The following Fedora 31 Security updates need testing:
Age URL
41
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c5ec22e14f libuv-1.39.0-1.fc31
nodejs-12.18.4-1.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd
freetype-2.10.0-4.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-88fb82d1cd lout-3.40-18.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-421f817e5f
java-11-openjdk-11.0.9.11-0.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-febe36c3ac
java-1.8.0-openjdk-1.8.0.272.b10-0.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-01dc2bc62c fastd-21-1.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-15a1bde727
kata-ksm-throttler-1.11.1-1.fc31.1
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-61fcf3ffc7
kata-osbuilder-1.11.1-1.fc31.1
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-193da8cf44
arpwatch-2.1a15-48.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1af9cd8c87
kata-shim-1.11.1-1.fc31.1
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d1ce381889
pngcheck-2.3.0-3.fc31
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8aca25b5c8
chromium-86.0.4240.111-1.fc31
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-53df1c05be
community-mysql-8.0.22-1.fc31
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e083225fa1
blueman-2.1.4-1.fc31
The following Fedora 31 Critical Path updates have yet to be approved:
Age URL
79
https://bodhi.fedoraproject.org/updates/FEDORA-2020-72bc7df001
libunwind-1.3.1-7.fc31
12
https://bodhi.fedoraproject.org/updates/FEDORA-2020-9bb2c6d5af ethtool-5.9-1.fc31
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d979670533 pcre-8.44-2.fc31
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-595197a38d
ceph-14.2.12-1.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-747b6fb156
linux-firmware-20201022-113.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd
freetype-2.10.0-4.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-517bc29c3f
vim-8.2.1885-1.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-43eb9f7d6a pcre2-10.35-8.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-df2ee7a68b
nfs-utils-2.5.2-0.fc31
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-27c0c43205
libbluray-1.2.1-1.fc31
The following builds have been pushed to Fedora 31 updates-testing
R-doMC-1.3.7-1.fc31
R-foreach-1.5.1-1.fc31
R-randomForest-4.6.14-1.fc31
crlfuzz-1.4.0-1.fc31
firefox-82.0.1-1.fc31
fzf-0.24.1-1.fc31
kernel-5.8.17-100.fc31
kicad-5.1.8-1.fc31
mariadb-10.3.25-1.fc31
mtools-4.0.25-1.fc31
mysql-connector-odbc-8.0.22-1.fc31
packit-0.19.0-1.fc31
perl-Graphics-TIFF-7-1.fc31
python-ogr-0.18.0-1.fc31
python-regex-2020.10.28-1.fc31
setzer-0.3.5-1.fc31
thunderbird-78.4.0-1.fc31
xen-4.12.3-7.fc31
xtl-0.6.21-1.fc31
Details about builds:
================================================================================
R-doMC-1.3.7-1.fc31 (FEDORA-2020-4d82b3bad3)
Foreach Parallel Adaptor for 'parallel'
--------------------------------------------------------------------------------
Update Information:
Disable bootstrap and run full tests
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889046 - Review Request: R-doMC - Foreach Parallel Adaptor for
'parallel'
https://bugzilla.redhat.com/show_bug.cgi?id=1889046
[ 2 ] Bug #1889047 - Review Request: R-randomForest - Breiman and Cutler's Random
Forests for Classification and Regression
https://bugzilla.redhat.com/show_bug.cgi?id=1889047
--------------------------------------------------------------------------------
================================================================================
R-foreach-1.5.1-1.fc31 (FEDORA-2020-4d82b3bad3)
Provides Foreach Looping Construct
--------------------------------------------------------------------------------
Update Information:
Disable bootstrap and run full tests
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889046 - Review Request: R-doMC - Foreach Parallel Adaptor for
'parallel'
https://bugzilla.redhat.com/show_bug.cgi?id=1889046
[ 2 ] Bug #1889047 - Review Request: R-randomForest - Breiman and Cutler's Random
Forests for Classification and Regression
https://bugzilla.redhat.com/show_bug.cgi?id=1889047
--------------------------------------------------------------------------------
================================================================================
R-randomForest-4.6.14-1.fc31 (FEDORA-2020-4d82b3bad3)
Breiman and Cutler's Random Forests for Classification and Regression
--------------------------------------------------------------------------------
Update Information:
Disable bootstrap and run full tests
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889046 - Review Request: R-doMC - Foreach Parallel Adaptor for
'parallel'
https://bugzilla.redhat.com/show_bug.cgi?id=1889046
[ 2 ] Bug #1889047 - Review Request: R-randomForest - Breiman and Cutler's Random
Forests for Classification and Regression
https://bugzilla.redhat.com/show_bug.cgi?id=1889047
--------------------------------------------------------------------------------
================================================================================
crlfuzz-1.4.0-1.fc31 (FEDORA-2020-73518ccaaf)
Tool to scan CRLF vulnerability
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
firefox-82.0.1-1.fc31 (FEDORA-2020-bcfc7810a7)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
- New upstream update (82.0.1) - Fixes fatal SHM allocation errors
(rhbz#1889251)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 28 2020 Martin Stransky <stransky(a)redhat.com> - 82.0.1-1
- Updated to 82.0.1
* Tue Oct 27 2020 Martin Stransky <stransky(a)redhat.com> - 82.0-8
- Added fix for mozbz#1673313
* Tue Oct 27 2020 Martin Stransky <stransky(a)redhat.com> - 82.0-7
- Added fix for rawhide crashes (rhbz#1891234)
* Sat Oct 24 2020 Martin Stransky <stransky(a)redhat.com> - 82.0-6
- Enable LTO
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1889251 - Firefox 81 crashes in
mozilla::widget::WaylandShmPool::WaylandShmPool
https://bugzilla.redhat.com/show_bug.cgi?id=1889251
[ 2 ] Bug #1891849 - Firefox 82.0.1 available
https://bugzilla.redhat.com/show_bug.cgi?id=1891849
--------------------------------------------------------------------------------
================================================================================
fzf-0.24.1-1.fc31 (FEDORA-2020-7e72399f39)
