The following Fedora 35 Security updates need testing:
Age URL
230
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-357cc1a81b
knot-resolver-5.5.3-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a27e239f5a
python3.6-3.6.15-5.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b197d64471 bind-9.16.33-1.fc35
bind-dyndb-ldap-11.9-16.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-204ee3da84
unbound-1.16.3-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bafb72fdc0 efl-1.26.3-1.fc35
enlightenment-0.25.4-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3dd3274ae2
libdxfrw-1.1.0-0.1.rc1.fc35 librecad-2.2.0-0.15.rc4.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-cdeabe1bc0
postgresql-jdbc-42.2.26-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3ca063941b
chromium-105.0.5195.125-2.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-23e6ee1fb9 squid-5.7-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-07dd9375b2
scala-2.13.9-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c26b19568d
lighttpd-1.4.67-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5b644a935b bash-5.1.8-3.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-58055cb1ef
nodejs-16.17.1-1.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
48
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bca7996d14
annobin-10.81-1.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-99b0503127
libreport-2.17.4-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fa8da9a4b5
zchunk-1.2.3-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b6f216be9a
selinux-policy-35.19-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-97f6c4fd2a
libblockdev-2.28-2.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f292a3fec5
python-urllib3-1.26.12-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-22e2ce7a16
shadow-utils-4.9-11.fc35
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-64e32530e5
mtools-4.0.41-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-68ba1f1566
appstream-data-35-8.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ece971e713
langtable-0.0.60-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-204ee3da84
unbound-1.16.3-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-642c095091
dnf-plugins-core-4.3.1-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-341937ef95
hwdata-0.362-2.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-38bd922ff7
libbluray-1.3.3-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-17a4844b47
tzdata-2022d-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-cd0501fc8f
ima-evm-utils-1.3.2-4.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5b644a935b bash-5.1.8-3.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-53d671cb30 rsync-3.2.6-2.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-633a821ca7
kernel-5.19.12-100.fc35
The following builds have been pushed to Fedora 35 updates-testing
booth-1.0-251.4.bfb2f92.git.fc35
datovka-4.21.0-1.fc35
dh-make-2.202203-1.fc35
expat-2.4.9-1.fc35
linux-firmware-20220913-140.fc35
minigalaxy-1.2.2-1.fc35
mold-1.5.1-1.fc35
php-8.0.24-1.fc35
php-twig-1.44.7-1.fc35
php-twig2-2.15.3-1.fc35
php-twig3-3.4.3-1.fc35
rust-cast-0.3.0-1.fc35
rust-criterion-0.3.5-5.fc35
rust-criterion-plot-0.4.4-4.fc35
samba-4.15.10-0.fc35
thunderbird-102.3.1-1.fc35
voms-api-java-3.3.2-9.fc35
wireshark-3.6.8-1.fc35
Details about builds:
================================================================================
booth-1.0-251.4.bfb2f92.git.fc35 (FEDORA-2022-e0a87993b8)
Ticket Manager for Multi-site Clusters
--------------------------------------------------------------------------------
Update Information:
Remove Alias directive from booth@.service unit file ---- Security fix for
CVE-2022-2553
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Jan Friesse <jfriesse(a)redhat.com> - 1.0-251.4.bfb2f92.git
- Remove Alias directive from booth@.service unit file
* Thu Jul 28 2022 Jan Friesse <jfriesse(a)redhat.com> - 1.0-251.3.bfb2f92.git
- Fix authfile directive handling in booth config file
(fixes CVE-2022-2553)
- Add enable-authfile option
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2109251 - CVE-2022-2553 booth: authfile directive in booth config file is
completely ignored.
