The following Fedora 27 Security updates need testing: Age URL 160 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 92 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408 dpdk-17.08.2-1.fc27 78 https://bodhi.fedoraproject.org/updates/FEDORA-2018-775d96b54b blktrace-1.2.0-6.fc27 66 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a10c1d234e vim-syntastic-3.9.0-1.fc27 56 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01 nodejs-brace-expansion-1.1.11-1.fc27 48 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f7a1334c68 sox-14.4.2.0-22.fc27 47 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219 unrtf-0.21.9-8.fc27 42 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d2179e7d0 python-XStatic-jquery-ui-1.12.0.1-2.fc27 24 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750 mailman-2.1.21-9.fc27 24 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1 openslp-2.0.0-15.fc27 22 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2b053454a4 libvirt-3.7.0-6.fc27 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-df2593ee6a docker-1.13.1-60.git9cb56fd.fc27 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-160b3d2f6c docker-latest-1.13.1-37.git9cb56fd.fc27 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-83df5dc658 polkit-0.113-16.fc27 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bee0aefb05 thunderbird-52.9.1-1.fc27 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c0f12f789e bind-dyndb-ldap-11.1-12.fc27 dnsperf-2.1.0.0-17.fc27 bind-9.11.4-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9829c6ddcf quazip-0.7.6-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7b8101dcbc znc-1.7.1-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-06c24068c6 python-cryptography-2.3-1.fc27 python-cryptography-vectors-2.3-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-502e31a658 mutt-1.9.2-2.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c3dc008c54 httpd-2.4.34-3.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8738f5f4a7 ceph-12.2.7-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9ec3061fc8 bibutils-6.6-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-47d2ad9eaf cups-2.2.4-11.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-73bd3d14a3 pam_yubico-2.26-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9c0b765d2d wesnoth-1.14.4-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d4bfa98f6a java-1.8.0-openjdk-1.8.0.181-7.b13.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-877fdbb3f0 java-openjdk-10.0.2.13-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9ef52861b5 wireshark-2.6.2-1.fc27
The following Fedora 27 Critical Path updates have yet to be approved: Age URL 76 https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27 mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1 54 https://bodhi.fedoraproject.org/updates/FEDORA-2018-33052e653e iproute-4.16.0-1.fc27 37 https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93 upower-0.99.8-1.fc27 24 https://bodhi.fedoraproject.org/updates/FEDORA-2018-31974dc1e0 dnsmasq-2.79-3.fc27 22 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2b053454a4 libvirt-3.7.0-6.fc27 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bee0aefb05 thunderbird-52.9.1-1.fc27 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-83df5dc658 polkit-0.113-16.fc27 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-39ebc8f764 glusterfs-3.12.12-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-01441e6ea8 boost-1.64.0-7.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-06c24068c6 python-cryptography-2.3-1.fc27 python-cryptography-vectors-2.3-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1df6a39717 tigervnc-1.9.0-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c5b37f6b46 pulseaudio-12.2-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1312f831bc pungi-4.1.26-2.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8738f5f4a7 ceph-12.2.7-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5bca0eaf0e firefox-61.0.1-3.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cf1b3b7c45 avahi-0.7-13.fc27 gitso-0.6-19.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-47d2ad9eaf cups-2.2.4-11.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66d5c87587 python-setuptools-37.0.0-2.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8aed9eb598 vim-8.1.209-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e geoclue2-2.4.11-1.fc27
The following builds have been pushed to Fedora 27 updates-testing
kernel-4.17.10-100.fc27 libkcapi-1.1.1-8.fc27 perl-5.26.2-407.fc27 poppler-0.57.0-10.fc27 selinux-policy-3.13.1-284.37.fc27 wine-3.13-3.fc27 wine-mono-4.7.3-1.fc27
Details about builds:
================================================================================ kernel-4.17.10-100.fc27 (FEDORA-2018-de439295e3) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 4.17.10 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 25 2018 Justin M. Forbes jforbes@fedoraproject.org - 4.17.10-100 - Linux v4.17.10 --------------------------------------------------------------------------------
