[SECURITY] Fedora 27 Update: coreutils-8.27-19.fc27
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-669520d2ba
2018-01-30 17:59:49.778526
--------------------------------------------------------------------------------
Name : coreutils
Product : Fedora 27
Version : 8.27
Release : 19.fc27
URL : https://www.gnu.org/software/coreutils/
Summary : A set of basic GNU tools commonly used in shell scripts
Description :
These are the GNU core utilities. This package is the combination of
the old GNU fileutils, sh-utils, and textutils packages.
--------------------------------------------------------------------------------
Update Information:
- doc: warn about following symlinks recursively in chown/chgrp (CVE-2017-18018)
- mv -n: do not overwrite the destination - mv -n: provide more reliable
diagnostic messages
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1532285 - CVE-2017-18018 coreutils: race condition vulnerability in chown and chgrp [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1532285
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade coreutils' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
6 years, 2 months
[SECURITY] Fedora 27 Update: libxml2-2.9.7-1.fc27
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-db610fff5b
2018-01-30 17:59:49.778507
--------------------------------------------------------------------------------
Name : libxml2
Product : Fedora 27
Version : 2.9.7
Release : 1.fc27
URL : http://xmlsoft.org/
Summary : Library providing XML and HTML support
Description :
This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
can be a simple SAX stream or and in-memory DOM like representations.
In this case one can use the built-in XPath and XPointer implementation
to select sub nodes or ranges. A flexible Input/Output mechanism is
available, with existing HTTP and FTP modules and combined to an
URI library.
--------------------------------------------------------------------------------
Update Information:
Update to 2.9.7 which hopefully fixes all security issues
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1452550 - CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 libxml2: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1452550
[ 2 ] Bug #1449544 - CVE-2017-8872 libxml2: Out-of-bounds read in htmlParseTryOrFinish [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1449544
[ 3 ] Bug #1406920 - libxml2 should no longer use PyVerify_fd
https://bugzilla.redhat.com/show_bug.cgi?id=1406920
[ 4 ] Bug #1384427 - CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1384427
[ 5 ] Bug #1361439 - CVE-2016-5131 libxml2: chromium-browser: use-after-free in libxml [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1361439
[ 6 ] Bug #1503087 - libxml2-2.9.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1503087
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade libxml2' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
6 years, 2 months
Fedora 27 Update: gnome-shell-extension-freon-33-1.fc27
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-5cf5b12436
2018-01-30 17:59:49.778488
--------------------------------------------------------------------------------
Name : gnome-shell-extension-freon
Product : Fedora 27
Version : 33
Release : 1.fc27
URL : https://extensions.gnome.org/extension/841/freon/
Summary : GNOME Shell extension to display system temperature, voltage, and fan speed
Description :
Freon is a GNOME Shell extension for displaying the temperature of your CPU,
hard disk, solid state, and video card (NVIDIA, Catalyst, and Bumblebee
supported), as well as power supply voltage, and fan speed. You can choose which
HDD/SSD or other devices to include, what temperature units to use, and how
often to refresh the sensors readout, and they will appear in the GNOME Shell
top bar. For the GPU temperature, you may need to install the vendor's driver
for best results.
--------------------------------------------------------------------------------
Update Information:
Bump to upstream version 33, which fixes typos in the Russian and Ukrainian
locales, and fixes an instability issue that could cause GNOME Shell to crash.
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade gnome-shell-extension-freon' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
6 years, 2 months
Fedora 27 Update: youtube-dl-2018.01.21-1.fc27
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-c8899a0684
2018-01-30 17:59:49.778468
--------------------------------------------------------------------------------
Name : youtube-dl
Product : Fedora 27
Version : 2018.01.21
Release : 1.fc27
URL : https://yt-dl.org
Summary : A small command-line program to download online videos
Description :
Small command-line program to download videos from YouTube and other sites.
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1529821 - youtube-dl-2018.01.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1529821
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade youtube-dl' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
6 years, 2 months
Fedora 27 Update: libreoffice-5.4.4.2-4.fc27
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-5dc66c512a
2018-01-30 17:59:49.778448
--------------------------------------------------------------------------------
Name : libreoffice
Product : Fedora 27
Version : 5.4.4.2
Release : 4.fc27
URL : http://www.libreoffice.org/
Summary : Free Software Productivity Suite
Description :
LibreOffice is an Open Source, community-developed, office productivity suite.
It includes the key desktop applications, such as a word processor,
spreadsheet, presentation manager, formula editor and drawing program, with a
user interface and feature set similar to other office suites. Sophisticated
and flexible, LibreOffice also works transparently with a variety of file
formats, including Microsoft Office File Formats.
