The following Fedora 27 Security updates need testing: Age URL 27 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 21 https://bodhi.fedoraproject.org/updates/FEDORA-2018-81e1618ab9 glibc-arm-linux-gnu-2.26-4.fc27 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-dc984c59e5 drupal7-7.57-1.fc27 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-de113aeac6 ntp-4.2.8p11-1.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-52d79f4f36 dovecot-2.2.34-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e38f759144 python-bleach-2.1.3-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ff86925c3 memcached-1.5.6-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c38e40a4bf golang-1.9.4-2.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1697970ac4 dolphin-emu-5.0-21.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-55b7018374 mailman-2.1.21-8.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-96601292a2 php-simplesamlphp-saml2_1-1.10.6-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6db40b0c37 php-simplesamlphp-saml2-2.3.8-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4fb7cdd27f libgit2-0.26.3-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a2cc71c081 afflib-3.7.16-4.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-37e28670f2 php-simplesamlphp-saml2_3-3.1.4-3.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cf76003e1f kernel-4.15.9-300.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c923533479 webkitgtk4-2.20.0-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-db9adf44c9 exim-4.90.1-3.fc27
The following Fedora 27 Critical Path updates have yet to be approved: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c31f1eccd iptables-1.6.2-2.fc27 libnftnl-1.0.9-2.fc27 nftables-0.8.2-2.fc27 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d4a2b7350f xfce4-settings-4.12.2-2.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7acb1065ee lxpanel-0.9.3-7.D20180305gitb85c71a6.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa5edf1551 gsm-1.0.17-4.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-975e9f8b47 shared-mime-info-1.9-2.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c1e573d9d7 desktop-file-utils-0.23-6.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-77fdb91f3e nss-3.36.0-1.0.fc27 nss-softokn-3.36.0-1.0.fc27 nss-util-3.36.0-1.0.fc27 nspr-4.19.0-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-464eb6dc5e libappstream-glib-0.7.7-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c923533479 webkitgtk4-2.20.0-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cf76003e1f kernel-4.15.9-300.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f7a759e8c1 jansson-2.11-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-32ebae3424 selinux-policy-3.13.1-283.28.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e725c2cd7b libtirpc-1.0.3-0.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a9d2b42ad4 python2-2.7.14-10.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-786774956d python3-3.6.4-9.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-189e532522 elfutils-0.170-10.fc27 The following builds have been pushed to Fedora 27 updates-testing apr-api-docs-1.6.3-1.fc27 audacious-plugins-3.9-6.fc27 bcm283x-firmware-20180314-1.086a848.fc27 caja-actions-1.8.3-4.fc27 container-selinux-2.55-1.fc27 erlang-19.3.6.6-1.fc27 freerdp-2.0.0-39.20180314gitf8baeb7.fc27 golang-github-boombuler-barcode-1.0.0-0.fc27 i-nex-7.6.0-5.20170703git0c10102.fc27 ikiwiki-3.20180311-1.fc27 libmodulemd-1.1.0-1.fc27 microcode_ctl-2.1-22.fc27 monitorix-3.10.1-1.fc27 nodejs-rhea-0.2.10-1.fc27 octave-4.2.2-1.fc27 podman-0.3.3-1.dev.gitbc358eb.fc27 python-pyngus-2.2.2-1.fc27 python-pytest-forked-0.2-3.fc27 python-pytest-xdist-1.20.1-2.fc27 python-qpid-1.37.0-2.fc27 qpid-cpp-1.37.0-2.fc27 qpid-dispatch-1.0.1-1.fc27 qpid-proton-0.21.0-1.fc27 qt-creator-4.5.2-1.fc27 quentier-0.4.0-0.1.20180301.git8226e31.fc27 remmina-1.2.0-0.48.20180314.git.04e4a99.fc27 rubygem-qpid_proton-0.21.0-1.fc27 sunpinyin-2.0.4-0.21.20160301git.fc27 wireshark-2.4.5-3.fc27 Details about builds: ================================================================================ apr-api-docs-1.6.3-1.fc27 (FEDORA-2018-5cf345a093) Apache Portable Runtime API documentation -------------------------------------------------------------------------------- Update Information: Rebuild against current packages. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1556198 - apr-api-docs: FTBFS in F28 https://bugzilla.redhat.com/show_bug.cgi?id=1556198 -------------------------------------------------------------------------------- ================================================================================ audacious-plugins-3.9-6.fc27 (FEDORA-2018-61164b2195) Plugins for the Audacious audio player -------------------------------------------------------------------------------- Update Information: Fix gnomeshortcuts plugin for GNOME 3.26 and merge a post-3.9 change to build the adplug plugin without an unbundled adplug library. -------------------------------------------------------------------------------- ================================================================================ bcm283x-firmware-20180314-1.086a848.fc27 (FEDORA-2018-a1714580c7) Broadcom bcm283x firmware for the Raspberry Pi -------------------------------------------------------------------------------- Update Information: Add support for Raspberry Pi 3+ (Happy Pi day) ---- Upstream firmware fixes -------------------------------------------------------------------------------- ================================================================================ caja-actions-1.8.3-4.fc27 (FEDORA-2018-3cf237a14e) Caja extension for customizing the context menu -------------------------------------------------------------------------------- Update Information: - Rebuilt for fixing rhbz (#1555660) (f28) - switch to using autosetup -------------------------------------------------------------------------------- ================================================================================ container-selinux-2.55-1.fc27 (FEDORA-2018-29bc3c6098) SELinux policies for container runtimes -------------------------------------------------------------------------------- Update Information: Fix several bugs -------------------------------------------------------------------------------- References: [ 1 ] Bug #1553412 - SELinux is preventing chown from 'setattr' accesses on the fifo_file . https://bugzilla.redhat.com/show_bug.cgi?id=1553412 [ 2 ] Bug #1545858 - SELinux is preventing rsync from 'write' accesses on the directory fd. https://bugzilla.redhat.com/show_bug.cgi?id=1545858 -------------------------------------------------------------------------------- ================================================================================ erlang-19.3.6.6-1.fc27 (FEDORA-2018-b6a9bb2b91) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information: * Ver. 19.3.6.6 -------------------------------------------------------------------------------- ================================================================================ freerdp-2.0.0-39.20180314gitf8baeb7.fc27 (FEDORA-2018-b3bda07364) Free implementation of the Remote Desktop Protocol (RDP) -------------------------------------------------------------------------------- Update Information: Fixes for recent Windows updates breaking RDP connections and new pre/post commands feature in Remmina. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1536874 - Unable to use RDP after last update (SEC_E_INVALID_TOKEN) https://bugzilla.redhat.com/show_bug.cgi?id=1536874 [ 2 ] Bug #1553098 - No icon for open Remmina application https://bugzilla.redhat.com/show_bug.cgi?id=1553098 [ 3 ] Bug #1549831 - Please update remmina package for add new feature. https://bugzilla.redhat.com/show_bug.cgi?id=1549831 [ 4 ] Bug #1508574 - can we please have xfreerdp group itself in Alt+Tab please? https://bugzilla.redhat.com/show_bug.cgi?id=1508574 [ 5 ] Bug #1537082 - freerdp upgrade breaks KRDC and remmina https://bugzilla.redhat.com/show_bug.cgi?id=1537082 [ 6 ] Bug #1555380 - Connecting to windows with KB4088776 installed does not work https://bugzilla.redhat.com/show_bug.cgi?id=1555380 -------------------------------------------------------------------------------- ================================================================================ golang-github-boombuler-barcode-1.0.0-0.fc27 (FEDORA-2018-c0db311c89) A barcode creation lib for Go (Golang) -------------------------------------------------------------------------------- Update Information: Fix FTBFS, switch to release version number rather than git SHA. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1555782 - golang-github-boombuler-barcode: FTBFS in F28 https://bugzilla.redhat.com/show_bug.cgi?id=1555782 -------------------------------------------------------------------------------- ================================================================================ i-nex-7.6.0-5.20170703git0c10102.fc27 (FEDORA-2018-e9711f8130) System information tool like hardinfo, sysinfo -------------------------------------------------------------------------------- Update Information: Update Python 2 dependency declarations to new packaging standard -------------------------------------------------------------------------------- ================================================================================ ikiwiki-3.20180311-1.fc27 (FEDORA-2018-21795483e3) A wiki compiler -------------------------------------------------------------------------------- Update Information: Update to the latest release. [Full changelog](https://ikiwiki.info/news/). -------------------------------------------------------------------------------- ================================================================================ libmodulemd-1.1.0-1.fc27 (FEDORA-2018-cf25cfa506) Module metadata manipulation library -------------------------------------------------------------------------------- Update Information: * Adds support for handling modulemd-defaults YAML documents * Adds peek()/dup() routines to all object properties * Adds Modulemd.Module.dup_nsvc() to retrieve the canonical form of the unique module identifier. * Adds support for boolean types in the XMD section -------------------------------------------------------------------------------- ================================================================================ microcode_ctl-2.1-22.fc27 (FEDORA-2018-5767adea74) Tool to transform and deploy CPU microcode update for x86 -------------------------------------------------------------------------------- Update Information: Update to upstream 2.1-16. 20180312 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1501362 - Intel microcode not updating --> [Firmware Bug]: TSC_DEADLINE disabled due to Errata; please update microcode to version: 0x25 (or later) https://bugzilla.redhat.com/show_bug.cgi?id=1501362 [ 2 ] Bug #1533764 - Microcode procced do not wok https://bugzilla.redhat.com/show_bug.cgi?id=1533764 -------------------------------------------------------------------------------- ================================================================================ monitorix-3.10.1-1.fc27 (FEDORA-2018-1724b6a0dc) A free, open source, lightweight system monitoring tool -------------------------------------------------------------------------------- Update Information: Prior Monitorix versions are vulnerable to cross-site scripting (XSS), caused by improper validation of user-supplied input by the monitorix.cgi file. A remote attacker could exploit this vulnerability using some of the arguments provided (graph= or when=) in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie- based authentication credentials. I would like to thank Sebastian Gilon from TestArmy for reporting that issue. The rest of bugs fixed are, as always, reflected in the Changes file. All users still using older versions are advised and encouraged to upgrade to this version, which resolves this security issue. -------------------------------------------------------------------------------- ================================================================================ nodejs-rhea-0.2.10-1.fc27 (FEDORA-2018-e3963d3a77) A reactive messaging library based on the AMQP protocol -------------------------------------------------------------------------------- Update Information: Rebased to 0.2.10. ---- Rebased to 0.2.9. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1523897 - nodejs-rhea-0.2.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1523897 -------------------------------------------------------------------------------- ================================================================================ octave-4.2.2-1.fc27 (FEDORA-2018-83fc5ad5ee) A high-level language for numerical computations -------------------------------------------------------------------------------- Update Information: Update to 4.2.2 bug fix release. See https://www.gnu.org/software/octave/news/r elease/2018/03/13/octave-4.2.2-released.html for more -------------------------------------------------------------------------------- References: [ 1 ] Bug #1555289 - octave-4.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1555289 -------------------------------------------------------------------------------- ================================================================================ podman-0.3.3-1.dev.gitbc358eb.fc27 (FEDORA-2018-48769676c4) Manage Pods, Containers and Container Images -------------------------------------------------------------------------------- Update Information: built podman commit bc358eb -------------------------------------------------------------------------------- ================================================================================ python-pyngus-2.2.2-1.fc27 (FEDORA-2018-b29b8c642b) Callback API implemented over Proton -------------------------------------------------------------------------------- Update Information: Rebased to 2.2.2. -------------------------------------------------------------------------------- ================================================================================ python-pytest-forked-0.2-3.fc27 (FEDORA-2018-b24253cb59) py.test plugin for running tests in isolated