================================================================================ libkcapi-1.1.1-8.fc27 (FEDORA-2018-4cc4afbae7) User space interface to the Linux Kernel Crypto API -------------------------------------------------------------------------------- Update Information:
* Remove dependency on kernel package from libkcapi (RHBZ#1600622) * Fix minor bugs in libkcapi-tools and libkcapi-hmaccalc -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 27 2018 Ondrej Mosn����ek omosnace@redhat.com - 1.1.1-8 - Add more Coverity fixes from upstream - Add patch to fix AEAD fuzz test for BE arches - Fixup specfile * Mon Jul 23 2018 Ondrej Mosn����ek omosnace@redhat.com - 1.1.1-7 - Add various fixes from upstream - Drop the Requires on kernel package * Mon Jul 16 2018 Ondrej Mosn����ek omosnace@redhat.com - 1.1.1-6 - Put .hmac files into a separate directory * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.1.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Jul 12 2018 Ondrej Mosn����ek omosnace@redhat.com - 1.1.1-4 - Add patch to work around FTBFS on rawhide * Wed Jul 11 2018 Ondrej Mosn����ek omosnace@redhat.com - 1.1.1-3 - Fix off-by-one error in checkfile parsing * Wed Jul 11 2018 Ondrej Mosn����ek omosnace@redhat.com - 1.1.1-2 - Fix command-line parsing in libkcapi-hmaccalc -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1600622 - libkcapi pulls unnecessary dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1600622 --------------------------------------------------------------------------------
================================================================================ perl-5.26.2-407.fc27 (FEDORA-2018-3f3e6d136e) Practical Extraction and Report Language -------------------------------------------------------------------------------- Update Information:
This release fixes an integer wrap when allocating memory for an environment variable and warnings about wide characters in strings when ISO-8859-1 locale is in effect. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jul 9 2018 Petr Pisar ppisar@redhat.com - 4:5.26.2-407 - Adjust tests to gdbm-1.15 (RT#133295) - Fix an integer wrap when allocating memory for an environment variable (RT#133204) - Fix printing a warning about a wide character when matching a regular expression while ISO-8859-1 locale is in effect - Fix invoking a check for wide characters while ISO-8859-1 locale is in effect --------------------------------------------------------------------------------
================================================================================ poppler-0.57.0-10.fc27 (FEDORA-2018-e1f03d1f72) PDF rendering library -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2018-13988. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 26 2018 Marek Kasik mkasik@redhat.com - 0.57.0-10 - Fix crash when Object has negative number (CVE-2018-13988) - Resolves: #1607461 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1602838 - CVE-2018-13988 poppler: out of bounds read in pdfunite https://bugzilla.redhat.com/show_bug.cgi?id=1602838 --------------------------------------------------------------------------------
================================================================================ selinux-policy-3.13.1-284.37.fc27 (FEDORA-2018-4bb4de2d86) SELinux policy configuration -------------------------------------------------------------------------------- Update Information:
More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=1130752 -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 25 2018 Lukas Vrabec lvrabec@redhat.com - 3.13.1-284.37 - Allow tgtd_t domain to create dirs in /var/run labeled as tgtd_var_run_t BZ(1492377) - Allow xdm_t domain to mmap xserver_misc_device_t files * Wed Jul 18 2018 Lukas Vrabec lvrabec@redhat.com - 3.13.1-283.36 - Fix smartmon policy - Revert "Allow ntop_t domain to create/map various sockets/files." - Update raid_access_check_mdadm() interface to dontaudit caller domain to mmap mdadm_exec_t binary files - Allow fsdaemon_t domain to write to mta home files BZ(1588212) - Label /usr/sbin/rhn_check-[0-9]+.[0-9]+ as rpm_exec_t - Allow devicekit_power_t start with nnp systemd security feature with proper SELinux Domain transition BZ(1593817) - Add log file type to collectd and allow corresponding access - Allow sssd_selinux_manager_t domain to chat with systemd - Allow ntop_t domain to create/map various sockets/files. - Fix wrong path in tlp context file BZ(1586329) - Allow systemd_networkd_t create and relabel tun sockets -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1601169 - selinux-policy forbid gnome-session-c access map on chr_file /dev/nvidiactl, which in return prevent GDM to show https://bugzilla.redhat.com/show_bug.cgi?id=1601169 [ 2 ] Bug #1598984 - SELinux is preventing gnome-shell from map access on the chr_file /dev/nvidiactl. https://bugzilla.redhat.com/show_bug.cgi?id=1598984 [ 3 ] Bug #1588212 - SELinux is preventing mktemp from 'write' accesses