https://bugzilla.redhat.com/show_bug.cgi?id=2109251
--------------------------------------------------------------------------------
================================================================================
datovka-4.21.0-1.fc35 (FEDORA-2022-22010da78c)
A free graphical interface for Czech Databox (Datov�� schr��nky)
--------------------------------------------------------------------------------
Update Information:
This is new version of datovka.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.21.0-1
- New version
Resolves: rhbz#2130187
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.20.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2130187 - datovka-4.21.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2130187
--------------------------------------------------------------------------------
================================================================================
dh-make-2.202203-1.fc35 (FEDORA-2022-e5678be630)
Tool that converts source archives into Debian package source
--------------------------------------------------------------------------------
Update Information:
Update dh-make to 2.202203 (#2127660)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 S��rgio Basto <sergio(a)serjux.com> - 2.202203-1
- Update dh-make to 2.202203 (#2127660)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2127660 - dh-make-2.202203 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2127660
--------------------------------------------------------------------------------
================================================================================
expat-2.4.9-1.fc35 (FEDORA-2022-c68d90efc3)
An XML parser library
--------------------------------------------------------------------------------
Update Information:
Rebase to 2.4.9
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Tomas Korbar <tkorbar(a)redhat.com> - 2.4.9-1
- Rebase to 2.4.9
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Apr 8 2022 Tomas Korbar <tkorbar(a)redhat.com> - 2.4.8-1
- Rebase to version 2.4.8
- Resolves: rhbz#2069454
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2130777 - CVE-2022-40674 expat: a use-after-free in the doContent function in
xmlparse.c [fedora-35]
https://bugzilla.redhat.com/show_bug.cgi?id=2130777
--------------------------------------------------------------------------------
================================================================================
linux-firmware-20220913-140.fc35 (FEDORA-2022-bdc70ae90d)
Firmware files used by the Linux kernel
--------------------------------------------------------------------------------
Update Information:
Update to upstream 20220913 release: * amdgpu: update yellow carp DMCUB
firmware * amdgpu: add firmware for VCN 3.1.2 IP block * amdgpu: add firmware
for SDMA 5.2.6 IP block * amdgpu: add firmware for PSP 13.0.5 IP block * amdgpu:
add firmware for GC 10.3.6 IP block * amdgpu: add firmware for DCN 3.1.5 IP
block * qcom: rename Lenovo ThinkPad X13s firmware paths * rtw89: 8852c: update
fw to v0.27.42.0 * Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146 *
amdgpu: update beige goby/dimgrey cavefish/navy flounder/sienna cichlid VCN
firmware * rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33 * mediatek:
reference the LICENCE file for MediaTek firmwares
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Peter Robinson <pbrobinson(a)fedoraproject.org> - 20220913-140
- Update to upstream 20220913 release
- amdgpu: update yellow carp DMCUB firmware
- amdgpu: add firmware for VCN 3.1.2 IP block
- amdgpu: add firmware for SDMA 5.2.6 IP block
- amdgpu: add firmware for PSP 13.0.5 IP block
- amdgpu: add firmware for GC 10.3.6 IP block
- amdgpu: add firmware for DCN 3.1.5 IP block
- qcom: rename Lenovo ThinkPad X13s firmware paths
- rtw89: 8852c: update fw to v0.27.42.0
- Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146
- amdgpu: update beige goby/dimgrey cavefish/navy flounder/sienna cichlid VCN firmware
- rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33
- mediatek: reference the LICENCE file for MediaTek firmwares
--------------------------------------------------------------------------------
================================================================================
minigalaxy-1.2.2-1.fc35 (FEDORA-2022-8086dab487)
GOG client for Linux that lets you download and play your GOG Linux games
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 1.2.2-1
- chore(update): 1.2.2
--------------------------------------------------------------------------------
================================================================================
mold-1.5.1-1.fc35 (FEDORA-2022-8459471741)
A Modern Linker
--------------------------------------------------------------------------------
Update Information:
Bump version to 1.5.1 (#2130132)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Christoph Erhardt <fedora(a)sicherha.de> - 1.5.1-1
