The following Fedora 35 Security updates need testing: Age URL 230 https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11 mysql-connector-java-8.0.28-1.fc35 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-357cc1a81b knot-resolver-5.5.3-1.fc35 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-a27e239f5a python3.6-3.6.15-5.fc35 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-b197d64471 bind-9.16.33-1.fc35 bind-dyndb-ldap-11.9-16.fc35 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-204ee3da84 unbound-1.16.3-1.fc35 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-bafb72fdc0 efl-1.26.3-1.fc35 enlightenment-0.25.4-1.fc35 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-3dd3274ae2 libdxfrw-1.1.0-0.1.rc1.fc35 librecad-2.2.0-0.15.rc4.fc35 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-cdeabe1bc0 postgresql-jdbc-42.2.26-1.fc35 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-3ca063941b chromium-105.0.5195.125-2.fc35 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-23e6ee1fb9 squid-5.7-1.fc35 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-07dd9375b2 scala-2.13.9-1.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-c26b19568d lighttpd-1.4.67-1.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-5b644a935b bash-5.1.8-3.fc35 0 https://bodhi.fedoraproject.org/updates/FEDORA-2022-58055cb1ef nodejs-16.17.1-1.fc35
The following Fedora 35 Critical Path updates have yet to be approved: Age URL 48 https://bodhi.fedoraproject.org/updates/FEDORA-2022-bca7996d14 annobin-10.81-1.fc35 13 https://bodhi.fedoraproject.org/updates/FEDORA-2022-99b0503127 libreport-2.17.4-1.fc35 12 https://bodhi.fedoraproject.org/updates/FEDORA-2022-fa8da9a4b5 zchunk-1.2.3-1.fc35 12 https://bodhi.fedoraproject.org/updates/FEDORA-2022-b6f216be9a selinux-policy-35.19-1.fc35 12 https://bodhi.fedoraproject.org/updates/FEDORA-2022-97f6c4fd2a libblockdev-2.28-2.fc35 9 https://bodhi.fedoraproject.org/updates/FEDORA-2022-f292a3fec5 python-urllib3-1.26.12-1.fc35 9 https://bodhi.fedoraproject.org/updates/FEDORA-2022-22e2ce7a16 shadow-utils-4.9-11.fc35 8 https://bodhi.fedoraproject.org/updates/FEDORA-2022-64e32530e5 mtools-4.0.41-1.fc35 7 https://bodhi.fedoraproject.org/updates/FEDORA-2022-68ba1f1566 appstream-data-35-8.fc35 7 https://bodhi.fedoraproject.org/updates/FEDORA-2022-ece971e713 langtable-0.0.60-1.fc35 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-204ee3da84 unbound-1.16.3-1.fc35 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-642c095091 dnf-plugins-core-4.3.1-1.fc35 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-341937ef95 hwdata-0.362-2.fc35 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-38bd922ff7 libbluray-1.3.3-1.fc35 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-17a4844b47 tzdata-2022d-1.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-cd0501fc8f ima-evm-utils-1.3.2-4.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-5b644a935b bash-5.1.8-3.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-53d671cb30 rsync-3.2.6-2.fc35 0 https://bodhi.fedoraproject.org/updates/FEDORA-2022-633a821ca7 kernel-5.19.12-100.fc35
The following builds have been pushed to Fedora 35 updates-testing
booth-1.0-251.4.bfb2f92.git.fc35 datovka-4.21.0-1.fc35 dh-make-2.202203-1.fc35 expat-2.4.9-1.fc35 linux-firmware-20220913-140.fc35 minigalaxy-1.2.2-1.fc35 mold-1.5.1-1.fc35 php-8.0.24-1.fc35 php-twig-1.44.7-1.fc35 php-twig2-2.15.3-1.fc35 php-twig3-3.4.3-1.fc35 rust-cast-0.3.0-1.fc35 rust-criterion-0.3.5-5.fc35 rust-criterion-plot-0.4.4-4.fc35 samba-4.15.10-0.fc35 thunderbird-102.3.1-1.fc35 voms-api-java-3.3.2-9.fc35 wireshark-3.6.8-1.fc35
Details about builds:
================================================================================ booth-1.0-251.4.bfb2f92.git.fc35 (FEDORA-2022-e0a87993b8) Ticket Manager for Multi-site Clusters -------------------------------------------------------------------------------- Update Information:
Remove Alias directive from booth@.service unit file ---- Security fix for CVE-2022-2553 -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Jan Friesse jfriesse@redhat.com - 1.0-251.4.bfb2f92.git - Remove Alias directive from booth@.service unit file * Thu Jul 28 2022 Jan Friesse jfriesse@redhat.com - 1.0-251.3.bfb2f92.git - Fix authfile directive handling in booth config file (fixes CVE-2022-2553) - Add enable-authfile option -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2109251 - CVE-2022-2553 booth: authfile directive in booth config file is completely ignored. https://bugzilla.redhat.com/show_bug.cgi?id=2109251 --------------------------------------------------------------------------------
================================================================================ datovka-4.21.0-1.fc35 (FEDORA-2022-22010da78c) A free graphical interface for Czech Databox (Datov�� schr��nky) -------------------------------------------------------------------------------- Update Information:
This is new version of datovka. -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Jaroslav ��karvada jskarvad@redhat.com - 4.21.0-1 - New version Resolves: rhbz#2130187 * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 4.20.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2130187 - datovka-4.21.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2130187 --------------------------------------------------------------------------------
================================================================================ dh-make-2.202203-1.fc35 (FEDORA-2022-e5678be630) Tool that converts source archives into Debian package source -------------------------------------------------------------------------------- Update Information:
Update dh-make to 2.202203 (#2127660) -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 S��rgio Basto sergio@serjux.com - 2.202203-1 - Update dh-make to 2.202203 (#2127660) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2127660 - dh-make-2.202203 is available https://bugzilla.redhat.com/show_bug.cgi?id=2127660 --------------------------------------------------------------------------------
================================================================================ expat-2.4.9-1.fc35 (FEDORA-2022-c68d90efc3) An XML parser library -------------------------------------------------------------------------------- Update Information:
Rebase to 2.4.9 -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Tomas Korbar tkorbar@redhat.com - 2.4.9-1 - Rebase to 2.4.9 * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 2.4.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Apr 8 2022 Tomas Korbar tkorbar@redhat.com - 2.4.8-1 - Rebase to version 2.4.8 - Resolves: rhbz#2069454 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2130777 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c [fedora-35] https://bugzilla.redhat.com/show_bug.cgi?id=2130777 --------------------------------------------------------------------------------
================================================================================ linux-firmware-20220913-140.fc35 (FEDORA-2022-bdc70ae90d) Firmware files used by the Linux kernel -------------------------------------------------------------------------------- Update Information:
Update to upstream 20220913 release: * amdgpu: update yellow carp DMCUB firmware * amdgpu: add firmware for VCN 3.1.2 IP block * amdgpu: add firmware for SDMA 5.2.6 IP block * amdgpu: add firmware for PSP 13.0.5 IP block * amdgpu: add firmware for GC 10.3.6 IP block * amdgpu: add firmware for DCN 3.1.5 IP block * qcom: rename Lenovo ThinkPad X13s firmware paths * rtw89: 8852c: update fw to v0.27.42.0 * Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146 * amdgpu: update beige goby/dimgrey cavefish/navy flounder/sienna cichlid VCN firmware * rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33 * mediatek: reference the LICENCE file for MediaTek firmwares -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Peter Robinson pbrobinson@fedoraproject.org - 20220913-140 - Update to upstream 20220913 release - amdgpu: update yellow carp DMCUB firmware - amdgpu: add firmware for VCN 3.1.2 IP block - amdgpu: add firmware for SDMA 5.2.6 IP block - amdgpu: add firmware for PSP 13.0.5 IP block - amdgpu: add firmware for GC 10.3.6 IP block - amdgpu: add firmware for DCN 3.1.5 IP block - qcom: rename Lenovo ThinkPad X13s firmware paths - rtw89: 8852c: update fw to v0.27.42.0 - Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146 - amdgpu: update beige goby/dimgrey cavefish/navy flounder/sienna cichlid VCN firmware - rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33 - mediatek: reference the LICENCE file for MediaTek firmwares --------------------------------------------------------------------------------
================================================================================ minigalaxy-1.2.2-1.fc35 (FEDORA-2022-8086dab487) GOG client for Linux that lets you download and play your GOG Linux games -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 27 2022 Artem Polishchuk ego.cordatus@gmail.com 1.2.2-1 - chore(update): 1.2.2 --------------------------------------------------------------------------------
================================================================================ mold-1.5.1-1.fc35 (FEDORA-2022-8459471741) A Modern Linker -------------------------------------------------------------------------------- Update Information:
Bump version to 1.5.1 (#2130132) -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Christoph Erhardt fedora@sicherha.de - 1.5.1-1 - Bump version to 1.5.1 (#2130132) - Switch to CMake build - Remove obsolete dependencies - Add new supported architectures - Refresh patch -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2130132 - mold-1.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2130132 --------------------------------------------------------------------------------