A command-line fuzzy finder written in Go
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 28 2020 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0.24.1-1
- Update to latest version (#1892504)
* Wed Oct 28 2020 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0.24.0-1
- Update to latest version (#1891744)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1891744 - fzf-0.24.0-1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1891744
[ 2 ] Bug #1892504 - fzf-0.24.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1892504
--------------------------------------------------------------------------------
================================================================================
kernel-5.8.17-100.fc31 (FEDORA-2020-09e4d062fe)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 5.8.17 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Justin M. Forbes <jforbes(a)fedoraproject.org> - 5.8.17-100
- Linux v5.8.17
- Fix CVE-2020-27675 (rhbz 1891114 1891115)
* Wed Oct 28 2020 Peter Robinson <pbrobinson(a)fedoraproject.org>
- Fixes for AllWinner wired network issues due to Realtek PHY driver change (rhbz
1889090)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1891114 - CVE-2020-27675 kernel: xen: race condition in event-channel removal
during the event-handling loop (XSA-331)
https://bugzilla.redhat.com/show_bug.cgi?id=1891114
--------------------------------------------------------------------------------
================================================================================
kicad-5.1.8-1.fc31 (FEDORA-2020-47d8627fec)
EDA software suite for creation of schematic diagrams and PCBs
--------------------------------------------------------------------------------
Update Information:
Update to 5.1.8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 28 2020 Steven A. Falco <stevenfalco(a)gmail.com> - 1:5.1.8-1
- Update to 5.1.8
--------------------------------------------------------------------------------
================================================================================
mariadb-10.3.25-1.fc31 (FEDORA-2020-b0ea9e2d33)
A very fast and robust SQL database server
--------------------------------------------------------------------------------
Update Information:
**MariaDB 10.3.25** Release notes:
https://mariadb.com/kb/en/mariadb-10325-release-notes/
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 26 2020 Michal Schorm <mschorm(a)redhat.com> - 10.3.25-1
- Rebase to 10.3.25
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1830119 - CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814
mariadb:10.3/mariadb: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1830119
[ 2 ] Bug #1843796 - CVE-2020-13249 mariadb:10.3/mariadb: mariadb-connector-c: Improper
validation of content in a OK packet received from server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1843796
[ 3 ] Bug #1846527 - CVE-2020-2780 mariadb:10.3/mariadb: mysql: Server: DML unspecified
vulnerability (CPU Apr 2020) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1846527
--------------------------------------------------------------------------------
================================================================================
mtools-4.0.25-1.fc31 (FEDORA-2020-eeb0523bd0)
Programs for accessing MS-DOS disks without mounting the disks
--------------------------------------------------------------------------------
Update Information:
Update to 4.0.25
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Vojtech Trefny <vtrefny(a)redhat.com> 4.0.25-1
- Update to 4.0.25
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1891226 - mtools-4.0.25 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1891226
--------------------------------------------------------------------------------
================================================================================
mysql-connector-odbc-8.0.22-1.fc31 (FEDORA-2020-a204efaa23)
ODBC driver for MySQL
--------------------------------------------------------------------------------
Update Information:
**MySQL Connector ODBC 8.0.22**
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Michal Schorm <mschorm(a)redhat.com> 8.0.22-1
- Rebase to 8.0.22
--------------------------------------------------------------------------------
================================================================================
packit-0.19.0-1.fc31 (FEDORA-2020-20fd7212d3)
A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:
New upstream release: 0.19.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Packit Service <user-cont-team+packit-service(a)redhat.com> -
0.19.0-1
- new upstream release: 0.19.0
--------------------------------------------------------------------------------
================================================================================
perl-Graphics-TIFF-7-1.fc31 (FEDORA-2020-97268d5e98)
Perl extension for the LibTIFF library
--------------------------------------------------------------------------------
Update Information:
This release fixes processing TIFFGetField for TIFFTAG_COLORMAP in the TIFF
format.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Petr Pisar <ppisar(a)redhat.com> - 7-1
- Version 7 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1891959 - perl-Graphics-TIFF-7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1891959
--------------------------------------------------------------------------------
================================================================================
python-ogr-0.18.0-1.fc31 (FEDORA-2020-18ec3ad17c)
One API for multiple git forges
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Packit Service <user-cont-team+packit-service(a)redhat.com> -
0.18.0-1
- new upstream release: 0.18.0
--------------------------------------------------------------------------------
================================================================================
python-regex-2020.10.28-1.fc31 (FEDORA-2020-b6a2314c74)
Alternative regular expression module, to replace re
--------------------------------------------------------------------------------
Update Information:
Update python-regex to the latest release. ---- Update python-regex to the
latest release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Thomas Moschny <thomas.moschny(a)gmx.de> - 2020.10.28-1
- Update to 2020.10.28.
