The following Fedora 26 Security updates need testing:
Age URL
38
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01
python-XStatic-jquery-ui-1.12.0.1-2.fc26
22
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5cef2adff4
wireshark-2.2.6-1.fc26
18
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a7161eb173
squirrelmail-1.4.22-19.fc26
11
https://bodhi.fedoraproject.org/updates/FEDORA-2017-50b9370529 lynis-2.5.0-1.fc26
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f7849e04f4 smb4k-1.2.2-3.fc26
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a45fb81029
postgresql-9.6.3-1.fc26
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d5817efc0
mingw-postgresql-9.6.3-1.fc26
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1f3ee3bea6
chicken-4.12.0-2.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-edecdcb23e
deluge-1.3.15-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e9936d561b
pcmanfm-1.2.5-2.fc26 menu-cache-1.0.2-4.D20170514git56f6668459.fc26
lxterminal-0.3.0-3.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-60775d65bb
FlightGear-2017.1.3-2.fc26
The following Fedora 26 Critical Path updates have yet to be approved:
Age URL
53
https://bodhi.fedoraproject.org/updates/FEDORA-2017-90bcb067bf
fedora-release-26-0.6
10
https://bodhi.fedoraproject.org/updates/FEDORA-2017-39fb5cc3d5
python-productmd-1.7-1.fc26
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b2bcf2658d
nss-3.30.2-1.1.fc26
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f15d37502c
pungi-4.1.15-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8733e65d13 qemu-2.9.0-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-dcc53ddb5f
gnome-software-3.24.3-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-27fbf57af3
glib2-2.52.2-2.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-87b588310c ibus-1.5.16-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e9936d561b
pcmanfm-1.2.5-2.fc26 menu-cache-1.0.2-4.D20170514git56f6668459.fc26
lxterminal-0.3.0-3.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8962b314e9
v4l-utils-1.12.5-1.fc26
The following builds have been pushed to Fedora 26 updates-testing
FlightGear-2017.1.3-2.fc26
bcm283x-firmware-20170504-1.284e48a.fc26
collectl-4.1.3-1.fc26
eclipse-jgit-4.7.0-6.fc26
glib2-2.52.2-2.fc26
gnome-software-3.24.3-1.fc26
ibus-1.5.16-1.fc26
lightdm-settings-1.0.5-1.fc26
lxterminal-0.3.0-3.fc26
magic-8.1.166-1.fc26
mapserver-7.0.5-1.git208bb3a.fc26
menu-cache-1.0.2-4.D20170514git56f6668459.fc26
mint-x-icons-1.4.2-4.fc26
pcmanfm-1.2.5-2.fc26
perl-Archive-Tar-2.26-1.fc26
perl-Code-TidyAll-0.59-1.fc26
perl-Devel-PPPort-3.36-1.fc26
perl-Inline-C-0.77-1.fc26
perl-Net-HTTP-6.15-1.fc26
perl-Sys-Hostname-Long-1.5-8.fc26
php-alcaeus-mongo-php-adapter-1.1.0-1.fc26
php-egulias-email-validator-1.2.13-3.fc26
php-gitter-0.3.0-8.fc26
php-gliph-0.1.8-7.fc26
php-guzzlehttp-guzzle-5.3.1-3.fc26
php-guzzlehttp-ringphp-1.1.0-9.fc26
php-guzzlehttp-streams-3.0.0-9.fc26
php-mongodb-1.1.2-2.fc26
php-pecl-xdebug-2.5.4-1.fc26
php-phpmyadmin-motranslator-3.1-1.fc26
poedit-2.0.2-1.fc26
puzzle-master-2.5.3-1.fc26
qemu-2.9.0-1.fc26
qmapshack-1.8.1-1.fc26
udisks2-2.6.5-1.fc26
xfce4-terminal-0.8.5.1-1.fc26
Details about builds:
================================================================================
FlightGear-2017.1.3-2.fc26 (FEDORA-2017-60775d65bb)
The FlightGear Flight Simulator
--------------------------------------------------------------------------------
Update Information:
This updates fixes a security bug in the route manager, to prevent it from
overwriting arbitrary files (CVE-2017-8921)
--------------------------------------------------------------------------------
================================================================================
bcm283x-firmware-20170504-1.284e48a.fc26 (FEDORA-2017-c6043bfd36)
Broadcom bcm283x firmware for the Raspberry Pi
--------------------------------------------------------------------------------
Update Information:
Enable DMA driver in initrd, latest firmware update
--------------------------------------------------------------------------------
================================================================================
collectl-4.1.3-1.fc26 (FEDORA-2017-01a1a3a5db)
A utility to collect various Linux performance data
--------------------------------------------------------------------------------
Update Information:
- updated to 4.1.3 -
http://collectl.sourceforge.net/Releases.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450536 - collectl-4.1.3.src is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450536
--------------------------------------------------------------------------------
================================================================================
eclipse-jgit-4.7.0-6.fc26 (FEDORA-2017-e27bfddeb1)
Eclipse JGit
--------------------------------------------------------------------------------
Update Information:
Installs ant configuration to allow using jgit from ant-based build scripts.
