The following Fedora 28 Security updates need testing:
Age URL
231
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb
jgraphx-3.6.0.0-6.fc28
180
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da
nodejs-brace-expansion-1.1.11-1.fc28
179
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a
nodejs-atob-2.1.1-1.fc28
172
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dd3f7c013
unrtf-0.21.9-8.fc28
140
https://bodhi.fedoraproject.org/updates/FEDORA-2018-28e9841baf
docker-latest-1.13.1-37.git9cb56fd.fc28
55
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297
xerces-c27-2.7.0-28.fc28
32
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7d748596e9
drupal8-8.6.2-1.fc28
28
https://bodhi.fedoraproject.org/updates/FEDORA-2018-18023f40fa
drupal7-7.60-2.fc28
28
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d2739ebed
php-Smarty2-2.6.31-2.fc28
27
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2ee55d77c9 links-2.17-1.fc28
15
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0d2429d3 bird-1.6.4-2.fc28
14
https://bodhi.fedoraproject.org/updates/FEDORA-2018-86e2487df2
pdns-recursor-4.1.7-1.fc28
13
https://bodhi.fedoraproject.org/updates/FEDORA-2018-af9bd28cf1
glusterfs-4.1.6-1.fc28
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aadd3c2790
mupdf-1.14.0-6.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c
nginx-1.14.1-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-96b48b34ae
mingw-uriparser-0.9.0-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a3ef0a026f
uriparser-0.9.0-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f4910a3260
moodle-3.4.6-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9581d9624
python-notebook-5.5.0-6.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b74b9ac8d1 tmux-2.8-2.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ef486b9e50
dnsdist-1.3.3-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1d2a79fe1c
cobbler-2.8.4-5.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
19
https://bodhi.fedoraproject.org/updates/FEDORA-2018-783dfc5196
shadow-utils-4.6-4.fc28
13
https://bodhi.fedoraproject.org/updates/FEDORA-2018-af9bd28cf1
glusterfs-4.1.6-1.fc28
11
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2c01c0a06 pam-1.3.1-8.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f5e72a448 grilo-0.3.7-1.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d169dbb09d
osinfo-db-20181116-1.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdc6d449e5
pungi-4.1.31-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-63e2c74a11
python-productmd-1.18-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a171287251
libarchive-3.3.3-2.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa127b03bc vim-8.1.549-1.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3222e7c914 radvd-2.17-11.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-17f2d1f30c patch-2.7.6-8.fc28
The following builds have been pushed to Fedora 28 updates-testing
GoldenCheetah-3.5-0.5.20181125gitea5c07d.fc28
armacycles-ad-0.2.8.3.4-9.fc28
blaze-3.4-1.fc28
cinnamon-4.0.3-1.fc28
cinnamon-translations-4.0.1-1.fc28
cockpit-183-1.fc28
freeipa-4.7.0-5.fc28
glibc-2.27-35.fc28
ibus-typing-booster-2.2.1-2.fc28
java-runtime-decompiler-2.0-2.fc28
kernel-4.19.5-200.fc28
kernel-headers-4.19.5-200.fc28
kernel-tools-4.19.5-200.fc28
muffin-4.0.3-1.fc28
openjfx-8.0.202-2.b02.fc28
phan-1.1.4-1.fc28
samba-4.8.7-0.fc28
switchboard-plug-pantheon-shell-2.7.2-1.fc28
switchboard-plug-printers-2.1.6-1.fc28
task-2.5.1-10.fc28
wine-3.21-1.fc28
xed-2.0.1-1.fc28
xplayer-2.0.1-1.fc28
xreader-2.0.1-1.fc28
Details about builds:
================================================================================
GoldenCheetah-3.5-0.5.20181125gitea5c07d.fc28 (FEDORA-2018-f2bcc71f4c)
Cycling Performance Software
--------------------------------------------------------------------------------
Update Information:
- Merge qxt-sys.patch qwt3d-sys.patch and lmfit-levmar.patch to sys-path.patch -
Update to 3.5-0.5.20181125gitea5c07d ---- - Add %{name}-lmfit-levmar.patch -
Update to git0c668c0
--------------------------------------------------------------------------------
================================================================================
armacycles-ad-0.2.8.3.4-9.fc28 (FEDORA-2018-fd80cae1ac)
A lightcycle game in 3D
--------------------------------------------------------------------------------
Update Information:
Crash fix.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 0.2.8.3.4-9
- Upstream patches to fix crash, cleanup.
* Fri Jul 20 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 0.2.8.3.4-8
- BR fix.
