January 2018 - package-announce - Fedora Mailing-Lists

[SECURITY] Fedora 27 Update: coreutils-8.27-19.fc27

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-669520d2ba 2018-01-30 17:59:49.778526 -------------------------------------------------------------------------------- Name : coreutils Product : Fedora 27 Version : 8.27 Release : 19.fc27 URL : https://www.gnu.org/software/coreutils/ Summary : A set of basic GNU tools commonly used in shell scripts Description : These are the GNU core utilities. This package is the combination of the old GNU fileutils, sh-utils, and textutils packages. -------------------------------------------------------------------------------- Update Information: - doc: warn about following symlinks recursively in chown/chgrp (CVE-2017-18018) - mv -n: do not overwrite the destination - mv -n: provide more reliable diagnostic messages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1532285 - CVE-2017-18018 coreutils: race condition vulnerability in chown and chgrp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1532285 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade coreutils' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

6 years, 2 months

1
0
0 / 0

[SECURITY] Fedora 27 Update: libxml2-2.9.7-1.fc27

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-db610fff5b 2018-01-30 17:59:49.778507 -------------------------------------------------------------------------------- Name : libxml2 Product : Fedora 27 Version : 2.9.7 Release : 1.fc27 URL : http://xmlsoft.org/ Summary : Library providing XML and HTML support Description : This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. -------------------------------------------------------------------------------- Update Information: Update to 2.9.7 which hopefully fixes all security issues -------------------------------------------------------------------------------- References: [ 1 ] Bug #1452550 - CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 libxml2: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1452550 [ 2 ] Bug #1449544 - CVE-2017-8872 libxml2: Out-of-bounds read in htmlParseTryOrFinish [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1449544 [ 3 ] Bug #1406920 - libxml2 should no longer use PyVerify_fd https://bugzilla.redhat.com/show_bug.cgi?id=1406920 [ 4 ] Bug #1384427 - CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1384427 [ 5 ] Bug #1361439 - CVE-2016-5131 libxml2: chromium-browser: use-after-free in libxml [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1361439 [ 6 ] Bug #1503087 - libxml2-2.9.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1503087 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libxml2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

6 years, 2 months

1
0
0 / 0

Fedora 27 Update: gnome-shell-extension-freon-33-1.fc27

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-5cf5b12436 2018-01-30 17:59:49.778488 -------------------------------------------------------------------------------- Name : gnome-shell-extension-freon Product : Fedora 27 Version : 33 Release : 1.fc27 URL : https://extensions.gnome.org/extension/841/freon/ Summary : GNOME Shell extension to display system temperature, voltage, and fan speed Description : Freon is a GNOME Shell extension for displaying the temperature of your CPU, hard disk, solid state, and video card (NVIDIA, Catalyst, and Bumblebee supported), as well as power supply voltage, and fan speed. You can choose which HDD/SSD or other devices to include, what temperature units to use, and how often to refresh the sensors readout, and they will appear in the GNOME Shell top bar. For the GPU temperature, you may need to install the vendor's driver for best results. -------------------------------------------------------------------------------- Update Information: Bump to upstream version 33, which fixes typos in the Russian and Ukrainian locales, and fixes an instability issue that could cause GNOME Shell to crash. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade gnome-shell-extension-freon' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

6 years, 2 months

1
0
0 / 0

Fedora 27 Update: youtube-dl-2018.01.21-1.fc27

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-c8899a0684 2018-01-30 17:59:49.778468 -------------------------------------------------------------------------------- Name : youtube-dl Product : Fedora 27 Version : 2018.01.21 Release : 1.fc27 URL : https://yt-dl.org Summary : A small command-line program to download online videos Description : Small command-line program to download videos from YouTube and other sites. -------------------------------------------------------------------------------- Update Information: Update to the latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1529821 - youtube-dl-2018.01.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1529821 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade youtube-dl' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

6 years, 2 months

1
0
0 / 0

Fedora 27 Update: libreoffice-5.4.4.2-4.fc27

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-5dc66c512a 2018-01-30 17:59:49.778448 -------------------------------------------------------------------------------- Name : libreoffice Product : Fedora 27 Version : 5.4.4.2 Release : 4.fc27 URL : http://www.libreoffice.org/ Summary : Free Software Productivity Suite Description : LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, LibreOffice also works transparently with a variety of file formats, including Microsoft Office File Formats. -------------------------------------------------------------------------------- Update Information: - hang in custom properties page on loss of focus -------------------------------------------------------------------------------- References: [ 1 ] Bug #1532323 - libreoffice5.4-writer-5.4.2.2-2.x86_64 locks up hard when I attempt to edit custom properties in a document https://bugzilla.redhat.com/show_bug.cgi?id=1532323 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libreoffice' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

