August 2019 - package-announce - Fedora Mailing-Lists

[SECURITY] Fedora 30 Update: libssh2-1.9.0-1.fc30

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-9d85600fc7 2019-08-02 01:00:43.011657 -------------------------------------------------------------------------------- Name : libssh2 Product : Fedora 30 Version : 1.9.0 Release : 1.fc30 URL : http://www.libssh2.org/ Summary : A library implementing the SSH2 protocol Description : libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). -------------------------------------------------------------------------------- Update Information: A vulnerability was discovered in libssh2 before 1.9.0, `kex_method_diffie_hellman_group_exchange_sha256_key_exchange` in `kex.c` has an integer overflow that could lead to an out-of-bounds write in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. This is related to an `_libssh2_check_length` mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. This update, to the latest current upstream release 1.9.0, addresses this security issue and also includes a number of other bug fixes and enhancements as described in the package changelog. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 20 2019 Paul Howarth <paul(a)city-fan.org> - 1.9.0-1 - Update to 1.9.0 - Fixed integer overflow leading to out-of-bounds read (CVE-2019-13115) - Adds ECDSA keys and host key support when using OpenSSL - Adds ED25519 key and host key support when using OpenSSL 1.1.1 - Adds OpenSSH style key file reading - Adds AES CTR mode support when using WinCNG - Adds PEM passphrase protected file support for libgcrypt and WinCNG - Adds SHA256 hostkey fingerprint - Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() - Adds explicit zeroing of sensitive data in memory - Adds additional bounds checks to network buffer reads - Adds the ability to use the server default permissions when creating sftp directories - Adds support for building with OpenSSL no engine flag - Adds support for building with LibreSSL - Increased sftp packet size to 256k - Fixed oversized packet handling in sftp - Fixed building with OpenSSL 1.1 - Fixed a possible crash if sftp stat gets an unexpected response - Fixed incorrect parsing of the KEX preference string value - Fixed conditional RSA and AES-CTR support - Fixed a small memory leak during the key exchange process - Fixed a possible memory leak of the ssh banner string - Fixed various small memory leaks in the backends - Fixed possible out of bounds read when parsing public keys from the server - Fixed possible out of bounds read when parsing invalid PEM files - No longer null terminates the scp remote exec command - Now handle errors when Diffie Hellman key pair generation fails - Fixed compiling on Windows with the flag STDCALL=ON - Improved building instructions - Improved unit tests - Needs OpenSSL �� 1.0.1 now as ECC support is assumed - Modernize spec somewhat as EL-6 can no longer be supported -------------------------------------------------------------------------------- References: [ 1 ] Bug #1731324 - CVE-2019-13115 libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write https://bugzilla.redhat.com/show_bug.cgi?id=1731324 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-9d85600fc7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years, 10 months

1
0
0 / 0

Fedora 30 Update: slick-greeter-1.2.6-1.fc30

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-1db25e34ab 2019-08-02 01:00:43.011633 -------------------------------------------------------------------------------- Name : slick-greeter Product : Fedora 30 Version : 1.2.6 Release : 1.fc30 URL : https://github.com/linuxmint/slick-greeter Summary : A slick-looking LightDM greeter Description : A cross-distro LightDM greeter based on unity-greeter. -------------------------------------------------------------------------------- Update Information: Cinnamon-4.2.x release -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1.2.6-1 - Update to 1.2.6 release * Mon Jul 1 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1.2.5-1 - Update to 1.2.5 release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years, 10 months

1
0
0 / 0

Fedora 30 Update: xreader-2.2.2-1.fc30

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-1db25e34ab 2019-08-02 01:00:43.011633 -------------------------------------------------------------------------------- Name : xreader Product : Fedora 30 Version : 2.2.2 Release : 1.fc30 URL : https://github.com/linuxmint/xreader Summary : Simple document viewer Description : X-Apps Document Reader is a document viewer capable of displaying multiple and single page document formats like PDF and PostScript. -------------------------------------------------------------------------------- Update Information: Cinnamon-4.2.x release -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 2.2.2-1 - Update to 2.2.2 release * Sun Jun 30 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 2.2.1-1 - Update to 2.2.1 release * Sat Jun 29 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 2.2.0-1 - Update to 2.2.0 release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years, 10 months

1
0
0 / 0

Fedora 30 Update: xapps-1.4.8-1.fc30

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-1db25e34ab 2019-08-02 01:00:43.011633 -------------------------------------------------------------------------------- Name : xapps Product : Fedora 30 Version : 1.4.8 Release : 1.fc30 URL : https://github.com/linuxmint/xapps Summary : Common files for XApp desktop apps Description : This package includes files that are shared between several XApp apps (i18n files and configuration schemas). -------------------------------------------------------------------------------- Update Information: Cinnamon-4.2.x release -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 11 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1.4.8-1 - Update to 1.4.8 release * Sun Jun 23 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1.4.7-1 - Update to 1.4.7 release * Fri Jun 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1.4.6-1 - Update to 1.4.6 release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years, 10 months

