The following Fedora 27 Security updates need testing:
Age URL
196
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27
128
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408
dpdk-17.08.2-1.fc27
91
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01
nodejs-brace-expansion-1.1.11-1.fc27
82
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219
unrtf-0.21.9-8.fc27
59
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750
mailman-2.1.21-9.fc27
59
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1
openslp-2.0.0-15.fc27
16
https://bodhi.fedoraproject.org/updates/FEDORA-2018-21ffebf41c
tomcat-8.0.53-1.fc27
16
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8533a3ef1
unixODBC-2.3.7-1.fc27
16
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7051d682fa
ntp-4.2.8p12-1.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e914e7a9e2
chromium-68.0.3440.106-3.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fac5420dd1
obs-build-20180816-291.1.1.fc27 osc-0.163.0-237.1.1.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3a3c660bfa
community-mysql-5.7.23-1.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-11ed8d95e2
libxkbcommon-0.8.2-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fe437a98d6
dolphin-emu-5.0-24.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f56ded11c4
openssh-7.6p1-6.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f0b7d1251
tcpflow-1.5.0-2.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7626df1731 yara-3.8.1-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6121f427e5 godot-3.0.6-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a42eb4ac61
python-pycryptodomex-3.6.6-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-236b486e01
capstone-3.0.5-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-28447b6f2e
ghostscript-9.22-5.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a94668408d
mod_perl-2.0.10-9.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c1ef35a4f9 glibc-2.26-30.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bb7f3f7ecf gd-2.2.5-6.fc27
The following Fedora 27 Critical Path updates have yet to be approved:
Age URL
112
https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27
mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1
72
https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93
upower-0.99.8-1.fc27
36
https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e
geoclue2-2.4.11-1.fc27
16
https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c3deae24
iproute-4.17.0-1.fc27
14
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9320eeea0a
pungi-4.1.27-1.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-344f454318 sssd-1.16.3-2.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6499677be6
firefox-61.0.2-3.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-90a16ffef6
ostree-2018.7-1.fc27 flatpak-builder-1.0.0-1.fc27 flatpak-1.0.0-1.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-91f97e9d4f
glusterfs-3.12.13-1.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a39edb9f02
kernel-headers-4.17.19-1.fc27 kernel-tools-4.17.19-100.fc27 kernel-4.17.19-100.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-11ed8d95e2
libxkbcommon-0.8.2-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f56ded11c4
openssh-7.6p1-6.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-53d71963af vim-8.1.328-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7c8794e690
perl-PathTools-3.75-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c1ef35a4f9 glibc-2.26-30.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c223c11259
libldb-1.3.2-2.fc27.1.2.3 samba-4.7.10-0.fc27
The following builds have been pushed to Fedora 27 updates-testing
R-littler-0.3.4-1.fc27
buku-3.9-1.fc27
dmlite-1.10.4-2.fc27
dokuwiki-20180422a-2.fc27
fbreader-0.99.4-2.fc27
iniparser-4.0-7.20160821git.fc27
js-jsroot-5.5.1-1.fc27
keepassxc-2.3.4-1.fc27
libs3-4.1-0.1.20180821gita4d873f.fc27
pango-1.40.14-3.fc27
perl-Net-DNS-SEC-1.10-1.fc27
redhat-rpm-config-79-1.fc27
yum-utils-1.1.31-514.fc27
Details about builds:
================================================================================
R-littler-0.3.4-1.fc27 (FEDORA-2018-f4597d89ea)
littler: R at the Command-Line via 'r'
--------------------------------------------------------------------------------
Update Information:
littler 0.3.4 (mainly updates to examples).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 31 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.3.4-1
- New upstream release 0.3.4
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.3-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 10 2018 Pete Walter <pwalter(a)fedoraproject.org> - 0.3.3-5
- Rebuild for ICU 62
* Fri May 18 2018 Tom Callaway <spot(a)fedoraproject.org> - 0.3.3-4.1
- actually rebuild against R 3.5.0
--------------------------------------------------------------------------------
================================================================================
buku-3.9-1.fc27 (FEDORA-2018-ef60901785)
Powerful command-line bookmark manager
--------------------------------------------------------------------------------
Update Information:
Release 3.9
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 30 2018 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 3.9-1
- Release 3.9
--------------------------------------------------------------------------------
