The following Fedora 33 Security updates need testing:
Age URL
140
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c shim-15.4-1
12
https://bodhi.fedoraproject.org/updates/FEDORA-2021-52c89b44a9
c-ares-1.17.2-1.fc33
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-ca8368f328
firefox-91.0.1-2.fc33
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e2e12e5d7
condor-8.8.15-2.fc33
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-8d0e5b3cd8 apr-1.7.0-7.fc33
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-301dfb76b3
grilo-0.3.13-3.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-45ba66bd29 php-7.4.23-1.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c6393c7540
libopenmpt-0.4.23-1.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-91d42ce83e
libss7-2.0.1-1.fc33
The following Fedora 33 Critical Path updates have yet to be approved:
Age URL
158
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb
PackageKit-1.2.3-1.fc33
94
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4797e362b3 abrt-2.14.6-1.fc33
libreport-2.15.1-1.fc33 satyr-0.37-2.fc33
13
https://bodhi.fedoraproject.org/updates/FEDORA-2021-127aaf73b9
redhat-rpm-config-176-3.fc33
13
https://bodhi.fedoraproject.org/updates/FEDORA-2021-b2258fdd54
libwebp-1.2.1-1.fc33 mingw-libwebp-1.2.1-1.fc33
12
https://bodhi.fedoraproject.org/updates/FEDORA-2021-52c89b44a9
c-ares-1.17.2-1.fc33
12
https://bodhi.fedoraproject.org/updates/FEDORA-2021-1b2b627990
langtable-0.0.56-1.fc33
12
https://bodhi.fedoraproject.org/updates/FEDORA-2021-da17110288
shadow-utils-4.8.1-7.fc33
10
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4ccf3840ed
gnome-shell-3.38.6-1.fc33 mutter-3.38.6-1.fc33
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-bedd78e3b7
linux-firmware-20210818-122.fc33
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-ca8368f328
firefox-91.0.1-2.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-28fca597fb
pango-1.48.4-2.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4d40916a30 koji-1.26.0-1.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-1c6780325b
thunderbird-91.0.3-1.fc33
The following builds have been pushed to Fedora 33 updates-testing
autossh-1.4g-7.fc33
bottles-2021.8.28-1.fc33
kakoune-2021.08.28-1.fc33
kernel-5.13.13-100.fc33
libcint-4.4.5-1.fc33
logwatch-7.5.6-2.fc33
mame-0.235-1.fc33
qcint-4.4.5-1.fc33
qdigidoc-4.2.9-1.fc33
squashfs-tools-4.5-2.fc33
xen-4.14.2-3.fc33
Details about builds:
================================================================================
autossh-1.4g-7.fc33 (FEDORA-2021-aec17fd6e2)
Utility to autorestart SSH tunnels
--------------------------------------------------------------------------------
Update Information:
Fix service template related scriptlet failure (#1996234)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 28 2021 Alexander Bostr��m <abo(a)root.snowtree.se> - 1.4g-7
- Fix service template related scriptlet failure (#1996234)
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4g-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 1.4g-5
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4g-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1996234 - Error on autossh package rpm scriptlet for systemd unit file
https://bugzilla.redhat.com/show_bug.cgi?id=1996234
--------------------------------------------------------------------------------
================================================================================
bottles-2021.8.28-1.fc33 (FEDORA-2021-c0af60c31e)
Easily manage Wine prefix in a new way
--------------------------------------------------------------------------------
Update Information:
Update to 2021.8.28
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 28 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 2021.8.28-1
- build(update): 2021.8.28
--------------------------------------------------------------------------------
================================================================================
kakoune-2021.08.28-1.fc33 (FEDORA-2021-0149eadb4b)
Code editor heavily inspired by Vim
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 28 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 2021.08.28-1
- build(update): 2021.08.28
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
2020.09.01-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
2020.09.01-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Oct 14 2020 Jeff Law <law(a)gmail.com> - 2020.09.01-1
- Fix missing #includes for gcc-11
--------------------------------------------------------------------------------
================================================================================
kernel-5.13.13-100.fc33 (FEDORA-2021-bc597db173)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 5.13.13 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 26 2021 Justin M. Forbes <jforbes(a)fedoraproject.org> [5.13.13-100]
- kernel-5.13.13-0 (Justin M. Forbes)
--------------------------------------------------------------------------------
================================================================================
libcint-4.4.5-1.fc33 (FEDORA-2021-8f6d24a2bd)
General Gaussian-type orbitals integrals for quantum chemistry
--------------------------------------------------------------------------------
Update Information:
Fix bug in qcint that led to incorrect results. ---- Fix Cartesian-spherical
and Cartesian-spinor transformation coefficients.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 28 2021 Susi Lehtola <jussilehtola(a)fedoraproject.org> - 4.4.5-1
- Update to 4.4.5.
* Thu Aug 12 2021 Susi Lehtola <jussilehtola(a)fedoraproject.org> - 4.4.4-1
- Update to 4.4.4.
