The following Fedora 37 Security updates need testing:
Age URL
42
https://bodhi.fedoraproject.org/updates/FEDORA-2023-4b892d116d
cutter-re-2.2.1-1.fc37 rizin-0.5.2-1.fc37
7
https://bodhi.fedoraproject.org/updates/FEDORA-2023-652b6e8847 dav1d-1.2.1-1.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2023-3b82f4aa86
python-reportlab-4.0.4-2.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-9dbd5b28d4 cups-2.4.6-1.fc37
The following Fedora 37 Critical Path updates have yet to be approved:
Age URL
58
https://bodhi.fedoraproject.org/updates/FEDORA-2023-22c8575b95 glibc-2.36-10.fc37
34
https://bodhi.fedoraproject.org/updates/FEDORA-2023-84965ba750 mesa-23.0.3-2.fc37
7
https://bodhi.fedoraproject.org/updates/FEDORA-2023-652b6e8847 dav1d-1.2.1-1.fc37
7
https://bodhi.fedoraproject.org/updates/FEDORA-2023-380b6ad4f5
perl-Net-HTTP-6.23-1.fc37
7
https://bodhi.fedoraproject.org/updates/FEDORA-2023-e7076d2d1b
libburn-1.5.6-1.fc37 libisoburn-1.5.6-1.fc37 libisofs-1.5.6-1.fc37
7
https://bodhi.fedoraproject.org/updates/FEDORA-2023-32e5053e33 aom-3.6.1-1.fc37
7
https://bodhi.fedoraproject.org/updates/FEDORA-2023-553e2d9578
tomcat-9.0.76-2.fc37
6
https://bodhi.fedoraproject.org/updates/FEDORA-2023-9feb3be6b1
annobin-12.14-1.fc37
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-3be0487f84 gdb-13.2-1.fc37
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-900143f74a sddm-0.20.0-1.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2023-b2e2b2829b
edk2-20230524-3.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2023-473d12a097 sssd-2.9.1-1.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2023-1be6532d43
perl-HTTP-Tiny-0.086-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-05ac97ade0
kernel-6.3.10-100.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-71977cbd52
rust-av-metrics-0.9.1-1.fc37 rust-av1-grain-0.2.2-1.fc37 rust-dav1d-sys-0.7.1-1.fc37
rust-maybe-rayon-0.1.1-1.fc37 rust-rav1e-0.6.6-1.fc37 rust-v_frame-0.3.4-1.fc37
rust-y4m-0.8.0-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-71a683d759 cockpit-295-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-9dbd5b28d4 cups-2.4.6-1.fc37
The following builds have been pushed to Fedora 37 updates-testing
aardvark-dns-1.7.0-1.fc37
firefox-114.0.2-2.fc37
giac-1.9.0.57-1.fc37
gramps-5.1.6-1.fc37
hddfancontrol-1.5.1-1.fc37
ibus-typing-booster-2.23.0-1.fc37
js8call-2.2.0-17.fc37
netavark-1.7.0-1.fc37
netdata-1.40.1-1.fc37
obs-build-20230628-426.1.1.fc37
poedit-3.3.2-1.fc37
python-aiokafka-0.8.1-1.fc37
python-diskcache-5.6.1-1.fc37
python-managesieve-0.7.1-6.fc37
python-trimesh-3.22.2-1.fc37
ruby-3.1.4-176.fc37
selinux-policy-37.22-1.fc37
webkitgtk-2.40.3-1.fc37
Details about builds:
================================================================================
aardvark-dns-1.7.0-1.fc37 (FEDORA-2023-c86444ddf6)
Authoritative DNS server for A/AAAA container records
--------------------------------------------------------------------------------
Update Information:
Automatic update for aardvark-dns-1.7.0-1.fc37. ##### **Changelog for aardvark-
dns** ``` * Thu Jun 29 2023 Packit <hello(a)packit.dev> - 1.7.0-1 - [packit]
1.7.0 upstream release ```
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Packit <hello(a)packit.dev> - 1.7.0-1
- [packit] 1.7.0 upstream release
--------------------------------------------------------------------------------
================================================================================
firefox-114.0.2-2.fc37 (FEDORA-2023-add3fda450)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
- Enabled PGO/LTO
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 22 2023 Martin Stransky <stransky(a)redhat.com>- 114.0.2-2
- Enable PGO/LTO again.
