The following Fedora 29 Security updates need testing:
Age URL
186
https://bodhi.fedoraproject.org/updates/FEDORA-2019-fa5843e0e1
asterisk-16.2.1-1.fc29
172
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c84f291592
WALinuxAgent-2.2.38-1.fc29
167
https://bodhi.fedoraproject.org/updates/FEDORA-2019-7528388823
chicken-5.0.0-2.fc29
127
https://bodhi.fedoraproject.org/updates/FEDORA-2019-9839aded3f
python-gnupg-0.4.4-1.fc29
123
https://bodhi.fedoraproject.org/updates/FEDORA-2019-35cb5a4785
kubernetes-1.13.5-1.fc29
61
https://bodhi.fedoraproject.org/updates/FEDORA-2019-32f7cd9b66
dosbox-0.74.3-2.fc29
53
https://bodhi.fedoraproject.org/updates/FEDORA-2019-3f5c670a8f
thunderbird-60.8.0-1.fc29
9
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d0b1feb995
graphite2-1.3.13-1.fc29
7
https://bodhi.fedoraproject.org/updates/FEDORA-2019-5e4316109b
qt5-qtwebengine-5.12.4-5.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-113d27cb80
chromium-76.0.3809.132-1.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-65db7ad6c7
golang-1.11.13-1.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e31c2f7d87
seamonkey-2.49.5-1.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c1dac1b3b8 lxc-3.0.4-1.fc29
lxcfs-3.0.4-1.fc29 python3-lxc-3.0.4-1.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-a457303ffc
rdesktop-1.8.6-1.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d04f66e595 bind-9.11.10-1.fc29
bind-dyndb-ldap-11.1-19.fc29 dhcp-4.3.6-34.fc29 dnsperf-2.3.2-1.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-80e5e20cf8
pdfresurrect-0.18-1.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-59d60bd1fa
dovecot-2.3.7.2-1.fc29
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e00c65ec6f httpd-2.4.41-1.fc29
mod_md-2.0.8-3.fc29
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-77d612eab4
grafana-6.3.4-1.fc29
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d9c2f1ec70
roundcubemail-1.3.10-1.fc29
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e08f78d4a6 SDL-1.2.15-40.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-6fa01d12b4
pdfbox-2.0.16-1.fc29
The following Fedora 29 Critical Path updates have yet to be approved:
Age URL
99
https://bodhi.fedoraproject.org/updates/FEDORA-2019-06a2d1c7fb
anaconda-29.24.7-3.fc29
96
https://bodhi.fedoraproject.org/updates/FEDORA-2019-4cefd3161a
nfs-utils-2.3.3-4.rc2.fc29
83
https://bodhi.fedoraproject.org/updates/FEDORA-2019-37faa13746
fontconfig-2.13.1-8.fc29
70
https://bodhi.fedoraproject.org/updates/FEDORA-2019-583d9d5a56
mutter-3.30.2-3.fc29
56
https://bodhi.fedoraproject.org/updates/FEDORA-2019-6f13c38d0d
python-urllib3-1.24.3-2.fc29
53
https://bodhi.fedoraproject.org/updates/FEDORA-2019-3f5c670a8f
thunderbird-60.8.0-1.fc29
53
https://bodhi.fedoraproject.org/updates/FEDORA-2019-62e681b68b ipset-7.2-1.fc29
13
https://bodhi.fedoraproject.org/updates/FEDORA-2019-9de7632b6b bluez-5.50-4.fc29
12
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c85c9971a5
perl-5.28.2-434.fc29
12
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e8002fd7bf
perl-Pod-Perldoc-3.28.01-419.fc29
11
https://bodhi.fedoraproject.org/updates/FEDORA-2019-68005b454d
vim-8.1.1912-1.fc29
9
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d0b1feb995
graphite2-1.3.13-1.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c010b35eb6
rpm-4.14.2.1-3.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d04f66e595 bind-9.11.10-1.fc29
bind-dyndb-ldap-11.1-19.fc29 dhcp-4.3.6-34.fc29 dnsperf-2.3.2-1.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-f93fcb9fbd
pcre2-10.33-13.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-88a3df6c0a
v4l-utils-1.16.7-1.fc29
The following builds have been pushed to Fedora 29 updates-testing
cobbler-2.8.5-0.1.fc29
js-jquery-file-upload-9.34.0-1.fc29
librsvg2-2.44.15-1.fc29
nagios-plugins-2.2.1-17.20190829gitfb792ff.fc29
purple-telegram-1.4.2-1.fc29
python-ipdb-0.12.2-1.fc29
python-mako-1.1.0-1.fc29
samba-4.9.13-0.fc29
systemd-239-14.git33ccd62.fc29
Details about builds:
================================================================================
cobbler-2.8.5-0.1.fc29 (FEDORA-2019-cd24f60a94)
Boot server configurator
--------------------------------------------------------------------------------
Update Information:
