The following Fedora 27 Security updates need testing:
Age URL
225
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27
157
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408
dpdk-17.08.2-1.fc27
120
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01
nodejs-brace-expansion-1.1.11-1.fc27
112
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219
unrtf-0.21.9-8.fc27
88
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750
mailman-2.1.21-9.fc27
88
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1
openslp-2.0.0-15.fc27
46
https://bodhi.fedoraproject.org/updates/FEDORA-2018-21ffebf41c
tomcat-8.0.53-1.fc27
46
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8533a3ef1
unixODBC-2.3.7-1.fc27
23
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3a7916c8b9
thunderbird-60.0-1.fc27
23
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bf613d82be CImg-2.3.6-1.fc27
23
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a82282e4e gmic-2.3.6-1.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3e9f26489b lcms2-2.8-6.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-02a38af202
openssl-1.1.0i-1.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8b109a6de0
python-marshmallow-2.11.1-8.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-187e212568
php-tcpdf-6.2.25-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b14abc9b0
libmad-0.15.1b-26.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-54d84b0b0c
bind-9.11.4-3.P2.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-11b3ae4e31
ca-certificates-2018.2.26-1.0.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3d187b1a5b
udisks2-2.7.6-2.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5f88837c1b
firefox-62.0.2-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9a09435935
liblouis-2.6.2-13.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1f64819623
php-horde-Horde-Core-2.31.6-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-69cce46328 rust-1.29.1-2.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1de045298c
php-horde-horde-5.2.20-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c0a1284064
kernel-headers-4.18.10-100.fc27 kernel-tools-4.18.10-100.fc27 kernel-4.18.10-100.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d280e35281
php-horde-kronolith-4.2.25-1.fc27
The following Fedora 27 Critical Path updates have yet to be approved:
Age URL
141
https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27
mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1
101
https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93
upower-0.99.8-1.fc27
65
https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e
geoclue2-2.4.11-1.fc27
45
https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c3deae24
iproute-4.17.0-1.fc27
30
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c223c11259
libldb-1.3.2-2.fc27.1.2.3 samba-4.7.10-0.fc27
23
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3a7916c8b9
thunderbird-60.0-1.fc27
20
https://bodhi.fedoraproject.org/updates/FEDORA-2018-227775ff3a ceph-12.2.8-1.fc27
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ca54aecfc8
highlight-3.44-1.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-847a5b27f8 vim-8.1.408-1.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ede34350d8
dash-0.5.10.2-1.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3e9f26489b lcms2-2.8-6.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-387a30f785
osinfo-db-20180920-1.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-02a38af202
openssl-1.1.0i-1.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cf532c08b5
libguestfs-1.38.6-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a8d5e098bf pcre2-10.32-3.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c0a1284064
kernel-headers-4.18.10-100.fc27 kernel-tools-4.18.10-100.fc27 kernel-4.18.10-100.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5f88837c1b
firefox-62.0.2-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3d187b1a5b
udisks2-2.7.6-2.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3006b99087 xen-4.9.3-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-11b3ae4e31
ca-certificates-2018.2.26-1.0.fc27
The following builds have been pushed to Fedora 27 updates-testing
ansible-2.6.5-1.fc27
dgit-6.12-1.fc27
gnome-shell-extension-media-player-indicator-0-0.21.20180918gitd3201ea.fc27
gnome-shell-extension-netspeed-3.28-0.5.20180210gite3cea60.fc27
golang-github-thejerf-suture-3.0.0-1.fc27
golang-github-xtaci-smux-1.0.8-1.fc27
lightdm-1.28.0-2.fc27
lldb-5.0.2-2.fc27
mediawiki-1.29.3-1.fc27
openas2-2.6.2-2.fc27
python-markdown2-2.3.6-1.fc27
Details about builds:
================================================================================
ansible-2.6.5-1.fc27 (FEDORA-2018-bdcf17d7e5)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.5 bugfix release. See
https://github.com/ansible/ansible/blob/v2.6.5/changelogs/CHANGELOG-v2.6.rst for
a full list of fixed bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Kevin Fenzi <kevin(a)scrye.com> - 2.6.5-1
- Update to 2.6.5.