on the directory .esmtp_queue. https://bugzilla.redhat.com/show_bug.cgi?id=1588212 [ 4 ] Bug #1591421 - SELinux is preventing fail2ban-server from using the 'getpgid' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=1591421 [ 5 ] Bug #1359061 - Missing type enforcement rules for collectd plugin log_logstash https://bugzilla.redhat.com/show_bug.cgi?id=1359061 [ 6 ] Bug #1547139 - Spurious SELinux alerts: SELinux is preventing acpid from 'open' accesses on the chr_file /dev/input/event26. https://bugzilla.redhat.com/show_bug.cgi?id=1547139 [ 7 ] Bug #1595100 - denied { map } comm="mdadm" path="/usr/sbin/mdadm" https://bugzilla.redhat.com/show_bug.cgi?id=1595100 [ 8 ] Bug #1598995 - SELinux is preventing sddm-greeter from 'map' accesses on the chr_file /dev/nvidiactl. https://bugzilla.redhat.com/show_bug.cgi?id=1598995 [ 9 ] Bug #1539072 - SELinux prevents dictd from sending D-bus messages https://bugzilla.redhat.com/show_bug.cgi?id=1539072 [ 10 ] Bug #1539008 - SELinux prevents the ntop service from running https://bugzilla.redhat.com/show_bug.cgi?id=1539008 [ 11 ] Bug #1492377 - tgtd (iscsi initiator service) fails to start due to SELinux denial https://bugzilla.redhat.com/show_bug.cgi?id=1492377 [ 12 ] Bug #1595991 - SELinux is preventing systemd-network from 'create' accesses on the tun_socket Unknown. https://bugzilla.redhat.com/show_bug.cgi?id=1595991 [ 13 ] Bug #1596506 - /usr/sbin/rhn_check* should have same context as /usr/sbin/rhn_check https://bugzilla.redhat.com/show_bug.cgi?id=1596506 [ 14 ] Bug #1518655 - Lots of SELinux denials with "passwd: compat" https://bugzilla.redhat.com/show_bug.cgi?id=1518655 [ 15 ] Bug #1575212 - nnp_transition and execute_no_trans denials for geoclue2 2.4.10 prevent it working (F27) https://bugzilla.redhat.com/show_bug.cgi?id=1575212 [ 16 ] Bug #1534182 - aide requires "map" privilege https://bugzilla.redhat.com/show_bug.cgi?id=1534182 [ 17 ] Bug #1575719 - SELinux is preventing (geoclue) from using the 'nnp_transition' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=1575719 [ 18 ] Bug #1501331 - None https://bugzilla.redhat.com/show_bug.cgi?id=1501331 [ 19 ] Bug #1532034 - SELinux is preventing tlp from 'open' accesses on the file /run/tlp/lock_tlp. https://bugzilla.redhat.com/show_bug.cgi?id=1532034 [ 20 ] Bug #1530563 - SELinux is preventing systemd-machine from 'read' accesses on the lnk_file os-release. https://bugzilla.redhat.com/show_bug.cgi?id=1530563 [ 21 ] Bug #1483726 - SELinux is preventing gnome-shell from 'map' accesses on the file /etc/udev/hwdb.bin. https://bugzilla.redhat.com/show_bug.cgi?id=1483726 [ 22 ] Bug #1583797 - qemu-ga does not have read access to utmp https://bugzilla.redhat.com/show_bug.cgi?id=1583797 [ 23 ] Bug #1541205 - SELinux Troublshooter keeps reporting issues with the systemd journal https://bugzilla.redhat.com/show_bug.cgi?id=1541205 --------------------------------------------------------------------------------
================================================================================ wine-3.13-3.fc27 (FEDORA-2018-e3b00b358f) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information:
- Vulkan support on macOS using MoltenVK. - Initial support for performance data in the registry. - Mono engine updated with some bug fixes. - Support for fetching BIOS information on Linux. - GnuTLS also used on macOS when available. - Improvements in the standard Task Dialog. - Various bug fixes. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 26 2018 Michael Cronenworth mike@cchtml.com 3.13-3 - Fix application of patch * Tue Jul 24 2018 Michael Cronenworth mike@cchtml.com 3.13-2 - Add patch to fix audio with staging * Sat Jul 21 2018 Michael Cronenworth mike@cchtml.com 3.13-1 - version update * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 3.12-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1606940 - wine-3.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1606940 --------------------------------------------------------------------------------
================================================================================ wine-mono-4.7.3-1.fc27 (FEDORA-2018-e3b00b358f) Mono library required for Wine -------------------------------------------------------------------------------- Update Information:
- Vulkan support on macOS using MoltenVK. - Initial support for performance data in the registry. - Mono engine updated with some bug fixes. - Support for fetching BIOS information on Linux. - GnuTLS also used on macOS when available. - Improvements in the standard Task Dialog. - Various bug fixes. -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 21 2018 Michael Cronenworth mike@cchtml.com - 4.7.3-1 - version upgrade * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 4.7.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 4.7.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1606940 - wine-3.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1606940 --------------------------------------------------------------------------------