Update to 2.5.0 (pre-release)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 26 2019 Nicolas Chauvet <kwizart(a)gmail.com> - 2.8.5-0.1
- Update to 2.8.5 - pre-release
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.8.4-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.8.4-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1614431 - CVE-2018-10931 cobbler: CobblerXMLRPCInterface exports all its
methods over XMLRPC [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1614431
[ 2 ] Bug #1613293 - cobbler: XMLRPC API endpoints are not correctly validating security
tokens [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1613293
[ 3 ] Bug #1613177 - cobbler: Persistent XSS vulnerability in cobbler-web [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1613177
[ 4 ] Bug #1613176 - cobbler: Persistent XSS vulnerability in cobbler-web [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1613176
--------------------------------------------------------------------------------
================================================================================
js-jquery-file-upload-9.34.0-1.fc29 (FEDORA-2019-228e8988c9)
File Upload widget for jQuery
--------------------------------------------------------------------------------
Update Information:
Update to [
9.34.0](https://github.com/blueimp/jQuery-File-
Upload/compare/v9.31.0...v9.34.0).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 3 2019 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 9.34.0-1
- Update to 9.34.0 (#1723177).
--------------------------------------------------------------------------------
================================================================================
librsvg2-2.44.15-1.fc29 (FEDORA-2019-5fe7cfd056)
An SVG library based on cairo
--------------------------------------------------------------------------------
Update Information:
librsvg2 2.44.15 release: - Fix #11 - Respect the "direction" property for
bidirectional text (Khaled Hosny) - Fix #462 - Fix usage of std::f64::EPSILON
for Rust 1.28. - Fix #497 - Don't panic on paths with all-invalid commands - Fix
#496 - Ensure all lengths and angles parse as finite numbers - Fix #426 - Detect
files vs. URIs in rsvg_handle_new_from_file() on Windows - Fix a memory leak in
the test suite.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 3 2019 Kalev Lember <klember(a)redhat.com> - 2.44.15-1
- Update to 2.44.15
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-2.2.1-17.20190829gitfb792ff.fc29 (FEDORA-2019-fef2650216)
Host/service/network monitoring program plugins for Nagios
--------------------------------------------------------------------------------
Update Information:
Update to latest git and fix release string to match again
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 29 2019 Stephen Smoogen <smooge(a)fedoraproject.org> -
2.2.1-17.20190829gitfb792ff
- Update to latest git and fix release string to match again
- check_ntp.pl was still getting installed as check_ntp. Fix BZ#1664981
- check_ntp.pl has ipv6 problem. Fix BZ#1731468
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
2.2.1-16.20180725git3429dad
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Mar 12 2019 Patrick Uiterwijk <puiterwijk(a)redhat.com> -
2.2.1-15.20180725git3429dad
- Update requirement for ps to procps
- Fix check_smtp certificate verification
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
2.2.1-15.20180725git3429dad
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jan 3 2019 Patrick Uiterwijk <puiterwijk(a)redhat.com> -
2.2.1-16.20180725git3429dad
- Fix check_smtp certificate verification
* Thu Dec 13 2018 Patrick Uiterwijk <puiterwijk(a)puiterwijk.org> -
2.2.1-15.20180725git3429dad
- Add upstream PR #428 to add PROXY protocol support to check_smtp
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1664981 - nagios-plugins-ntp contains old perl script instead of compiled
binary check_ntp
https://bugzilla.redhat.com/show_bug.cgi?id=1664981
[ 2 ] Bug #1731468 - check_ntp has too strict regexp for hostnames
https://bugzilla.redhat.com/show_bug.cgi?id=1731468
--------------------------------------------------------------------------------
================================================================================
purple-telegram-1.4.2-1.fc29 (FEDORA-2019-5f0928bb3b)
Libpurple protocol plugin for Telegram support