--------------------------------------------------------------------------------
================================================================================
giac-1.9.0.57-1.fc37 (FEDORA-2023-241e2dca83)
Computer Algebra System, Symbolic calculus, Geometry
--------------------------------------------------------------------------------
Update Information:
- Release 1.9.0 sub-57
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Antonio Trande <sagitter(a)fedoraproject.org> 1.9.0.57-1
- Update to 1.9.0 sub-57
* Wed Feb 1 2023 Antonio Trande <sagitter(a)fedoraproject.org> 1.9.0.37-1
- Update to 1.9.0 sub-37
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.9.0.35-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Jan 10 2023 Antonio Trande <sagitter(a)fedoraproject.org> 1.9.0.35-1
- Update to 1.9.0 sub-35
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2150422 - Crash on start-up
https://bugzilla.redhat.com/show_bug.cgi?id=2150422
[ 2 ] Bug #2217980 - giac-1.9.0.57 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2217980
--------------------------------------------------------------------------------
================================================================================
gramps-5.1.6-1.fc37 (FEDORA-2023-450c622942)
Genealogical Research and Analysis Management Programming System
--------------------------------------------------------------------------------
Update Information:
5.1.6
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 5.1.6-1
- 5.1.6
* Thu Jun 15 2023 Python Maint <python-maint(a)redhat.com> - 5.1.5-6
- Rebuilt for Python 3.12
* Tue Feb 28 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 5.1.5-5
- migrated to SPDX license
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.1.5-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2218697 - gramps-5.1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2218697
--------------------------------------------------------------------------------
================================================================================
hddfancontrol-1.5.1-1.fc37 (FEDORA-2023-c1a37547d3)
Control system fan speed by monitoring hard drive temperature
--------------------------------------------------------------------------------
Update Information:
- Update to 1.5.1 fixes rhbz#2217647
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Filipe Rosset <rosset.filipe(a)gmail.com> - 1.5.1-1
- Update to 1.5.1 fixes rhbz#2217647
* Thu Jun 15 2023 Python Maint <python-maint(a)redhat.com> - 1.5.0-6
- Rebuilt for Python 3.12
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2217647 - hddfancontrol-1.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2217647
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-2.23.0-1.fc37 (FEDORA-2023-f63d253d37)
A completion input method
--------------------------------------------------------------------------------
Update Information:
Update to 2.23.0 Translation update from Weblate (de 100%, ka 100%, nl 100%, sv
100%, uk 100%) configure.ac: eadd a warning about not using /usr/local as the
prefix (Resolves:
https://github.com/mike-fabian/ibus-typing-booster/issues/444)
Add an option to convert language specific digits to ASCII (Resolves:
https://github.com/mike-fabian/ibus-typing-booster/issues/445) Strip entered
autosettings value for boolean values Update emoji annotations from CLDR
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 28 2023 Mike FABIAN <mfabian(a)redhat.com> - 2.23.0-1
- Update to 2.23.0
- Translation update from Weblate (de 100%, ka 100%, nl 100%, sv 100%, uk 100%)
- configure.ac: add a warning about not using /usr/local as the prefix
(Resolves:
https://github.com/mike-fabian/ibus-typing-booster/issues/444)
- Add an option to convert language specific digits to ASCII
(Resolves:
https://github.com/mike-fabian/ibus-typing-booster/issues/445)
- Strip entered autosettings value for boolean values
- Update emoji annotations from CLDR
--------------------------------------------------------------------------------
================================================================================
js8call-2.2.0-17.fc37 (FEDORA-2023-1f04ee4977)
Amateur Radio message passing using FT8 modulation
--------------------------------------------------------------------------------
Update Information:
Add Appstream file for the software store.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 28 2023 Daniel Rusek <mail(a)asciiwolf.com> - 2.2.0-17
- Add an AppStream metainfo file
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.0-16
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2218205 - JS8Call has no AppStream metadata
https://bugzilla.redhat.com/show_bug.cgi?id=2218205
--------------------------------------------------------------------------------
================================================================================
netavark-1.7.0-1.fc37 (FEDORA-2023-27259952f7)
OCI network stack
--------------------------------------------------------------------------------
Update Information:
Automatic update for netavark-1.7.0-1.fc37.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Packit <hello(a)packit.dev> - 1.7.0-1
- [packit] 1.7.0 upstream release
--------------------------------------------------------------------------------
================================================================================
