The following Fedora 34 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-8523af7a88 fossil-2.14.2-1.fc34 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-25c0011e78 golang-1.16.6-1.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-69de7c7ca4 aspell-0.60.8-7.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-36cdab1f8d ruby-3.0.2-149.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6cf271948a php-pear-1.10.12-9.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-10d54c261f redis-6.2.5-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-0d3268fc35 mrxvt-0.5.3-31.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-cf7d8c7b1a webkit2gtk3-2.32.3-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-d20d6712bc java-1.8.0-openjdk-1.8.0.302.b08-0.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a627cfd31e matrix-synapse-1.38.1-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-440e34200c buildah-1.21.4-4.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6a0249cb06 seamonkey-2.53.8.1-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4581ccb97d java-11-openjdk-11.0.12.0.7-0.fc34
The following Fedora 34 Critical Path updates have yet to be approved: Age URL 108 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1300e131b6 ddpt-0.96-4.fc34 ledmon-0.95-4.fc34 libgpod-0.8.3-38.fc34 libzfcphbaapi-2.2.0-12.fc34 lsvpd-1.7.11-6.fc34 sg3_utils-1.46-1.fc34 udisks-1.0.5-18.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-59eb8f096e rdma-core-36.0-1.fc34 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-71bdebb69f net-snmp-5.9.1-3.fc34 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a3bc99fffc mtools-4.0.33-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-cf7d8c7b1a webkit2gtk3-2.32.3-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6ca42042d1 dnsmasq-2.85-3.fc34
The following builds have been pushed to Fedora 34 updates-testing
gnome-shell-extension-pop-shell-1.2.0^2.9616931-1.fc34 gtk-gnutella-1.2.1-1.fc34 ipxe-20200823-7.git4bd064de.fc34 java-latest-openjdk-16.0.2.0.7-1.rolling.fc34 logwatch-7.5.6-1.fc34 mbedtls-2.16.11-1.fc34 mingw-exiv2-0.27.4-2.fc34 mingw-python-pillow-8.1.2-3.fc34 mozilla-ublock-origin-1.37.0-1.fc34 mythes-de-0.20210723-1.fc34 python-pillow-8.1.2-4.fc34
Details about builds:
================================================================================ gnome-shell-extension-pop-shell-1.2.0^2.9616931-1.fc34 (FEDORA-2021-bf9ab734af) GNOME Shell extension for advanced tiling window management -------------------------------------------------------------------------------- Update Information:
Latest upstream snapshot -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 24 2021 Carl George carl@george.computer - 1.2.0^2.9616931-1 - Latest upstream snapshot * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 1.2.0^1.d59e373-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ gtk-gnutella-1.2.1-1.fc34 (FEDORA-2021-a043d97bbe) GUI based Gnutella Client -------------------------------------------------------------------------------- Update Information:
Update to 1.2.1 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jul 25 2021 Dmitry Butskoy Dmitry@Butskoy.name - 1.2.1-1 - update to 1.2.1 --------------------------------------------------------------------------------
================================================================================ ipxe-20200823-7.git4bd064de.fc34 (FEDORA-2021-abacced846) A network boot loader -------------------------------------------------------------------------------- Update Information:
* Add snponly build (bz #1981799) -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 24 2021 Cole Robinson crobinso@redhat.com - 20200823-7.git4bd064de - Add snponly build (bz 1981799) * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 20200823-6.git4bd064de - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jul 7 2021 Cole Robinson crobinso@redhat.com - 20200823-5.git4bd064de - Generate qemu compatible rom filenames * Mon Jun 14 2021 Jiri Kucera jkucera@redhat.com - 20200823-4.git4bd064de - Replace genisoimage by xorriso * Tue Feb 23 2021 Cole Robinson aintdiscole@gmail.com - 20200823-3.git4bd064de - combine BIOS and EFI roms using "util/catrom.pl" --------------------------------------------------------------------------------
================================================================================ java-latest-openjdk-16.0.2.0.7-1.rolling.fc34 (FEDORA-2021-97706cf14f) OpenJDK 16 Runtime Environment -------------------------------------------------------------------------------- Update Information:
July 2021 CPU update -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 23 2021 Jiri Vanek jvanek@redhat.com - 1:16.0.2.0.7-1.rolling - bumped to security update of 16.0.2-ga * Tue Jun 29 2021 Jiri Vanek jvanek@redhat.com - 1:16.0.1.0.9-5.rolling - renamed source15 to source17 to match el8 - added fips support: - added pr3695-toggle_system_crypto_policy.patch ; missing prerequisity - removed rh1655466-global_crypto_and_fips.patch; jdk16 do not have default algorithm, it throws exception - adapted rh1655466-global_crypto_and_fips.patch - adapted rh1860986-disable_tlsv1.3_in_fips_mode.patch (?) - adapted rh1915071-always_initialise_configurator_access.patch --------------------------------------------------------------------------------
================================================================================ logwatch-7.5.6-1.fc34 (FEDORA-2021-944fd549df) Analyzes and Reports on system logs -------------------------------------------------------------------------------- Update Information:
Update to 7.5.6 -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 24 2021 Frank Crawford frank@crawford.emu.id.au - 7.5.6-1 - Update to 7.5.6 * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 7.5.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ mbedtls-2.16.11-1.fc34 (FEDORA-2021-165969af24) Light-weight cryptographic and SSL/TLS library -------------------------------------------------------------------------------- Update Information:
- Update to 2.16.11 Release notes: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11 -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 24 2021 Morten Stevens mstevens@fedoraproject.org - 2.16.11-1 - Update to 2.16.11 * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 2.16.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1943664 - mbedtls: multiple vulnerabilities fixed in mbedtls-2.26.0 https://bugzilla.redhat.com/show_bug.cgi?id=1943664 [ 2 ] Bug #1981510 - mbedtls: Local side channel attack on RSA https://bugzilla.redhat.com/show_bug.cgi?id=1981510 [ 3 ] Bug #1981514 - mbedtls: Local side channel attack on static Diffie-Hellman with Montgomery curves https://bugzilla.redhat.com/show_bug.cgi?id=1981514 [ 4 ] Bug #1985311 - CVE-2021-24119 mbedtls: side-channel vulnerability allows system-level-attacker information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1985311 --------------------------------------------------------------------------------
================================================================================ mingw-exiv2-0.27.4-2.fc34 (FEDORA-2021-0b27f220bd) MinGW Windows exiv2 library -------------------------------------------------------------------------------- Update Information:
Update to 0.27.4, fixes CVE-2021-29463 and CVE-2021-29464. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 0.27.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Sun Jun 20 2021 Sandro Mani manisandro@gmail.com - 0.27.4-1 - Update to 0.27.4 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1982185 - CVE-2021-29463 mingw-exiv2: exiv2: out-of-bounds read is triggered via crafted image file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982185 [ 2 ] Bug #1982189 - CVE-2021-29464 mingw-exiv2: exiv2: heap-based buffer overflow via crafted image file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982189 --------------------------------------------------------------------------------
================================================================================ mingw-python-pillow-8.1.2-3.fc34 (FEDORA-2021-3ec845dc0c) MinGW Windows Python pillow library -------------------------------------------------------------------------------- Update Information:
Backport fix for CVE-2021-34552. -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 24 2021 Sandro Mani manisandro@gmail.com - 8.1.2-3 - Backport fix for CVE-2021-34552 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1982379 - CVE-2021-34552 mingw-python-pillow: python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982379 [ 2 ] Bug #1982380 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982380 [ 3 ] Bug #1982381 - CVE-2021-34552 python2-pillow: python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982381 --------------------------------------------------------------------------------
================================================================================ mozilla-ublock-origin-1.37.0-1.fc34 (FEDORA-2021-f9f3648ecd) An efficient blocker for Firefox -------------------------------------------------------------------------------- Update Information:
### Closed as fixed #### Core * '$popup' not working * Service worker "tabless" requests with correct context are still modified when page is whitelisted * Back/Forward navigation does not work between Ublock Origin option pages * csp_report filter created via logger is marked as invalid * Extreme popup blocking - uBo dashboard is blocked when popups are * IPv6 fe80::1%lo0 localhost from hosts file is marked as error line * Whitespaces are now stripped from blocking-rule URLs, causing rules targeting whitespaces to fail and/or block extremely broadly * uBO's dashboard does not refresh custom filters in real-time * Element picker/zapper don't work if cosmetic filtering is disabled * Logger always highlights first match * Static filtering: Cannot prevent my filter from strict-blocking ### Notable commits without en entry in the issue tracker * Provide visual cue in popup panel when base domain has subdomains * Disclose where uBO's own filter lists are hosted * Add abort-current-script scriptlet * Fix spurious error messages when updating contextual menu * Make `getByName()` return an dummy Tracker object * Add asap behavior to remove-attr scriptlet * Ensure pending callbacks are called only once -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 24 2021 Dominik Mierzejewski rpm@greysector.net - 1.37.0-1 - update to 1.37.0 (#1985343) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1985343 - mozilla-ublock-origin-1.37.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1985343 --------------------------------------------------------------------------------
================================================================================ mythes-de-0.20210723-1.fc34 (FEDORA-2021-56f1f15bf3) German thesaurus -------------------------------------------------------------------------------- Update Information:
* Upgrade to latest daily snapshot release -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 24 2021 Robert Scheck robert@fedoraproject.org 0.20210723-1 - Upgrade to latest daily snapshot release * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 0.20210302-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ python-pillow-8.1.2-4.fc34 (FEDORA-2021-3ec845dc0c) Python image processing library -------------------------------------------------------------------------------- Update Information:
Backport fix for CVE-2021-34552. -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 24 2021 Sandro Mani manisandro@gmail.com - 8.1.2-4 - Backport fix for CVE-2021-34552 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1982379 - CVE-2021-34552 mingw-python-pillow: python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982379 [ 2 ] Bug #1982380 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982380 [ 3 ] Bug #1982381 - CVE-2021-34552 python2-pillow: python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982381 --------------------------------------------------------------------------------