--------------------------------------------------------------------------------
Update Information:
* Support ancient glib (See #501) * Update translations. Thanks to the following
people: Eduardo Tr��pani etrapani(a)gmail.com (es) Olesya Gerasimenko
gammaray(a)basealt.ru (ru) * Fix: Handle forwarded messages and captioned images
better * Fix: Handle replies better * Fix: Images in own messages * Fix: Remove
some of the duplicate messages seen (Maybe fixes #258?)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 3 2019 Jiri Eischmann <eischmann(a)redhat.com> - 1.4.2-1
- Update to 1.4.2
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1747645 - purple-telegram-1.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1747645
--------------------------------------------------------------------------------
================================================================================
python-ipdb-0.12.2-1.fc29 (FEDORA-2019-c0840b7b85)
IPython enabled Python debugger
--------------------------------------------------------------------------------
Update Information:
Upgrade to [
0.12.2](https://github.com/gotcha/ipdb/blob/0.12.2/HISTORY.txt).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 3 2019 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 0.12.2-1
- Update to 0.12.2 (#1742353).
-
https://github.com/gotcha/ipdb/blob/0.12.2/HISTORY.txt
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1742353 - python-ipdb-0.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1742353
--------------------------------------------------------------------------------
================================================================================
python-mako-1.1.0-1.fc29 (FEDORA-2019-fe96cc593b)
Mako template library for Python
--------------------------------------------------------------------------------
Update Information:
Update to
[
1.1.0](https://docs.makotemplates.org/en/latest/changelog.html#change-1.1.0).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 3 2019 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 1.1.0-1
- Update to 1.1.0 (#1725969).
-
https://docs.makotemplates.org/en/latest/changelog.html#change-1.1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1725969 - python-mako-1.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1725969
--------------------------------------------------------------------------------
================================================================================
samba-4.9.13-0.fc29 (FEDORA-2019-eb1e982800)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
Update Information:
Update to Samba 4.9.13 - Security fixes for CVE-2019-10197 ---- Update to
Samba 4.9.12
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 3 2019 Guenther Deschner <gdeschner(a)redhat.com> - 4.9.13-0
- Update to Samba 4.9.13
- resolves: #1746225, #1748308 - Security fixes for CVE-2019-10197
* Tue Aug 27 2019 Guenther Deschner <gdeschner(a)redhat.com> - 4.9.12-0
- Update to Samba 4.9.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1746225 - CVE-2019-10197 samba: Combination of parameters and permissions can
allow user to escape from the share path definition.
https://bugzilla.redhat.com/show_bug.cgi?id=1746225
--------------------------------------------------------------------------------
================================================================================
systemd-239-14.git33ccd62.fc29 (FEDORA-2019-8a7dfdf1f3)
System and Service Manager
--------------------------------------------------------------------------------
Update Information:
- Security issue: unprivileged users were allowed to change DNS servers
configured in systemd-resolved (CVE-2019-15718) - hwdb entries for keyboards are
updated to the latest version (#1725717) No need to log out or reboot.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 3 2019 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
239-14.git33ccd62
- Security issue: unprivileged users were allowed to change DNS
servers configured in systemd-resolved.
- hwdb entries for keyboards are updated to the latest version (#1725717)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1725717 - Update 60-keyboard.hwdb to the latest upstream version
https://bugzilla.redhat.com/show_bug.cgi?id=1725717
--------------------------------------------------------------------------------