[SECURITY] Fedora 31 Update: dovecot-2.3.11.3-4.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-cd8b8f887b
2020-09-03 16:25:10.755647
--------------------------------------------------------------------------------
Name : dovecot
Product : Fedora 31
Version : 2.3.11.3
Release : 4.fc31
URL : http://www.dovecot.org/
Summary : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.
The SQL drivers and authentication plug-ins are in their subpackages.
--------------------------------------------------------------------------------
Update Information:
CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory. CVE-2020-12673: Dovecot's NTLM implementation does not
correctly check message buffer size, which leads to reading past
allocation which can lead to crash. CVE-2020-10967: lmtp/submission:
Issuing the RCPT command with an address that has the empty quoted string
as local-part causes the lmtp service to crash. CVE-2020-12674:
Dovecot's RPA mechanism implementation accepts zero-length message, which
leads to assert-crash later on.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 26 2020 Michal Hlavinka <mhlavink(a)redhat.com> - 1:2.3.11.3-4
- fix FTBFS on 32bit systems
* Mon Aug 17 2020 Jeff Law <law(a)redhat.com> - 1:2.3.11.3-2
- Disable LTO
* Sat Aug 15 2020 Michal Hlavinka <mhlavink(a)redhat.com> - 1:2.3.11.3-1
- CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
- CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
- CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:2.3.10.1-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:2.3.10.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1868539 - CVE-2020-12100 dovecot: Resource exhaustion via deeply nested MIME parts [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1868539
[ 2 ] Bug #1868540 - CVE-2020-12673 dovecot: Out of bound reads in dovecot NTLM implementation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1868540
[ 3 ] Bug #1868541 - CVE-2020-12674 dovecot: Crash due to assert in RPA implementation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1868541
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-cd8b8f887b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 9 months
Fedora 31 Update: singularity-3.6.2-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-d4b40b1a1b
2020-09-03 16:25:10.755637
--------------------------------------------------------------------------------
Name : singularity
Product : Fedora 31
Version : 3.6.2
Release : 1.fc31
URL : https://www.sylabs.io/singularity/
Summary : Application and environment virtualization
Description :
Singularity provides functionality to make portable
containers that can be used across host environments.
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream 3.6.2.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 26 2020 Dave Dykstra <dwd(a)fedoraproject.org> - 3.6.2-1
- Upgrade to upstream 3.6.2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1872838 - singularity-3.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1872838
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-d4b40b1a1b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 9 months
Fedora 31 Update: containernetworking-plugins-0.8.7-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-a0300e3588
2020-09-03 16:25:10.755627
--------------------------------------------------------------------------------
Name : containernetworking-plugins
Product : Fedora 31
Version : 0.8.7
Release : 1.fc31
URL : https://github.com/containernetworking/plugins
Summary : Libraries for writing CNI plugin
Description :
The CNI (Container Network Interface) project consists of a specification
and libraries for writing plugins to configure network interfaces in Linux
containers, along with a number of supported plugins. CNI concerns itself
only with network connectivity of containers and removing allocated resources
when the container is deleted.
--------------------------------------------------------------------------------
Update Information:
Autobuilt v0.8.7
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 26 2020 RH Container Bot <rhcontainerbot(a)fedoraproject.org> - 0.8.7-1
- autobuilt v0.8.7
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-a0300e3588' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 9 months
Fedora 31 Update: video-downloader-0.4.1-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-79f326f2cb
2020-09-03 16:25:10.755618
--------------------------------------------------------------------------------
Name : video-downloader
Product : Fedora 31
Version : 0.4.1
Release : 1.fc31
URL : https://github.com/Unrud/video-downloader
Summary : Download videos from websites like YouTube and many others
Description :
Download videos from websites with an easy-to-use interface. Provides the
following features:
- Convert videos to MP3
- Supports password-protected and private videos
- Download single videos or whole playlists
- Automatically selects a video format based on your preferred resolution
Based on youtube-dl.
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 26 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.4.1-1
- Update to 0.4.1
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-79f326f2cb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 9 months
Fedora 31 Update: klavaro-3.11-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-c34b21e1fb
2020-09-03 16:25:10.755608
--------------------------------------------------------------------------------
Name : klavaro
Product : Fedora 31
Version : 3.11
Release : 1.fc31
URL : http://klavaro.sourceforge.net/en/
Summary : Typing tutor
Description :
Klavaro is a touch typing tutor that is very flexible and supports
customizable keyboard layouts. Users can edit and save new or unknown
keyboard layouts, as the basic course provided by the program was
designed to not depend on specific layouts.