================================================================================ php-8.0.24-1.fc35 (FEDORA-2022-afdea1c747) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information:
**PHP version 8.0.24** (29 Sep 2022) **Core:** * Fixed bug [GH-9323](https://github.com/php/php-src/issues/9323) (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling) * Fixed bug [GH-9361](https://github.com/php/php-src/issues/9361) (Segmentation fault on script exit php#9379). (cmb, Christian Schneider) * Fixed bug [GH-9407](https://github.com/php/php-src/issues/9407) (LSP error in eval'd code refers to wrong class for static type). (ilutov) * Fixed bug php#81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (**CVE-2022-31629**). (Derick) **DOM:** * Fixed bug php#79451 (DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman) **FPM:** * Fixed bug [GH-8885](https://github.com/php/php-src/issues/8885) (FPM access.log with stderr begins to write logs to error_log after daemon reload). (Dmitry Menshikov) * Fixed bug php#77780 ("Headers already sent..." when previous connection was aborted). (Jakub Zelenka) **GMP** * Fixed bug [GH-9308](https://github.com/php/php-src/issues/9308) (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias) **Intl** * Fixed bug [GH-9421](https://github.com/php/php-src/issues/9421) (Incorrect argument number for ValueError in NumberFormatter). (Girgias) **Phar:** * Fixed bug php#81726: phar wrapper: DOS when using quine gzip file. (**CVE-2022-31628**). (cmb) **PDO_PGSQL:** * Fixed bug [GH-9411](https://github.com/php/php- src/issues/9411) (PgSQL large object resource is incorrectly closed). (Yurunsoft) **Reflection:** * Fixed bug [GH-8932](https://github.com/php/php- src/issues/8932) (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas) * Fixed bug [GH-9409](https://github.com/php/php-src/issues/9409) (Private method is incorrectly dumped as "overwrites"). (ilutov) **Streams:** * Fixed bug [GH-9316](https://github.com/php/php-src/issues/9316) ($http_response_header is wrong for long status line). (cmb, timwolla) -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Remi Collet remi@remirepo.net - 8.0.24-1 - Update to 8.0.24 - http://www.php.net/releases/8_0_24.php --------------------------------------------------------------------------------
================================================================================ php-twig-1.44.7-1.fc35 (FEDORA-2022-4490a4772d) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information:
**Version 1.44.7** (2022-09-28) * Fix a security issue on filesystem loader (possibility to load a template outside a configured directory) -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Remi Collet remi@remirepo.net - 1.44.7-1 - update to 1.44.7 * Fri Jul 22 2022 Fedora Release Engineering releng@fedoraproject.org - 1.44.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1.44.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Nov 25 2021 Remi Collet remi@remirepo.net - 1.44.6-1 - update to 1.44.6 (no change) - drop patch merged upstream -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2130763 - CVE-2022-39261 php-twig: twig: Possibility to load a template outside a configured directory when using the filesystem loader [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2130763 --------------------------------------------------------------------------------
================================================================================ php-twig2-2.15.3-1.fc35 (FEDORA-2022-d39b2a755b) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information:
**Version 2.15.3** (2022-09-28) * Fix a security issue on filesystem loader (possibility to load a template outside a configured directory) -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Remi Collet remi@remirepo.net - 2.15.3-1 - update to 2.15.3 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2130764 - CVE-2022-39261 php-twig2: twig: Possibility to load a template outside a configured directory when using the filesystem loader [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2130764 --------------------------------------------------------------------------------
================================================================================ php-twig3-3.4.3-1.fc35 (FEDORA-2022-e915614918) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information:
**Version 3.4.3** (2022-09-28) * Fix a security issue on filesystem loader (possibility to load a template outside a configured directory) -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Remi Collet remi@remirepo.net - 3.4.3-1 - update to 3.4.3 --------------------------------------------------------------------------------
================================================================================ rust-cast-0.3.0-1.fc35 (FEDORA-2022-147ffe4dd6) Ergonomic, checked cast functions for primitive types -------------------------------------------------------------------------------- Update Information:
