[SECURITY] Fedora 30 Update: libssh2-1.9.0-1.fc30
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-9d85600fc7
2019-08-02 01:00:43.011657
--------------------------------------------------------------------------------
Name : libssh2
Product : Fedora 30
Version : 1.9.0
Release : 1.fc30
URL : http://www.libssh2.org/
Summary : A library implementing the SSH2 protocol
Description :
libssh2 is a library implementing the SSH2 protocol as defined by
Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),
SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,
SECSH-DHGEX(04), and SECSH-NUMBERS(10).
--------------------------------------------------------------------------------
Update Information:
A vulnerability was discovered in libssh2 before 1.9.0,
`kex_method_diffie_hellman_group_exchange_sha256_key_exchange` in `kex.c` has an
integer overflow that could lead to an out-of-bounds write in the way packets
are read from the server. A remote attacker who compromises a SSH server may be
able to execute code on the client system when a user connects to the server.
This is related to an `_libssh2_check_length` mistake, and is different from the
various issues fixed in 1.8.1, such as CVE-2019-3855. This update, to the
latest current upstream release 1.9.0, addresses this security issue and also
includes a number of other bug fixes and enhancements as described in the
package changelog.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 20 2019 Paul Howarth <paul(a)city-fan.org> - 1.9.0-1
- Update to 1.9.0
- Fixed integer overflow leading to out-of-bounds read (CVE-2019-13115)
- Adds ECDSA keys and host key support when using OpenSSL
- Adds ED25519 key and host key support when using OpenSSL 1.1.1
- Adds OpenSSH style key file reading
- Adds AES CTR mode support when using WinCNG
- Adds PEM passphrase protected file support for libgcrypt and WinCNG
- Adds SHA256 hostkey fingerprint
- Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
- Adds explicit zeroing of sensitive data in memory
- Adds additional bounds checks to network buffer reads
- Adds the ability to use the server default permissions when creating sftp directories
- Adds support for building with OpenSSL no engine flag
- Adds support for building with LibreSSL
- Increased sftp packet size to 256k
- Fixed oversized packet handling in sftp
- Fixed building with OpenSSL 1.1
- Fixed a possible crash if sftp stat gets an unexpected response
- Fixed incorrect parsing of the KEX preference string value
- Fixed conditional RSA and AES-CTR support
- Fixed a small memory leak during the key exchange process
- Fixed a possible memory leak of the ssh banner string
- Fixed various small memory leaks in the backends
- Fixed possible out of bounds read when parsing public keys from the server
- Fixed possible out of bounds read when parsing invalid PEM files
- No longer null terminates the scp remote exec command
- Now handle errors when Diffie Hellman key pair generation fails
- Fixed compiling on Windows with the flag STDCALL=ON
- Improved building instructions
- Improved unit tests
- Needs OpenSSL ��� 1.0.1 now as ECC support is assumed
- Modernize spec somewhat as EL-6 can no longer be supported
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1731324 - CVE-2019-13115 libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write
https://bugzilla.redhat.com/show_bug.cgi?id=1731324
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-9d85600fc7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 10 months
Fedora 30 Update: slick-greeter-1.2.6-1.fc30
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-1db25e34ab
2019-08-02 01:00:43.011633
--------------------------------------------------------------------------------
Name : slick-greeter
Product : Fedora 30
Version : 1.2.6
Release : 1.fc30
URL : https://github.com/linuxmint/slick-greeter
Summary : A slick-looking LightDM greeter
Description :
A cross-distro LightDM greeter based on unity-greeter.
--------------------------------------------------------------------------------
Update Information:
Cinnamon-4.2.x release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1.2.6-1
- Update to 1.2.6 release
* Mon Jul 1 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1.2.5-1
- Update to 1.2.5 release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 10 months
Fedora 30 Update: xreader-2.2.2-1.fc30
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-1db25e34ab
2019-08-02 01:00:43.011633
--------------------------------------------------------------------------------
Name : xreader
Product : Fedora 30
Version : 2.2.2
Release : 1.fc30
URL : https://github.com/linuxmint/xreader
Summary : Simple document viewer
Description :
X-Apps Document Reader is a document viewer capable of displaying
multiple and single page document formats like PDF and PostScript.
--------------------------------------------------------------------------------
Update Information:
Cinnamon-4.2.x release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 2.2.2-1
- Update to 2.2.2 release
* Sun Jun 30 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 2.2.1-1
- Update to 2.2.1 release
* Sat Jun 29 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 2.2.0-1
- Update to 2.2.0 release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 10 months
Fedora 30 Update: xapps-1.4.8-1.fc30
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-1db25e34ab
2019-08-02 01:00:43.011633
--------------------------------------------------------------------------------
Name : xapps
Product : Fedora 30
Version : 1.4.8
Release : 1.fc30
URL : https://github.com/linuxmint/xapps
Summary : Common files for XApp desktop apps
Description :
This package includes files that are shared between several XApp
apps (i18n files and configuration schemas).
--------------------------------------------------------------------------------
Update Information:
Cinnamon-4.2.x release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 11 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1.4.8-1
- Update to 1.4.8 release
* Sun Jun 23 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1.4.7-1
- Update to 1.4.7 release
* Fri Jun 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1.4.6-1
- Update to 1.4.6 release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 10 months
Fedora 30 Update: muffin-4.2.1-1.fc30
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-1db25e34ab
2019-08-02 01:00:43.011633
--------------------------------------------------------------------------------
Name : muffin
Product : Fedora 30
Version : 4.2.1
Release : 1.fc30
URL : https://github.com/linuxmint/muffin
Summary : Window and compositing manager based on Clutter
Description :
Muffin is a window and compositing manager that displays and manages
your desktop via OpenGL. Muffin combines a sophisticated display engine
using the Clutter toolkit with solid window-management logic inherited
from the Metacity window manager.