forked subprocesses -------------------------------------------------------------------------------- Update Information: Fixes BZ#1507299 in F27 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1507299 - pytest-xdist: could not get source code https://bugzilla.redhat.com/show_bug.cgi?id=1507299 -------------------------------------------------------------------------------- ================================================================================ python-pytest-xdist-1.20.1-2.fc27 (FEDORA-2018-b24253cb59) py.test plugin for distributed testing and loop-on-failing modes -------------------------------------------------------------------------------- Update Information: Fixes BZ#1507299 in F27 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1507299 - pytest-xdist: could not get source code https://bugzilla.redhat.com/show_bug.cgi?id=1507299 -------------------------------------------------------------------------------- ================================================================================ python-qpid-1.37.0-2.fc27 (FEDORA-2018-0b4bbae6e8) Python client library for AMQP -------------------------------------------------------------------------------- Update Information: Updated python2 packages. -------------------------------------------------------------------------------- ================================================================================ qpid-cpp-1.37.0-2.fc27 (FEDORA-2018-d901c5c61a) Libraries for Qpid C++ client applications -------------------------------------------------------------------------------- Update Information: Rebuilt against qpid-proton 0.21.0. -------------------------------------------------------------------------------- ================================================================================ qpid-dispatch-1.0.1-1.fc27 (FEDORA-2018-94b12aa6ec) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information: Rebased to 1.0.1, -------------------------------------------------------------------------------- ================================================================================ qpid-proton-0.21.0-1.fc27 (FEDORA-2018-46986a5e57) A high performance, lightweight messaging library -------------------------------------------------------------------------------- Update Information: Rebased to 0.21.0. -------------------------------------------------------------------------------- ================================================================================ qt-creator-4.5.2-1.fc27 (FEDORA-2018-3b80d0c0f2) Cross-platform IDE for Qt -------------------------------------------------------------------------------- Update Information: Update to qt-creator-4.5.2, see http://blog.qt.io/blog/2018/03/13/qt- creator-4-5-2-released/ for details. -------------------------------------------------------------------------------- ================================================================================ quentier-0.4.0-0.1.20180301.git8226e31.fc27 (FEDORA-2018-05aaa57a3a) Cross-platform desktop Evernote client -------------------------------------------------------------------------------- Update Information: Master snapshot 8226e3174607c2ef0ed3e32e57fe09484e6d2c0e -------------------------------------------------------------------------------- References: [ 1 ] Bug #1542654 - Review Request: quentier - Cross-platform desktop Evernote client https://bugzilla.redhat.com/show_bug.cgi?id=1542654 -------------------------------------------------------------------------------- ================================================================================ remmina-1.2.0-0.48.20180314.git.04e4a99.fc27 (FEDORA-2018-b3bda07364) Remote Desktop Client -------------------------------------------------------------------------------- Update Information: Fixes for recent Windows updates breaking RDP connections and new pre/post commands feature in Remmina. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1536874 - Unable to use RDP after last update (SEC_E_INVALID_TOKEN) https://bugzilla.redhat.com/show_bug.cgi?id=1536874 [ 2 ] Bug #1553098 - No icon for open Remmina application https://bugzilla.redhat.com/show_bug.cgi?id=1553098 [ 3 ] Bug #1549831 - Please update remmina package for add new feature. https://bugzilla.redhat.com/show_bug.cgi?id=1549831 [ 4 ] Bug #1508574 - can we please have xfreerdp group itself in Alt+Tab please? https://bugzilla.redhat.com/show_bug.cgi?id=1508574 [ 5 ] Bug #1537082 - freerdp upgrade breaks KRDC and remmina https://bugzilla.redhat.com/show_bug.cgi?id=1537082 [ 6 ] Bug #1555380 - Connecting to windows with KB4088776 installed does not work https://bugzilla.redhat.com/show_bug.cgi?id=1555380 -------------------------------------------------------------------------------- ================================================================================ rubygem-qpid_proton-0.21.0-1.fc27 (FEDORA-2018-a35e278fcc) Ruby language bindings for the Qpid Proton messaging framework -------------------------------------------------------------------------------- Update Information: Rebased to 0.21.