The following Fedora 35 Security updates need testing:
Age URL
83
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e85e6cfc9
libdxfrw-1.0.1-3.fc35 librecad-2.2.0-0.13.rc3.fc35
75
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3759ebabd2 git-2.35.3-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87047f163
podman-3.4.7-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ad26447c98
epiphany-41.4-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-61f6ee6353 usd-21.11-11.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f6e24d96b6 esh-0.3.2-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bc606b86f4
CuraEngine-4.13.1-2.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0f14e2308e
chromium-100.0.4896.127-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a3e03a200b
freerdp-2.7.0-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-4e6bd7ca62
recutils-1.9-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1b9f9b2993
suricata-6.0.5-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8cf0124add
ruby-3.0.4-153.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0985b0cb9f
mingw-freetype-2.11.0-2.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
37
https://bodhi.fedoraproject.org/updates/FEDORA-2022-925ac7bfff
gnome-shell-41.5-1.fc35 mutter-41.5-1.fc35
14
https://bodhi.fedoraproject.org/updates/FEDORA-2022-59b61235bf
binutils-2.37-17.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7c355d4e9b
fwupd-efi-1.3-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-17ba61ca06
libguestfs-1.48.1-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3759ebabd2 git-2.35.3-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fff31008f6
langtable-0.0.58-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fd04a43eb1 rtkit-0.11-30.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-15778e49e1
libhandy-1.4.1-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-13c66e33b1 inih-55-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bdfcd4f5d3
libtpms-0.9.4-0.20220425gite4d68670e1.fc35.0
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0c44eb0df4
python-rpmautospec-0.2.6-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a3e03a200b
freerdp-2.7.0-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5c64120636
samba-4.15.7-0.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e4a46d0bd0
livecd-tools-30.0-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e3046139e5
gnutls-3.7.4-1.fc35
The following builds have been pushed to Fedora 35 updates-testing
bitcoin-core-23.0-1.fc35
cockpit-machines-267-1.fc35
cockpit-podman-47-1.fc35
curl-7.79.1-2.fc35
distrobox-1.2.15-1.fc35
gnome-desktop3-41.6-1.fc35
knot-3.1.8-1.fc35
php-symfony4-4.4.41-1.fc35
pipewire-0.3.51-1.fc35
python-dns-lexicon-3.9.5-3.fc35
redis-6.2.7-1.fc35
rstudio-2022.02.2+485-1.fc35
Details about builds:
================================================================================
bitcoin-core-23.0-1.fc35 (FEDORA-2022-4a28211cb9)
Peer to Peer Cryptographic Currency
--------------------------------------------------------------------------------
Update Information:
Update to 23.0.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 26 2022 Simone Caronni <negativo17(a)gmail.com> - 23.0-1
- Update to 23.0.
--------------------------------------------------------------------------------
================================================================================
cockpit-machines-267-1.fc35 (FEDORA-2022-6a723bb16e)
Cockpit user interface for virtual machines
--------------------------------------------------------------------------------
Update Information:
- Tests improvements and stabilization
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 28 2022 Jelle van der Waa <jvanderwaa(a)redhat.com> - 267-1
- Tests improvements and stabilization
--------------------------------------------------------------------------------
================================================================================
cockpit-podman-47-1.fc35 (FEDORA-2022-ab108a14c9)
Cockpit component for Podman containers
--------------------------------------------------------------------------------
Update Information:
- Translation updates
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 28 2022 Jelle van der Waa <jvanderwaa(a)redhat.com> - 47-1
- Translation updates
--------------------------------------------------------------------------------
================================================================================
curl-7.79.1-2.fc35 (FEDORA-2022-411f088574)
A utility for getting files from remote servers (FTP, HTTP, and others)