--------------------------------------------------------------------------------
================================================================================
dgit-6.12-1.fc27 (FEDORA-2018-26b4f2e714)
Integration between git and Debian-style archives
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream version 6.12, fixes rhbz #1634209
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 29 2018 Filipe Rosset <rosset.filipe(a)gmail.com> - 6.12-1
- Rebuilt for new upstream version 6.12, fixes rhbz #1634209
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1634209 - dgit-6.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1634209
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-media-player-indicator-0-0.21.20180918gitd3201ea.fc27
(FEDORA-2018-aee3ddc83d)
Control MPRIS2 capable media players: Rhythmbox, Banshee, Clementine and more
--------------------------------------------------------------------------------
Update Information:
- Update to 0-0.21.20180918gitd3201ea - Remove scriptlet glib-compile-schemas:
This scriptlet SHOULD NOT be used in Fedora 24 or later.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Martin Gansser <martinkg(a)fedoraproject.org> -
0-0.21.20180918gitd3201ea
- Update to new git snapshot 0-0.21.20180918gitd3201ea
- Remove scriptlet glib-compile-schemas: This scriptlet SHOULD NOT be used in Fedora 24 or
later.
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-netspeed-3.28-0.5.20180210gite3cea60.fc27 (FEDORA-2018-960fa5b813)
A gnome-shell extension to show speed of the internet
--------------------------------------------------------------------------------
Update Information:
- Add support for gnome 3.30
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Martin Gansser <martinkg(a)fedoraproject.org> -
3.28-0.5.20180208gite3cea60
- Add support for gnome 3.30
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
3.28-0.4.20180208gite3cea60
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
golang-github-thejerf-suture-3.0.0-1.fc27 (FEDORA-2018-5fd0964701)
Supervisor trees for Go
--------------------------------------------------------------------------------
Update Information:
Update to version 3.0.0.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Fabio Valentini <decathorpe(a)gmail.com> - 3.0.0-1
- Update to version 3.0.0.
--------------------------------------------------------------------------------
================================================================================
golang-github-xtaci-smux-1.0.8-1.fc27 (FEDORA-2018-30fd1639b5)
Simple Stream Multiplexing for golang
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.8.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.8-1
- Update to version 1.0.8.
* Sun Sep 2 2018 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.7-2
- Update to use spec 3.0.
--------------------------------------------------------------------------------
================================================================================
lightdm-1.28.0-2.fc27 (FEDORA-2018-227b29d323)
A cross-desktop Display Manager
--------------------------------------------------------------------------------
Update Information:
Adjust ordering of pam modules to ensure gnome_keyring/kwallet loads after
system-auth
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 26 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.28.0-2
- revert over-aggressive use of %name macro
- lightdm.pam: move 'session...system-auth' before gnome_keyring/kwallet
(#1581495,#1631220)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1631220 - Gnome keyring not unlocked on login
https://bugzilla.redhat.com/show_bug.cgi?id=1631220
[ 2 ] Bug #1581495 - lightdm + pam-kwallet causes polkit issues
https://bugzilla.redhat.com/show_bug.cgi?id=1581495
--------------------------------------------------------------------------------
================================================================================
lldb-5.0.2-2.fc27 (FEDORA-2018-c906f0913d)
Next generation high-performance debugger
--------------------------------------------------------------------------------
Update Information:
Fix for rhbz#1567262
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 21 2018 Tom Stellard <tstellar(a)redhat.com> - 5.0.2-2
- lldb should depend on python2-lldb
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1567262 - missing Recommends: python2-lldb
https://bugzilla.redhat.com/show_bug.cgi?id=1567262
--------------------------------------------------------------------------------
================================================================================
mediawiki-1.29.3-1.fc27 (FEDORA-2018-edf90410ea)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3 -
(T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
'newbie'. - (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass
CentralAuth's account lock. - (T180551) Fix LanguageSrTest for language
converter - (T180552) Fix langauge converter parser test with self-close tags
- (T180537) Remove $wgAuth usage from wrapOldPasswords.php - (T180485)
InputBox: Have inputbox langconvert certain attributes - (T161732, T181547)
Upgraded Moment.js from v2.15.0 to v2.19.3. - (T172927) Drop vendor from MW
release branch - (T87572) Make FormatMetadata::flattenArrayReal() work for an
associative array - Updated composer/spdx-licenses from 1.1.4 to 1.3.0
(development dependency). - (T189567) the CLI installer