6 years, 2 months

1
0
0 / 0

[SECURITY] Fedora 27 Update: transmission-2.92-12.fc27

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-499a02cc9d 2018-01-30 17:59:49.778428 -------------------------------------------------------------------------------- Name : transmission Product : Fedora 27 Version : 2.92 Release : 12.fc27 URL : http://www.transmissionbt.com Summary : A lightweight GTK+ BitTorrent client Description : Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end. -------------------------------------------------------------------------------- Update Information: Fix CVE patch, build with openssl-1.1.x -------------------------------------------------------------------------------- References: [ 1 ] Bug #1536185 - transmission-2.92-11.fc27 breaks rpc setups https://bugzilla.redhat.com/show_bug.cgi?id=1536185 [ 2 ] Bug #1468077 - Transmission-gtk: Update to support openssl 1.1 (rather than the compat package) https://bugzilla.redhat.com/show_bug.cgi?id=1468077 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade transmission' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

6 years, 2 months

1
0
0 / 0

Fedora 27 Update: mozjs52-52.6.0-1.fc27

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-a8af302f3f 2018-01-30 17:59:49.778409 -------------------------------------------------------------------------------- Name : mozjs52 Product : Fedora 27 Version : 52.6.0 Release : 1.fc27 URL : https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey Summary : SpiderMonkey JavaScript library Description : SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. -------------------------------------------------------------------------------- Update Information: mozjs52 52.6.0, including various security, stability and regression fixes from Firefox 52.6.0 ESR. For details, see https://www.mozilla.org/en- US/firefox/52.6.0/releasenotes/ -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mozjs52' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

6 years, 2 months

1
0
0 / 0

[SECURITY] Fedora 27 Update: gcab-1.0-1.fc27

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-87971e3c98 2018-01-30 17:59:49.778389 -------------------------------------------------------------------------------- Name : gcab Product : Fedora 27 Version : 1.0 Release : 1.fc27 URL : http://ftp.gnome.org/pub/GNOME/sources/gcab Summary : Cabinet file library and tool Description : gcab is a tool to manipulate Cabinet archive. -------------------------------------------------------------------------------- Update Information: New upstream release * This fixes the security bug known as CVE-2018-5345 * Add new API for fwupd * Do not encode timezone in generated files * Fix countless memory leaks when parsing corrupt files * Fix the calculation of the checksum on big endian machines * Switch to the Meson buildsystem -------------------------------------------------------------------------------- References: [ 1 ] Bug #1527062 https://bugzilla.redhat.com/show_bug.cgi?id=1527062 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade gcab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

6 years, 2 months

1
0
0 / 0

Fedora 27 Update: libappstream-glib-0.7.5-1.fc27

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-cdfc84a51c 2018-01-30 17:59:49.778368 -------------------------------------------------------------------------------- Name : libappstream-glib Product : Fedora 27 Version : 0.7.5 Release : 1.fc27 URL : http://people.freedesktop.org/~hughsient/appstream-glib/ Summary : Library for AppStream metadata Description : This library provides GObjects and helper methods to make it easy to read and write AppStream metadata. It also provides a simple DOM implementation that makes it easy to edit nodes and convert to and from the standardized XML representation. -------------------------------------------------------------------------------- Update Information: New upstream release Add more GObject Introspection annotations for Python Do not try to extract duplicate files in the icon theme packages Don't expect an enum when really passing a bitfield Fix a crash when calling as_release_add_location() directly Fix appstream-compose when using new-style desktop IDs Fix compile with GCab v1.0 Fix the arithmetic when fitting an image in 16:9 Generate icons and samples for emoji fonts Never change the default screenshot when processing AppData Support OARS v1.1 additions Use pngquant to make the application icons take up less space -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libappstream-glib' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

6 years, 2 months

1
0
0 / 0

[SECURITY] Fedora 27 Update: unbound-1.6.8-1.fc27

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-69316c5b7a 2018-01-30 17:59:49.778334 -------------------------------------------------------------------------------- Name : unbound Product : Fedora 27 Version : 1.6.8 Release : 1.fc27 URL : https://www.unbound.net/ Summary : Validating, recursive, and caching DNS(SEC) resolver Description : Unbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-15105 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1507049 - CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records https://bugzilla.redhat.com/show_bug.cgi?id=1507049 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade unbound' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

6 years, 2 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce January 2018