The following Fedora 26 Security updates need testing: Age URL 303 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 135 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 122 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f8a78a5ef squid-4.0.23-1.fc26 97 https://bodhi.fedoraproject.org/updates/FEDORA-2018-db5041e661 bro-2.5.3-1.fc26 38 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ba4601398 dovecot-2.2.35-1.fc26 35 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7be77249d4 ruby-2.4.4-88.fc26 16 https://bodhi.fedoraproject.org/updates/FEDORA-2018-77c0da8eea blktrace-1.2.0-6.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-32a88d0540 ca-certificates-2018.2.24-1.0.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6020628437 thunderbird-enigmail-2.0.4-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc04d8bfe8 vim-syntastic-3.9.0-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9cf836a54a nodejs-base64-url-2.2.0-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6367a17aa3 kernel-4.16.11-100.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec08a2143 xmlrpc-3.1.3-20.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-feaf34dc57 thunderbird-52.8.0-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e2ecd0bab4 firefox-60.0.1-1.fc26
The following Fedora 26 Critical Path updates have yet to be approved: Age URL 101 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ddd1e5c30a iproute-4.14.1-5.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-70b0c4dca9 osinfo-db-20180514-1.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8706010aa vim-8.0.1842-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-32a88d0540 ca-certificates-2018.2.24-1.0.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9585aa356 sssd-1.16.1-8.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5e05834bb7 volume_key-0.3.10-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-21a38db20b libidn2-2.0.5-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1486702873 vino-3.22.0-8.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb2435dd6a ntfs-3g-2017.3.23-6.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6367a17aa3 kernel-4.16.11-100.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e2ecd0bab4 firefox-60.0.1-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-feaf34dc57 thunderbird-52.8.0-1.fc26 The following builds have been pushed to Fedora 26 updates-testing chromium-66.0.3359.181-2.fc26 Details about builds: ================================================================================ chromium-66.0.3359.181-2.fc26 (FEDORA-2018-1f83cbeb3c) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Update to 66.0.3359.181. Security fix for CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6116 CVE-2018-6117 CVE-2018-6118 CVE-2018-6121 CVE-2018-6122 CVE-2018-6120 ---- Update to Chromium 65. For EPEL7, it has been a long time since a successful build has been possible, so this will fix a LOT of CVEs. CVE-2017-15396 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 CVE-2018-6056 CVE-2018-6406 CVE-2018-6057 CVE-2018-6058 CVE-2018-6059 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 -------------------------------------------------------------------------------- ChangeLog: * Wed May 23 2018 Tom Callaway <s...@fedoraproject.org> 66.0.3359.181-2 - fix missing files * Mon May 21 2018 Tom Callaway <s...@fedoraproject.org> 66.0.3359.181-1 - update to 66.0.3359.181 * Tue May 15 2018 Tom Callaway <s...@fedoraproject.org> 66.0.3359.170-2 - only x86_64 i686 have swiftshader - fix gcc8 alignof issue on i686 * Mon May 14 2018 Tom Callaway <s...@fedoraproject.org> 66.0.3359.170-1 - update to 66.0.3359.170 - include swiftshader files * Tue May 1 2018 Tom Callaway <s...@fedoraproject.org> 66.0.3359.139-1 - update to 66.0.3359.139 * Wed Apr 18 2018 Tom Callaway <s...@fedoraproject.org> 66.0.3359.117-1 - update to 66.0.3359.117 * Tue Apr 17 2018 Tom Callaway <s...@fedoraproject.org> 65.0.3325.181-3 - use system fontconfig (except on epel7) * Wed Apr 4 2018 Tom Callaway <s...@fedoraproject.org> 65.0.3325.181-2 - add explicit dependency on minizip (bz 1534282) * Wed Mar 28 2018 Tom Callaway <s...@fedoraproject.org> - check that there is no system 'google' module, shadowing bundled ones - conditionalize api keys (on by default) * Wed Mar 21 2018 Tom Callaway <s...