(maintenance/install.php) learned to detect and include extensions. Pass --with-
extensions to enable that feature. - (T182381) Mask deprecated call in
WatchedItemUnitTest - (T190503) Let built-in web server (maintenance/dev)
handle .php requests. - The karma qunit tests would fail on some
configuration due to headers already sent. Check headers_sent() before sending
cpPosTime headers - (T167507) selenium: Run Chrome headlessly. - selenium:
Pass -no-sandbox to Chrome under Docker - (T191247) Use
MediaWiki\SuppressWarnings around trigger_error() instead @ - (T75174,
T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel fails
under SQLite. - (T192584) Stop incorrectly passing USE INDEX to
RecentChange::newFromConds(). - (T179190) selenium: Move test running logic
from package.json to selenium.sh. - (T117839, T193200) PDFHandler: Fix for
pdfinfo changes in poppler-utils 0.48. - Add default edit rate limit of 90
edits/minute for all users. - (T196125) php-memcached 3.0 (provided with PHP
7.0) is now supported. - (T196672) The mtime of extension.json files is now
able to be zero - (T180403) Validate $length in padleft/padright parser
functions. - (T143790) Make $wgEmailConfirmToEdit only affect edit actions. -
(T194237) Special:BotPasswords now requires reauthentication. - (T191608,
T187638) Add 'logid' parameter to Special:Log. - (T176097) resourceloader:
Disable a flaky MessageBlobStoreTest case - (T193829) Indicate when a Bot
Password needs reset. - (T151415) Log email changes. - (T118420) Unbreak
Oracle installer.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 28 2018 Michael Cronenworth <mike(a)cchtml.com> - 1.29.3-1
- Update to 1.29.3
-
https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.29.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.29.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1634162 - CVE-2018-0503 mediawiki: $wgRateLimits (rate limit / ping limiter)
entry for 'user' overrides that for 'newbie' [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634162
[ 2 ] Bug #1634167 - CVE-2018-0505 mediawiki: BotPassword can bypass CentralAuth's
account lock [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634167
[ 3 ] Bug #1634170 - CVE-2018-0504 mediawiki: Information exposure when a log event is
(partially) hidden [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1634170
--------------------------------------------------------------------------------
================================================================================
openas2-2.6.2-2.fc27 (FEDORA-2018-cce9180096)
Java-based implementation of the EDIINT AS2 standard
--------------------------------------------------------------------------------
Update Information:
New upstream release with some workarounds for MDN related partner braindamage.
Plus, we disable tcp_server by default and set factory passwords to ChangeMe.
---- This is an open Java implementation of the AS2 EDI transport standard. To
test, you need to install multiple instances, or use actual EDI partners. For
instance, if you are an Amazon EDI vendor, you can create a TEST connection to
your openas2 instance and run Amazon tests. You need to use the Java keytool
to create and exchange public keys to identify EDI partners. At some point, I
need to add a Fedora README with more Fedora specific howtos. While this is an
application designed to exchange business EDI documents, you can test by
creating 2 or more instances, and exchanging any arbitrary files. AS2 doesn't
look at the contents of documents other than to compute the hash for signatures.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1633362 - MDN fails to decrypt for some partners
https://bugzilla.redhat.com/show_bug.cgi?id=1633362
[ 2 ] Bug #1478210 - Review Request: openas2 - Java implementation of EDIINT AS2
https://bugzilla.redhat.com/show_bug.cgi?id=1478210
--------------------------------------------------------------------------------
================================================================================
python-markdown2-2.3.6-1.fc27 (FEDORA-2018-e52160d0bc)
A fast and complete Python implementation of Markdown
--------------------------------------------------------------------------------
Update Information:
#### python-markdown2 2.3.6 #### - [pull #282] Add TOC depth option - [pull
#283] Fix to add TOC html to output via CLI - [pull #284] Do not remove anchors
in safe_mode - [pull #288] fixing cuddled-lists with a single list item - [pull
#292] Fix Wrong rendering of last list element - [pull #295] link-patterns fix -
[pull #300] Replace a deprecated method - [pull #301] DeprecationWarning:
invalid escape sequence - [pull #302] Fix "make test" in Python 3 - [pull #303]
Fix CVE-2018-5773
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 29 2018 Thomas Moschny <thomas.moschny(a)gmx.de> - 2.3.6-1
- Update to 2.3.6.
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.3.5-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 2.3.5-4
- Rebuilt for Python 3.7
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 2.3.5-3
- Rebuilt for Python 3.7
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.3.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1536923 - CVE-2018-5773 python-markdown2: Unsanitized input in markdown()
method allows for cross-site scripting (XSS) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1536923
--------------------------------------------------------------------------------