================================================================================
dmlite-1.10.4-2.fc27 (FEDORA-2018-1e57f29c7c)
Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:
Bugfixes and improvements, in particular to service stability and space
management. ---- Bugfixes and improvements, in particular to service stability
and space management. ---- Fix for domeadapter configuration.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 30 2018 Oliver Keeble <oliver.keeble(a)cern.ch> - 1.10.4-2
- Update dmlite-shell deps
* Mon Aug 27 2018 Oliver Keeble <oliver.keeble(a)cern.ch> - 1.10.4-1
- New upstream release 1.10.4
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.10.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 7 2018 Oliver Keeble <oliver.keeble(a)cern.ch> - 1.10.3-1
- New upstream release
* Thu Apr 19 2018 Andrea Manzi <amanzi(a)cern.ch> - 1.10.2-1
- new upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1603802 - dmlite: FTBFS in Fedora rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1603802
--------------------------------------------------------------------------------
================================================================================
dokuwiki-20180422a-2.fc27 (FEDORA-2018-a1bd27f59b)
Standards compliant simple to use wiki
--------------------------------------------------------------------------------
Update Information:
Fix Requires: ("python2-policycoreutils" is called
"policycoreutils-python" in
F27) ---- Update to upstream version 2018-04-22a
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 30 2018 Artur Iwicki <fedora(a)svgames.pl> - 20180422a-2
- Change dokuwiki-selinux Requires: ("python2-policycoreutils" is called
"policycoreutils-python" in F27)
* Sat Aug 25 2018 Artur Iwicki <fedora(a)svgames.pl> - 20180422a-1
- Change the versioning scheme
* Mon Aug 20 2018 Artur Iwicki <fedora(a)svgames.pl> - 0-0.32.20180422a
- Remove the "Group:" tag (no longer used in Fedora)
- Replace the hand-written %releasetag with one generated from %releasenum
* Fri Jul 13 2018 Peter 'Pessoft' Kol��nek <fedora(a)pessoft.com> -
0-0.31.20180422a
- Update to the latest stable upstream 2018-04-22a "Greebo" (#1390291:
CVE-2016-7964, CVE-2016-7965, CVE-2017-12583, CVE-2017-12979, CVE-2017-12980,
CVE-2017-18123)
- Fix missing vendor directory issue (#1372948)
- Fix Apache config file for access to conf and bin
- Replace more bundled code in vendor directory with Fedora packages (lesserphp,
random_compat, phpseclib, simplepie)
- Fix source to HTTPS
* Fri Mar 30 2018 Iryna Shcherbina <ishcherb(a)redhat.com> - 0-0.30.20150810a
- Update Python 2 dependency declarations to new packaging standards
(See
https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390291 - CVE-2016-7964 CVE-2016-7965 CVE-2017-12583 CVE-2017-12979
CVE-2017-12980 CVE-2017-18123 dokuwiki: Various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1390291
[ 2 ] Bug #1372948 - Error 500 due to missing vendor directory
/usr/share/dokuwiki/vendor
https://bugzilla.redhat.com/show_bug.cgi?id=1372948
--------------------------------------------------------------------------------
================================================================================
fbreader-0.99.4-2.fc27 (FEDORA-2018-8d640a4e80)
E-book reader
--------------------------------------------------------------------------------
Update Information:
Updates to latest fbreader; simplify packaging now that only one GUI toolkit is
supported
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 30 2018 Michel Alexandre Salim <salimma(a)fedoraproject.org> - 0.99.4-2
- Exclude building on armv7hl (bz #1624218)
* Wed Aug 29 2018 Michel Alexandre Salim <salimma(a)fedoraproject.org> - 0.99.4-1
- Update to 0.99.4
- Obsolete zlibrary-ui-{gtk,qt} - only Qt4 is supported now
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.12.10-24
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.12.10-23
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 2 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.12.10-22
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.12.10-21
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.12.10-20
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Feb 3 2016 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.12.10-19
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1603949 - fbreader: FTBFS in Fedora rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1603949
--------------------------------------------------------------------------------
================================================================================
iniparser-4.0-7.20160821git.fc27 (FEDORA-2018-a2316e0baf)
C library for parsing "INI-style" files
--------------------------------------------------------------------------------
Update Information:
Security fix for BZ#1545825
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 31 2018 Robin Lee <cheeselee(a)fedoraproject.org> - 4.0-7.20160821git
- Backport fix for BZ#1545825
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
4.0-6.20160821git
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
4.0-5.20160821git
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1545824 - iniparser: stack-buffer-underflow in iniparser_load in iniparser.c
https://bugzilla.redhat.com/show_bug.cgi?id=1545824
--------------------------------------------------------------------------------
