The following Fedora 27 Security updates need testing: Age URL 53 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 35 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e38f759144 python-bleach-2.1.3-1.fc27 35 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ff86925c3 memcached-1.5.6-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d48955723f wordpress-4.9.5-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c9395f9bec remctl-3.14-1.fc27
The following Fedora 27 Critical Path updates have yet to be approved: Age URL 24 https://bodhi.fedoraproject.org/updates/FEDORA-2018-55a6726164 PackageKit-1.1.9-2.fc27 gnome-software-3.28.0-4.fc27 libappstream-glib-0.7.7-2.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-772fcd140c linux-firmware-20180402-83.git8c1e439c.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5f72371a85 python-productmd-1.11-2.fc27 pungi-4.1.23-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7eac0e821 python-beautifulsoup4-4.6.0-2.fc27.1
The following builds have been pushed to Fedora 27 updates-testing
cdargs-1.35-18.fc27 csound-6.10.0-1.fc27 deja-dup-37.1-4.fc27 desktop-file-utils-0.23-8.fc27 digikam-5.9.0-1.fc27 drupal8-8.4.6-3.fc27 freeipmi-1.6.1-1.fc27 ghc-echo-0.1.3-3.fc27 golang-github-spf13-viper-1.0.0-2.fc27 gpxsee-5.6-1.fc27 jpegoptim-1.4.5-1.fc27 lollypop-0.9.403-3.fc27 pcs-0.9.164-1.fc27 pyhunspell-0.5.4-1.fc27 python-fedmsg-meta-fedora-infrastructure-0.24.0-1.fc27 python-pycryptodomex-3.6.0-1.fc27 python-pytest-faulthandler-1.5.0-1.fc27 webkitgtk4-2.20.1-1.fc27
Details about builds:
================================================================================ cdargs-1.35-18.fc27 (FEDORA-2018-323b570c10) The shell cd with bookmarks and browser -------------------------------------------------------------------------------- Update Information:
Unorphaned --------------------------------------------------------------------------------
================================================================================ csound-6.10.0-1.fc27 (FEDORA-2018-cee4f3f015) A sound synthesis language and library -------------------------------------------------------------------------------- Update Information:
Update to Csound 6.10.0 --------------------------------------------------------------------------------
================================================================================ deja-dup-37.1-4.fc27 (FEDORA-2018-b2f39cabc4) Simple backup tool and frontend for duplicity -------------------------------------------------------------------------------- Update Information:
ulimit fix for webgtk -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1556743 - [abrt] deja-dup: Gigacage::<lambda()>::operator()(): deja-dup-monitor killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1556743 --------------------------------------------------------------------------------
================================================================================ desktop-file-utils-0.23-8.fc27 (FEDORA-2018-7b617c869f) Utilities for manipulating .desktop files -------------------------------------------------------------------------------- Update Information:
This update adds 'font' to the list of registered media types, resolving [a bug](https://bugzilla.redhat.com/show_bug.cgi?id=1564650) which broke `update- desktop-database` when various packages that used this type were installed. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1564650 - Invalid syntax in /usr/share/applications/org.gnome.font-viewer.desktop https://bugzilla.redhat.com/show_bug.cgi?id=1564650 --------------------------------------------------------------------------------
================================================================================ digikam-5.9.0-1.fc27 (FEDORA-2018-6c1a5b31ae) A digital camera accessing & photo management application -------------------------------------------------------------------------------- Update Information:
Digikam 5.9.0 release, https://www.digikam.org/news/2018-03-25-5.9.0_release_announcement/ --------------------------------------------------------------------------------
================================================================================ drupal8-8.4.6-3.fc27 (FEDORA-2018-6e6d8c314b) An open source content management platform -------------------------------------------------------------------------------- Update Information:
* [8.4.6](https://www.drupal.org/project/drupal/releases/8.4.6) * [SA- CORE-2018-002 (CVE-2018-7600)](https://www.drupal.org/SA-CORE-2018-002) * [8.4.5](https://www.drupal.org/project/drupal/releases/8.4.5) * [SA- CORE-2018-001 (CVE-2017-6926 / CVE-2017-6927 / CVE-2017-6930 / CVE-2017-6931)](https://www.drupal.org/SA-CORE-2018-001) * [8.4.4](https://www.drupal.org/project/drupal/releases/8.4.4) * [8.4.3](https://www.drupal.org/project/drupal/releases/8.4.3) * [8.4.2](https://www.drupal.org/project/drupal/releases/8.4.2) * [8.4.1](https://www.drupal.org/project/drupal/releases/8.4.1) * [8.4.0](https://www.drupal.org/project/drupal/releases/8.4.0) * [8.4.0-rc2](https://www.drupal.org/project/drupal/releases/8.4.0-rc2) * [8.4.0-rc1](https://www.drupal.org/project/drupal/releases/8.4.0-rc1) * [8.4.0-beta1](https://www.drupal.org/project/drupal/releases/8.4.0-beta1) * [8.4.0-alpha1](https://www.drupal.org/project/drupal/releases/8.4.0-alpha1) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1561855 - CVE-2018-7600 drupal8: drupal: Unsanitized requests allow remote attackers to execute arbitrary code [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1561855 [ 2 ] Bug #1548325 - CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal8: drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1548325 [ 3 ] Bug #1548192 - drupal8: drupal: JavaScript cross-site scripting in checkPlain function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1548192 [ 4 ] Bug #1548188 - drupal8: drupal: Comment reply form allows access to restricted content [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1548188 --------------------------------------------------------------------------------
================================================================================ freeipmi-1.6.1-1.fc27 (FEDORA-2018-74b1efbbce) IPMI remote console and system management software -------------------------------------------------------------------------------- Update Information:
New upstream version of freeipmi (1.6.1) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1541578 - freeipmi-1.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1541578 --------------------------------------------------------------------------------
================================================================================ ghc-echo-0.1.3-3.fc27 (FEDORA-2018-34d8fbd75e) A cross-platform, cross-console way to handle echoing terminal input -------------------------------------------------------------------------------- Update Information:
A cross-platform, cross-console library for echoing terminal input https://hackage.haskell.org/package/echo -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1539291 - Review Request: ghc-echo - Cross-platform, cross-console echoing of terminal input https://bugzilla.redhat.com/show_bug.cgi?id=1539291 --------------------------------------------------------------------------------
================================================================================ golang-github-spf13-viper-1.0.0-2.fc27 (FEDORA-2018-2e706ddd78) Go configuration with fangs -------------------------------------------------------------------------------- Update Information:
Update to spec 3.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1414254 - Tracker for golang-github-spf13-viper https://bugzilla.redhat.com/show_bug.cgi?id=1414254 --------------------------------------------------------------------------------
================================================================================ gpxsee-5.6-1.fc27 (FEDORA-2018-de30697d23) GPS log file viewer and analyzer -------------------------------------------------------------------------------- Update Information:
News in version **5.6**: * Added WMS support * Several minor bugfixes and improvements (mostly WMTS) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1565383 - gpxsee-5.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1565383 --------------------------------------------------------------------------------
================================================================================ jpegoptim-1.4.5-1.fc27 (FEDORA-2018-b55f8ba449) Utility to optimize JPEG files -------------------------------------------------------------------------------- Update Information:
v1.4.5 - fix `--overwrite` option, - better error reporting for `-d` option - fix memcmp() potentially reading past end of buffer - some minor fixes -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1562503 - jpegoptim-1.4.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1562503 --------------------------------------------------------------------------------
================================================================================ lollypop-0.9.403-3.fc27 (FEDORA-2018-7ddc8e7ef8) Music player for GNOME -------------------------------------------------------------------------------- Update Information:
Changed RR from pyplast to python2-pylast ---- Add art_album.py.diff (BZ #1562595) ---- Update to 0.9.403 ---- - Update lollypop-portal to 0.9.7 ---- Update to 0.9.402 ---- Update to 0.9.401 ---- Update to 0.9.400 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1562595 - [abrt] lollypop: __on_save_artwork_tags(): art_album.py:432:__on_save_artwork_tags:GLib.GError: g_convert_error: L'URI ��sftp://bertof@192.168.1.42/mnt/1TB/Condivisa/Musica/Fondamentali/30%20Seconds%20To%20Mars%20-%20Kings%20and%20Queens.mp3�� non �� ... https://bugzilla.redhat.com/show_bug.cgi?id=1562595 --------------------------------------------------------------------------------
================================================================================ pcs-0.9.164-1.fc27 (FEDORA-2018-57bbe74c6c) Pacemaker Configuration System -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2018-1086 and CVE-2018-1079 Rebased to latest upstream sources -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1550243 - CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call https://bugzilla.redhat.com/show_bug.cgi?id=1550243 [ 2 ] Bug #1557366 - CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1557366 --------------------------------------------------------------------------------
================================================================================ pyhunspell-0.5.4-1.fc27 (FEDORA-2018-2d2e28938d) Python bindings for hunspell -------------------------------------------------------------------------------- Update Information:
update to 0.5.4 ---- Apply fix for encoding problem from upstream. (See: https://github.com/blatinier/pyhunspell/issues/32) ---- update to 0.5.0 --------------------------------------------------------------------------------
================================================================================ python-fedmsg-meta-fedora-infrastructure-0.24.0-1.fc27 (FEDORA-2018-c0f150a3be) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information:
Update to 0.24.0 Changelog is at: https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0240 --------------------------------------------------------------------------------
================================================================================ python-pycryptodomex-3.6.0-1.fc27 (FEDORA-2018-1829dc3997) A self-contained cryptographic library for Python -------------------------------------------------------------------------------- Update Information:
3.6.0 (8 April 2018) ======== New features ------------ * Introduced ``export_key`` and deprecated ``exportKey`` for DSA and RSA key objects. * Ciphers and hash functions accept ``memoryview`` objects in input. * Added support for SHA-512/224 and SHA-512/256. Resolved issues --------------- * Reintroduced `Crypto.__version__` variable as in PyCrypto. * Fixed compilation problem with MinGW. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1564320 - python-pycryptodomex-3.6.0x is available https://bugzilla.redhat.com/show_bug.cgi?id=1564320 --------------------------------------------------------------------------------
================================================================================ python-pytest-faulthandler-1.5.0-1.fc27 (FEDORA-2018-7e8e1c6e67) py.test plugin that activates the fault handler module for tests -------------------------------------------------------------------------------- Update Information:
New upstream version and build dependency -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1543849 - python-pytest-faulthandler-1.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1543849 --------------------------------------------------------------------------------
================================================================================ webkitgtk4-2.20.1-1.fc27 (FEDORA-2018-85791ad8d9) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information:
This update brings the following changes: * Improve error message when Gigacage cannot allocate virtual memory. * Add missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h. * Improve web process memory monitor thresholds. * Fix a web process crash when the web view is created and destroyed quickly. * Fix a network process crash when load is cancelled while searching for stored HTTP auth credentials. * Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are disabled. * Fix several crashes and rendering issues. Translation updates: * Brazilian Portuguese, Czech. --------------------------------------------------------------------------------