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.2.8.3.4-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1584586 - [abrt] armacycles-ad: std::__replacement_assert(): armacyclesad
killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1584586
--------------------------------------------------------------------------------
================================================================================
blaze-3.4-1.fc28 (FEDORA-2018-b9ad0bfe02)
An high-performance C++ math library for dense and sparse arithmetic
--------------------------------------------------------------------------------
Update Information:
Initial Release of blaze 3.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652939 - Review Request: blaze - An open-source, high-performance C++ math
library for dense and sparse arithmetic
https://bugzilla.redhat.com/show_bug.cgi?id=1652939
--------------------------------------------------------------------------------
================================================================================
cinnamon-4.0.3-1.fc28 (FEDORA-2018-e4a0cd266a)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.3-1
- Update to 4.0.3 release
--------------------------------------------------------------------------------
================================================================================
cinnamon-translations-4.0.1-1.fc28 (FEDORA-2018-e4a0cd266a)
Translations for Cinnamon and Nemo
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.1-1
- Update to 4.0.1 release
--------------------------------------------------------------------------------
================================================================================
cockpit-183-1.fc28 (FEDORA-2018-d61a88d042)
Web Console for Linux servers
--------------------------------------------------------------------------------
Update Information:
- Machines: Manage storage pools - Kernel Dump: Support non-local targets -
Respect SSH configuration - Never send Content-Length with chunked encoding
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Martin Pitt <martin(a)piware.de> - 183-1
- Machines: Manage storage pools
- Kernel Dump: Support non-local targets
- Respect SSH configuration
- Never send Content-Length with chunked encoding
--------------------------------------------------------------------------------
================================================================================
freeipa-4.7.0-5.fc28 (FEDORA-2018-892835660b)
The Identity, Policy and Audit system
--------------------------------------------------------------------------------
Update Information:
This update resolves an issue which caused uninstall of a FreeIPA server to fail
with authselect 1.0.2, which recently appeared as an update. See [the pull
request](https://github.com/freeipa/freeipa/pull/2610) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Adam Williamson <awilliam(a)redhat.com> - 4.7.0-5
- Update PR #2610 patch to tiran's modified version
* Tue Nov 27 2018 Adam Williamson <awilliam(a)redhat.com> - 4.7.0-4
- Backport PR #2610 to fix for authselect 1.0.2+ (see #1645708)
--------------------------------------------------------------------------------
================================================================================
glibc-2.27-35.fc28 (FEDORA-2018-060302dc83)
The GNU libc libraries
--------------------------------------------------------------------------------
Update Information:
This update for the `glibc` package addresses one moderate security
vulnerability and several defects. * CVE-2018-19591: A file descriptor leak in
`if_nametoindex` can lead to a denial of service due to resource exhaustion when
processing `getaddrinfo` calls with crafted host names. Reported by Guido
Vranken. (RHBZ#1654000) * Failure to create the helper thread for
`getaddrinfo_a`/`libanl` could result in a crash. (RHBZ#1646381) * On certain
Haswell-class Intel CPUs, string function feature flags could be set
incorrectly, leading to a suboptimal choice of string functions. (RHBZ#1641980)
* Parallel building of locales led to nondeterminism in the RPM build process.
(RHBZ#1652228) * Various minor bug fixes from the upstream 2.27 release branch
were imported as part of this update
([
swbz#17630](https://sourceware.org/bugzilla/show_bug.cgi?id=17630),
[
swbz#22753](https://sourceware.org/bugzilla/show_bug.cgi?id=22753),
[
swbz#23275](https://sourceware.org/bugzilla/show_bug.cgi?id=23275),
[
swbz#23562](https://sourceware.org/bugzilla/show_bug.cgi?id=23562),
[
swbz#23579](https://sourceware.org/bugzilla/show_bug.cgi?id=23579),
[
swbz#23822](https://sourceware.org/bugzilla/show_bug.cgi?id=23822)).
