The following Fedora 26 Security updates need testing:
Age URL
187
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01
python-XStatic-jquery-ui-1.12.0.1-2.fc26
126
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2522df3526
nodejs-brace-expansion-1.1.7-1.fc26
80
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1c053de325
memcached-1.4.39-1.fc26
76
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7
docker-distribution-2.6.2-1.git48294d9.fc26
14
https://bodhi.fedoraproject.org/updates/FEDORA-2017-efeb59171d
chromium-61.0.3163.100-1.fc26
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5c2a294fba
weechat-1.9.1-1.fc26
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d9d8173df
mingw-poppler-0.52.0-4.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4248ba346
botan-1.10.17-1.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-213ebf97c8 xen-4.8.2-3.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f244168d7f recode-3.6-44.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1179268a20 tor-0.3.1.7-1.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e6f4f95e6 ruby-2.4.2-84.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-45625fecca
openvswitch-2.7.3-2.fc26
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9f36da1aac
check-mk-1.2.8p26-1.fc26
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f1b90dbb7
golang-1.8.4-1.fc26
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b52f851dea
calamares-3.1.5-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d22c391318 upx-3.94-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-afb05e0873
nodejs-forwarded-0.1.2-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-36eb36ea71
procmail-3.22-44.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9b0095a6f2
SDL2_image-2.0.1-8.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-21293887a2
poppler-0.52.0-8.fc26
The following Fedora 26 Critical Path updates have yet to be approved:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0b189f2107 nspr-4.17.0-1.fc26
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-621a9b4828
iproute-4.13.0-1.fc26
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6271764d02
menu-cache-1.0.2-7.D20170914git8c8534159d.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebef90185e libgudev-232-1.fc26
iio-sensor-proxy-2.3-1.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff8aeb8db8
fontconfig-2.12.6-3.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cd46d09a72
breeze-icon-theme-5.38.0-2.fc26 extra-cmake-modules-5.38.0-2.fc26 kf5-5.38.0-1.fc26
kf5-attica-5.38.0-1.fc26 kf5-baloo-5.38.0-1.fc26 kf5-bluez-qt-5.38.0-1.fc26
kf5-frameworkintegration-5.38.0-1.fc26 kf5-kactivities-5.38.0-1.fc26
kf5-kactivities-stats-5.38.0-1.fc26 kf5-kapidox-5.38.0-1.fc26 kf5-karchive-5.38.0-1.fc26
kf5-kauth-5.38.0-1.fc26 kf5-kbookmarks-5.38.0-1.fc26 kf5-kcmutils-5.38.0-1.fc26
kf5-kcodecs-5.38.0-1.fc26 kf5-kcompletion-5.38.0-1.fc26 kf5-kconfig-5.38.0-5.fc26
kf5-kconfigwidgets-5.38.0-1.fc26 kf5-kcoreaddons-5.38.0-1.fc26 kf5-kcrash-5.38.0-1.fc26
kf5-kdbusaddons-5.38.0-1.fc26 kf5-kdeclarative-5.38.0-1.fc26 kf5-kded-5.38.0-1.fc26
kf5-kdelibs4support-5.38.0-1.fc26 kf5-kdesignerplugin-5.38.0-1.fc26
kf5-kdesu-5.38.0-1.fc26 kf5-kdewebkit-5.38.0-1.fc26 kf5-kdnssd-5.38.0-1.fc26
kf5-kdoctools-5.38.0-1.fc26 kf5-kemoticons-5.38.0-1.fc26 kf5-kfilemetadata-5.38.0-1.fc26
kf5-kglobalaccel-5.38.1-1.fc26 kf5-kguiad
dons-5.38.0-1.fc26 kf5-khtml-5.38.0-1.fc26 kf5-ki18n-5.38.0-1.fc26
kf5-kiconthemes-5.38.0-1.fc26 kf5-kidletime-5.38.0-1.fc26 kf5-kimageformats-5.38.0-1.fc26
kf5-kinit-5.38.0-1.fc26 kf5-kio-5.38.0-1.fc26 kf5-kitemmodels-5.38.0-1.fc26
kf5-kitemviews-5.38.0-1.fc26 kf5-kjobwidgets-5.38.0-1.fc26 kf5-kjs-5.38.0-1.fc26
kf5-kjsembed-5.38.0-1.fc26 kf5-kmediaplayer-5.38.0-1.fc26 kf5-knewstuff-5.38.0-1.fc26