- Update the cast crate to version 0.3.0. - Bump the cast dependency in criterion to 0.3. - Bump the cast dependency in criterion-plot to 0.3 -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Fabio Valentini decathorpe@gmail.com 0.3.0-1 - Update to version 0.3.0; Fixes RHBZ#2001213 * Sat Jul 23 2022 Fedora Release Engineering releng@fedoraproject.org 0.2.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org 0.2.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ rust-criterion-0.3.5-5.fc35 (FEDORA-2022-147ffe4dd6) Statistics-driven micro-benchmarking library -------------------------------------------------------------------------------- Update Information:
- Update the cast crate to version 0.3.0. - Bump the cast dependency in criterion to 0.3. - Bump the cast dependency in criterion-plot to 0.3 -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Fabio Valentini decathorpe@gmail.com 0.3.5-5 - Skip a flaky / timing-dependent integration test * Thu Sep 29 2022 Fabio Valentini decathorpe@gmail.com 0.3.5-4 - Bump cast from 0.2 to 0.3 * Sat Jul 23 2022 Fedora Release Engineering releng@fedoraproject.org 0.3.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org 0.3.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ rust-criterion-plot-0.4.4-4.fc35 (FEDORA-2022-147ffe4dd6) Criterion's plotting library -------------------------------------------------------------------------------- Update Information:
- Update the cast crate to version 0.3.0. - Bump the cast dependency in criterion to 0.3. - Bump the cast dependency in criterion-plot to 0.3 -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Fabio Valentini decathorpe@gmail.com 0.4.4-4 - Bump cast from 0.2 to 0.3 * Sat Jul 23 2022 Fedora Release Engineering releng@fedoraproject.org 0.4.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org 0.4.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ samba-4.15.10-0.fc35 (FEDORA-2022-55648ecee1) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information:
Update to Samba 4.15.10 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 28 2022 Guenther Deschner gdeschner@redhat.com - 4.15.10-0 - Update to Samba 4.15.10 --------------------------------------------------------------------------------
================================================================================ thunderbird-102.3.1-1.fc35 (FEDORA-2022-1454bee2fa) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information:
Update to 102.3.1 * https://www.mozilla.org/en- US/security/advisories/mfsa2022-43/ * https://www.thunderbird.net/en- US/thunderbird/102.3.1/releasenotes/ ---- Update to 102.3.0 ; https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/ ; https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/ -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Eike Rathke erack@redhat.com - 102.3.1-1 - Update to 102.3.1 * Wed Sep 21 2022 Eike Rathke erack@redhat.com - 102.3.0-1 - Update to 102.3.0 --------------------------------------------------------------------------------
================================================================================ voms-api-java-3.3.2-9.fc35 (FEDORA-2022-bc610d474e) Virtual Organization Membership Service Java API -------------------------------------------------------------------------------- Update Information:
Build fix. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 28 2022 Mattias Ellert mattias.ellert@physics.uu.se - 3.3.2-9 - Disable failing multi-thread test - Disable tests using obsolete hashes (md5/sha1) * Sat Jul 23 2022 Fedora Release Engineering releng@fedoraproject.org - 3.3.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jul 8 2022 Jiri Vanek jvanek@redhat.com - 3.3.2-7 - Rebuilt for Drop i686 JDKs * Sat Feb 5 2022 Jiri Vanek jvanek@redhat.com - 3.3.2-6 - Rebuilt for java-17-openjdk as system jdk * Sat Jan 22 2022 Fedora Release Engineering releng@fedoraproject.org - 3.3.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Jan 14 2022 Mattias Ellert mattias.ellert@physics.uu.se - 3.3.2-4 - Disable failing tests due to changes in bouncycastle --------------------------------------------------------------------------------
================================================================================ wireshark-3.6.8-1.fc35 (FEDORA-2022-2502173f3a) Network traffic analyzer -------------------------------------------------------------------------------- Update Information:
New version 3.6.8 -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 29 2022 Michal Ruprich mruprich@redhat.com - 1:3.6.8-1 - New version 3.6.8 - Fix for CVE-2022-3190 --------------------------------------------------------------------------------