The following Fedora 34 Security updates need testing:
Age URL
59
https://bodhi.fedoraproject.org/updates/FEDORA-2022-6aba96e1b8
radare2-5.6.4-1.fc34
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-64b2c02d29 xen-4.14.5-1.fc34
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ec66ee6b59 xz-5.2.5-9.fc34
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fef374d46f
zchunk-1.2.2-1.fc34
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2fec5f30be git-2.34.3-1.fc34
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-63de6726ce
libinput-1.19.4-1.fc34
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5e637f6cc6
podman-3.4.7-1.fc34
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-17aa1c62da
chromium-100.0.4896.127-1.fc34
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b0a47f8060
freerdp-2.7.0-1.fc34
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a2f0201723
suricata-6.0.5-1.fc34
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-82a9edac27
ruby-3.0.4-153.fc34
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a0a4c7eb31 redis-6.2.7-1.fc34
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5d6aaab56e
maven-shared-utils-3.2.1-0.9.fc34
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5cfe372ab7
mariadb-10.5.15-1.fc34
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fc5776b142
curl-7.76.1-14.fc34
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-9cc421562b
java-1.8.0-openjdk-1.8.0.332.b09-1.fc34 java-11-openjdk-11.0.15.0.10-1.fc34
java-17-openjdk-17.0.3.0.7-1.fc34 java-latest-openjdk-18.0.1.0.10-1.rolling.fc34
The following Fedora 34 Critical Path updates have yet to be approved:
Age URL
389
https://bodhi.fedoraproject.org/updates/FEDORA-2021-1300e131b6 ddpt-0.96-4.fc34
ledmon-0.95-4.fc34 libgpod-0.8.3-38.fc34 libzfcphbaapi-2.2.0-12.fc34 lsvpd-1.7.11-6.fc34
sg3_utils-1.46-1.fc34 udisks-1.0.5-18.fc34
110
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e3b891fe11 gdb-11.1-7.fc34
59
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8f3103b973
hwdata-0.357-1.fc34
40
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dab75a01b8
gnome-shell-40.10-1.fc34 gnome-shell-extensions-40.7-1.fc34 mutter-40.10-1.fc34
26
https://bodhi.fedoraproject.org/updates/FEDORA-2022-eb1d10aba3 libldb-2.3.3-1.fc34
samba-4.14.13-0.fc34
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ec66ee6b59 xz-5.2.5-9.fc34
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-14b4ccfa1f gdisk-1.0.9-1.fc34
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-64b2c02d29 xen-4.14.5-1.fc34
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-eaef082697
container-selinux-2.173.1-2.fc34 flatpak-1.10.7-2.fc34 osbuild-54-2.fc34
selinux-policy-34.27-1.fc34 snapd-2.55.3-2.fc34
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-63de6726ce
libinput-1.19.4-1.fc34
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2fec5f30be git-2.34.3-1.fc34
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fef374d46f
zchunk-1.2.2-1.fc34
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-86a5792181
webkit2gtk3-2.36.1-1.fc34
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-13c91c9fef
langtable-0.0.58-1.fc34
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-41e16c6c1e annobin-9.79-5.fc34
gcc-11.3.1-2.fc34
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-681d2ee7ea rtkit-0.11-28.fc34
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c17b776b17 inih-55-1.fc34
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b0a47f8060
freerdp-2.7.0-1.fc34
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-095ac0abfb
livecd-tools-30.0-1.fc34
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-47554f7728
gnutls-3.7.4-1.fc34
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dcdafa6b5c
kernel-5.17.5-100.fc34
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fc5776b142
curl-7.76.1-14.fc34
The following builds have been pushed to Fedora 34 updates-testing
cifs-utils-6.15-1.fc34
fbrnch-1.1-2.fc34
mold-1.2.1-1.fc34
theme-switcher-2.0.4-10.fc34
w3m-0.5.3-55.git20220429.fc34
Details about builds:
================================================================================
cifs-utils-6.15-1.fc34 (FEDORA-2022-34de4f833d)
Utilities for mounting and managing CIFS mounts
--------------------------------------------------------------------------------
Update Information:
This is a security release to address the following bugs: - CVE-2022-27239:
mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs:
fix verbose messages on option parsing Description CVE-2022-27239: In cifs-
utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs
ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2022-29869: cifs-utils through 6.14, with verbose logging, can cause an
information leak when a file contains = (equal sign) characters but is not a
valid credentials file. Both issues were originally reported and fixed by
Jeffrey Bencteux.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 30 2022 Alexander Bokovoy <abokovoy(a)redhat.com> - 6.15-1
- Upstream release 6.15
- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
- Fixes: rhbz#2080525
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2080525 - cifs-utils-6.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2080525