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Florian Weimer <fweimer(a)redhat.com> - 2.27-35
- Auto-sync with upstream branch release/2.27/master,
commit 9f433fc791ca4f9d678903ff45b504b524c886fb:
- CVE-2018-19591: if_nametoindex: Fix descriptor leak (#1654000)
- libanl: proper cleanup if first helper thread creation failed (#1646381)
- x86: Fix Haswell CPU string flags (#1641980)
- resolv/tst-resolv-network.c: Additional test case (swbz#17630)
- ia64: fix missing exp2f, log2f and powf symbols in libm.a (swbz#23822)
- conform: XFAIL siginfo_t si_band test on sparc64
- signal: Use correct type for si_band in siginfo_t (swbz#23562)
- pthread_mutex_lock: Fix race while promoting to PTHREAD_MUTEX_ELISION_NP
(swbz#23275)
- preadv2/pwritev2: Fix misreported errno (swbz#23579)
- preadv2/pwritev2: Handle offset == -1 (swbz#22753)
- posix_spawn: Fix potential segmentation fault
* Mon Nov 26 2018 Florian Weimer <fweimer(a)redhat.com> - 2.27-34
- Do not use parallel make for building locales (#1652228)
* Thu Aug 30 2018 Florian Weimer <fweimer(a)redhat.com> - 2.27-33
- Revert glibc_make_flags setting which is not needed in Fedora 28 (#1600034)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1653993 - CVE-2018-19591 glibc: file descriptor leak in if_nametoindex() in
sysdeps/unix/sysv/linux/if_index.c
https://bugzilla.redhat.com/show_bug.cgi?id=1653993
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-2.2.1-2.fc28 (FEDORA-2018-43ab316be7)
A completion input method
--------------------------------------------------------------------------------
Update Information:
Update pl and uk translations from zanata
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Mike FABIAN <mfabian(a)redhat.com> - 2.2.1-2
- Add desktop-file-utils, python3-gobject-base, gtk3, dbus-x11, dconf, and ibus
to BuildRequires (without that the build started failing on F28).
* Wed Nov 28 2018 Mike FABIAN <mfabian(a)redhat.com> - 2.2.1-1
- Update to 2.2.1
- Update translations from zanata (pl, uk updated)
--------------------------------------------------------------------------------
================================================================================
java-runtime-decompiler-2.0-2.fc28 (FEDORA-2018-675bc983cc)
Application for extraction and decompilation of JVM byte code
--------------------------------------------------------------------------------
Update Information:
This is a new package for java-runtime-decompiler, a tool used for extraction of
byte code from running JVM. The byte code can be then decompiled using external
decompilers back to source code.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1636019 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1636019
--------------------------------------------------------------------------------
================================================================================
kernel-4.19.5-200.fc28 (FEDORA-2018-3857a8b41a)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The v4.19.5 stable update contains important fixes across the tree
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 27 2018 Jeremy Cline <jcline(a)redhat.com> - 4.19.5-300
- Linux v4.19.5
- Fix CVE-2018-16862 (rhbz 1649017 1653122)
- Fix CVE-2018-19407 (rhbz 1652656 1652658)
* Mon Nov 26 2018 Jeremy Cline <jeremy(a)jcline.org>
- Fixes a null pointer dereference with Nvidia and vmwgfx drivers (rhbz 1650224)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652656 - CVE-2018-19407 kernel: kvm: NULL pointer dereference in
vcpu_scan_ioapic in arch/x86/kvm/x86.c
https://bugzilla.redhat.com/show_bug.cgi?id=1652656
[ 2 ] Bug #1649017 - CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after
reuse of old inodes
https://bugzilla.redhat.com/show_bug.cgi?id=1649017
--------------------------------------------------------------------------------
================================================================================
kernel-headers-4.19.5-200.fc28 (FEDORA-2018-3857a8b41a)
Header files for the Linux kernel for use by glibc
--------------------------------------------------------------------------------
Update Information:
The v4.19.5 stable update contains important fixes across the tree
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 27 2018 Jeremy Cline <jcline(a)redhat.com> - 4.19.5-200
- Linux v4.19.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652656 - CVE-2018-19407 kernel: kvm: NULL pointer dereference in
vcpu_scan_ioapic in arch/x86/kvm/x86.c
https://bugzilla.redhat.com/show_bug.cgi?id=1652656
[ 2 ] Bug #1649017 - CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after
reuse of old inodes
https://bugzilla.redhat.com/show_bug.cgi?id=1649017
--------------------------------------------------------------------------------
================================================================================
kernel-tools-4.19.5-200.fc28 (FEDORA-2018-3857a8b41a)
Assortment of tools for the Linux kernel
--------------------------------------------------------------------------------
Update Information:
The v4.19.5 stable update contains important fixes across the tree
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 27 2018 Jeremy Cline <jeremy(a)jcline.org> - 4.19.5-200
- Linux v4.19.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652656 - CVE-2018-19407 kernel: kvm: NULL pointer dereference in