--------------------------------------------------------------------------------
Update Information:
- hang in custom properties page on loss of focus
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1532323 - libreoffice5.4-writer-5.4.2.2-2.x86_64 locks up hard when I attempt to edit custom properties in a document
https://bugzilla.redhat.com/show_bug.cgi?id=1532323
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade libreoffice' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
6 years, 2 months
[SECURITY] Fedora 27 Update: transmission-2.92-12.fc27
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-499a02cc9d
2018-01-30 17:59:49.778428
--------------------------------------------------------------------------------
Name : transmission
Product : Fedora 27
Version : 2.92
Release : 12.fc27
URL : http://www.transmissionbt.com
Summary : A lightweight GTK+ BitTorrent client
Description :
Transmission is a free, lightweight BitTorrent client. It features a
simple, intuitive interface on top on an efficient, cross-platform
back-end.
--------------------------------------------------------------------------------
Update Information:
Fix CVE patch, build with openssl-1.1.x
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1536185 - transmission-2.92-11.fc27 breaks rpc setups
https://bugzilla.redhat.com/show_bug.cgi?id=1536185
[ 2 ] Bug #1468077 - Transmission-gtk: Update to support openssl 1.1 (rather than the compat package)
https://bugzilla.redhat.com/show_bug.cgi?id=1468077
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade transmission' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
6 years, 2 months
Fedora 27 Update: mozjs52-52.6.0-1.fc27
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-a8af302f3f
2018-01-30 17:59:49.778409
--------------------------------------------------------------------------------
Name : mozjs52
Product : Fedora 27
Version : 52.6.0
Release : 1.fc27
URL : https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey
Summary : SpiderMonkey JavaScript library
Description :
SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of
JavaScript. It is intended to be embedded in other applications
that provide host environments for JavaScript.
--------------------------------------------------------------------------------
Update Information:
mozjs52 52.6.0, including various security, stability and regression fixes from
Firefox 52.6.0 ESR. For details, see https://www.mozilla.org/en-
US/firefox/52.6.0/releasenotes/
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade mozjs52' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
6 years, 2 months
[SECURITY] Fedora 27 Update: gcab-1.0-1.fc27
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-87971e3c98
2018-01-30 17:59:49.778389
--------------------------------------------------------------------------------
Name : gcab
Product : Fedora 27
Version : 1.0
Release : 1.fc27
URL : http://ftp.gnome.org/pub/GNOME/sources/gcab
Summary : Cabinet file library and tool
Description :
gcab is a tool to manipulate Cabinet archive.
--------------------------------------------------------------------------------
Update Information:
New upstream release * This fixes the security bug known as CVE-2018-5345 * Add
new API for fwupd * Do not encode timezone in generated files * Fix countless
memory leaks when parsing corrupt files * Fix the calculation of the checksum on
big endian machines * Switch to the Meson buildsystem
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1527062
https://bugzilla.redhat.com/show_bug.cgi?id=1527062
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade gcab' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
6 years, 2 months
Fedora 27 Update: libappstream-glib-0.7.5-1.fc27
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-cdfc84a51c
2018-01-30 17:59:49.778368
--------------------------------------------------------------------------------
Name : libappstream-glib
Product : Fedora 27
Version : 0.7.5
Release : 1.fc27
URL : http://people.freedesktop.org/~hughsient/appstream-glib/
Summary : Library for AppStream metadata
Description :
This library provides GObjects and helper methods to make it easy to read and
write AppStream metadata. It also provides a simple DOM implementation that
makes it easy to edit nodes and convert to and from the standardized XML
representation.
--------------------------------------------------------------------------------
Update Information:
New upstream release Add more GObject Introspection annotations for Python Do
not try to extract duplicate files in the icon theme packages Don't expect an
enum when really passing a bitfield Fix a crash when calling
as_release_add_location() directly Fix appstream-compose when using new-style
desktop IDs Fix compile with GCab v1.0 Fix the arithmetic when fitting an image
in 16:9 Generate icons and samples for emoji fonts Never change the default
screenshot when processing AppData Support OARS v1.1 additions Use pngquant to
make the application icons take up less space
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade libappstream-glib' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
6 years, 2 months
[SECURITY] Fedora 27 Update: unbound-1.6.8-1.fc27
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-69316c5b7a
2018-01-30 17:59:49.778334
--------------------------------------------------------------------------------
Name : unbound
Product : Fedora 27
Version : 1.6.8
Release : 1.fc27
URL : https://www.unbound.net/
Summary : Validating, recursive, and caching DNS(SEC) resolver
Description :
Unbound is a validating, recursive, and caching DNS(SEC) resolver.
The C implementation of Unbound is developed and maintained by NLnet
Labs. It is based on ideas and algorithms taken from a java prototype
developed by Verisign labs, Nominet, Kirei and ep.net.
Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run
as a server, but are linked into an application) are easily possible.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-15105
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1507049 - CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records
https://bugzilla.redhat.com/show_bug.cgi?id=1507049
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade unbound' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
6 years, 2 months