[SECURITY] Fedora 32 Update: glibc-2.31-2.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-444c372453
2020-03-31 00:15:07.171430
--------------------------------------------------------------------------------
Name : glibc
Product : Fedora 32
Version : 2.31
Release : 2.fc32
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.
--------------------------------------------------------------------------------
Update Information:
This update incorporates fixes from the upstream glibc 2.31 stable release
branch, including 2 fixes for medium severity security vulnerabilities.
(CVE-2020-10029, CVE-2020-1752)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 19 2020 Patsy Griffin <patsy(a)redhat.com> - 2.31-2
- Auto-sync with upstream branch release/2.31/master,
commit ab029a2801d4ddfeade8f64a6e46ee7e47fde710.
- Fix use-after-free in glob when expanding ~user (bug 25414)
- Update syscall lists for Linux 5.5.
- NEWS: update list of bugs fixed on the 2.31 branch
- Add NEWS entry for CVE-2020-10029 (bug 25487)
- math/test-sinl-pseudo: Use stack protector only if available
- sparc: Move sigreturn stub to assembly
- arm: Fix softp-fp Implies (BZ #25635)
- linux/sysipc: Include linux/posix_types.h for __kernel_mode_t
- linux: Clear mode_t padding bits (BZ#25623)
- i386: Use comdat instead of .gnu.linkonce for i386 setup pic register (BZ #20543)
- Improve IFUNC check [BZ #25506]
- Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (bug 25487).
- malloc/tst-mallocfork2: Kill lingering process for unexpected failures
- riscv: Avoid clobbering register parameters in syscall
- microblaze: Avoid clobbering register parameters in syscall
- mips: Fix argument passing for inlined syscalls on Linux [BZ #25523]
- mips: Use 'long int' and 'long long int' in linux syscall code
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1810671 - CVE-2020-10029 glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1810671
[ 2 ] Bug #1811586 - CVE-2020-1752 glibc: use-after-free in glob() function when expanding ~user [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1811586
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-444c372453' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years
Fedora 32 Update: fedora-easy-karma-0-0.43.20191206git56f1e97.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-05f8e750df
2020-03-31 00:15:07.171414
--------------------------------------------------------------------------------
Name : fedora-easy-karma
Product : Fedora 32
Version : 0
Release : 0.43.20191206git56f1e97.fc32
URL : https://fedoraproject.org/wiki/Fedora_Easy_Karma
Summary : Fedora update feedback made easy
Description :
Fedora-easy-karma helps you to easily and fast provide feedback for all testing
updates that you have currently installed.
--------------------------------------------------------------------------------
Update Information:
- Proper Bodhi 4 Support - Legacy code cleanup (drop yum, py2 and old bodhi
support)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 24 2020 Frantisek Zatloukal <fzatlouk(a)redhat.com> - 0-0.43.20191206git56f1e97
- Proper Bodhi 4 Support
- Legacy code cleanup (drop yum, py2 and old bodhi support)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-05f8e750df' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years
[SECURITY] Fedora 32 Update: gd-2.3.0-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-e795f92d79
2020-03-31 00:15:07.171396
--------------------------------------------------------------------------------
Name : gd
Product : Fedora 32
Version : 2.3.0
Release : 1.fc32
URL : http://libgd.github.io/
Summary : A graphics library for quick creation of PNG or JPEG images
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste from
other images, and flood fills, and to write out the result as a PNG or
JPEG file. This is particularly useful in Web applications, where PNG
and JPEG are two of the formats accepted for inline images by most
browsers. Note that gd is not a paint program.
--------------------------------------------------------------------------------
Update Information:
**Version 2.3.0** - 2020-03-22 **Security** - Potential double-free in
gdImage*Ptr(). (CVE-2019-6978) - gdImageColorMatch() out of bounds write on
heap. (CVE-2019-6977) - Uninitialized read in gdImageCreateFromXbm().