vcpu_scan_ioapic in arch/x86/kvm/x86.c
https://bugzilla.redhat.com/show_bug.cgi?id=1652656
[ 2 ] Bug #1649017 - CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after
reuse of old inodes
https://bugzilla.redhat.com/show_bug.cgi?id=1649017
--------------------------------------------------------------------------------
================================================================================
muffin-4.0.3-1.fc28 (FEDORA-2018-e4a0cd266a)
Window and compositing manager based on Clutter
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.3-1
- Update to 4.0.3 release
--------------------------------------------------------------------------------
================================================================================
openjfx-8.0.202-2.b02.fc28 (FEDORA-2018-f752a46b86)
Rich client application platform for Java
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 8.0.202b02
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 27 2018 Nicolas De Amicis <deamicis(a)bluewin.ch> - 8.0.202-2.b02
- Update to upstream version 8.0.202b02
* Mon Nov 12 2018 Nicolas De Amicis <deamicis(a)bluewin.ch> - 8.0.152-19.b05
- Fix missing java packages in openjfx
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
8.0.152-18.b05
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 21 2018 Mat Booth <mat.booth(a)redhat.com> - 8.0.152-17.b05
- Fix failure to build from source
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
8.0.152-16.b05
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
8.0.152-15.b05
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
8.0.152-14.b05
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sun Jul 2 2017 Jonny Heggheim <hegjon(a)gmail.com> - 8.0.152-13.b05
- Update to upstream version 8.0.152b05
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1611943 - Please update it to the last version (8u202-b00)
https://bugzilla.redhat.com/show_bug.cgi?id=1611943
--------------------------------------------------------------------------------
================================================================================
phan-1.1.4-1.fc28 (FEDORA-2018-ce2aec005b)
A static analyzer for PHP
--------------------------------------------------------------------------------
Update Information:
27 Nov 2018, Phan 1.1.4 ----------------------- **New features(Analysis):** +
Preserve original descendent object types after type assertions, when original
object types are all subtypes (e.g. infer `SubClass` for `$x = rand(0,1) ? new
SubClass() : false; if ($x instanceof BaseClass) { ... }`) **Maintenance:** +
Emit `UnusedPluginSuppression` on `@phan-suppress-next-line` and `@phan-file-
suppress` on the same line as the comment declaring the suppression. (#2167,
#1731) + Don't emit `PhanInvalidCommentForDeclarationType` (or attempt to parse)
unknown tags that have known tags as prefixes (#2156) (e.g. `@param-some-
unknown-tag`) **Bug fixes:** + Fix a crash when analyzing a nullable parameter
of type `self` in traits (#2163) + Properly parse closures/generic arrays/array
shapes when inner types also contain commas (#2141) + Support matching
parentheses inside closure params, recursively. (e.g.
`Closure(int[],Closure(int):bool):int[]`) + Don't warn about properties being
read-only when they might be modified by reference (#1729) ---- 20 Nov 2018,
Phan 1.1.3 ----------------------- **New features (CLI):** + Warn when calling
method on union types that are definitely partially invalid. (#1885) New
config setting: `--strict-method-checking` (enabled as part of `--strict-type-
checking`) New issue type: `PhanPossiblyNonClassMethodCall` + Add a prototype
tool `tool/phoogle`, which can be used to search for function/method signatures
in user-declared and internal functions/methods. E.g. to look for functions
that return a string, given a string and an array: `/path/phan/tool/phoogle
'string -> array -> string` **New features (Analysis):** + Add a heuristic
check to detect potential infinite recursion in a functionlike calling itself
(i.e. stack overflows) New issue types: `PhanInfiniteRecursion` + Infer
literal integer values from expressions such as `2 | 1`, `2 + 2`, etc. + Infer
more accurate array shapes for `preg_match_all` (based on existing inferences
for `preg_match`) + Make Phan infer union types of variables from switch
statements on variables (#1291) (including literal int and string types) +
Analyze simple assertions on `get_class($var)` of various forms (#1977)
Examples: - `assert(get_class($x) === 'someClass')` - `if (get_class($x) ===
someClass::class)` - `switch (get_class($x)) {case someClass::class: ...}` +
Warn about invalid/possibly invalid callables in function calls. New issue
types: `PhanTypeInvalidCallable`, `PhanTypePossiblyInvalidCallable` (the latter
check requires `--strict-method-checking`) + Reduce false positives for a few
functions (such as `substr`) in strict mode. + Make Phan infer that variables
are not null/false from various comparison expressions, e.g. `assert($x > 0);` +
Detect invalid arguments to `++`/`--` operators (#680). Improve the analysis
of the side effects of `++`/`--` operators. New issue type:
`PhanTypeInvalidUnaryOperandIncOrDec` **Plugins:** + Add
`BeforeAnalyzeCapability`, which will be executed once before starting the
analysis phase. (#2086) **Bug fixes:** + Fix false positives analyzing
