The following Fedora 27 Security updates need testing: Age URL 66 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c9395f9bec remctl-3.14-1.fc27 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-825d37b810 opencv-3.2.0-15.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ff86925c3 memcached-1.5.7-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d275e6ff0c scummvm-tools-2.0.0-1.fc27 scummvm-2.0.0-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9d1ff4b802 composer-1.6.4-1.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ac1d9c2777 zsh-5.4.1-3.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b7a613ea5d gsoap-2.8.49-4.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-97c275d576 boost-1.64.0-6.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a85044d389 ruby-2.4.4-88.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7025a5c25d community-mysql-5.7.22-1.fc27
The following Fedora 27 Critical Path updates have yet to be approved: Age URL 20 https://bodhi.fedoraproject.org/updates/FEDORA-2018-772fcd140c linux-firmware-20180402-83.git8c1e439c.fc27 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5f72371a85 python-productmd-1.11-2.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e0a12453e8 libcgroup-0.41-17.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ae2c9dd927 python-urllib3-1.22-5.fc27 python-requests-2.18.4-2.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d3085b9774 selinux-policy-3.13.1-283.32.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c31f1eccd iptables-1.6.2-2.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f9921ffc3 libtirpc-1.0.3-2.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-97c275d576 boost-1.64.0-6.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-83f08113c1 lua-socket-3.0-0.17.rc1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-72c7737ac6 findutils-4.6.0-19.fc27 coreutils-8.27-21.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5eb5277f7d perl-Carp-1.42-395.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c729ab6811 nss-3.36.1-1.0.fc27 nss-softokn-3.36.1-1.0.fc27 nss-util-3.36.1-1.0.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b6be90818d kernel-4.16.3-200.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d8ed52631a appstream-data-27-11.fc27
The following builds have been pushed to Fedora 27 updates-testing
ceph-12.2.4-2.fc27 cups-filters-1.16.1-5.fc27 dippi-2.6.3-1.fc27 etckeeper-1.18.7-2.fc27 java-openjdk-10.0.1.10-1.fc27 kde-connect-1.3.0-1.fc27 libappstream-glib-0.7.8-1.fc27 php-slim3-3.10.0-1.fc27 powertop-2.9-6.fc27 python35-3.5.5-1.fc27 qpdf-7.1.1-5.fc27 redhat-rpm-config-78-1.fc27 tomsfastmath-0.13.1-1.fc27 tripwire-2.4.3.7-1.fc27
Details about builds:
================================================================================ ceph-12.2.4-2.fc27 (FEDORA-2018-54e86d3130) User space components of the Ceph file system -------------------------------------------------------------------------------- Update Information:
Use standard Fedora linker flags (bug #1547552) -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 13 2018 Rafael dos Santos rdossant@redhat.com - 1:12.2.4-2 - Use standard Fedora linker flags (bug #1547552) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1547552 - ceph: Partial injection of Fedora build flags https://bugzilla.redhat.com/show_bug.cgi?id=1547552 --------------------------------------------------------------------------------
================================================================================ cups-filters-1.16.1-5.fc27 (FEDORA-2018-f2e1c09437) OpenPrinting CUPS filters and backends -------------------------------------------------------------------------------- Update Information:
Rebase to qpdf-7.1.1 because of security fixes for CVE-2018-9918, CVE-2017-11627, CVE-2017-12595. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 18 2018 Zdenek Dohnal zdohnal@redhat.com - 1.16.1-5 - rebuilt with qpdf-7.1.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1566756 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a https://bugzilla.redhat.com/show_bug.cgi?id=1566756 [ 2 ] Bug #1475517 - CVE-2017-11627 qpdf: Infinite loop in PointerHolder function in PointerHolder.hh https://bugzilla.redhat.com/show_bug.cgi?id=1475517 [ 3 ] Bug #1485847 - CVE-2017-12595 qpdf: Stack overflow when processing deeply nested arrays and dictionaries https://bugzilla.redhat.com/show_bug.cgi?id=1485847 --------------------------------------------------------------------------------
================================================================================ dippi-2.6.3-1.fc27 (FEDORA-2018-8389901590) Calculate display info like DPI and aspect ratio -------------------------------------------------------------------------------- Update Information:
Update dippi to version 2.6.3. -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 21 2018 Fabio Valentini decathorpe@gmail.com - 2.6.3-1 - Update to version 2.6.3. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1567563 - dippi-2.6.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1567563 --------------------------------------------------------------------------------