(CVE-2019-11038) - Double-free in gdImageBmp. (CVE-2018-1000222) - Potential
NULL pointer dereference in gdImageClone(). (CVE-2018-14553) - Potential
infinite loop in gdImageCreateFromGifCtx(). (CVE-2018-5711) **Fixed** * Fix
#597: add codecov support - Fix #596: gdTransformAffineCopy run error - Fix
#589: Install dependencies move to .travis.yml - Fix #586:
gdTransformAffineCopy() segfaults on palette images - Fix #585:
gdTransformAffineCopy() changes interpolation method - Fix #584:
gdImageSetInterpolationMethod(im, GD_DEFAULT) inconsistent - Fix #583:
gdTransformAffineCopy() may use unitialized values - Fix #533: Remove cmake
modules - Fix #539: Add RAQM support for cmake - Fix #499: gdImageGifAnimAddPtr:
heap corruption with 2 identical images - Fix #486: gdImageCropAuto(���,
GD_CROP_SIDES) crops left but not right - Fix #485: auto cropping has
insufficient precision - Fix #479: Provide a suitable malloc function to liq -
Fix #474: libtiff link returns 404 HTTP code - Fix #450: Failed to open 1 bit
per pixel bitmap - Fix #440: new_width & new_height exception handling - Fix
#432: gdImageCrop neglecting transparency - Fix #420: Potential infinite loop in
gdImageCreateFromGifCtx - Fix #411: gd_gd.c format documentation appears to be
incorrect - Fix #369: Fix new_a init error in gdImageConvolution() - Fix #351:
gdImageFilledArc() doesn't properly draw pies - Fix #338: Fatal and normal
libjpeg/libpng errors not distinguishable - Fix #169: Update var type to hold
bigger w&h for ellipse - Fix #164: update doc files install directory in
CMakeLists.txt - Correct some test depend errors - Update cmake min version to
3.7 - Delete libimagequant source code download action in CMakeLists.txt -
Improve msys support - Fix some logic error in CMakeLists.txt - Remove the
following macro: HAVE_STDLIB_H, HAVE_STRING_H, HAVE_STDDEF_H, HAVE_LIMITS_H,
HAVE_ERRNO_H, AC_C_CONST ----- **Notice:** * fix for CVE-2018-5711,
CVE-2018-1000222, CVE-2019-6977, CVE-2019-6978, and CVE-2018-14553 were already
applied in previous packages. * gdlib-config command have been dropped
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 24 2020 Remi Collet <remi(a)remirepo.net> - 2.3.0-1
- update to 2.3.0
- add dependency on libraqm
- remove gdlib-config
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-e795f92d79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years
Fedora 32 Update: nohang-0.1-25.20200323gitdaca5cc.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-f133b1d4ce
2020-03-31 00:15:07.171379
--------------------------------------------------------------------------------
Name : nohang
Product : Fedora 32
Version : 0.1
Release : 25.20200323gitdaca5cc.fc32
URL : https://github.com/hakavlad/nohang
Summary : Highly configurable OOM prevention daemon
Description :
Nohang is a highly configurable daemon for Linux which is able to correctly
prevent out of memory (OOM) and keep system responsiveness in low memory
conditions.
To enable and start:
systemctl enable --now nohang
--------------------------------------------------------------------------------
Update Information:
Update to latest version ---- Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.1-25.20200323gitdaca5cc
- Update to latest git snapshot
* Tue Mar 17 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.1-24.20200317gitc70b824
- Update to latest git snapshot
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-f133b1d4ce' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years
Fedora 32 Update: python-micawber-0.5.1-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-addf51776c
2020-03-31 00:15:07.171362
--------------------------------------------------------------------------------
Name : python-micawber
Product : Fedora 32
Version : 0.5.1
Release : 1.fc32
URL : http://github.com/coleifer/micawber/
Summary : a small library for extracting rich content from urls
Description :
A small library for extracting rich content from urls. what does it do?
-micawber supplies a few methods for retrieving rich metadata about a variety
of links, such as links to youtube videos. micawber also provides functions for
parsing blocks of text and html and replacing links to videos with rich
embedded --here is a quick example:.. code-block:: python import micawber load
up rules for...
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable release. This update is minor and bug fix driven: *
Fix doc index page; * Updated twitter oembed provider; * Ensure "<" and ">" in
URL text are converted back to entities; * Additional test to improve coverage.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2020 Jos�� Matos <jamatos(a)fedoraproject.org> - 0.5.1-1
- Update to 0.5.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1761109 - python-micawber-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1761109
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-addf51776c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years
Fedora 32 Update: rpy-3.2.7-2.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-793d9f3cff
2020-03-31 00:15:07.171345
--------------------------------------------------------------------------------
Name : rpy
Product : Fedora 32
Version : 3.2.7
Release : 2.fc32
URL : https://pypi.python.org/pypi/rpy2
Summary : Python interface to the R language
Description :
RPy provides a robust Python interface to the R
programming language. It can manage all kinds of R objects and can
execute arbitrary R functions. All the errors from the R language are
converted to Python exceptions.
