The following Fedora 27 Security updates need testing:
Age URL
41
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27
27
https://bodhi.fedoraproject.org/updates/FEDORA-2018-52d79f4f36
dovecot-2.2.34-1.fc27
23
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e38f759144
python-bleach-2.1.3-1.fc27
23
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ff86925c3
memcached-1.5.6-1.fc27
16
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c923533479
webkitgtk4-2.20.0-1.fc27
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7c2e0a998d
acpica-tools-20180209-1.fc27
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ad652798b8
mosquitto-1.4.15-1.fc27
10
https://bodhi.fedoraproject.org/updates/FEDORA-2018-50f0da5d38
tomcat-8.0.50-1.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-223d8fc52a
java-1.8.0-openjdk-aarch32-1.8.0.161-1.180220.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c442aad4dc
exempi-2.4.5-1.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f9d3604d6
librelp-1.2.15-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1217b02061
bchunk-1.2.2-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-12f92ff831 php-7.1.16-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ecf73042e3 libuv-1.19.2-1.fc27
nodejs-8.11.0-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-143886fdbd
drupal7-7.58-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6e6d8c314b
drupal8-8.4.6-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e06468b832
libid3tag-0.15.1b-25.fc27
The following Fedora 27 Critical Path updates have yet to be approved:
Age URL
27
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c31f1eccd
iptables-1.6.2-2.fc27 libnftnl-1.0.9-2.fc27 nftables-0.8.2-2.fc27
16
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c923533479
webkitgtk4-2.20.0-1.fc27
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-55a6726164
PackageKit-1.1.9-2.fc27 gnome-software-3.28.0-4.fc27 libappstream-glib-0.7.7-2.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-95dac71a1c pcre-8.42-1.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e344a6d79b
xfce4-settings-4.12.3-1.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-adbc1da28c pcre2-10.31-4.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c442aad4dc
exempi-2.4.5-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3255279d3d satyr-0.25-2.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4e2a6c0c93
libtirpc-1.0.3-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7128949eb5 enca-1.19-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-26de7be74c
libreport-2.9.3-3.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d1858d4d1 passwd-0.80-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6900d92768
publicsuffix-list-20180328-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-13dc9b1bf6 exo-0.12.0-3.fc27
xfce4-screenshooter-1.9.1-1.fc27
The following builds have been pushed to Fedora 27 updates-testing
amarok-2.9.0-1.fc27
ansifilter-2.10-1.fc27
dmlite-1.10.1-3.fc27
highlight-3.42-1.fc27
httpd-2.4.33-1.fc27
jgoodies-common-1.8.1-1.fc27
kernel-4.15.14-300.fc27
krb5-1.15.2-8.fc27
lollypop-0.9.403-1.fc27
mariadb-10.2.14-1.fc27
mate-themes-3.22.16-1.fc27
mod_http2-1.10.16-1.fc27
openssl-1.1.0h-1.fc27
podman-0.3.5-1.gitdb6bf9e.fc27
python-entrypoints-0.2.3-5.fc27
python37-3.7.0-0.14.b3.fc27
salt-2017.7.5-1.fc27
selinux-policy-3.13.1-283.30.fc27
shotwell-0.28.1-1.fc27
skopeo-0.1.29-1.git7add6fc.fc27
sqlitebrowser-3.10.1-5.fc27
Details about builds:
================================================================================
amarok-2.9.0-1.fc27 (FEDORA-2018-3d0fab95b6)
Media player
--------------------------------------------------------------------------------
Update Information:
New upstream release, includes many bugfixes and improvements, see also:
https://amarok.kde.org/en/node/888
--------------------------------------------------------------------------------
================================================================================
ansifilter-2.10-1.fc27 (FEDORA-2018-00436eefa8)
ANSI terminal escape code converter
--------------------------------------------------------------------------------
Update Information:
- Updated to new 2.10 upstream version, fixes rhbz #1552957
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1552957 - ansifilter-2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1552957
--------------------------------------------------------------------------------
================================================================================
dmlite-1.10.1-3.fc27 (FEDORA-2018-0658b1d4ef)
Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:
dmlite 1.10 is a major update to DPM internals including Dome. ---- dmlite
1.10 is a major update to DPM internals including Dome. ---- dmlite 1.10 is a
major update to DPM internals including Dome. ---- * new upstream release
--------------------------------------------------------------------------------
================================================================================
highlight-3.42-1.fc27 (FEDORA-2018-7df97ca3e3)
Universal source code to formatted text converter
--------------------------------------------------------------------------------
Update Information:
- Updated to new 3.42 upstream version
--------------------------------------------------------------------------------
================================================================================
httpd-2.4.33-1.fc27 (FEDORA-2018-375e3244b6)
Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
This update includes the latest upstream release of the Apache HTTP Server,