================================================================================
js-jsroot-5.5.1-1.fc27 (FEDORA-2018-c523cabd5b)
JavaScript ROOT - Interactive numerical data analysis graphics
--------------------------------------------------------------------------------
Update Information:
https://github.com/root-project/jsroot/blob/5.5.1/changes.md
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 30 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 5.5.1-1
- Update to version 5.5.1
--------------------------------------------------------------------------------
================================================================================
keepassxc-2.3.4-1.fc27 (FEDORA-2018-93e6e9b389)
Cross-platform password manager
--------------------------------------------------------------------------------
Update Information:
2.3.4 release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 29 2018 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 2.3.4-1
- Update to 2.3.4
* Thu Jul 19 2018 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 2.3.3-3
- Fix FTBFS
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.3.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1623294 - KeePassXC 2.3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1623294
--------------------------------------------------------------------------------
================================================================================
libs3-4.1-0.1.20180821gita4d873f.fc27 (FEDORA-2018-7359f568e2)
C Library and Tools for Amazon S3 Access
--------------------------------------------------------------------------------
Update Information:
libs3 4.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 31 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> -
4.1-0.1.20180821gita4d873f
- New github snapshot
* Mon Jul 16 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> -
4.0-0.6.20170206git208bcba
- Add BuildRequires on gcc
- Packaging updates
- Remove Group and BuildRoot tags
- Don't clear the buildroot in the install section
- Remove the clean section
- Install license in licensedir
- Use new ldconfig scriptlets macro
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
4.0-0.5.20170206git208bcba
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
4.0-0.4.20170206git208bcba
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
pango-1.40.14-3.fc27 (FEDORA-2018-83116f8692)
System for layout and rendering of internationalized text
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2018-15120
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 31 2018 Peng Wu <pwu(a)redhat.com> - 1.40.14-3
- Security fix for CVE-2018-15120
* Fri Aug 31 2018 Peng Wu <pwu(a)redhat.com> - 1.40.14-2
- Fixes crash with invalid Unicode sequences
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1613550 - CVE-2018-15120 pango: application crash triggered by unicode chars
in pango-emoji.c
https://bugzilla.redhat.com/show_bug.cgi?id=1613550
--------------------------------------------------------------------------------
================================================================================
perl-Net-DNS-SEC-1.10-1.fc27 (FEDORA-2018-f632ec12b9)
DNSSEC modules for Perl
--------------------------------------------------------------------------------
Update Information:
Update to 1.10
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 31 2018 Paul Wouters <pwouters(a)redhat.com> - 1.10-1
- Update to 1.10
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.09-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 29 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.09-2
- Perl 5.28 rebuild
* Thu Jun 21 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.09-1
- 1.09 bump
* Wed May 30 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.08-1
- 1.08 bump
* Tue Mar 20 2018 Wes Hardaker <wjhns174(a)hardakers.net> - 1.05-1
- 1.05 bump
* Fri Feb 16 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.04-1
- 1.04 bump
--------------------------------------------------------------------------------
================================================================================
redhat-rpm-config-79-1.fc27 (FEDORA-2018-ec50f052bf)
Red Hat specific rpm configuration files
--------------------------------------------------------------------------------
Update Information:
Allow overriding the date in forge's dist macro.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 31 2018 Fabio Valentini <decathorpe(a)gmail.com> - 79-1
- Allow overriding the date in forge's dist macro.
--------------------------------------------------------------------------------
================================================================================
yum-utils-1.1.31-514.fc27 (FEDORA-2018-3aafb854a9)
Utilities based around the yum package manager
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2018-10897
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 31 2018 Michal Domonkos <mdomonko(a)redhat.com> - 1.1.31-514
- reposync: prevent path traversal (CVE-2018-10897)
- Resolves: bug#1600454
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1600221 - CVE-2018-10897 yum-utils: reposync: improper path validation may
lead to directory traversal
https://bugzilla.redhat.com/show_bug.cgi?id=1600221
--------------------------------------------------------------------------------