--------------------------------------------------------------------------------
================================================================================
glib2-2.52.2-2.fc26 (FEDORA-2017-27fbf57af3)
A library of handy utility functions
--------------------------------------------------------------------------------
Update Information:
This update adds an upstream patch to fix issues with main loop wakeup in qemu
and timedatex.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438539 - Include conditional_wakeup fix in glib2
https://bugzilla.redhat.com/show_bug.cgi?id=1438539
[ 2 ] Bug #1450628 - timedatex high CPU usage
https://bugzilla.redhat.com/show_bug.cgi?id=1450628
--------------------------------------------------------------------------------
================================================================================
gnome-software-3.24.3-1.fc26 (FEDORA-2017-dcc53ddb5f)
A software center for GNOME
--------------------------------------------------------------------------------
Update Information:
Fix a common crash when installing flatpakrepo files
--------------------------------------------------------------------------------
================================================================================
ibus-1.5.16-1.fc26 (FEDORA-2017-87b588310c)
Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:
Bumped to 1.5.16. - The translations are integrated.
--------------------------------------------------------------------------------
================================================================================
lightdm-settings-1.0.5-1.fc26 (FEDORA-2017-51fcacdb2f)
Configuration tool for the LightDM display manager
--------------------------------------------------------------------------------
Update Information:
* New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450706 - lightdm-settings-1.0.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450706
--------------------------------------------------------------------------------
================================================================================
lxterminal-0.3.0-3.fc26 (FEDORA-2017-e9936d561b)
Desktop-independent VTE-based terminal emulator
--------------------------------------------------------------------------------
Update Information:
A potential security flaw is found on LXDE products, which create socket under
/tmp with some predictable names, which may leads to DOS. The security flow on
lxterminal is now assigned as CVE-2016-10369. Some other components also had
similar issues. These new rpms should fix these issues. At least relogin is
required to make this fix effect.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1449114 - CVE-2016-10369 lxterminal: Insecure use of /tmp for a socket file
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1449114
--------------------------------------------------------------------------------
================================================================================
magic-8.1.166-1.fc26 (FEDORA-2017-0de767fcc4)
A very capable VLSI layout tool
--------------------------------------------------------------------------------
Update Information:
New version 8.1.166 is released.
--------------------------------------------------------------------------------
================================================================================
mapserver-7.0.5-1.git208bb3a.fc26 (FEDORA-2017-d4fccc75d4)
Environment for building spatially-enabled internet applications
--------------------------------------------------------------------------------
Update Information:
Update to 7.0.5
--------------------------------------------------------------------------------
================================================================================
menu-cache-1.0.2-4.D20170514git56f6668459.fc26 (FEDORA-2017-e9936d561b)
Caching mechanism for
freedesktop.org compliant menus
--------------------------------------------------------------------------------
Update Information:
A potential security flaw is found on LXDE products, which create socket under
/tmp with some predictable names, which may leads to DOS. The security flow on
lxterminal is now assigned as CVE-2016-10369. Some other components also had
similar issues. These new rpms should fix these issues. At least relogin is
required to make this fix effect.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1449114 - CVE-2016-10369 lxterminal: Insecure use of /tmp for a socket file
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1449114
--------------------------------------------------------------------------------
================================================================================
mint-x-icons-1.4.2-4.fc26 (FEDORA-2017-321f21ed4f)
Icon theme for Linux Mint
--------------------------------------------------------------------------------
Update Information:
Fix wifi icons
--------------------------------------------------------------------------------