- Bump version to 1.5.1 (#2130132)
- Switch to CMake build
- Remove obsolete dependencies
- Add new supported architectures
- Refresh patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2130132 - mold-1.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2130132
--------------------------------------------------------------------------------
================================================================================
php-8.0.24-1.fc35 (FEDORA-2022-afdea1c747)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
**PHP version 8.0.24** (29 Sep 2022) **Core:** * Fixed bug
[
GH-9323](https://github.com/php/php-src/issues/9323) (Crash in
ZEND_RETURN/GC/zend_call_function) (Tim Starling) * Fixed bug
[
GH-9361](https://github.com/php/php-src/issues/9361) (Segmentation fault on
script exit php#9379). (cmb, Christian Schneider) * Fixed bug
[
GH-9407](https://github.com/php/php-src/issues/9407) (LSP error in eval'd code
refers to wrong class for static type). (ilutov) * Fixed bug php#81727: Don't
mangle HTTP variable names that clash with ones that have a specific semantic
meaning. (**CVE-2022-31629**). (Derick) **DOM:** * Fixed bug php#79451
(DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman)
**FPM:** * Fixed bug [
GH-8885](https://github.com/php/php-src/issues/8885) (FPM
access.log with stderr begins to write logs to error_log after daemon reload).
(Dmitry Menshikov) * Fixed bug php#77780 ("Headers already sent..." when
previous connection was aborted). (Jakub Zelenka) **GMP** * Fixed bug
[
GH-9308](https://github.com/php/php-src/issues/9308) (GMP throws the wrong
error when a GMP object is passed to gmp_init()). (Girgias) **Intl** * Fixed
bug [
GH-9421](https://github.com/php/php-src/issues/9421) (Incorrect argument
number for ValueError in NumberFormatter). (Girgias) **Phar:** * Fixed bug
php#81726: phar wrapper: DOS when using quine gzip file. (**CVE-2022-31628**).
(cmb) **PDO_PGSQL:** * Fixed bug [
GH-9411](https://github.com/php/php-
src/issues/9411) (PgSQL large object resource is incorrectly closed).
(Yurunsoft) **Reflection:** * Fixed bug [
GH-8932](https://github.com/php/php-
src/issues/8932) (ReflectionFunction provides no way to get the called class of
a Closure). (cmb, Nicolas Grekas) * Fixed bug
[
GH-9409](https://github.com/php/php-src/issues/9409) (Private method is
incorrectly dumped as "overwrites"). (ilutov) **Streams:** * Fixed bug
[
GH-9316](https://github.com/php/php-src/issues/9316) ($http_response_header is
wrong for long status line). (cmb, timwolla)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Remi Collet <remi(a)remirepo.net> - 8.0.24-1
- Update to 8.0.24 -
http://www.php.net/releases/8_0_24.php
--------------------------------------------------------------------------------
================================================================================
php-twig-1.44.7-1.fc35 (FEDORA-2022-4490a4772d)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.44.7** (2022-09-28) * Fix a security issue on filesystem loader
(possibility to load a template outside a configured directory)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Remi Collet <remi(a)remirepo.net> - 1.44.7-1
- update to 1.44.7
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.44.6-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.44.6-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Nov 25 2021 Remi Collet <remi(a)remirepo.net> - 1.44.6-1
- update to 1.44.6 (no change)
- drop patch merged upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2130763 - CVE-2022-39261 php-twig: twig: Possibility to load a template
outside a configured directory when using the filesystem loader [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2130763
--------------------------------------------------------------------------------
================================================================================
php-twig2-2.15.3-1.fc35 (FEDORA-2022-d39b2a755b)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 2.15.3** (2022-09-28) * Fix a security issue on filesystem loader
(possibility to load a template outside a configured directory)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Remi Collet <remi(a)remirepo.net> - 2.15.3-1
- update to 2.15.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2130764 - CVE-2022-39261 php-twig2: twig: Possibility to load a template
outside a configured directory when using the filesystem loader [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2130764
--------------------------------------------------------------------------------
================================================================================
php-twig3-3.4.3-1.fc35 (FEDORA-2022-e915614918)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 3.4.3** (2022-09-28) * Fix a security issue on filesystem loader
