The following Fedora 33 Security updates need testing:
Age URL
105
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c shim-15.4-1
7
https://bodhi.fedoraproject.org/updates/FEDORA-2021-30c84b4924
chromium-91.0.4472.164-1.fc33
7
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4ead17c8f6
linux-firmware-20210716-121.fc33
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-1bfb61f77c
golang-1.15.14-1.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-5d21b90a30
curl-7.71.1-10.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c9c1f6e5c7
php-pear-1.10.12-9.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-76cf1653b3
redis-6.0.15-1.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-3de956ceee
webkit2gtk3-2.32.3-1.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-e6b0792d75
java-11-openjdk-11.0.12.0.7-0.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-71556a5722
mrxvt-0.5.3-31.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-112557d2c5
buildah-1.21.4-4.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-424a36ea0f
seamonkey-2.53.8.1-1.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-ade03666c0
java-1.8.0-openjdk-1.8.0.302.b08-0.fc33
The following Fedora 33 Critical Path updates have yet to be approved:
Age URL
123
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb
PackageKit-1.2.3-1.fc33
58
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4797e362b3 abrt-2.14.6-1.fc33
libreport-2.15.1-1.fc33 satyr-0.37-2.fc33
15
https://bodhi.fedoraproject.org/updates/FEDORA-2021-abcaa79b71
libmodulemd-2.13.0-1.fc33
11
https://bodhi.fedoraproject.org/updates/FEDORA-2021-1fe1b325f5 gjs-1.66.2-7.fc33
mozjs78-78.12.0-1.fc33
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-bcea139c5d audit-3.0.3-1.fc33
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-5e6e793ad5
libedit-3.1-38.20210714cvs.fc33
7
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4ead17c8f6
linux-firmware-20210716-121.fc33
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-13f06367c7
net-snmp-5.9.1-3.fc33
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-3bdb6861cb
mtools-4.0.33-1.fc33
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-49d6a73d5b
libidn2-2.3.2-1.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-5d21b90a30
curl-7.71.1-10.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-3de956ceee
webkit2gtk3-2.32.3-1.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-3066a71721
firefox-90.0.2-1.fc33
The following builds have been pushed to Fedora 33 updates-testing
cppcheck-2.5-2.fc33
gnome-shell-extension-pop-shell-1.2.0^2.9616931-1.fc33
gtk-gnutella-1.2.1-1.fc33
ipxe-20200823-7.git4bd064de.fc33
java-latest-openjdk-16.0.2.0.7-1.rolling.fc33
logwatch-7.5.6-1.fc33
mbedtls-2.16.11-1.fc33
mingw-exiv2-0.27.4-2.fc33
mingw-python-pillow-7.2.0-7.fc33
mozilla-ublock-origin-1.37.0-1.fc33
mythes-de-0.20210723-1.fc33
python-pillow-7.2.0-7.fc33
python2-pillow-6.2.2-6.fc33
Details about builds:
================================================================================
cppcheck-2.5-2.fc33 (FEDORA-2021-7f85b14f8f)
Tool for static C/C++ code analysis
--------------------------------------------------------------------------------
Update Information:
Fix Failed to load translation for English (#1983599)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 23 2021 Wolfgang St��ggl <c72578(a)yahoo.de> - 2.5-2
- Fix Failed to load translation for English (#1983599)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1983599 - cppcheck-gui: error dialog during installation: Failed to load
translation for language English
https://bugzilla.redhat.com/show_bug.cgi?id=1983599
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-pop-shell-1.2.0^2.9616931-1.fc33 (FEDORA-2021-83af69457d)
GNOME Shell extension for advanced tiling window management
--------------------------------------------------------------------------------
Update Information:
Latest upstream snapshot
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 24 2021 Carl George <carl(a)george.computer> - 1.2.0^2.9616931-1
- Latest upstream snapshot
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.2.0^1.d59e373-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
gtk-gnutella-1.2.1-1.fc33 (FEDORA-2021-961295d73a)
GUI based Gnutella Client
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 25 2021 Dmitry Butskoy <Dmitry(a)Butskoy.name> - 1.2.1-1
- update to 1.2.1
--------------------------------------------------------------------------------
================================================================================
ipxe-20200823-7.git4bd064de.fc33 (FEDORA-2021-695cfbf2ab)
A network boot loader
--------------------------------------------------------------------------------
Update Information:
* Add snponly build (bz #1981799)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 24 2021 Cole Robinson <crobinso(a)redhat.com> - 20200823-7.git4bd064de
- Add snponly build (bz 1981799)
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
20200823-6.git4bd064de
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jul 7 2021 Cole Robinson <crobinso(a)redhat.com> - 20200823-5.git4bd064de
