The following Fedora 33 Security updates need testing: Age URL 122 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c shim-15.4-1 13 https://bodhi.fedoraproject.org/updates/FEDORA-2021-dd8990b3b4 bluez-5.60-1.fc33 7 https://bodhi.fedoraproject.org/updates/FEDORA-2021-775b170f95 hivex-1.3.21-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b252318a99 avahi-0.8-14.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e2dc109b4c libsndfile-1.0.31-5.fc33.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-47893f53ed fetchmail-6.4.20-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1d574ae400 prosody-0.11.10-1.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-62bb9998b2 libX11-1.7.2-3.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-44c65203cc perl-Encode-3.08-459.fc33
The following Fedora 33 Critical Path updates have yet to be approved: Age URL 140 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb PackageKit-1.2.3-1.fc33 76 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4797e362b3 abrt-2.14.6-1.fc33 libreport-2.15.1-1.fc33 satyr-0.37-2.fc33 13 https://bodhi.fedoraproject.org/updates/FEDORA-2021-dd8990b3b4 bluez-5.60-1.fc33 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-72e9c8074e net-snmp-5.9.1-4.fc33 7 https://bodhi.fedoraproject.org/updates/FEDORA-2021-9dc8abdee1 hwdata-0.350-1.fc33 7 https://bodhi.fedoraproject.org/updates/FEDORA-2021-775b170f95 hivex-1.3.21-1.fc33 7 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a5cd9680ba redhat-rpm-config-176-2.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b252318a99 avahi-0.8-14.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e2dc109b4c libsndfile-1.0.31-5.fc33.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ad1fff3f25 perl-HTTP-Tiny-0.078-1.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-62bb9998b2 libX11-1.7.2-3.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-db36d5f8a6 firefox-90.0.2-2.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-0116310868 mtools-4.0.35-1.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-3e64d85422 audit-3.0.4-1.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e3c7217731 libxcrypt-4.4.25-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-44c65203cc perl-Encode-3.08-459.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-5c7cbb8116 gjs-1.66.2-8.fc33 mozjs78-78.13.0-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2c0689dcf3 pungi-4.2.10-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-689e911ed4 osinfo-db-20210809-1.fc33
The following builds have been pushed to Fedora 33 updates-testing
anope-2.0.10-1.fc33 crun-0.21-1.fc33 golang-github-kit-log-0.1.0-1.fc33 kernel-5.13.9-100.fc33 knot-3.1.1-1.fc33 knot-resolver-5.4.0-1.fc33 mingw-c-ares-1.17.2-1.fc33 mmapper-21.08.0-1.fc33 php-yoast-phpunit-polyfills-1.0.1-1.fc33 python-docx-0.8.11-3.fc33 svt-vp9-0.3.0-6.fc33 usbredir-0.11.0-1.fc33 watchdog-5.16-1.fc33 xscreensaver-5.45-2.fc33
Details about builds:
================================================================================ anope-2.0.10-1.fc33 (FEDORA-2021-0b0410c1c1) IRC services designed for flexibility and ease of use -------------------------------------------------------------------------------- Update Information:
Anope 2.0.10 ============ * Add support for channel SQLines on InspIRCd * Change default protocol module from `inspircd20` to `inspircd3` * Change the character set used by `chanstats` and `irc2sql` to `utf8mb4` * Fix a ton of typos in messages * Fix being able to override `MAXLIST` on InspIRCd * Fix blocking on boot when trying to upgrade SQL databases without account identifiers * Fix not flushing the ERROR message on squit * Fix using an invalidated iterator when deleting bots * Fix various harmless compiler warnings * Show the account name in nickserv/info -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 10 2021 Robert Scheck robert@fedoraproject.org 2.0.10-1 - Upgrade to 2.0.10 (#1991858) * Wed Jul 21 2021 Fedora Release Engineering releng@fedoraproject.org - 2.0.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 2.0.9-5 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. * Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 2.0.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Nov 24 2020 Robert Scheck robert@fedoraproject.org 2.0.9-3 - Correct include path for OpenSSL 1.1 on RHEL 7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1991858 - anope-2.0.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1991858 --------------------------------------------------------------------------------
================================================================================ crun-0.21-1.fc33 (FEDORA-2021-68f4852bd0) OCI runtime written in C -------------------------------------------------------------------------------- Update Information:
autobuilt 0.21 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 10 2021 RH Container Bot rhcontainerbot@fedoraproject.org - 0.21-1 - autobuilt 0.21 --------------------------------------------------------------------------------
================================================================================ golang-github-kit-log-0.1.0-1.fc33 (FEDORA-2021-44489f058b) A minimal and extensible structured logger -------------------------------------------------------------------------------- Update Information:
Initial import -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ kernel-5.13.9-100.fc33 (FEDORA-2021-43065274e4) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 5.13.0 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog:
* Sun Aug 8 2021 Justin M. Forbes jforbes@fedoraproject.org [5.13.9-100] - kernel-5.13.9-0 (Justin M. Forbes) - drm/i915/dp: Use max params for older panels (Kai-Heng Feng) - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (Andy Shevchenko) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1965645 - F34 kernel 5.12.5 and above screen flicker / wobble / shaking / jitter / wiggling problem https://bugzilla.redhat.com/show_bug.cgi?id=1965645 --------------------------------------------------------------------------------
================================================================================ knot-3.1.1-1.fc33 (FEDORA-2021-4d8966a879) High-performance authoritative DNS server -------------------------------------------------------------------------------- Update Information:
Update Knot DNS to 3.1.1 and dependent Knot Resolver to 5.4.0 (compatible with knot-3.1) -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 10 2021 Jakub Ru��i��ka jakub.ruzicka@nic.cz - 3.1.1-1 - Update to 3.1.1 - Enable XDP on ARM and improve XDP config macros - Remove patch included upstream * Wed Aug 4 2021 Jakub Ru��i��ka jakub.ruzicka@nic.cz 3.1.0-2 - Introduce a patch to fix tests on ppc64le - Use autosetup macro to apply patches * Mon Aug 2 2021 Jakub Ru��i��ka jakub.ruzicka@nic.cz - 3.1.0-1 - Update to 3.1.0 - Add missing BuildRequires including new libmnl for kxdpgun - Temporarily disable XDP on ARM until issues are resolved --------------------------------------------------------------------------------
================================================================================ knot-resolver-5.4.0-1.fc33 (FEDORA-2021-4d8966a879) Caching full DNS Resolver -------------------------------------------------------------------------------- Update Information:
Update Knot DNS to 3.1.1 and dependent Knot Resolver to 5.4.0 (compatible with knot-3.1) -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 29 2021 Jakub Ru��i��ka jakub.ruzicka@nic.cz - 5.4.0-1 - update to upstream version 5.4.0 --------------------------------------------------------------------------------
================================================================================ mingw-c-ares-1.17.2-1.fc33 (FEDORA-2021-001ec24fc5) Library that performs asynchronous DNS operations -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2021-3672 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 10 2021 Franti��ek Dvo����k valtri@civ.zcu.cz - 1.17.2-1 - Update to 1.17.2 - Security fix for CVE-2021-3672 * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 1.17.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1988342 - CVE-2021-3672 c-ares: missing input validation of host names may lead to Domain Hijacking https://bugzilla.redhat.com/show_bug.cgi?id=1988342 --------------------------------------------------------------------------------
================================================================================ mmapper-21.08.0-1.fc33 (FEDORA-2021-8b8a199e0f) Graphical MUME mapper -------------------------------------------------------------------------------- Update Information:
mmapper 21.08.0 release. For details, see https://github.com/MUME/MMapper/releases/tag/v21.08.0 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 10 2021 Kalev Lember klember@redhat.com - 21.08.0-1 - Update to 21.08.0 * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 21.06.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ php-yoast-phpunit-polyfills-1.0.1-1.fc33 (FEDORA-2021-431456aef2) Set of polyfills for changed PHPUnit functionality -------------------------------------------------------------------------------- Update Information:
**Version 1.0.1** - 2021-08-09 Added * The `Yoast\PHPUnitPolyfills\Autoload` class now contains a `VERSION` constant. Issue [#46], PR [#47], props [Pascal Birchler] for the suggestion. This version constant can be used by (complex) test setups to verify that the PHPUnit Polyfills which will be loaded, comply with the version requirements for the test suite. Changed * Minor documentation updates. [#43] -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 10 2021 Remi Collet remi@remirepo.net - 1.0.1-1 - update to 1.0.1 --------------------------------------------------------------------------------
================================================================================ python-docx-0.8.11-3.fc33 (FEDORA-2021-aa54748cd9) Create and modify Word documents with Python -------------------------------------------------------------------------------- Update Information:
Security fix for [CVE-2016-5851](https://nvd.nist.gov/vuln/detail/CVE-2016-5851). Updates to 0.8.11. -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 10 2021 Benjamin A. Beasley code@musicinmybrain.net 0.8.11-3 - Use the PyPI tarball to avoid redistributing ISO standard PDFs * Fri Aug 6 2021 Benjamin A. Beasley code@musicinmybrain.net 0.8.11-2 - Clean up some leftover historical debris in the spec file * Fri Aug 6 2021 Benjamin A. Beasley code@musicinmybrain.net 0.8.11-1 - Update to 0.8.11. (Fix CVE-2016-5851, fix RHBZ#1351082, fix RHBZ#1351083, fix RHBZ#1349211, fix RHBZ#1926209.) * Tue Jul 27 2021 Fedora Release Engineering releng@fedoraproject.org - 0.8.5-26 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri Jun 4 2021 Python Maint python-maint@redhat.com - 0.8.5-25 - Rebuilt for Python 3.10 * Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 0.8.5-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1351082 - CVE-2016-5851 python-docx: XML External Entity Attack https://bugzilla.redhat.com/show_bug.cgi?id=1351082 --------------------------------------------------------------------------------
================================================================================ svt-vp9-0.3.0-6.fc33 (FEDORA-2021-310bc5d632) Scalable Video Technology for VP9 Encoder -------------------------------------------------------------------------------- Update Information:
Fix docs placement. -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 10 2021 Vasiliy Glazov vascom2@gmail.com - 0.3.0-6 - Move documentation to main subpackage * Wed Jul 28 2021 Vasiliy Glazov vascom2@gmail.com - 0.3.0-5 - Fix FTBFS * Fri Jul 23 2021 Fedora Release Engineering releng@fedoraproject.org - 0.3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Sun Jan 31 2021 Vasiliy N. Glazov vascom2@gmail.com - 0.3.0-3 - Fix build with GCC 11 * Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 0.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Sat Nov 7 2020 Vasiliy N. Glazov vascom2@gmail.com - 0.3.0-1 - Update to 0.3.0 * Wed Sep 23 2020 Vasiliy N. Glazov vascom2@gmail.com - 0.2.2-1 - Update to 0.2.2 --------------------------------------------------------------------------------
================================================================================ usbredir-0.11.0-1.fc33 (FEDORA-2021-f39e0fae62) USB network redirection protocol libraries -------------------------------------------------------------------------------- Update Information:
Update to 0.11.0 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 10 2021 Victor Toso victortoso@redhat.com - 0.11.0-1 - Update to 0.11.0 --------------------------------------------------------------------------------
================================================================================ watchdog-5.16-1.fc33 (FEDORA-2021-95e814c5ba) Software and/or Hardware watchdog daemon -------------------------------------------------------------------------------- Update Information:
New upstream release 5.16 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 10 2021 Josef Ridky jridky@redhat.com - 5.16-1 - New upstream release 5.16 * Fri Jul 23 2021 Fedora Release Engineering releng@fedoraproject.org - 5.15-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 5.15-10 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. * Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 5.15-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ xscreensaver-5.45-2.fc33 (FEDORA-2021-5af4452ffd) X screen saver and locker -------------------------------------------------------------------------------- Update Information:
A potential security flaw was found on xscreensaver 5.45 which may cause buffer overflow or crash xscreensaver daemon. This vulnerability was assigned as CVE-2021-34557. This new rpm should fix this issue. Note that this issue does not affect xscreensaver 6.00 and above, so Fedora 34 xscreensaver is not affected. -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 10 2021 Mamoru TASAKA mtasaka@fedoraproject.org - 1:5.45-2 - update_screen_layout: fix CVE-2021-34557 (bug 1974194) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1974194 - CVE-2021-34557 XScreenSaver: buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication https://bugzilla.redhat.com/show_bug.cgi?id=1974194 --------------------------------------------------------------------------------