================================================================================ etckeeper-1.18.7-2.fc27 (FEDORA-2018-c0f0e0a454) Store /etc in a SCM system (git, mercurial, bzr or darcs) -------------------------------------------------------------------------------- Update Information:
#### Packaging #### - Update to 1.18.7. - Fix ignore rules (rhbz#1460461). - Update README.fedora (rhbz#1478655). - Add missing BRs (rhbz#1418790). - Add patch to prevent mercurial warnings (rhbz#1480843). #### Upstream changelog #### ##### etckeeper (1.18.7) ##### * Added some unit tests. Thanks, Henrik Riomar. * etckeeper will work on systems that do not have perl installed. (perl is still used when available as it's faster.) Thanks, William Johansson and radhus. * Prevent LC_ALL overriding the LC_COLLATE used to sort metadata. ##### etckeeper (1.18.6) ##### * Only show errors (no progress indicators) when pushing Git/Mercurial repos to avoid unncessary cron mails. Thanks, Nils Steinger. * Fix regex in 20-warn-problem-files. * Added support for apk (alpine linux). Thanks, Henrik Riomar. -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 21 2018 Thomas Moschny thomas.moschny@gmx.de - 1.18.7-2 - DNF is no longer available in EPEL7. * Sat Apr 21 2018 Thomas Moschny thomas.moschny@gmx.de - 1.18.7-1 - Update to 1.18.7. - Rebase patches. - Slightly modernize spec file. - Update Python dependencies. - Fix ignore rules (rhbz#1460461). - Update README.fedora (rhbz#1478655). - Add missing BRs (rhbz#1418790). - Add patch to prevent mercurial warnings (rhbz#1480843). * Wed Feb 7 2018 Iryna Shcherbina ishcherb@redhat.com - 1.18.5-7 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 1.18.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ java-openjdk-10.0.1.10-1.fc27 (FEDORA-2018-5c1fe012f7) OpenJDK Runtime Environment 10 -------------------------------------------------------------------------------- Update Information:
Updated to Oracle April secrity CPU update -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 20 2018 Jiri Vanek jvanek@redhat.com - 1:10.0.1.10-1 - updated to security update 1 - jexec unlinked from path - used java-openjdk as boot jdk - aligned provides/requires - renamed zip javadoc * Tue Apr 10 2018 Severin Gehwolf sgehwolf@redhat.com - 1:10.0.0.46-12 - Enable basic EC ciphers test in %check. * Tue Apr 10 2018 Severin Gehwolf sgehwolf@redhat.com - 1:10.0.0.46-11 - Port Martin Balao's JDK 9 patch for system NSS support to JDK 10. - Resolves RHBZ#1565658 --------------------------------------------------------------------------------
================================================================================ kde-connect-1.3.0-1.fc27 (FEDORA-2018-fe42a7a761) KDE Connect client for communication with smartphones -------------------------------------------------------------------------------- Update Information:
New upstream release, provide nautilus integration (kde-connect-nautilus package), https://mail.kde.org/pipermail/kdeconnect/2018-April/003529.html -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 9 2018 Rex Dieter rdieter@fedoraproject.org - 1.3.0-1 - 1.3.0 - -nautilus subpkg (extention for nautilus) * Sun Mar 4 2018 Rex Dieter rdieter@fedoraproject.org - 1.2.1-3 - use %make_build %ldconfig_scriptlets - BR: gcc-c++ * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ libappstream-glib-0.7.8-1.fc27 (FEDORA-2018-bbbe5cbc7d) Library for AppStream metadata -------------------------------------------------------------------------------- Update Information:
New upstream release - Add as_version_string() for fwupd - Add support for component agreements - Correctly compare version numbers like '1.2.3' and '1.2.3a' - Don't include the path component in the name when parsing the package filename - If the launchable is specified don't guess it when composing - Never add more than one component to the AppStream store when composing -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 20 2018 Richard Hughes richard@hughsie.com 0.7.8-1 - New upstream release - Add as_version_string() for fwupd - Add support for component agreements - Correctly compare version numbers like '1.2.3' and '1.2.3a' - Don't include the path component in the name when parsing the package filename - If the launchable is specified don't guess it when composing - Never add more than one component to the AppStream store when composing --------------------------------------------------------------------------------
================================================================================ php-slim3-3.10.0-1.fc27 (FEDORA-2018-15aa4d39ae) PHP micro framework -------------------------------------------------------------------------------- Update Information:
Last upstream release -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 21 2018 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.10.0-1 - New upstream release * Thu Jul 27 2017 Fedora Release Engineering releng@fedoraproject.org - 3.7.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1433644 - php-slim3-3.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1433644 --------------------------------------------------------------------------------