--------------------------------------------------------------------------------
Update Information:
Update to 3.11.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 20 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 3.11-1
- Update to 3.11
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-c34b21e1fb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 9 months
Fedora 31 Update: metamath-0.188-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-0e5f96bfa4
2020-09-03 16:25:10.755599
--------------------------------------------------------------------------------
Name : metamath
Product : Fedora 31
Version : 0.188
Release : 1.fc31
URL : http://us.metamath.org/
Summary : Construct mathematics from basic axioms
Description :
Metamath is a tiny language that can express theorems in abstract
mathematics, accompanied by proofs that can be verified by a computer
program. Metamath lets you see mathematics developed in complete detail
from first principles, with absolute rigor.
--------------------------------------------------------------------------------
Update Information:
Changes in version 0.188: - Add CONCLUSION FACT INTRODUCTION PARAGRAPH SCOLIA
SCOLION SUBSECTION TABLE to [bib] keywords - Update iset.mm to 19-Aug-2020
version - Update set.mm to 22-Aug-2020 version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 24 2020 Jerry James <loganjerry(a)gmail.com> - 0.188-1
- Version 0.188
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1872025 - metamath-0.188 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1872025
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-0e5f96bfa4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 9 months
Fedora 31 Update: golang-github-ubccr-kerby-0-0.1.20200826git201a958.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-03ad94fc0d
2020-09-03 16:25:10.755589
--------------------------------------------------------------------------------
Name : golang-github-ubccr-kerby
Product : Fedora 31
Version : 0
Release : 0.1.20200826git201a958.fc31
URL : https://github.com/ubccr/kerby
Summary : Go wrapper for Kerberos GSSAPI
Description :
Go wrapper for Kerberos GSSAPI.
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-03ad94fc0d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 9 months
Fedora 31 Update: exiv2-0.27.3-3.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-d0feaf0804
2020-09-03 16:25:10.755579
--------------------------------------------------------------------------------
Name : exiv2
Product : Fedora 31
Version : 0.27.3
Release : 3.fc31
URL : http://www.exiv2.org/
Summary : Exif and Iptc metadata manipulation library
Description :
A command line utility to access image metadata, allowing one to:
* print the Exif metadata of Jpeg images as summary info, interpreted values,
or the plain data for each tag
* print the Iptc metadata of Jpeg images
* print the Jpeg comment of Jpeg images
* set, add and delete Exif and Iptc metadata of Jpeg images
* adjust the Exif timestamp (that's how it all started...)
* rename Exif image files according to the Exif timestamp
* extract, insert and delete Exif metadata (including thumbnails),
Iptc metadata and Jpeg comments
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.27.3-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.27.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 30 2020 Rex Dieter <rdieter(a)fedoraproject.org> - 0.27.3-1
- 0.27.3
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.27.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1869021 - New version of exiv2 0.27.3 missing in current version Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=1869021
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-d0feaf0804' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 9 months
Fedora 31 Update: wofi-1.2.1-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-bcf80c4f26
2020-09-03 16:25:10.755569
--------------------------------------------------------------------------------
Name : wofi
Product : Fedora 31
Version : 1.2.1
Release : 1.fc31
URL : https://hg.sr.ht/~scoopta/wofi
Summary : Wofi is a launcher/menu program for wlroots based wayland compositors such as sway
Description :
Wofi is a launcher/menu program for wlroots based wayland compositors such as sway.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 23 2020 Stefano Figura <stefano(a)figura.im> - 1.2.1-1
- Update to version 1.2.1
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-bcf80c4f26' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 9 months
Fedora 31 Update: trustedqsl-2.5.4-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-e41df58bfb
2020-09-03 16:25:10.755559
--------------------------------------------------------------------------------
Name : trustedqsl
Product : Fedora 31
Version : 2.5.4
Release : 1.fc31
URL : http://sourceforge.net/projects/trustedqsl/
Summary : Tool for digitally signing Amateur Radio QSO records
Description :
The TrustedQSL applications are used for generating digitally signed
QSO records (records of Amateur Radio contacts). This package
contains the GUI applications tqslcert and tqsl.
--------------------------------------------------------------------------------
Update Information:
This version of Trusted QSL (TQSL) has new features as well as corrections for
defects found since TQSL 2.5.3 was released. This release also includes an
update to the most recent TQSL configuration file. Two serious defects in TQSL
were corrected in this release. One related to long callsigns; LoTW has always
limited callsigns to 13 characters, but TQSL did not properly enforce that,
leading to erratic behavior when longer callsigns were used. LoTW and TQSL now
both properly enforce a 20 character limit. The second issue related to
operators with multiple callsign certificates with the same callsign for more
than one DXCC entity. TQSL could choose the wrong callsign certificate,
uploading QSOs signed for the incorrect entity. TQSL now properly selects the
right callsign certificate.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 29 2020 Richard Shaw <hobbes1069(a)gmail.com> - 2.5.4-1
- Update to 2.5.4.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1821952 - trustedqsl-2.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1821952
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-e41df58bfb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 9 months