@fedoraproject.org> 65.0.3325.181-1 - update to 65.0.3325.181 * Mon Mar 19 2018 Tom Callaway <s...@fedoraproject.org> 65.0.3325.162-3 - use bundled libdrm on epel7 * Fri Mar 16 2018 Tom Callaway <s...@fedoraproject.org> 65.0.3325.162-2 - disable StartupNotify in chromium-browser.desktop (not in google-chrome desktop file) (bz1545241) - use bundled freetype on epel7 * Wed Mar 14 2018 Tom Callaway <s...@fedoraproject.org> 65.0.3325.162-1 - update to 65.0.3325.162 * Wed Mar 7 2018 Tom Callaway <s...@fedoraproject.org> 65.0.3325.146-1 - update to 65.0.3325.146 * Mon Mar 5 2018 Tom Callaway <s...@fedoraproject.org> 64.0.3282.186-1 - update to 64.0.3282.186 * Fri Feb 16 2018 Tom Callaway <s...@fedoraproject.org> 64.0.3282.167-1 - update to 64.0.3282.167 - include workaround for gcc8 bug in gn - disable unnecessary aarch64 glibc symbol change * Fri Feb 2 2018 Tom Callaway <s...@fedoraproject.org> 64.0.3282.140-1 - update to 64.0.3282.140 * Thu Feb 1 2018 Tom Callaway <s...@fedoraproject.org> 64.0.3282.119-2 - include user-session binary in chrome-remote-desktop subpackage * Thu Jan 25 2018 Tom Callaway <s...@fedoraproject.org> 64.0.3282.119-1 - update to 64.0.3282.119 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1577115 - CVE-2018-6120 chromium-browser: Heap buffer overflow in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1577115 [ 2 ] Bug #1577114 - CVE-2018-6122 chromium-browser: Type confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1577114 [ 3 ] Bug #1577113 - CVE-2018-6121 chromium-browser: Privilege Escalation in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1577113 [ 4 ] Bug #1573856 - CVE-2018-6118 chromium-browser: Use after free in Media Cache https://bugzilla.redhat.com/show_bug.cgi?id=1573856 [ 5 ] Bug #1568797 - CVE-2018-6117 chromium-browser: Confusing autofill settings https://bugzilla.redhat.com/show_bug.cgi?id=1568797 [ 6 ] Bug #1568796 - CVE-2018-6116 chromium-browser: Incorrect low memory handling in WebAssembly https://bugzilla.redhat.com/show_bug.cgi?id=1568796 [ 7 ] Bug #1568795 - CVE-2018-6115 chromium-browser: SmartScreen bypass in downloads https://bugzilla.redhat.com/show_bug.cgi?id=1568795 [ 8 ] Bug #1568794 - CVE-2018-6114 chromium-browser: CSP bypass https://bugzilla.redhat.com/show_bug.cgi?id=1568794 [ 9 ] Bug #1568793 - CVE-2018-6113 chromium-browser: URL spoof in Navigation https://bugzilla.redhat.com/show_bug.cgi?id=1568793 [ 10 ] Bug #1568792 - CVE-2018-6112 chromium-browser: Incorrect URL handling in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=1568792 [ 11 ] Bug #1568791 - CVE-2018-6111 chromium-browser: Heap-use-after-free in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=1568791 [ 12 ] Bug #1568790 - CVE-2018-6110 chromium-browser: Incorrect handling of plaintext files via file:// https://bugzilla.redhat.com/show_bug.cgi?id=1568790 [ 13 ] Bug #1568789 - CVE-2018-6109 chromium-browser: Incorrect handling of files by FileAPI https://bugzilla.redhat.com/show_bug.cgi?id=1568789 [ 14 ] Bug #1568788 - CVE-2018-6108 chromium-browser: URL spoof in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1568788 [ 15 ] Bug #1568787 - CVE-2018-6107 chromium-browser: URL spoof in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1568787 [ 16 ] Bug #1568786 - CVE-2018-6106 chromium-browser: Incorrect handling of promises in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1568786 [ 17 ] Bug #1568785 - CVE-2018-6105 chromium-browser: URL spoof in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1568785 [ 18 ] Bug #1568782 - CVE-2018-6104 chromium-browser: URL spoof in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1568782 [ 19 ] Bug #1568781 - CVE-2018-6103 chromium-browser: UI spoof in Permissions https://bugzilla.redhat.com/show_bug.cgi?id=1568781 [ 20 ] Bug #1568780 - CVE-2018-6102 chromium-browser: URL spoof in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1568780 [ 21 ] Bug #1568779 - CVE-2018-6101 chromium-browser: Insufficient protection of remote debugging prototol in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=1568779 [ 22 ] Bug #1568778 - CVE-2018-6100 chromium-browser: URL spoof in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1568778 [ 23 ] Bug #1568777 - CVE-2018-6099 chromium-browser: CORS bypass in ServiceWorker