================================================================================ powertop-2.9-6.fc27 (FEDORA-2018-6b86917ffb) Power consumption monitor -------------------------------------------------------------------------------- Update Information:
This is an update fixing post scriptlet not to fail. -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 20 2018 Jaroslav ��karvada jskarvad@redhat.com - 2.9-6 - Made post scriptlet not to fail Resolves: rhbz#1569722 * Mon Feb 19 2018 Ond��ej Lyson��k olysonek@redhat.com - 2.9-5 - Add gcc, gcc-c++ to BuildRequires * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 2.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1569722 - powertop can not be installed on atomic host https://bugzilla.redhat.com/show_bug.cgi?id=1569722 --------------------------------------------------------------------------------
================================================================================ python35-3.5.5-1.fc27 (FEDORA-2018-3ad3828f87) Version 3.5 of the Python programming language -------------------------------------------------------------------------------- Update Information:
Rebased to version 3.5.5 -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 27 2018 Miro Hron��ok mhroncok@redhat.com - 3.5.5-1 - Rebased to version 3.5.5 - Do not ship the Tools directory * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 3.5.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Sat Jan 20 2018 Bj��rn Esser besser82@fedoraproject.org - 3.5.4-3 - Rebuilt for switch to libxcrypt --------------------------------------------------------------------------------
================================================================================ qpdf-7.1.1-5.fc27 (FEDORA-2018-f2e1c09437) Command-line tools and library for transforming PDF files -------------------------------------------------------------------------------- Update Information:
Rebase to qpdf-7.1.1 because of security fixes for CVE-2018-9918, CVE-2017-11627, CVE-2017-12595. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 16 2018 Zdenek Dohnal zdohnal@redhat.com - 7.1.1-5 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all] * Mon Feb 19 2018 Zdenek Dohnal zdohnal@redhat.com - 7.1.1-4 - gcc and gcc-c++ are no longer in buildroot by default * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 7.1.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Feb 8 2018 Zdenek Dohnal zdohnal@redhat.com - 7.1.1-2 - remove old stuff * Mon Feb 5 2018 Zdenek Dohnal zdohnal@redhat.com - 7.1.1-1 - rebase to 7.1.1 * Tue Sep 19 2017 Zdenek Dohnal zdohnal@redhat.com - 7.0.0-1 - rebase to 7.0.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1566756 - CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a https://bugzilla.redhat.com/show_bug.cgi?id=1566756 [ 2 ] Bug #1475517 - CVE-2017-11627 qpdf: Infinite loop in PointerHolder function in PointerHolder.hh https://bugzilla.redhat.com/show_bug.cgi?id=1475517 [ 3 ] Bug #1485847 - CVE-2017-12595 qpdf: Stack overflow when processing deeply nested arrays and dictionaries https://bugzilla.redhat.com/show_bug.cgi?id=1485847 --------------------------------------------------------------------------------
================================================================================ redhat-rpm-config-78-1.fc27 (FEDORA-2018-742b70ee19) Red Hat specific rpm configuration files -------------------------------------------------------------------------------- Update Information:
Add the %_metainfodir macro to account for differing locations for appdata metainfo between releases. Fix a bug in the %forgeautosetup macro. -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 20 2018 Jason L Tibbitts III tibbs@math.uh.edu - 78-1 - Add %_metainfodir macro. - %forgeautosetup tweak to fix patch application. --------------------------------------------------------------------------------
================================================================================ tomsfastmath-0.13.1-1.fc27 (FEDORA-2018-f244a84f25) Fast large integer arithmetic library -------------------------------------------------------------------------------- Update Information:
Initial import (#1567898) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1567898 - Review Request: tomsfastmath - fast large integer arithmetic library https://bugzilla.redhat.com/show_bug.cgi?id=1567898 --------------------------------------------------------------------------------
================================================================================ tripwire-2.4.3.7-1.fc27 (FEDORA-2018-ba68418b52) IDS (Intrusion Detection System) -------------------------------------------------------------------------------- Update Information:
update to 2.4.3.7 -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 19 2018 Didier Fabert didier.fabert@gmail.com - 2.4.3.7-1 - update to 2.4.3.7 * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 2.4.3.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Oct 4 2017 Didier Fabert didier.fabert@gmail.com - 2.4.3.6-1 - update to 2.4.3.6 --------------------------------------------------------------------------------