version 2.4.33. A number of security vulnerabilities are fixed in this release:
* *Low*: Possible out of bound read in mod_cache_socache (CVE-2018-1303) *
*Low*: Possible out of bound access after failure in reading the HTTP request
(CVE-2018-1301) * *Low*: Weak Digest auth nonce generation in mod_auth_digest
(CVE-2018-1312) * *Low*: <FilesMatch> bypass with a trailing newline in
the file name (CVE-2017-15715) * *Low*: Out of bound write in mod_authnz_ldap
when using too small Accept-Language values (CVE-2017-15710) * *Moderate*:
Tampering of mod_session data for CGI applications (CVE-2018-1283) For more
information about changes in this release, see:
https://www.apache.org/dist/httpd/CHANGES_2.4.33
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1560174 - httpd-2.4.33 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1560174
[ 2 ] Bug #1560618 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing
newline in the file name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560618
[ 3 ] Bug #1560644 - CVE-2018-1301 httpd: Out of bound access after failure in reading
the HTTP request [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560644
[ 4 ] Bug #1560635 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in
mod_auth_digest [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560635
[ 5 ] Bug #1560400 - CVE-2018-1303 httpd: http: Out of bounds read in mod_cache_socache
can allow a remote attacker to cause a denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560400
[ 6 ] Bug #1560396 - CVE-2018-1283 httpd: Improper handling of headers in mod_session
can allow a remote user to modify session data for CGI applications [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560396
[ 7 ] Bug #1560616 - CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when
using too small Accept-Language values [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560616
--------------------------------------------------------------------------------
================================================================================
jgoodies-common-1.8.1-1.fc27 (FEDORA-2018-12b3bd191c)
Common library shared by JGoodies libraries and applications
--------------------------------------------------------------------------------
Update Information:
* Marked classes ArrayListModel and LinkedListModel as final. * Replaced files
package.html by package-info.java.
--------------------------------------------------------------------------------
================================================================================
kernel-4.15.14-300.fc27 (FEDORA-2018-7802740586)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.15.14 update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1558977 - NFS mounts failing when keytab present
https://bugzilla.redhat.com/show_bug.cgi?id=1558977
--------------------------------------------------------------------------------
================================================================================
krb5-1.15.2-8.fc27 (FEDORA-2018-04d2f01b78)
The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:
Fix issue with calling `kdestroy -A` when the ccache is KCM
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561917 - kdestroy -A does not work with multiple principals when using KCM
https://bugzilla.redhat.com/show_bug.cgi?id=1561917
--------------------------------------------------------------------------------
================================================================================
lollypop-0.9.403-1.fc27 (FEDORA-2018-41027994c7)
Music player for GNOME
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.403 ---- - Update lollypop-portal to 0.9.7 ---- Update to
0.9.402 ---- Update to 0.9.401 ---- Update to 0.9.400
--------------------------------------------------------------------------------
================================================================================
mariadb-10.2.14-1.fc27 (FEDORA-2018-dd7f4bd9d5)
A community developed branch of MySQL
--------------------------------------------------------------------------------
Update Information:
**MariaDB 10.2.14** Release notes:
https://mariadb.com/kb/en/library/mariadb-10214-release-notes/ Maintainer
Update I do now consider Spider storage engine ready to use in Fedora, as I
was finally able to run its testsuite successfully Upstream Warning
Upgrading from earlier 10.2.x versions is highly recommended for all Galera
users due to bug MDEV-12837 which caused serious stability issues with earlier
versions. See the bug issue page for more information.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561251 - mariadb-10.2.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1561251
--------------------------------------------------------------------------------
================================================================================
mate-themes-3.22.16-1.fc27 (FEDORA-2018-f36a0bbffd)
MATE Desktop themes
--------------------------------------------------------------------------------
Update Information:
- update to 3.22.16
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1559045 - gtk+ "Foreign drawing" broken under MATE
https://bugzilla.redhat.com/show_bug.cgi?id=1559045
--------------------------------------------------------------------------------
================================================================================
mod_http2-1.10.16-1.fc27 (FEDORA-2018-0a95bff197)
module implementing HTTP/2 for Apache 2
--------------------------------------------------------------------------------
Update Information:
This update includes the latest upstream release of mod_http2, version 1.10.16.