kf5-knotifications-5.38.0-1.fc26 kf5-knotifyconfig-5.38.0-1.fc26
kf5-kpackage-5.38.0-1.fc26 kf5-kparts-5.38.0-1.fc26 kf5-kpeople-5.38.0-1.fc26
kf5-kplotting-5.38.0-1.fc26 kf5-kpty-5.38.0-1.fc26 kf5-kross-5.38.0-1.fc26
kf5-krunner-5.38.0-1.fc26 kf5-kservice-5.38.0-1.fc26 kf5-ktexteditor-5.38.0-1.fc26
kf5-ktextwidgets-5.38.0-1.fc26 kf5-kunitconversion-5.38.0-1.fc26 kf5-kwallet-5.38.0-1.fc26
kf5-kwayland-5.38.0-1.fc26 kf5-kwidgetsaddons-5.38.0-1.fc26
kf5-kwindowsystem-5.38.0-1.fc26 kf5-kxmlgui-5.38.0-1.fc26 kf5-kxmlrpcclient-5.38.0-1.fc26
kf5-modemmanager-qt-5.38.0-1.fc26 kf5-networkmanager-qt
-5.38.0-1.fc26 kf5-plasma-5.38.0-1.fc26 kf5-solid-5.38.0-1.fc26 kf5-sonnet-5.38.0-1.fc26
kf5-syntax-highlighting-5.38.0-1.fc26 kf5-threadweaver-5.38.0-1.fc26
oxygen-icon-theme-5.38.0-2.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-02be915e88
p11-kit-0.23.9-2.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b843cc1876
libguestfs-1.36.7-1.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-621c36fcb8 nss-3.33.0-1.0.fc26
nss-softokn-3.33.0-1.0.fc26 nss-util-3.33.0-1.0.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-213ebf97c8 xen-4.8.2-3.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-45a9490ce0
geocode-glib-3.24.0-1.fc26
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2ab6fac68e
glusterfs-3.10.6-3.fc26
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9099d5f81c
gst-devtools-1.12.3-2.fc26 gst-editing-services-1.12.3-1.fc26 gstreamer1-1.12.3-1.fc26
gstreamer1-plugins-bad-free-1.12.3-1.fc26 gstreamer1-plugins-base-1.12.3-1.fc26
gstreamer1-plugins-good-1.12.3-1.fc26 pitivi-0.99-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-21293887a2
poppler-0.52.0-8.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f491ba90a
python-productmd-1.8-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5e475c0b0d audit-2.8-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2f0f66ceca
firefox-57.0-0.2.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-018cffeab4
ding-libs-0.6.1-34.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8e91b32f31
python3-3.6.3-2.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3a93bf495e
flatpak-builder-0.9.99-1.fc26 flatpak-0.9.99-1.fc26
The following builds have been pushed to Fedora 26 updates-testing
SDL2_image-2.0.1-8.fc26
audit-2.8-1.fc26
bodhi-2.12.0-1.fc26
evince-3.24.2-1.fc26
findbugs-contrib-7.0.5-1.fc26
gdouros-symbola-fonts-10.03-1.fc26
gsequencer-1.0.4-1.fc26
libstoragemgmt-1.5.0-2.fc26
manifest-tool-0.7.0-1.fc26
mate-themes-3.22.14-2.fc26
php-justinrainbow-json-schema5-5.2.5-1.fc26
php-phpmyadmin-sql-parser-4.2.3-1.fc26
poppler-0.52.0-8.fc26
procmail-3.22-44.fc26
python-productmd-1.8-1.fc26
python-streamlink-0.8.1-3.fc26
python3-bsddb3-6.2.5-3.fc26
pywbem-0.11.0-1.fc26
rakudo-zef-0.1.30-1.fc26
skopeo-0.1.24-3.dev.git28d4e08.fc26
Details about builds:
================================================================================
SDL2_image-2.0.1-8.fc26 (FEDORA-2017-9b0095a6f2)
Image loading library for SDL
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2017-2887
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1500455 - CVE-2017-2887 SDL_image: Multiple vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1500455
--------------------------------------------------------------------------------
================================================================================
audit-2.8-1.fc26 (FEDORA-2017-5e475c0b0d)
User space tools for 2.6 kernel auditing
--------------------------------------------------------------------------------
Update Information:
Lots of updates for the auparse_normalizer to improve support on many events.
Remote logging now supports IPv6 and other remote logging improvements. Fix bugs
in auvirt that prevented locating AVC's for the VM. Add command line option to
auditd & audispd for config dir path.