--------------------------------------------------------------------------------
Update Information:
- fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on
redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 28 2022 Kamil Dudka <kdudka(a)redhat.com> - 7.79.1-2
- fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix bad local IPv6 connection reuse (CVE-2022-27775)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2079167 - CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2079167
[ 2 ] Bug #2079169 - CVE-2022-27774 curl: credential leak on redirect [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2079169
[ 3 ] Bug #2079171 - CVE-2022-27775 curl: bad local IPv6 connection reuse [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2079171
[ 4 ] Bug #2079174 - CVE-2022-27776 curl: auth/cookie leak on redirect [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2079174
--------------------------------------------------------------------------------
================================================================================
distrobox-1.2.15-1.fc35 (FEDORA-2022-6e06bb0251)
Another tool for containerized command line environments on Linux
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.15
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 28 2022 Alessio <alciregi(a)fedoraproject.org> 1.2.15-1
- Update to 1.2.15
--------------------------------------------------------------------------------
================================================================================
gnome-desktop3-41.6-1.fc35 (FEDORA-2022-ebbb164e88)
Library with common API for various GNOME modules
--------------------------------------------------------------------------------
Update Information:
Update to 41.6
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 28 2022 David King <amigadave(a)amigadave.com> - 41.6-1
- Update to 41.6
--------------------------------------------------------------------------------
================================================================================
knot-3.1.8-1.fc35 (FEDORA-2022-bc6615850f)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Update to bugfix 3.1.8
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 28 2022 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 3.1.8-1
- Update to 3.1.8
--------------------------------------------------------------------------------
================================================================================
php-symfony4-4.4.41-1.fc35 (FEDORA-2022-a9329e008c)
Symfony PHP framework (version 4)
--------------------------------------------------------------------------------
Update Information:
**Version 4.4.41** (2022-04-27) * bug #46154 [Mailer] Restore X-Transport
after failure (zenas1210) * bug #46171 [VarDumper] Fix dumping floats on PHP8
(nicolas-grekas) * bug #46170 Fix dumping enums on PHP 8.2 (nicolas-grekas) *
bug #46143 [Cache] Prevent fatal errors on php 8 when running concurrently with
TagAwareAdapter v6.1 (sbelyshkin) * bug #46149 Modify processing of uploaded
files to be compatible with PHP 8.1 (p-golovin) * bug #46125 [FrameworkBundle]
Always add CacheCollectorPass (fancyweb) * bug #46121 Fix "Notice: Undefined
index: headers" in messenger with Oracle (rjd22) * bug #45980 [Finder] Add
support of no-capture regex modifier in MultiplePcreFilterIterator (available
from PHP 8.2) (alexandre-daubois) * bug #46008 [Workflow] Catch error when
trying to get an uninitialized marking (lyrixx) * bug #40998 [Form] Use
reference date in reverse transform (KDederichs) * bug #46012 [HttpKernel] Fix
Symfony not working on SMB share (qinshuze) * bug #45992 [Mailer] Return-Path
has higher priority for envelope address than From address (tpetry) * bug
#45998 [HttpClient] Fix sending content-length when streaming the body (nicolas-
grekas) * bug #45565 Fix table header seperator wrapping (alamirault) * bug
#45968 [Intl] Update the ICU data to 71.1 - 4.4 (jderusse) * bug #45947
[FrameworkBundle] [Command] Fix `debug:router --no-interaction` error ���
(WilliamBoulle) * bug #45931 [Process] Fix Process::getEnv() when setEnv()
hasn't been called before (asika32764) * bug #45928 [ExpressionLanguage] Fix
matching null against a regular expression (ausi)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 28 2022 Remi Collet <remi(a)remirepo.net> - 4.4.41-1
- update to 4.4.41
- allow doctrine/persistence 3
--------------------------------------------------------------------------------
================================================================================
pipewire-0.3.51-1.fc35 (FEDORA-2022-c97f809fb2)
Media Sharing Server
--------------------------------------------------------------------------------
