 Jonathan Dieter jdieter@gmail.com - 5.5-1 - Update to 5.5 - Work around build failure on GCC 10 - Remove unneeded hardened build flag (since all builds are hardened by default) * Fri Jan 31 2020 Fedora Release Engineering releng@fedoraproject.org - 4.20.12-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ wabt-1.0.17-1.fc31 (FEDORA-2020-2efcd10423) The WebAssembly Binary Toolkit -------------------------------------------------------------------------------- Update Information:
The package is no longer built for s390x as there are too many testsuite failures on big-endian arches. Changes since 1.0.15: * This enables three proposals by default since they've been merged into the upstream specification: * `saturating-float-to-int` * `sign-extension` * `multi-value` * Prevent large allocation in br_table instruction. * Initial WASI API support. * Fix bug when writing grouped named parameters. * Require `do` in folded `try` statement. * Reference types changes to remove subtyping * Rename `anyref` -> `externref` * Remove `nullref` * Rename `hostref` -> `externref` * `ref.null` and `ref.is_null` now have "ref kind" parameter * Add ref kind keywords: `func`, `extern`, `exn` * Check for malformed alignment. * Update local bindings on function with type use. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jul 14 2020 Dominik Mierzejewski rpm@greysector.net 1.0.17-1 - update to 1.0.17 (#1838384) - backport a fix for 32-bit arches - stop pretending it works on big-endian - use names and macros portable across Fedora and EPEL --------------------------------------------------------------------------------