`define()` (#2128) + Support declaring instance properties as the union type
`static` (#2145) New issue types: `PhanStaticPropIsStaticType` + Fix a crash
seen when Phan attempted to emit `PhanTypeArrayOperator` for certain operations
(#2153)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Remi Collet <remi(a)remirepo.net> - 1.1.4-1
- update to 1.1.4
* Wed Nov 21 2018 Remi Collet <remi(a)remirepo.net> - 1.1.3-1
- update to 1.1.3
--------------------------------------------------------------------------------
================================================================================
samba-4.8.7-0.fc28 (FEDORA-2018-c2a93f8e1b)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
Update Information:
Update to Samba 4.8.7
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 27 2018 Guenther Deschner <gdeschner(a)redhat.com> - 4.8.7-0
- Update to Samba 4.8.7
- resolves: #1625449, #1654078 - Security fixes for CVE-2018-14629
- resolves: #1642545, #1654082 - Security fixes for CVE-2018-16841
- resolves: #1646377, #1654091 - Security fixes for CVE-2018-16851
- resolves: #1647246, #1654093 - Security fixes for CVE-2018-16853
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1625449 - CVE-2018-14629 samba: Unprivileged adding of CNAME record causing
loop in AD LDAP server
https://bugzilla.redhat.com/show_bug.cgi?id=1625449
[ 2 ] Bug #1642545 - CVE-2018-16841 samba: Double-free in Samba AD DC KDC with PKINIT
https://bugzilla.redhat.com/show_bug.cgi?id=1642545
[ 3 ] Bug #1646377 - CVE-2018-16851 samba: NULL pointer de-reference in Samba AD DC LDAP
server
https://bugzilla.redhat.com/show_bug.cgi?id=1646377
[ 4 ] Bug #1647246 - CVE-2018-16853 samba: S4U2Self crash with MIT KDC build
https://bugzilla.redhat.com/show_bug.cgi?id=1647246
--------------------------------------------------------------------------------
================================================================================
switchboard-plug-pantheon-shell-2.7.2-1.fc28 (FEDORA-2018-9819797ebc)
Switchboard Pantheon Shell plug
--------------------------------------------------------------------------------
Update Information:
Update to version 2.7.2. This update should fix the wallpaper discovery on
fedora, because subdirectory scanning was fixed. Release notes:
https://github.com/elementary/switchboard-plug-pantheon-shell/releases/ta...
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Fabio Valentini <decathorpe(a)gmail.com> - 2.7.2-1
- Update to version 2.7.2.
--------------------------------------------------------------------------------
================================================================================
switchboard-plug-printers-2.1.6-1.fc28 (FEDORA-2018-bb66cf1cb8)
Switchboard Printers Plug
--------------------------------------------------------------------------------
Update Information:
Update to version 2.1.6. Release notes:
https://github.com/elementary/switchboard-plug-printers/releases/tag/2.1.6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Fabio Valentini <decathorpe(a)gmail.com> - 2.1.6-1
- Update to version 2.1.6.
--------------------------------------------------------------------------------
================================================================================
task-2.5.1-10.fc28 (FEDORA-2018-df5596a68f)
Taskwarrior - a command-line TODO list manager
--------------------------------------------------------------------------------
Update Information:
Fix wrong .taskrc template
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 2.5.1-10
- Fixup rcdir path
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1551256 - generated .taskrc file contains duplicate datadir in include path
https://bugzilla.redhat.com/show_bug.cgi?id=1551256
--------------------------------------------------------------------------------
================================================================================
wine-3.21-1.fc28 (FEDORA-2018-90cf6a4a48)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
- Typelib marshaller rewrite using NDR functions. - Graphics support on recent
Android versions. - Support for memory font resources in DirectWrite. -
Joystick support improvements. - Various bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Michael Cronenworth <mike(a)cchtml.com> 3.21-1
- version update
--------------------------------------------------------------------------------
================================================================================
xed-2.0.1-1.fc28 (FEDORA-2018-dbc09734d0)
X-Apps [Text] Editor (Cross-DE, backward-compatible, GTK3, traditional UI)
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 2.0.1-1
- Update to 2.0.1 release
--------------------------------------------------------------------------------
================================================================================
xplayer-2.0.1-1.fc28 (FEDORA-2018-dbc09734d0)
A generic Media Player
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 2.0.1-1
- Update to 2.0.1 release
--------------------------------------------------------------------------------
================================================================================
xreader-2.0.1-1.fc28 (FEDORA-2018-dbc09734d0)
Simple document viewer
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 2.0.1-1
- Update to 2.0.1 release
--------------------------------------------------------------------------------