================================================================================
pcmanfm-1.2.5-2.fc26 (FEDORA-2017-e9936d561b)
Extremly fast and lightweight file manager
--------------------------------------------------------------------------------
Update Information:
A potential security flaw is found on LXDE products, which create socket under
/tmp with some predictable names, which may leads to DOS. The security flow on
lxterminal is now assigned as CVE-2016-10369. Some other components also had
similar issues. These new rpms should fix these issues. At least relogin is
required to make this fix effect.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1449114 - CVE-2016-10369 lxterminal: Insecure use of /tmp for a socket file
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1449114
--------------------------------------------------------------------------------
================================================================================
perl-Archive-Tar-2.26-1.fc26 (FEDORA-2017-080e76793d)
A module for Perl manipulation of .tar files
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450531 - perl-Archive-Tar-2.26 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450531
--------------------------------------------------------------------------------
================================================================================
perl-Code-TidyAll-0.59-1.fc26 (FEDORA-2017-f78e64d0cb)
Engine for tidyall, your all-in-one code tidier and validator
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450704 - perl-Code-TidyAll-0.59 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450704
--------------------------------------------------------------------------------
================================================================================
perl-Devel-PPPort-3.36-1.fc26 (FEDORA-2017-38d4e00d31)
Perl Pollution Portability header generator
--------------------------------------------------------------------------------
Update Information:
This release fixes building on Perl without "." in @INC path.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450650 - perl-Devel-PPPort-3.36 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450650
--------------------------------------------------------------------------------
================================================================================
perl-Inline-C-0.77-1.fc26 (FEDORA-2017-4526b7d638)
Write Perl subroutines in C
--------------------------------------------------------------------------------
Update Information:
This release fixes tests and updates documentation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450537 - perl-Inline-C-0.77 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450537
--------------------------------------------------------------------------------
================================================================================
perl-Net-HTTP-6.15-1.fc26 (FEDORA-2017-3242feab99)
Low-level HTTP connection (client)
--------------------------------------------------------------------------------
Update Information:
This release fixes a test.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450543 - perl-Net-HTTP-6.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450543
--------------------------------------------------------------------------------
================================================================================
perl-Sys-Hostname-Long-1.5-8.fc26 (FEDORA-2017-281d963a51)
Try every conceivable way to get full hostname
--------------------------------------------------------------------------------
Update Information:
This update adds a dependency on the hostname package, which allows the module
to work when networking is unavailable.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450746 - perl-Sys-Hostname-Long-1.5-6.fc27 FTBFS in mock-1.4.1
https://bugzilla.redhat.com/show_bug.cgi?id=1450746
--------------------------------------------------------------------------------
================================================================================
php-alcaeus-mongo-php-adapter-1.1.0-1.fc26 (FEDORA-2017-b2e313e045)
Mongo PHP Adapter
--------------------------------------------------------------------------------
Update Information:
**Version 1.1.0** (2017-05-13) All issues and pull requests under this release
may be found under the [
1.1.0](https://github.com/alcaeus/mongo-php-
adapter/issues?q=milestone%3A1.1.0) milestone. *
[#173](https://github.com/alcaeus/mongo-php-adapter/pull/173) adds tests for
authentication options in `MongoClient`. * [#168](https://github.com/alcaeus
/mongo-php-adapter/pull/168) adds support for `MongoCursor::explain()`. *
[#128](https://github.com/alcaeus/mongo-php-adapter/pull/128) removes support
for PHP 5.5. * [#127](https://github.com/alcaeus/mongo-php-adapter/pull/127)
reads the `code` and `scope` properties of `MongoDB\BSON\Javascript` objects
when converting them to `MongoCode` objects.