--------------------------------------------------------------------------------
================================================================================
bodhi-2.12.0-1.fc26 (FEDORA-2017-08c952f151)
A modular framework that facilitates publishing software updates
--------------------------------------------------------------------------------
Update Information:
Update to [
2.12.0](https://github.com/fedora-infra/bodhi/releases/tag/2.12.0)
(#1500515).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1500515 - bodhi-2.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1500515
--------------------------------------------------------------------------------
================================================================================
evince-3.24.2-1.fc26 (FEDORA-2017-f130dbcb87)
Document viewer
--------------------------------------------------------------------------------
Update Information:
Resolves: rhbz#1499852 update to 3.24.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1499852 - Please update to 3.24.2
https://bugzilla.redhat.com/show_bug.cgi?id=1499852
--------------------------------------------------------------------------------
================================================================================
findbugs-contrib-7.0.5-1.fc26 (FEDORA-2017-1d9cc27f89)
Extra findbugs detectors
--------------------------------------------------------------------------------
Update Information:
Update to version 7.0.5. New detectors: * `LO_TOSTRING_PARAMETER` * Method
explicitly calls `toString()` on a logger parameter *
`OI_OPTIONAL_ISSUES_USES_ORELSEGET_WITH_NULL` * Method uses
`Optional.orElseGet(null)`
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1488265 - findbugs-contrib-7.0.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1488265
--------------------------------------------------------------------------------
================================================================================
gdouros-symbola-fonts-10.03-1.fc26 (FEDORA-2017-38cb38f42a)
A symbol font
--------------------------------------------------------------------------------
Update Information:
New upstream release, properly versioned and documented. ---- Fixes for the
following characters: ��� 1D3F MODIFIER LETTER CAPITAL R ���������
1DED COMBINING LATIN SMALL LETTER O WITH LIGHT CENTRALIZATION STROKE
��������� 1DF0 COMBINING LATIN SMALL LETTER U WITH LIGHT
CENTRALIZATION STROKE ��� 213A ROTATED CAPITAL Q ��� 2A52
LOGICAL OR WITH DOT ABOVE ��� 2AF2 PARALLEL WITH HORIZONTAL
STROKE ---- Minor edits to some glyphs.
--------------------------------------------------------------------------------
================================================================================
gsequencer-1.0.4-1.fc26 (FEDORA-2017-081c58e219)
Audio processing engine
--------------------------------------------------------------------------------
Update Information:
updated gsequencer.0-makefile-am.patch to fix globbing issue
--------------------------------------------------------------------------------
================================================================================
libstoragemgmt-1.5.0-2.fc26 (FEDORA-2017-fa5cfad679)
Storage array management library
--------------------------------------------------------------------------------
Update Information:
Fixed the multilib issue of NFS plugin. ---- Upgrade to 1.5.0: - New plugin
-- LibstorageMgmt NFS server plugin(`nfs://`). - New plugin -- LibstorageMgmt
Local Pseudo plugin(`local://`). - New plugin -- LibstorageMgmt Microsemi
storage plugin(`arcconf://`). - Removed support of lmiwbem due to missing self-
signed CA verification and inactive upstream of lmiwbem. - Support SES actions
on kernel `bsg` module(old code was using `sg` kernel module). - Add manpages
for every C API using kernel-doc. - Using docker of Fedora and Centos for Travis
CI test. - New URI parameter `ca_cert_file` for ONTAP, SMI-S, targetd plugin. -
Bug fixes: * Fix the ONTAP SSL connection. * Sim plugin: Fix sqlite3
transaction of fs_child_dependency_rm(). * MegaRAID: Handle when both
perccli and storcli are installed. * MegaRAID plugin: Support pool status
for rebuild and check. * Fixed C++ code compile warnings. - Library adds:
* Query health status of local disk:
lsm_local_disk_health_status_get()/lsm.LocalDisk.health_status_get()
--------------------------------------------------------------------------------
================================================================================
manifest-tool-0.7.0-1.fc26 (FEDORA-2017-77e24bb0a1)
A command line tool used for creating manifest list objects
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
mate-themes-3.22.14-2.fc26 (FEDORA-2017-d19690d6a2)
MATE Desktop themes
--------------------------------------------------------------------------------
Update Information:
- add some upstream patches
--------------------------------------------------------------------------------
================================================================================
php-justinrainbow-json-schema5-5.2.5-1.fc26 (FEDORA-2017-c3b70a3ead)
A library to validate a json schema
--------------------------------------------------------------------------------
Update Information:
**Version 5.2.5** * Backports for 5.2.5 * 452 (Don't add a file:// prefix
to URI that already have a scheme) ---- **Version 5.2.4** * Fresh tag to
rectify 5.2.3 mistag. ----- **Version 5.2.3** * 453 Backports for 5.2.3 *
452 (bugfix for id double-resolution introduced in 5.2.2) ---- **Version
5.2.2** * 431 Backports for 5.2.2 (Part 1) * 425 (bugfix for #424 - make
uri splitting reversable) * 429 (adjust hhvm platform for Travis, remove
phpdocumentor dependency) * 432 Added property name in draft-3 required error *
433 Backports for 5.2.2 (Part 2) * 432 (fix missing property in boolean
required error) * 450 Backports for 5.2.2 (Part 3) * 449 (Update config for
php-cs-fixer & travis) * 448 (add proper recursive handling for $ref - fixes
#447)
--------------------------------------------------------------------------------
================================================================================
php-phpmyadmin-sql-parser-4.2.3-1.fc26 (FEDORA-2017-74caec216c)
A validating SQL lexer and parser with a focus on MySQL dialect
--------------------------------------------------------------------------------
Update Information:
**Version 4.2.3** - 2017-10-10 * Fixed build CREATE TABLE query with PARTITIONS
having ENGINE but not VALUES.