(possibility to load a template outside a configured directory)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Remi Collet <remi(a)remirepo.net> - 3.4.3-1
- update to 3.4.3
--------------------------------------------------------------------------------
================================================================================
rust-cast-0.3.0-1.fc35 (FEDORA-2022-147ffe4dd6)
Ergonomic, checked cast functions for primitive types
--------------------------------------------------------------------------------
Update Information:
- Update the cast crate to version 0.3.0. - Bump the cast dependency in
criterion to 0.3. - Bump the cast dependency in criterion-plot to 0.3
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.3.0-1
- Update to version 0.3.0; Fixes RHBZ#2001213
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.2.7-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.2.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-criterion-0.3.5-5.fc35 (FEDORA-2022-147ffe4dd6)
Statistics-driven micro-benchmarking library
--------------------------------------------------------------------------------
Update Information:
- Update the cast crate to version 0.3.0. - Bump the cast dependency in
criterion to 0.3. - Bump the cast dependency in criterion-plot to 0.3
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.3.5-5
- Skip a flaky / timing-dependent integration test
* Thu Sep 29 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.3.5-4
- Bump cast from 0.2 to 0.3
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.3.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.3.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-criterion-plot-0.4.4-4.fc35 (FEDORA-2022-147ffe4dd6)
Criterion's plotting library
--------------------------------------------------------------------------------
Update Information:
- Update the cast crate to version 0.3.0. - Bump the cast dependency in
criterion to 0.3. - Bump the cast dependency in criterion-plot to 0.3
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.4.4-4
- Bump cast from 0.2 to 0.3
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.4.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.4.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
samba-4.15.10-0.fc35 (FEDORA-2022-55648ecee1)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
Update Information:
Update to Samba 4.15.10
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 28 2022 Guenther Deschner <gdeschner(a)redhat.com> - 4.15.10-0
- Update to Samba 4.15.10
--------------------------------------------------------------------------------
================================================================================
thunderbird-102.3.1-1.fc35 (FEDORA-2022-1454bee2fa)
Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:
Update to 102.3.1 *
https://www.mozilla.org/en-
US/security/advisories/mfsa2022-43/ *
https://www.thunderbird.net/en-
US/thunderbird/102.3.1/releasenotes/ ---- Update to 102.3.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/ ;
https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Eike Rathke <erack(a)redhat.com> - 102.3.1-1
- Update to 102.3.1
* Wed Sep 21 2022 Eike Rathke <erack(a)redhat.com> - 102.3.0-1
- Update to 102.3.0
--------------------------------------------------------------------------------
================================================================================
voms-api-java-3.3.2-9.fc35 (FEDORA-2022-bc610d474e)
Virtual Organization Membership Service Java API
--------------------------------------------------------------------------------
Update Information:
Build fix.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 28 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 3.3.2-9
- Disable failing multi-thread test
- Disable tests using obsolete hashes (md5/sha1)
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.3.2-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jul 8 2022 Jiri Vanek <jvanek(a)redhat.com> - 3.3.2-7
- Rebuilt for Drop i686 JDKs
* Sat Feb 5 2022 Jiri Vanek <jvanek(a)redhat.com> - 3.3.2-6
- Rebuilt for java-17-openjdk as system jdk
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.3.2-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jan 14 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 3.3.2-4
- Disable failing tests due to changes in bouncycastle
--------------------------------------------------------------------------------
================================================================================
wireshark-3.6.8-1.fc35 (FEDORA-2022-2502173f3a)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
New version 3.6.8
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2022 Michal Ruprich <mruprich(a)redhat.com> - 1:3.6.8-1
- New version 3.6.8
- Fix for CVE-2022-3190
--------------------------------------------------------------------------------