https://bugzilla.redhat.com/show_bug.cgi?id=1568777 [ 24 ] Bug #1568776 - CVE-2018-6098 chromium-browser: URL spoof in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1568776 [ 25 ] Bug #1568775 - CVE-2018-6097 chromium-browser: Fullscreen UI spoof https://bugzilla.redhat.com/show_bug.cgi?id=1568775 [ 26 ] Bug #1568774 - CVE-2018-6096 chromium-browser: Fullscreen UI spoof https://bugzilla.redhat.com/show_bug.cgi?id=1568774 [ 27 ] Bug #1568773 - CVE-2018-6095 chromium-browser: Lack of meaningful user interaction requirement before file upload https://bugzilla.redhat.com/show_bug.cgi?id=1568773 [ 28 ] Bug #1568771 - CVE-2018-6094 chromium-browser: Exploit hardening regression in Oilpan https://bugzilla.redhat.com/show_bug.cgi?id=1568771 [ 29 ] Bug #1568770 - CVE-2018-6093 chromium-browser: Same origin bypass in Service Worker https://bugzilla.redhat.com/show_bug.cgi?id=1568770 [ 30 ] Bug #1568769 - CVE-2018-6092 chromium-browser: Integer overflow in WebAssembly https://bugzilla.redhat.com/show_bug.cgi?id=1568769 [ 31 ] Bug #1568767 - CVE-2018-6091 chromium-browser: Incorrect handling of plug-ins by Service Worker https://bugzilla.redhat.com/show_bug.cgi?id=1568767 [ 32 ] Bug #1568766 - CVE-2018-6090 chromium-browser: Heap buffer overflow in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1568766 [ 33 ] Bug #1568765 - CVE-2018-6089 chromium-browser: Same origin policy bypass in Service Worker https://bugzilla.redhat.com/show_bug.cgi?id=1568765 [ 34 ] Bug #1568764 - CVE-2018-6088 chromium-browser: Use after free in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1568764 [ 35 ] Bug #1568763 - CVE-2018-6087 chromium-browser: Use after free in WebAssembly https://bugzilla.redhat.com/show_bug.cgi?id=1568763 [ 36 ] Bug #1568762 - CVE-2018-6086 chromium-browser: Use after free in Disk Cache https://bugzilla.redhat.com/show_bug.cgi?id=1568762 [ 37 ] Bug #1568761 - CVE-2018-6085 chromium-browser: Use after free in Disk Cache https://bugzilla.redhat.com/show_bug.cgi?id=1568761 [ 38 ] Bug #1552500 - CVE-2018-6083 chromium-browser: incorrect processing of appmanifests https://bugzilla.redhat.com/show_bug.cgi?id=1552500 [ 39 ] Bug #1552499 - CVE-2018-6082 chromium-browser: circumvention of port blocking https://bugzilla.redhat.com/show_bug.cgi?id=1552499 [ 40 ] Bug #1552498 - CVE-2018-6081 chromium-browser: xss in interstitials https://bugzilla.redhat.com/show_bug.cgi?id=1552498 [ 41 ] Bug #1552497 - CVE-2018-6080 chromium-browser: information disclosure in ipc call https://bugzilla.redhat.com/show_bug.cgi?id=1552497 [ 42 ] Bug #1552496 - CVE-2018-6079 chromium-browser: information disclosure via texture data in webgl https://bugzilla.redhat.com/show_bug.cgi?id=1552496 [ 43 ] Bug #1552495 - CVE-2018-6078 chromium-browser: url spoof in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1552495 [ 44 ] Bug #1552494 - CVE-2018-6077 chromium-browser: timing attack using svg filters https://bugzilla.redhat.com/show_bug.cgi?id=1552494 [ 45 ] Bug #1552493 - CVE-2018-6076 chromium-browser: incorrect handling of url fragment identifiers in blink https://bugzilla.redhat.com/show_bug.cgi?id=1552493 [ 46 ] Bug #1552492 - CVE-2018-6075 chromium-browser: overly permissive cross origin downloads https://bugzilla.redhat.com/show_bug.cgi?id=1552492 [ 47 ] Bug #1552491 - CVE-2018-6074 chromium-browser: mark-of-the-web bypass https://bugzilla.redhat.com/show_bug.cgi?id=1552491 [ 48 ] Bug #1552490 - CVE-2018-6073 chromium-browser: heap bufffer overflow in webgl https://bugzilla.redhat.com/show_bug.cgi?id=1552490 [ 49 ] Bug #1552489 - CVE-2018-6072 chromium-browser: integer overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1552489 [ 50 ] Bug #1552488 - CVE-2018-6071 chromium-browser: heap bufffer overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1552488 [ 51 ] Bug #1552487 - CVE-2018-6070 chromium-browser: csp bypass through extensions https://bugzilla.redhat.com/show_bug.cgi?id=1552487 [ 52 ] Bug #1552486 - CVE-2018-6069 chromium-browser: stack buffer overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1552486 [ 53 ] Bug #1552485 - CVE-2018-6068 chromium-browser: object lifecycle issues in chrome custom tab https://bugzilla.redhat.com/show_bug.cgi?id=1552485 [ 54 ] Bug #1552484 - CVE-2018-6067 chromium-browser: buffer overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1552484 [ 55 ] Bug #1552483 - CVE-2018-6066 chromium-browser: same origin bypass via canvas https://bugzilla.redhat.com/show_bug.cgi?id=1552483 [ 56 ] Bug #1552482 - CVE-2018-6065 chromium-browser: integer overflow in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1552482 [ 57 ] Bug #1552481 - CVE-2018-6064 chromium-browser: type confusion in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1552481 [ 58 ] Bug #1552480 - CVE-2018-6063 chromium-browser: incorrect permissions on shared memory https://bugzilla.redhat.com/show_bug.cgi?id=1552480 [ 59 ] Bug #1552479 - CVE-2018-6057 chromium-browser: incorrect permissions on shared memory https://bugzilla.redhat.com/show_bug.cgi?id=1552479 [ 60 ] Bug #1552478 - CVE-2018-6062 chromium-browser: heap buffer overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1552478 [ 61 ] Bug #1552477 - CVE-2018-6061 chromium-browser: race condition in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1552477 [ 62 ] Bug #1552476 - CVE-2018-6060 chromium-browser: use-after-free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1552476 [ 63 ] Bug #1552475 - CVE-2018-6059 chromium-browser: use-after-free in flash https://bugzilla.redhat.com/show_bug.cgi?id=1552475 [ 64 ] Bug #1552474 - CVE-2018-6058 chromium-browser: use-after-free in flash https://bugzilla.redhat.com/show_bug.cgi?id=1552474 [ 65 ] Bug #1547349 - CVE-2018-6406 libwebm: Out of bounds read in libwebm_util.cc:ParseVP9SuperFrameIndex() can lead to information leak or potential denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1547349 [ 66 ] Bug #1545062 - CVE-2018-6056 chromium-browser: incorrect derived class instantiation in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1545062 [ 67 ] Bug #1523141 - CVE-2017-15427 chromium-browser: insufficient blocking of javascript in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1523141 [ 68 ] Bug #1523140 - CVE-2017-15426 chromium-browser: url spoof in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1523140 [ 69 ] Bug #1523139 - CVE-2017-15425 chromium-browser: url spoof in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1523139 [ 70 ] Bug #1523138 - CVE-2017-15424 chromium-browser: url spoof in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1523138 [ 71 ] Bug #1523137 - CVE-2017-15423 chromium-browser: issue with spake implementation in boringssl https://bugzilla.redhat.com/show_bug.cgi?id=1523137 [ 72 ] Bug #1523136 - CVE-2017-15422 chromium-browser: integer overflow in icu https://bugzilla.redhat.com/show_bug.cgi?id=1523136 [ 73 ] Bug #1523135 - CVE-2017-15420 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1523135 [ 74 ] Bug #1523134 - CVE-2017-15419 chromium-browser: cross origin leak of redirect url in blink https://bugzilla.redhat.com/show_bug.cgi?id=1523134 [ 75 ] Bug #1523133 - CVE-2017-15418 chromium-browser: use of uninitialized value in skia https://bugzilla.redhat.com/show_bug.cgi?id=1523133 [ 76 ] Bug #1523132 - CVE-2017-15417 chromium-browser: cross origin information disclosure in skia https://bugzilla.redhat.com/show_bug.cgi?id=1523132 [ 77 ] Bug #1523131 - CVE-2017-15416 chromium-browser: out of bounds read in blink https://bugzilla.redhat.com/show_bug.cgi?id=1523131 [ 78 ] Bug #1523130 - CVE-2017-15415 chromium-browser: pointer information disclosure in ipc call https://bugzilla.redhat.com/show_bug.cgi?id=1523130 [ 79 ] Bug #1523129 - CVE-2017-15413 chromium-browser: type confusion in webassembly https://bugzilla.redhat.com/show_bug.cgi?id=1523129 [ 80 ] Bug #1523128 - CVE-2017-15412 chromium-browser: use after free in libxml https://bugzilla.redhat.com/show_bug.cgi?id=1523128 [ 81 ] Bug #1523127 - CVE-2017-15411 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1523127 [ 82 ] Bug #1523126 - CVE-2017-15410 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1523126 [ 83 ] Bug #1523125 - CVE-2017-15409 chromium-browser: out of bounds write in skia https://bugzilla.redhat.com/show_bug.cgi?id=1523125 [ 84 ] Bug #1523124 - CVE-2017-15408 chromium-browser: heap buffer overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1523124 [ 85 ] Bug #1523123 - CVE-2017-15407 chromium-browser: out of bounds write in quic https://bugzilla.redhat.com/show_bug.cgi?id=1523123 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org/message/PCH3V4XL3SR7XSAPG2QW42UDYQ3YKIVR/