--------------------------------------------------------------------------------
================================================================================
poppler-0.52.0-8.fc26 (FEDORA-2017-21293887a2)
PDF rendering library
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-14926, CVE-2017-14927 and CVE-2017-14928. ----
Security fix for CVE-2017-14617 ---- Security fix for CVE-2017-14517,
CVE-2017-14518, CVE-2017-14519 and CVE-2017-14929.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1500322 - CVE-2017-14928 poppler: NULL pointer dereference in the
AnnotRichMedia::Configuration::Configuration
https://bugzilla.redhat.com/show_bug.cgi?id=1500322
[ 2 ] Bug #1500323 - CVE-2017-14926 poppler: NULL pointer dereference in the
AnnotRichMedia::Content::Content
https://bugzilla.redhat.com/show_bug.cgi?id=1500323
[ 3 ] Bug #1500324 - CVE-2017-14927 poppler: NULL pointer dereference in the
SplashOutputDev::type3D0() function
https://bugzilla.redhat.com/show_bug.cgi?id=1500324
[ 4 ] Bug #1499905 - CVE-2017-14617 poppler: Floating point exception in the ImageStream
class
https://bugzilla.redhat.com/show_bug.cgi?id=1499905
[ 5 ] Bug #1499162 - CVE-2017-14517 poppler: NULL pointer dereference in the
XRef::parseEntry() function
https://bugzilla.redhat.com/show_bug.cgi?id=1499162
[ 6 ] Bug #1499163 - CVE-2017-14518 poppler: Floating point exception in the
isImageInterpolationRequired() function
https://bugzilla.redhat.com/show_bug.cgi?id=1499163
[ 7 ] Bug #1499165 - CVE-2017-14519 poppler: Memory corruption via Gfx.cc infinite loop
https://bugzilla.redhat.com/show_bug.cgi?id=1499165
[ 8 ] Bug #1499167 - CVE-2017-14929 poppler: Memory corruption via Gfx.cc infinite loop
https://bugzilla.redhat.com/show_bug.cgi?id=1499167
--------------------------------------------------------------------------------
================================================================================
procmail-3.22-44.fc26 (FEDORA-2017-36eb36ea71)
Mail processing program
--------------------------------------------------------------------------------
Update Information:
This is security update fixing possible buffer overflow in loadbuf function.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1500070 - procmail: Heap-based buffer overflow in loadbuf function in
formisc.c
https://bugzilla.redhat.com/show_bug.cgi?id=1500070
--------------------------------------------------------------------------------
================================================================================
python-productmd-1.8-1.fc26 (FEDORA-2017-0f491ba90a)
Library providing parsers for metadata related to OS installation
--------------------------------------------------------------------------------
Update Information:
Improved error reporting when encountering invalid metadata files.
--------------------------------------------------------------------------------
================================================================================
python-streamlink-0.8.1-3.fc26 (FEDORA-2017-5ec0c7e980)
Python library for extracting streams from various websites
--------------------------------------------------------------------------------
Update Information:
Fix missing dependency on python-websocket-client package
--------------------------------------------------------------------------------
================================================================================
python3-bsddb3-6.2.5-3.fc26 (FEDORA-2017-8434d8f3c1)
Python 3 bindings for BerkleyDB
--------------------------------------------------------------------------------
Update Information:
Simplify the fix for shebangs and actually apply it to the right files. ----
Fix for ambiguous python shebangs (`#!/usr/bin/env python` and similar). ----
Update to the latest upstream version.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1489988 - python3-bsddb3-6.2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1489988
--------------------------------------------------------------------------------
================================================================================
pywbem-0.11.0-1.fc26 (FEDORA-2017-89c7af39ab)
Python2 WBEM Client and Provider Interface
--------------------------------------------------------------------------------
Update Information:
Upgrade to 0.11.0.
--------------------------------------------------------------------------------
================================================================================
rakudo-zef-0.1.30-1.fc26 (FEDORA-2017-ef7c7474c0)
Perl6 Module Management
--------------------------------------------------------------------------------
Update Information:
update to 0.1.30
--------------------------------------------------------------------------------
================================================================================
skopeo-0.1.24-3.dev.git28d4e08.fc26 (FEDORA-2017-51e432bd4d)
Inspect Docker images and repositories on registries
--------------------------------------------------------------------------------
Update Information:
built commit 28d4e08
--------------------------------------------------------------------------------