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable release.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2020 Jos�� Matos <jamatos(a)fedoraproject.org> - 3.2.7-2
- place BuildRequires in canonical form
- remove Requires since they are automatically provided
* Sun Mar 22 2020 Jos�� Matos <jamatos(a)fedoraproject.org> - 3.2.7-1
- update to 3.2.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1815916 - rpy-3.2.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1815916
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-793d9f3cff' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years
Fedora 32 Update: pseudo-1.9.0-10.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-29efd5f9a3
2020-03-31 00:15:07.171329
--------------------------------------------------------------------------------
Name : pseudo
Product : Fedora 32
Version : 1.9.0
Release : 10.fc32
URL : https://www.yoctoproject.org/software-item/pseudo/
Summary : Advanced tool for simulating superuser privileges
Description :
The pseudo utility offers a way to run commands in a virtualized "root"
environment, allowing ordinary users to run commands which give the illusion of
creating device nodes, changing file ownership, and otherwise doing things
necessary for creating distribution packages or filesystems.
Pseudo has a lot of similarities to fakeroot but is a new implementation that
improves on the problems seen using fakeroot. Pseudo is now extensively used by
Poky as a replacement to fakeroot but can also be used standalone in many other
use cases.
--------------------------------------------------------------------------------
Update Information:
Fix FTBFS.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2020 Dominik Mierzejewski <dominik(a)greysector.net> 1.9.0-10
- fix build with GCC-10
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1799899 - pseudo: FTBFS in Fedora rawhide/f32
https://bugzilla.redhat.com/show_bug.cgi?id=1799899
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-29efd5f9a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years
[SECURITY] Fedora 32 Update: okular-19.12.3-2.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-dcde488e68
2020-03-31 00:15:07.171312
--------------------------------------------------------------------------------
Name : okular
Product : Fedora 32
Version : 19.12.3
Release : 2.fc32
URL : https://www.kde.org/applications/graphics/okular/
Summary : A document viewer
Description :
A document viewer.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-9359
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2020 Rex Dieter <rdieter(a)fedoraproject.org> - 19.12.3-2
- Security fix for CVE-2020-9359 (#1815651,1815652)
* Fri Mar 6 2020 Rex Dieter <rdieter(a)fedoraproject.org> - 19.12.3-1
- 19.12.3
* Tue Feb 4 2020 Rex Dieter <rdieter(a)fedoraproject.org> - 19.12.2-1
- 19.12.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1815651 - CVE-2020-9359 okular: local binary execution via specially crafted PDF files
https://bugzilla.redhat.com/show_bug.cgi?id=1815651
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-dcde488e68' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years
Fedora 32 Update: ocaml-zmq-5.1.3-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-0a941541db
2020-03-31 00:15:07.171267
--------------------------------------------------------------------------------
Name : ocaml-zmq
Product : Fedora 32
Version : 5.1.3
Release : 1.fc32
URL : https://github.com/issuu/ocaml-zmq
Summary : ZeroMQ bindings for OCaml
Description :
This library contains basic OCaml bindings for ZeroMQ.
--------------------------------------------------------------------------------
Update Information:
This library contains basic OCaml bindings for ZeroMQ.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1801423 - Review Request: ocaml-zmq - ZeroMQ bindings for OCaml
https://bugzilla.redhat.com/show_bug.cgi?id=1801423
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-0a941541db' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years
Fedora 32 Update: python-pytest-django-3.8.0-3.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-9750149e79
2020-03-31 00:15:07.171251
--------------------------------------------------------------------------------
Name : python-pytest-django
Product : Fedora 32
Version : 3.8.0
Release : 3.fc32
URL : https://pytest-django.readthedocs.io/
Summary : A Django plugin for pytest
Description :
pytest-django allows you to test your Django project/applications with the
pytest testing tool.
--------------------------------------------------------------------------------
Update Information:
Disable tests
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 21 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.8.0-3
- Disable tests
* Sat Feb 1 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.8.0-2
- Bump release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1786920 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1786920
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-9750149e79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
4 years