1
0
0 / 0

Fedora 30 Update: muffin-4.2.1-1.fc30

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-1db25e34ab 2019-08-02 01:00:43.011633 -------------------------------------------------------------------------------- Name : muffin Product : Fedora 30 Version : 4.2.1 Release : 1.fc30 URL : https://github.com/linuxmint/muffin Summary : Window and compositing manager based on Clutter Description : Muffin is a window and compositing manager that displays and manages your desktop via OpenGL. Muffin combines a sophisticated display engine using the Clutter toolkit with solid window-management logic inherited from the Metacity window manager. Muffin is very extensible via plugins, which are used both to add fancy visual effects and to rework the window management behaviors to meet the needs of the environment. -------------------------------------------------------------------------------- Update Information: Cinnamon-4.2.x release -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.1-1 - Update to 4.2.1 release * Sat Jul 6 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.0-3 - Revert last commit * Sat Jul 6 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.0-2 - Add upstream pull request * Fri Jun 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.0-1 - Update to 4.2.0 release * Wed Jun 12 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.6.20190611git6b11adb - Update snapshot * Wed Jun 5 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.5.20190604git5774eb2 - Add upstream pull request #514 * Wed Jun 5 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.4.20190604git5774eb2 - Update snapshot * Wed Apr 17 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.3.20190417gitc72054b - Update snapshot * Tue Apr 16 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.2.20190416gitb625cfb - Update snapshot * Fri Apr 5 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.1.20190405git462a534 - Update to git master snapshot -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years, 10 months

1
0
0 / 0

Fedora 30 Update: nemo-extensions-4.2.0-1.fc30

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-1db25e34ab 2019-08-02 01:00:43.011633 -------------------------------------------------------------------------------- Name : nemo-extensions Product : Fedora 30 Version : 4.2.0 Release : 1.fc30 URL : https://github.com/linuxmint/nemo-extensions Summary : Extensions for Nemo Description : Extensions for Nemo -------------------------------------------------------------------------------- Update Information: Cinnamon-4.2.x release -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 23 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.0-1 - Update to 4.2.0 release * Thu Jun 6 2019 Leigh Scott <leigh123linux(a)gmail.com> - 4.0.0-4 - Readd nemo-seahorse (rhbz #1716999) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years, 10 months

1
0
0 / 0

Fedora 30 Update: xed-2.2.1-1.fc30

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-1db25e34ab 2019-08-02 01:00:43.011633 -------------------------------------------------------------------------------- Name : xed Product : Fedora 30 Version : 2.2.1 Release : 1.fc30 URL : https://github.com/linuxmint/xed Summary : X-Apps [Text] Editor (Cross-DE, backward-compatible, GTK3, traditional UI) Description : Xed is a small, but powerful text editor. It has most standard text editor functions and fully supports international text in Unicode. Advanced features include syntax highlighting and automatic indentation of source code, printing and editing of multiple documents in one window. Xed is extensible through a plugin system, which currently includes support for spell checking, comparing files, viewing CVS ChangeLogs, and adjusting indentation levels. -------------------------------------------------------------------------------- Update Information: Cinnamon-4.2.x release -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 2.2.1-1 - Update to 2.2.1 release * Sat Jun 29 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 2.2.0-1 - Update to 2.2.0 release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years, 10 months

1
0
0 / 0

Fedora 30 Update: python-xapp-1.6.0-1.fc30

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-1db25e34ab 2019-08-02 01:00:43.011633 -------------------------------------------------------------------------------- Name : python-xapp Product : Fedora 30 Version : 1.6.0 Release : 1.fc30 URL : https://github.com/linuxmint/python-xapp Summary : Python bindings for xapps Description : Python bindings for xapps. -------------------------------------------------------------------------------- Update Information: Cinnamon-4.2.x release -------------------------------------------------------------------------------- ChangeLog: * Fri May 17 2019 Leigh Scott <leigh123linux(a)gmail.com> - 1.6.0-1 - Update to 1.6.0 release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years, 10 months

1
0
0 / 0

Fedora 30 Update: cjs-4.2.0-1.fc30

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-1db25e34ab 2019-08-02 01:00:43.011633 -------------------------------------------------------------------------------- Name : cjs Product : Fedora 30 Version : 4.2.0 Release : 1.fc30 URL : https://github.com/linuxmint/cjs Summary : Javascript Bindings for Cinnamon Description : Cjs allows using Cinnamon libraries from Javascript. It's based on the Spidermonkey Javascript engine from Mozilla and the GObject introspection framework. -------------------------------------------------------------------------------- Update Information: Cinnamon-4.2.x release -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1:4.2.0-1 - Update to 4.2.0 release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years, 10 months

1
0
0 / 0

Fedora 30 Update: nemo-4.2.1-1.fc30

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-1db25e34ab 2019-08-02 01:00:43.011633 -------------------------------------------------------------------------------- Name : nemo Product : Fedora 30 Version : 4.2.1 Release : 1.fc30 URL : https://github.com/linuxmint/nemo Summary : File manager for Cinnamon Description : Nemo is the file manager and graphical shell for the Cinnamon desktop that makes it easy to manage your files and the rest of your system. It allows to browse directories on local and remote filesystems, preview files and launch applications associated with them. It is also responsible for handling the icons on the Cinnamon desktop. -------------------------------------------------------------------------------- Update Information: Cinnamon-4.2.x release -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.1-1 - Update to 4.2.1 release * Sun Jun 23 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.0-1 - Update to 4.2.0 release * Tue Jun 18 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.6-3 - Fix gtk-3.24.8 scroll issue -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce August 2019