Update Information:
Update version to 0.3.51
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 28 2022 Wim Taymans <wtaymans(a)redhat.com> - 0.3.51-1
- Update version to 0.3.51
--------------------------------------------------------------------------------
================================================================================
python-dns-lexicon-3.9.5-3.fc35 (FEDORA-2022-66769d0735)
Manipulate DNS records on various DNS providers in a standardized/agnostic way
--------------------------------------------------------------------------------
Update Information:
Add gransy and ddns extra packages
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 28 2022 Christian Schuermann <spike(a)fedoraproject.org> 3.9.5-3
- Add "tests" conditional to make tests optional on EPEL
- Ensure that BuildRequires resolve correctly and only relevant tests run when building
without extras
* Tue Apr 26 2022 Christian Schuermann <spike(a)fedoraproject.org> 3.9.5-2
- Reenable tests for GoDady, Transip, Namecheap and NamecheapManaged providers
- Add gransy and ddns extra packages
- Remove explicit BuildRequires (handled by the pyproject_buildrequires macro)
- Remove explicit extra package Requires (handled by automatic dependency generator)
- Remove unused rhel7 macro
* Tue Apr 19 2022 Christian Schuermann <spike(a)fedoraproject.org> 3.9.5-1
- update to 3.9.5
--------------------------------------------------------------------------------
================================================================================
redis-6.2.7-1.fc35 (FEDORA-2022-44373f6778)
A persistent key-value database
--------------------------------------------------------------------------------
Update Information:
**Redis 6.2.7** - Released Wed Apr 27 12:00:00 IDT 2022 Upgrade urgency:
**SECURITY**, contains fixes to security issues. Security Fixes: *
(CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis. [reported by
Aviv Yahav]. * (CVE-2022-24735) By exploiting weaknesses in the Lua script
execution environment, an attacker with access to Redis can inject Lua code
that will execute with the (potentially higher) privileges of another Redis
user. [reported by Aviv Yahav]. Potentially Breaking Fixes * LPOP/RPOP with
count against non-existing list return null array (#10095) * LPOP/RPOP used to
produce wrong replies when count is 0 (#9692) Performance and resource
utilization improvements * Speed optimization in command execution pipeline
(#10502) * Fix regression in Z[REV]RANGE commands (by-rank) introduced in Redis
6.2 (#10337) Platform / toolchain support related improvements * Fix RSS
metrics on NetBSD and OpenBSD (#10116, #10149) * Fix OpenSSL 3.0.x related
issues (#10291) Bug Fixes * Lua: Add checks for min-slave-* configs when
evaluating Lua scripts (#10160) * Lua: fix crash on a script call with many
arguments, a regression in v6.2.6 (#9809) * Tracking: Make invalidation messages
always after command's reply (#9422) * Fix excessive stream trimming due to an
overflow (#10068) * Add missed error counting for INFO errorstats (#9646) * Fix
geo search bounding box check causing missing results (#10018) * Improve EXPIRE
TTL overflow detection (#9839) * Modules: Fix thread safety violation when a
module thread adds an error reply, broken in 6.2 (#10278) * Modules: Fix missing
and duplicate error stats (#10278) * Module APIs: release clients blocked on
module commands in cluster resharding and down state (#9483) * Sentinel: Fix
memory leak with TLS (#9753) * Sentinel: Fix issues with hostname support
(#10146) * Sentinel: Fix election failures on certain container environments
(#10197)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 28 2022 Remi Collet <remi(a)remirepo.net> - 6.2.7-1
- Upstream 6.2.7 release.
* Wed Nov 3 2021 Remi Collet <remi(a)remirepo.net> - 6.2.6-2
- use proper license in dec/devel sub-packages
--------------------------------------------------------------------------------
================================================================================
rstudio-2022.02.2+485-1.fc35 (FEDORA-2022-fc6f4bc672)
RStudio base package
--------------------------------------------------------------------------------
Update Information:
Update to 2022.02.2+485
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 28 2022 I��aki ��car <iucar(a)fedoraproject.org> - 2022.02.2+485-1
- Update to 2022.02.2+485
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2079686 - rstudio-2022.02.2+485 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2079686
--------------------------------------------------------------------------------