--------------------------------------------------------------------------------
================================================================================
php-egulias-email-validator-1.2.13-3.fc26 (FEDORA-2017-9df33ce3b0)
A library for validating emails
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-gitter-0.3.0-8.fc26 (FEDORA-2017-9df33ce3b0)
Object oriented interaction with Git repositories
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-gliph-0.1.8-7.fc26 (FEDORA-2017-9df33ce3b0)
A graph library for PHP
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-guzzlehttp-guzzle-5.3.1-3.fc26 (FEDORA-2017-9df33ce3b0)
PHP HTTP client and webservice framework
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-guzzlehttp-ringphp-1.1.0-9.fc26 (FEDORA-2017-9df33ce3b0)
Simple handler system used to power clients and servers in PHP
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-guzzlehttp-streams-3.0.0-9.fc26 (FEDORA-2017-9df33ce3b0)
Provides a simple abstraction over streams of data
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-mongodb-1.1.2-2.fc26 (FEDORA-2017-c931fe7f70)
MongoDB driver library
--------------------------------------------------------------------------------
Update Information:
Switch to fedora/autoloader
--------------------------------------------------------------------------------
================================================================================
php-pecl-xdebug-2.5.4-1.fc26 (FEDORA-2017-04e7840f49)
PECL package for debugging PHP scripts
--------------------------------------------------------------------------------
Update Information:
** Xdebug 2.5.4** - 2017-05-15 * Fixed bug #799: Function traces report base
class instead of object name * Fixed bug #1421: Fix set_time_limit hanging on
PHP 5.6 when pcntl_exec does not exist (Frode E. Moe) * Fixed bug #1429: Code
coverage does not cover null coalesce * Fixed bug #1434: Code coverage
segfaults on 32-bit arch
--------------------------------------------------------------------------------
================================================================================
php-phpmyadmin-motranslator-3.1-1.fc26 (FEDORA-2017-972b998eb1)
Translation API for PHP using Gettext MO files
--------------------------------------------------------------------------------
Update Information:
**Version 3.1** * Released on 2017-05-15. * Documentation improvements. ----
**Packaging change** * Allow Symfony 3
--------------------------------------------------------------------------------
================================================================================
poedit-2.0.2-1.fc26 (FEDORA-2017-0a7e9e1355)
GUI editor for GNU gettext .po files
--------------------------------------------------------------------------------
Update Information:
New upstream version: * Unusual whitespace (2+ spaces) in the middle of strings
is now highlighted. * Strings with warnings are now put at the top together with
errors. * Fixed crash when clicking on an item with plurals in a POT file. *
Added --line command line argument to open a file at specified item. ---- New
upstream version
--------------------------------------------------------------------------------
================================================================================
puzzle-master-2.5.3-1.fc26 (FEDORA-2017-52981cbd45)
Fun jigsaw puzzle game
--------------------------------------------------------------------------------
Update Information:
Use new upstream release v2.5.3
--------------------------------------------------------------------------------
================================================================================
qemu-2.9.0-1.fc26 (FEDORA-2017-8733e65d13)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
Rebase to qemu-2.9.0 GA
--------------------------------------------------------------------------------
================================================================================
qmapshack-1.8.1-1.fc26 (FEDORA-2017-2a48d871af)
GPS mapping and management tool
--------------------------------------------------------------------------------
Update Information:
- updated to 1.8.1 -
https://bitbucket.org/maproom/qmapshack/raw/87b93cd14edc78c
57da70b66b33b013965d6dfe2/changelog.txt
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450653 - qmapshack-1.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450653
--------------------------------------------------------------------------------
================================================================================
udisks2-2.6.5-1.fc26 (FEDORA-2017-b1fd799ba3)
Disk Manager
--------------------------------------------------------------------------------
Update Information:
Version 2.6.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438232 - gvfs-udisks2-volume-monitor excessive CPU usage during raid check
https://bugzilla.redhat.com/show_bug.cgi?id=1438232
[ 2 ] Bug #1424869 - Missing dependenices in scriptlets
https://bugzilla.redhat.com/show_bug.cgi?id=1424869
--------------------------------------------------------------------------------
================================================================================
xfce4-terminal-0.8.5.1-1.fc26 (FEDORA-2017-00f84706bf)
Terminal Emulator for the Xfce Desktop environment
--------------------------------------------------------------------------------
Update Information:
- Update to 0.8.5.1 - lots of bug fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431694 - [abrt] xfce4-terminal: _vte_table_free(): xfce4-terminal killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1431694
[ 2 ] Bug #1353342 - xfce4-terminal disappears on remote display when monitor goes into
energy saving mode
https://bugzilla.redhat.com/show_bug.cgi?id=1353342
[ 3 ] Bug #1349050 - [abrt] xfce4-terminal: _g_log_abort(): xfce4-terminal killed by
SIGTRAP
https://bugzilla.redhat.com/show_bug.cgi?id=1349050
[ 4 ] Bug #1427164 - [abrt] xfce4-terminal: rawmemchr(): xfce4-terminal killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1427164
--------------------------------------------------------------------------------