- Generate qemu compatible rom filenames
* Mon Jun 14 2021 Jiri Kucera <jkucera(a)redhat.com> - 20200823-4.git4bd064de
- Replace genisoimage by xorriso
* Tue Feb 23 2021 Cole Robinson <aintdiscole(a)gmail.com> - 20200823-3.git4bd064de
- combine BIOS and EFI roms using "util/catrom.pl"
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
20200823-2.git4bd064de
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1981799 - Please build and ship the ipxe-snponly binary
https://bugzilla.redhat.com/show_bug.cgi?id=1981799
--------------------------------------------------------------------------------
================================================================================
java-latest-openjdk-16.0.2.0.7-1.rolling.fc33 (FEDORA-2021-6707cd4327)
OpenJDK 16 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
July 2021 CPU update
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 23 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:16.0.2.0.7-1.rolling
- bumped to security update of 16.0.2-ga
* Tue Jun 29 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:16.0.1.0.9-5.rolling
- renamed source15 to source17 to match el8
- added fips support:
- added pr3695-toggle_system_crypto_policy.patch ; missing prerequisity
- removed rh1655466-global_crypto_and_fips.patch; jdk16 do not have default algorithm, it
throws exception
- adapted rh1655466-global_crypto_and_fips.patch
- adapted rh1860986-disable_tlsv1.3_in_fips_mode.patch (?)
- adapted rh1915071-always_initialise_configurator_access.patch
--------------------------------------------------------------------------------
================================================================================
logwatch-7.5.6-1.fc33 (FEDORA-2021-729f015824)
Analyzes and Reports on system logs
--------------------------------------------------------------------------------
Update Information:
Update to 7.5.6
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 24 2021 Frank Crawford <frank(a)crawford.emu.id.au> - 7.5.6-1
- Update to 7.5.6
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.5.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mbedtls-2.16.11-1.fc33 (FEDORA-2021-10bfc067d1)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 2.16.11 Release notes:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 24 2021 Morten Stevens <mstevens(a)fedoraproject.org> - 2.16.11-1
- Update to 2.16.11
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.16.9-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.16.9-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1943664 - mbedtls: multiple vulnerabilities fixed in mbedtls-2.26.0
https://bugzilla.redhat.com/show_bug.cgi?id=1943664
[ 2 ] Bug #1981510 - mbedtls: Local side channel attack on RSA
https://bugzilla.redhat.com/show_bug.cgi?id=1981510
[ 3 ] Bug #1981514 - mbedtls: Local side channel attack on static Diffie-Hellman with
Montgomery curves
https://bugzilla.redhat.com/show_bug.cgi?id=1981514
[ 4 ] Bug #1985311 - CVE-2021-24119 mbedtls: side-channel vulnerability allows
system-level-attacker information disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=1985311
--------------------------------------------------------------------------------
================================================================================
mingw-exiv2-0.27.4-2.fc33 (FEDORA-2021-dde4d7d47e)
MinGW Windows exiv2 library
--------------------------------------------------------------------------------
Update Information:
Update to 0.27.4, fixes CVE-2021-29463 and CVE-2021-29464.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.27.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sun Jun 20 2021 Sandro Mani <manisandro(a)gmail.com> - 0.27.4-1
- Update to 0.27.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1982185 - CVE-2021-29463 mingw-exiv2: exiv2: out-of-bounds read is triggered
via crafted image file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1982185
[ 2 ] Bug #1982189 - CVE-2021-29464 mingw-exiv2: exiv2: heap-based buffer overflow via
crafted image file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1982189
--------------------------------------------------------------------------------
================================================================================
mingw-python-pillow-7.2.0-7.fc33 (FEDORA-2021-bf01a738f3)
MinGW Windows Python pillow library
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2021-34552.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 24 2021 Sandro Mani <manisandro(a)gmail.com> - 7.2.0-7
- Backport fix for CVE-2021-34552
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1982379 - CVE-2021-34552 mingw-python-pillow: python-pillow: buffer overflow
in Convert.c because it allow an attacker to pass controlled parameters directly into a
convert function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1982379
[ 2 ] Bug #1982380 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because
it allow an attacker to pass controlled parameters directly into a convert function
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1982380