--------------------------------------------------------------------------------
================================================================================
fbrnch-1.1-2.fc34 (FEDORA-2022-98899d6be9)
Fedora packager tool to build package branches
--------------------------------------------------------------------------------
Update Information:
https://hackage.haskell.org/package/fbrnch-1.1/changelog
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 30 2022 Jens Petersen <petersen(a)redhat.com> - 1.1-2
-
https://hackage.haskell.org/package/fbrnch-1.1/changelog
--------------------------------------------------------------------------------
================================================================================
mold-1.2.1-1.fc34 (FEDORA-2022-a1fdbdb1dd)
A Modern Linker
--------------------------------------------------------------------------------
Update Information:
Bump version to 1.2.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 30 2022 Christoph Erhardt <fedora(a)sicherha.de> - 1.2.1-1
- Bump version to 1.2.1
- Drop upstreamed patch
- Add support for 32-bit x86 and Arm
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2080023 - mold-1.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2080023
--------------------------------------------------------------------------------
================================================================================
theme-switcher-2.0.4-10.fc34 (FEDORA-2022-78b3040ad4)
Switch dark/light GTK theme automatically during day/night
--------------------------------------------------------------------------------
Update Information:
build: Add dep gnome-terminal | GH#13
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> - 2.0.4-10
- build: Add dep gnome-terminal | GH#13
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.4-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.4-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 2.0.4-7
- Rebuilt for Python 3.10
--------------------------------------------------------------------------------
================================================================================
w3m-0.5.3-55.git20220429.fc34 (FEDORA-2022-ffb2da2d75)
Pager with Web browsing abilities
--------------------------------------------------------------------------------
Update Information:
# w3m 0.5.3+git20220429 ## New features - Support kitty's APC G graphics
protocol with ImageMagick's `convert` - Support iTerm2's OSC 1337 graphics
protocol - New option inline_img_protocol to select the graphics protocol (0:
w3m-img, 1: OSC 5379, 2: sixel, 3: OSC 1337, 4: APC G) - New option
`ssl_cipher` to specify TLSv1.2 ciphers, e.g. `DEFAULT:@SECLEVEL=2` - New
option `ssl_min_version` for OpenSSL 1.1 - New option `-insecure` to use
insecure SSL config options - New option `ssl_ca_default`, explicitly use
OpenSSL default paths by default - New option `cross_origin_referer`, use
origin only Referer when cross origin - New option `localhost_only `to
restrict connections only to localhost - New option `disable_center` to
disable center alignment - Support brotli content encoding - Ignore the `-`
option to accept `w3m -` as "read from stdin" - New `configure` option
`--with-cafile` to detect CA bundle file - Support auto-detection for
`configure --with-migemo` - Add fuzzer for OSS-Fuzz - Add Italian
translation - Add Swedish translation ## Bug fixes - Prevent index overflow
and huge allocation due to Str, libwc, and table - Prevent integer overflow
due to fontstat - Prevent StrStream memory leak - Prevent GC warnings of
repeated allocation - Prevent buffer overflow in shiftAnchorPosition -
Prevent buffer overflow READ when parsing Gopher URLs - Prevent buffer
overflow in gotoLine and gotoRealLine - Prevent warnings when `-Wnull-
dereference`, enabled by default - Prevent warnings when `-Wall`, enabled by
default - Prevent warnings from `cppcheck` - Avoid zero length arrays even
when GCC - Fix fail to render over 32767 lines in a table cell - Disable
`<section>` behaves as `<hr>` - Disable TLSv1.0 and TLSv1.1 by default -
Mention a workaround for SSL error - Fix manipulation of `ASN1_STRING` -
Don't include username in Referer - Don't set Referer when data URI scheme -
Fix broken anchor with link number at EOL - Fix incorrect query string for
`w3mman 7z` - Drop `imlib2-config`, use `pkg-config` - Improve named
character references - Improve `<dl>` rendering - Prefer Imlib2 over GTK2 by
default - Replace encodeB with `base64_encode` to encode null bytes -
Wording fixes for `configure --help`
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2022 Robert Scheck <robert(a)fedoraproject.org> - 0.5.3-55.git20220429
- Rebase to latest upstream gitrev 20220429 (#2080136)
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.5.3-54.git20210102
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 0.5.3-53.git20210102
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.5.3-52.git20210102
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri May 21 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.5.3-51.git20210102
- Perl 5.34 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2080136 - w3m-0.5.3+git20220429 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2080136
--------------------------------------------------------------------------------