Muffin is very extensible via plugins, which
are used both to add fancy visual effects and to rework the window
management behaviors to meet the needs of the environment.
--------------------------------------------------------------------------------
Update Information:
Cinnamon-4.2.x release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.1-1
- Update to 4.2.1 release
* Sat Jul 6 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.0-3
- Revert last commit
* Sat Jul 6 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.0-2
- Add upstream pull request
* Fri Jun 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.0-1
- Update to 4.2.0 release
* Wed Jun 12 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.6.20190611git6b11adb
- Update snapshot
* Wed Jun 5 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.5.20190604git5774eb2
- Add upstream pull request #514
* Wed Jun 5 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.4.20190604git5774eb2
- Update snapshot
* Wed Apr 17 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.3.20190417gitc72054b
- Update snapshot
* Tue Apr 16 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.2.20190416gitb625cfb
- Update snapshot
* Fri Apr 5 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-0.1.20190405git462a534
- Update to git master snapshot
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 10 months
Fedora 30 Update: nemo-extensions-4.2.0-1.fc30
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-1db25e34ab
2019-08-02 01:00:43.011633
--------------------------------------------------------------------------------
Name : nemo-extensions
Product : Fedora 30
Version : 4.2.0
Release : 1.fc30
URL : https://github.com/linuxmint/nemo-extensions
Summary : Extensions for Nemo
Description :
Extensions for Nemo
--------------------------------------------------------------------------------
Update Information:
Cinnamon-4.2.x release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 23 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.0-1
- Update to 4.2.0 release
* Thu Jun 6 2019 Leigh Scott <leigh123linux(a)gmail.com> - 4.0.0-4
- Readd nemo-seahorse (rhbz #1716999)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 10 months
Fedora 30 Update: xed-2.2.1-1.fc30
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-1db25e34ab
2019-08-02 01:00:43.011633
--------------------------------------------------------------------------------
Name : xed
Product : Fedora 30
Version : 2.2.1
Release : 1.fc30
URL : https://github.com/linuxmint/xed
Summary : X-Apps [Text] Editor (Cross-DE, backward-compatible, GTK3, traditional UI)
Description :
Xed is a small, but powerful text editor. It has most standard text
editor functions and fully supports international text in Unicode.
Advanced features include syntax highlighting and automatic indentation
of source code, printing and editing of multiple documents in one window.
Xed is extensible through a plugin system, which currently includes
support for spell checking, comparing files, viewing CVS ChangeLogs, and
adjusting indentation levels.
--------------------------------------------------------------------------------
Update Information:
Cinnamon-4.2.x release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 2.2.1-1
- Update to 2.2.1 release
* Sat Jun 29 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 2.2.0-1
- Update to 2.2.0 release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 10 months
Fedora 30 Update: python-xapp-1.6.0-1.fc30
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-1db25e34ab
2019-08-02 01:00:43.011633
--------------------------------------------------------------------------------
Name : python-xapp
Product : Fedora 30
Version : 1.6.0
Release : 1.fc30
URL : https://github.com/linuxmint/python-xapp
Summary : Python bindings for xapps
Description :
Python bindings for xapps.
--------------------------------------------------------------------------------
Update Information:
Cinnamon-4.2.x release
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 17 2019 Leigh Scott <leigh123linux(a)gmail.com> - 1.6.0-1
- Update to 1.6.0 release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 10 months
Fedora 30 Update: cjs-4.2.0-1.fc30
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-1db25e34ab
2019-08-02 01:00:43.011633
--------------------------------------------------------------------------------
Name : cjs
Product : Fedora 30
Version : 4.2.0
Release : 1.fc30
URL : https://github.com/linuxmint/cjs
Summary : Javascript Bindings for Cinnamon
Description :
Cjs allows using Cinnamon libraries from Javascript. It's based on the
Spidermonkey Javascript engine from Mozilla and the GObject introspection
framework.
--------------------------------------------------------------------------------
Update Information:
Cinnamon-4.2.x release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 1:4.2.0-1
- Update to 4.2.0 release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 10 months
Fedora 30 Update: nemo-4.2.1-1.fc30
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-1db25e34ab
2019-08-02 01:00:43.011633
--------------------------------------------------------------------------------
Name : nemo
Product : Fedora 30
Version : 4.2.1
Release : 1.fc30
URL : https://github.com/linuxmint/nemo
Summary : File manager for Cinnamon
Description :
Nemo is the file manager and graphical shell for the Cinnamon desktop
that makes it easy to manage your files and the rest of your system.
It allows to browse directories on local and remote filesystems, preview
files and launch applications associated with them.
It is also responsible for handling the icons on the Cinnamon desktop.
--------------------------------------------------------------------------------
Update Information:
Cinnamon-4.2.x release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 14 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.1-1
- Update to 4.2.1 release
* Sun Jun 23 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.2.0-1
- Update to 4.2.0 release
* Tue Jun 18 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.6-3
- Fix gtk-3.24.8 scroll issue
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1db25e34ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years, 10 months