This includes a security fix (CVE-2018-1302): When an HTTP/2 stream was
destroyed after being handled, mod_http2 could have written a NULL pointer
potentially to an already freed memory. The memory pools maintained by the
server make this vulnerabilty hard to trigger in usual configurations, the
reporter and the team could not reproduce it outside debug builds, so it is
classified as low risk.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561570 - CVE-2018-1302 mod_http2: httpd: Use-after-free on HTTP/2 stream
shutdown [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1561570
[ 2 ] Bug #1560627 - CVE-2018-1302 httpd: Use-after-free on HTTP/2 stream shutdown
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560627
--------------------------------------------------------------------------------
================================================================================
openssl-1.1.0h-1.fc27 (FEDORA-2018-76afaf1961)
Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Minor update to version 1.1.0h.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561260 - CVE-2018-0733 openssl: Implementation bug in PA-RISC CRYPTO_memcmp
function allows attackers to forge authenticated messages in a reduced number of attempts
https://bugzilla.redhat.com/show_bug.cgi?id=1561260
[ 2 ] Bug #1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1
structures can cause a stack overflow and resulting denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1561266
--------------------------------------------------------------------------------
================================================================================
podman-0.3.5-1.gitdb6bf9e.fc27 (FEDORA-2018-fcedb23729)
Manage Pods, Containers and Container Images
--------------------------------------------------------------------------------
Update Information:
Upstream release 0.3.5
--------------------------------------------------------------------------------
================================================================================
python-entrypoints-0.2.3-5.fc27 (FEDORA-2018-13b54a0aba)
Discover and load entry points from installed packages
--------------------------------------------------------------------------------
Update Information:
provide dist-info
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1530098 - entrypoints version issue
https://bugzilla.redhat.com/show_bug.cgi?id=1530098
--------------------------------------------------------------------------------
================================================================================
python37-3.7.0-0.14.b3.fc27 (FEDORA-2018-5462c32db4)
Version 3.7 of the Python interpreter
--------------------------------------------------------------------------------
Update Information:
Update to 3.7.0b3
--------------------------------------------------------------------------------
================================================================================
salt-2017.7.5-1.fc27 (FEDORA-2018-c4cdd53a52)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
Update to feature release 2017.7.5-1 for Python 2 ---- Update to feature
release 2017.7.4
--------------------------------------------------------------------------------
================================================================================
selinux-policy-3.13.1-283.30.fc27 (FEDORA-2018-b3791c3118)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
More info:
https://koji.fedoraproject.org/koji/buildinfo?buildID=1063903
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561755 - SELinux is preventing sh from 'connectto' accesses on the
unix_stream_socket /var/lib/sss/pipes/nss.
https://bugzilla.redhat.com/show_bug.cgi?id=1561755
[ 2 ] Bug #1561295 - SELinux is preventing postmap from read, write access on the
chr_file /dev/pts/6.
https://bugzilla.redhat.com/show_bug.cgi?id=1561295
[ 3 ] Bug #1560816 - SELinux is preventing mdadm from 'read' accesses on the
blk_file md0p1.
https://bugzilla.redhat.com/show_bug.cgi?id=1560816
[ 4 ] Bug #1501331 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1501331
--------------------------------------------------------------------------------
================================================================================
shotwell-0.28.1-1.fc27 (FEDORA-2018-4a0f4e66af)
A photo organizer for the GNOME desktop
--------------------------------------------------------------------------------
Update Information:
shotwell 0.28.1 release, with a number of bug fixes and translation updates
compared to the previous 0.27.x releases in Fedora 27. For details, see
https://mail.gnome.org/archives/ftp-release-list/2018-March/msg00231.html
--------------------------------------------------------------------------------
================================================================================
skopeo-0.1.29-1.git7add6fc.fc27 (FEDORA-2018-e98514e9ae)
Inspect Docker images and repositories on registries
--------------------------------------------------------------------------------
Update Information:
docker-archive generates docker legacy compatible images Do not create
$DiffID subdirectories for layers with no configs Ensure the layer IDs in
legacy docker/tarfile metadata are unique docker-archive: repeated layers
are symlinked in the tar file sysregistries: remove all trailing slashes
Improve docker/* error messages Fix failure to make auth directory
Create a new slice in Schema1.UpdateLayerInfos Drop unused
storageImageDestination.{image,systemContext} Load a *storage.Image only
once in storageImageSource Support gzip for docker-archive files Remove
.tar extension from blob and config file names ostree, src: support copy of
compressed layers ostree: re-pull layer if it misses
uncompressed_digest|uncompressed_size image: fix docker schema v1 -> OCI
conversion Add /etc/containers/certs.d as default certs directory
--------------------------------------------------------------------------------
================================================================================
sqlitebrowser-3.10.1-5.fc27 (FEDORA-2018-94adafd7b5)
Create, design, and edit SQLite database files
--------------------------------------------------------------------------------
Update Information:
This update fixes an issue where the sqlitebrowser application could not be
minimized when using certain desktop environments, among which gnome shell.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561976 - Unable to minimize and to switch workspaces
https://bugzilla.redhat.com/show_bug.cgi?id=1561976
--------------------------------------------------------------------------------