--------------------------------------------------------------------------------
================================================================================
logwatch-7.5.6-2.fc33 (FEDORA-2021-364c6881dc)
Analyzes and Reports on system logs
--------------------------------------------------------------------------------
Update Information:
Match minor change in systemd
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 28 2021 Frank Crawford <frank(a)crawford.emu.id.au> - 7.5.6-2
- Match minor change in systemd
--------------------------------------------------------------------------------
================================================================================
mame-0.235-1.fc33 (FEDORA-2021-d8ec29c11f)
Multiple Arcade Machine Emulator
--------------------------------------------------------------------------------
Update Information:
An update to the latest upstream release: *
https://www.mamedev.org/?p=503
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 27 2021 Julian Sikorski <belegdol(a)fedoraproject.org> 0.235-1
- Update to 0.235
--------------------------------------------------------------------------------
================================================================================
qcint-4.4.5-1.fc33 (FEDORA-2021-8f6d24a2bd)
An optimized libcint branch for X86 platform with SSE3 intrinsics
--------------------------------------------------------------------------------
Update Information:
Fix bug in qcint that led to incorrect results. ---- Fix Cartesian-spherical
and Cartesian-spinor transformation coefficients.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 28 2021 Susi Lehtola <jussilehtola(a)fedoraproject.org> - 4.4.5-1
- Update to 4.4.5.
* Thu Aug 12 2021 Susi Lehtola <jussilehtola(a)fedoraproject.org> - 4.4.4-1
- Update to 4.4.4.
--------------------------------------------------------------------------------
================================================================================
qdigidoc-4.2.9-1.fc33 (FEDORA-2021-733b2cf800)
Estonian digital signature and encryption application
--------------------------------------------------------------------------------
Update Information:
- Upstream release 4.2.9
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 27 2021 Dmitri Smirnov <dmitri(a)smirnov.ee> - 4.2.9-1
- Upstream release 4.2.9
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.2.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
squashfs-tools-4.5-2.fc33 (FEDORA-2021-372114906d)
Utility for the creation of squashfs filesystems
--------------------------------------------------------------------------------
Update Information:
4.5 release (includes security fix for CVE-2021-40153)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 26 2021 Bruno Wolff III <bruno(a)wolff.to> - 4.5-2
- Fix for sparse fragment bug 1985561
* Fri Jul 23 2021 Bruno Wolff III <bruno(a)wolff.to> - 4.5-1
- First crack at 4.5 release
- Man pages still need significant work
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
4.4-5.git1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Nov 14 2020 Bruno Wolff III <bruno(a)wolff.to> - 4.4-4.git1
- Gating tests failed and unable to rerun them
* Wed Nov 11 2020 Bruno Wolff III <bruno(a)wolff.to> - 4.4-3.git1
- New upstream release with a minor fix
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1998621 - CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing
outside of destination
https://bugzilla.redhat.com/show_bug.cgi?id=1998621
--------------------------------------------------------------------------------
================================================================================
xen-4.14.2-3.fc33 (FEDORA-2021-4f129cc0c1)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
IOMMU page mapping issues on x86 [XSA-378, CVE-2021-28694, CVE-2021-28695,
CVE-2021-28696] (#1997531) (#1997568) (#1997537) grant table v2 status pages may
remain accessible after de-allocation [XSA-379, CVE-2021-28697] (#1997520) long
running loops in grant table handling [XSA-380, CVE-2021-28698] (#1997526)
inadequate grant-v2 status frames array bounds check [XSA-382, CVE-2021-28699]
(#1997523) xen/arm: No memory limit for dom0less domUs [XSA-383, CVE-2021-28700]
(#1997527) grub x86_64-efi modules now go into /boot/grub2
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 28 2021 Michael Young <m.a.young(a)durham.ac.uk> - 4.14.2-3
- IOMMU page mapping issues on x86 [XSA-378, CVE-2021-28694,
CVE-2021-28695, CVE-2021-28696] (#1997531) (#1997568)
(#1997537)
- grant table v2 status pages may remain accessible after de-allocation
[XSA-379, CVE-2021-28697] (#1997520)
- long running loops in grant table handling [XSA-380, CVE-2021-28698]
(#1997526)
- inadequate grant-v2 status frames array bounds check [XSA-382,
CVE-2021-28699] (#1997523)
- xen/arm: No memory limit for dom0less domUs [XSA-383, CVE-2021-28700]
(#1997527)
- grub x86_64-efi modules now go into /boot/grub2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1997519 - CVE-2021-28697 xen: malicious guest may be able to elevate its
privileges leads to DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1997519
[ 2 ] Bug #1997522 - CVE-2021-28699 xen: malicious guest kernel leads to DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1997522
[ 3 ] Bug #1997524 - CVE-2021-28698 xen: malicious kernels lead to DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1997524
[ 4 ] Bug #1997525 - CVE-2021-28700 xen: malicious dom0less guest could drive Xen out of
memory and leads to DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1997525
[ 5 ] Bug #1997529 - CVE-2021-28694 xen: failed to prevent guests from undoing/replacing
such mappings
https://bugzilla.redhat.com/show_bug.cgi?id=1997529
[ 6 ] Bug #1997535 - CVE-2021-28696 xen: physical device from a guest allowing to access
memory
https://bugzilla.redhat.com/show_bug.cgi?id=1997535
[ 7 ] Bug #1997567 - CVE-2021-28695 xen: discontinuous range is specified by firmware
leads to vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1997567
--------------------------------------------------------------------------------