[ 3 ] Bug #1982381 - CVE-2021-34552 python2-pillow: python-pillow: buffer overflow in
Convert.c because it allow an attacker to pass controlled parameters directly into a
convert function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1982381
--------------------------------------------------------------------------------
================================================================================
mozilla-ublock-origin-1.37.0-1.fc33 (FEDORA-2021-05ed34a61c)
An efficient blocker for Firefox
--------------------------------------------------------------------------------
Update Information:
### Closed as fixed #### Core * '$popup' not working * Service worker
"tabless"
requests with correct context are still modified when page is whitelisted *
Back/Forward navigation does not work between Ublock Origin option pages *
csp_report filter created via logger is marked as invalid * Extreme popup
blocking - uBo dashboard is blocked when popups are * IPv6 fe80::1%lo0 localhost
from hosts file is marked as error line * Whitespaces are now stripped from
blocking-rule URLs, causing rules targeting whitespaces to fail and/or block
extremely broadly * uBO's dashboard does not refresh custom filters in real-time
* Element picker/zapper don't work if cosmetic filtering is disabled * Logger
always highlights first match * Static filtering: Cannot prevent my filter from
strict-blocking ### Notable commits without en entry in the issue tracker *
Provide visual cue in popup panel when base domain has subdomains * Disclose
where uBO's own filter lists are hosted * Add abort-current-script scriptlet *
Fix spurious error messages when updating contextual menu * Make `getByName()`
return an dummy Tracker object * Add asap behavior to remove-attr scriptlet *
Ensure pending callbacks are called only once
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 24 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.37.0-1
- update to 1.37.0 (#1985343)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1985343 - mozilla-ublock-origin-1.37.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1985343
--------------------------------------------------------------------------------
================================================================================
mythes-de-0.20210723-1.fc33 (FEDORA-2021-68920da213)
German thesaurus
--------------------------------------------------------------------------------
Update Information:
* Upgrade to latest daily snapshot release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 24 2021 Robert Scheck <robert(a)fedoraproject.org> 0.20210723-1
- Upgrade to latest daily snapshot release
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.20210302-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-pillow-7.2.0-7.fc33 (FEDORA-2021-bf01a738f3)
Python image processing library
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2021-34552.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 24 2021 Sandro Mani <manisandro(a)gmail.com> - 7.2.0-7
- Backport fix for CVE-2021-34552
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1982379 - CVE-2021-34552 mingw-python-pillow: python-pillow: buffer overflow
in Convert.c because it allow an attacker to pass controlled parameters directly into a
convert function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1982379
[ 2 ] Bug #1982380 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because
it allow an attacker to pass controlled parameters directly into a convert function
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1982380
[ 3 ] Bug #1982381 - CVE-2021-34552 python2-pillow: python-pillow: buffer overflow in
Convert.c because it allow an attacker to pass controlled parameters directly into a
convert function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1982381
--------------------------------------------------------------------------------
================================================================================
python2-pillow-6.2.2-6.fc33 (FEDORA-2021-bf01a738f3)
Python image processing library
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2021-34552.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 24 2021 Sandro Mani <manisandro(a)gmail.com> - 6.2.2-6
- Backport fix for CVE-2021-34552
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1982379 - CVE-2021-34552 mingw-python-pillow: python-pillow: buffer overflow
in Convert.c because it allow an attacker to pass controlled parameters directly into a
convert function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1982379
[ 2 ] Bug #1982380 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because
it allow an attacker to pass controlled parameters directly into a convert function
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1982380
[ 3 ] Bug #1982381 - CVE-2021-34552 python2-pillow: python-pillow: buffer overflow in
Convert.c because it allow an attacker to pass controlled parameters directly into a
convert function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1982381
--------------------------------------------------------------------------------