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1531022 - rubygem-qpid_proton-0.21.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1531022 -------------------------------------------------------------------------------- ================================================================================ sunpinyin-2.0.4-0.21.20160301git.fc27 (FEDORA-2018-c9b15e7db8) A statistical language model based Chinese input method engine -------------------------------------------------------------------------------- Update Information: fixes FTBFS bug -------------------------------------------------------------------------------- References: [ 1 ] Bug #1556478 - sunpinyin: FTBFS in F28 https://bugzilla.redhat.com/show_bug.cgi?id=1556478 -------------------------------------------------------------------------------- ================================================================================ wireshark-2.4.5-3.fc27 (FEDORA-2018-cdf3f8e8b0) Network traffic analyzer -------------------------------------------------------------------------------- Update Information: Removing dependency on wireshark metapackage from wireshark-cli ---- Added wireshark-qt to wireshark metapackage ---- - New version 2.4.5 - Contains fixes for CVE-2018-7419, CVE-2018-7418, CVE-2018-7417, CVE-2018-7420, CVE-2018-7320, CVE-2018-7336, CVE-2018-7337, CVE-2018-7334, CVE-2018-7335, CVE-2018-6836, CVE-2018-5335, CVE-2018-5334, CVE-2017-6014, CVE-2017-9616, CVE-2017-9617, CVE-2017-9766 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1555323 - WTF is wireshark-qt pulled as dependency https://bugzilla.redhat.com/show_bug.cgi?id=1555323 [ 2 ] Bug #1554818 - tshark (wireshark-cli) should be installable without any GUI bits https://bugzilla.redhat.com/show_bug.cgi?id=1554818 [ 3 ] Bug #1506859 - wireshark meta package is missing wireshark-qt dependency https://bugzilla.redhat.com/show_bug.cgi?id=1506859 [ 4 ] Bug #1549309 - CVE-2018-7419 wireshark: NBAP dissector crash in nbap.cnf [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1549309 [ 5 ] Bug #1549306 - CVE-2018-7418 wireshark: SIGCOMP dissector crash in packet-sigcomp.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1549306 [ 6 ] Bug #1549302 - CVE-2018-7417 wireshark: IPMI dissector crash in packet-ipmi-picmg.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1549302 [ 7 ] Bug #1549286 - CVE-2018-7420 wireshark: Pcapng file parser crash in pcapng.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1549286 [ 8 ] Bug #1549278 - CVE-2018-7320 wireshark: Heap-based Buffer Overflow in SIGCOMP dissector crash in packet-sigcomp.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1549278 [ 9 ] Bug #1549271 - CVE-2018-7336 wireshark: FCP dissector crash in packet-fcp.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1549271 [ 10 ] Bug #1549266 - CVE-2018-7337 wireshark: DOCSIS dissector crash in packet-docsis.c by injecting a malformed packet [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1549266 [ 11 ] Bug #1549256 - CVE-2018-7334 wireshark: out of bounds access in UMTS MAC dissector in packet-umts_mac.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1549256 [ 12 ] Bug #1549246 - CVE-2018-7335 wireshark: IEEE 802.11 dissector crash in airpdcap.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1549246 [ 13 ] Bug #1543583 - CVE-2018-6836 wireshark: free operation on an uninitialized memory address in wiretap/netmon.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1543583 [ 14 ] Bug #1534365 - CVE-2018-5335 wireshark: WCP dissector crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1534365 [ 15 ] Bug #1534362 - CVE-2018-5334 wireshark: IxVeriWave file parser crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1534362 [ 16 ] Bug #1425376 - CVE-2017-6014 wireshark: Memory exhaustion/infinite loop via malformed STANAG 4607 capture file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1425376 [ 17 ] Bug #1464052 - CVE-2017-9616 CVE-2017-9617 CVE-2017-9766 wireshark: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1464052 [ 18 ] Bug #1548665 - wireshark: Partial Fedora build flags injection https://bugzilla.redhat.com/show_bug.cgi?id=1548665 [ 19 ] Bug #1542775 - wireshark-2.4.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1542775 [ 20 ] Bug #1530895 - CVE-2017-17997 wireshark: Misuse of NULL pointer in MRDISC dissector [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1530895 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org