* Wed Oct 28 2020 Thomas Moschny <thomas.moschny(a)gmx.de> - 2020.10.23-1
- Update to 2020.10.23.
--------------------------------------------------------------------------------
================================================================================
setzer-0.3.5-1.fc31 (FEDORA-2020-71a3489492)
LaTeX editor written in Python with Gtk
--------------------------------------------------------------------------------
Update Information:
Updating to 0.3.5
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Lyes Saadi <fedora(a)lyes.eu> - 0.3.5-1
- Updating to 0.3.5
- Fix #1888889
- Fix #1891239
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1888889 - [abrt] setzer: getmtime():
genericpath.py:55:getmtime:FileNotFoundError: [Errno 2] Aucun fichier ou dossier de ce
type: '/home/o/T��l��chargements/sample-paper.tex'
https://bugzilla.redhat.com/show_bug.cgi?id=1888889
[ 2 ] Bug #1891239 - [abrt] setzer: get_value(): settings.py:105:get_value:KeyError:
'font'
https://bugzilla.redhat.com/show_bug.cgi?id=1891239
[ 3 ] Bug #1892530 - setzer-0.3.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1892530
--------------------------------------------------------------------------------
================================================================================
thunderbird-78.4.0-1.fc31 (FEDORA-2020-1da8aa9dd3)
Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 22 2020 Jan Horak <jhorak(a)redhat.com> - 78.4.0-1
- Update to 78.4.0 build1
* Wed Oct 7 2020 Jan Horak <jhorak(a)redhat.com> - 78.3.1-2
- Reenable s390x
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1885769 - thunderbird-78.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1885769
--------------------------------------------------------------------------------
================================================================================
xen-4.12.3-7.fc31 (FEDORA-2020-42b44971a1)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
x86 PV guest INVLPG-like flushes may leave stale TLB entries [XSA-286,
CVE-2020-27674] (#1891092) ---- x86: Race condition in Xen mapping code
[XSA-345] undue deferral of IOMMU TLB flushes [XSA-346] unsafe AMD IOMMU page
table updates [XSA-347]
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Michael Young <m.a.young(a)durham.ac.uk> - 4.12.3-7
- x86 PV guest INVLPG-like flushes may leave stale TLB entries
[XSA-286, CVE-2020-27674] (#1891092)
* Tue Oct 20 2020 Michael Young <m.a.young(a)durham.ac.uk> - 4.12.3-6
- x86: Race condition in Xen mapping code [XSA-345, CVE-2020-27672]
(#1891097)
- undue deferral of IOMMU TLB flushes [XSA-346, CVE-2020-27671]
(#1891093)
- unsafe AMD IOMMU page table updates [XSA-347, CVE-2020-27670]
(#1891088)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1891087 - CVE-2020-27670 xen: unsafe AMD IOMMU page table updates (XSA-347)
https://bugzilla.redhat.com/show_bug.cgi?id=1891087
[ 2 ] Bug #1891089 - CVE-2020-27674 xen: x86 PV guest INVLPG-like flushes may leave
stale TLB entries (XSA-286)
https://bugzilla.redhat.com/show_bug.cgi?id=1891089
[ 3 ] Bug #1891091 - CVE-2020-27671 xen: undue deferral of IOMMU TLB flushes (XSA-346)
https://bugzilla.redhat.com/show_bug.cgi?id=1891091
[ 4 ] Bug #1891096 - CVE-2020-27672 xen: x86: race condition in Xen mapping code
(XSA-345)
https://bugzilla.redhat.com/show_bug.cgi?id=1891096
--------------------------------------------------------------------------------
================================================================================
xtl-0.6.21-1.fc31 (FEDORA-2020-fd28395531)
QuantStack tools library
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0.6.21-1
- Update to latest version (#1892529)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1892529 - xtl-0.6.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1892529
--------------------------------------------------------------------------------