netdata-1.40.1-1.fc37 (FEDORA-2023-76cf1bcf13)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Didier Fabert <didier.fabert(a)gmail.com> 1.40.1-1
- Update from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2215364 - netdata-1.40.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2215364
--------------------------------------------------------------------------------
================================================================================
obs-build-20230628-426.1.1.fc37 (FEDORA-2023-7eabca8215)
A generic package build script
--------------------------------------------------------------------------------
Update Information:
New upstream release 20230628
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Dan ��erm��k <dan.cermak(a)cgc-instruments.com> - 20230628-1
- New upstream release 20230628, fixes rhbz#2218325
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2218325 - obs-build-20230628 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2218325
--------------------------------------------------------------------------------
================================================================================
poedit-3.3.2-1.fc37 (FEDORA-2023-576216ffd6)
GUI editor for GNU gettext .po files
--------------------------------------------------------------------------------
Update Information:
New upstream version 3.3.2
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 26 2023 Wolfgang St��ggl <c72578(a)yahoo.de> - 3.3.2-1
- New upstream version
--------------------------------------------------------------------------------
================================================================================
python-aiokafka-0.8.1-1.fc37 (FEDORA-2023-251f76ed99)
Asyncio client for Kafka
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.1 (resolve rhbz#2211696)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Roman Inflianskas <rominf(a)aiven.io> - 0.8.1-1
- Update to 0.8.1 (resolve rhbz#2211696)
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2211696 - python-aiokafka-0.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2211696
--------------------------------------------------------------------------------
================================================================================
python-diskcache-5.6.1-1.fc37 (FEDORA-2023-e4907a9426)
Python disk-backed cache
--------------------------------------------------------------------------------
Update Information:
Unretire package
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Benson Muite <benson_muite(a)emailplus.org> - 5.6.1-1
- Unretire package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2215710 - Review Request: python-diskcache - Python disk-backed cache
https://bugzilla.redhat.com/show_bug.cgi?id=2215710
--------------------------------------------------------------------------------
================================================================================
python-managesieve-0.7.1-6.fc37 (FEDORA-2023-d797723a3e)
Accessing a Sieve-Server for managing Sieve scripts
--------------------------------------------------------------------------------
Update Information:
Fix use of ssl.wrap_socket() (CWE-295: Improper Certificate Validation)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Sandro <devel(a)penguinpee.nl> - 0.7.1-6
- Add missing changelog entries
* Thu Jun 29 2023 Sandro <devel(a)penguinpee.nl> - 0.7.1-5
- Migrate to SPDX license
* Thu Jun 29 2023 Sandro <devel(a)penguinpee.nl> - 0.7.1-4
- Fix ssl.wrap_socket AttributeError
* Fri Jan 6 2023 Steve Traylen <steve.traylen(a)cern.ch> - 0.7.1-1
- Update to 0.7.1
- LICENSE file now included in release
- Migrate to pyproject macros
--------------------------------------------------------------------------------
================================================================================
python-trimesh-3.22.2-1.fc37 (FEDORA-2023-9753375d4e)
Import, export, process, analyze and view triangular meshes
--------------------------------------------------------------------------------
Update Information:
Update to 3.22.2 (close RHBZ#2218416)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 3.22.2-1
- Update to 3.22.2 (close RHBZ#2218416)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2218416 - python-trimesh-3.22.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2218416
--------------------------------------------------------------------------------
================================================================================
ruby-3.1.4-176.fc37 (FEDORA-2023-7f13da96c6)
An interpreter of object-oriented scripting language
--------------------------------------------------------------------------------
Update Information:
* Fix another issue when resolving platform specific gems (RHBZ#2178171)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 6 2023 Jarek Prokop jprokop(a)redhat.com - 3.1.4-176
- Fix bundler improperly resolving with --deployment.
Resolves: rhbz#2178171
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2178171 - bundled rubygem-bundler-2.3.26: hangs on resolving dependencies
when a dependency does not support current platform
https://bugzilla.redhat.com/show_bug.cgi?id=2178171
--------------------------------------------------------------------------------
================================================================================
selinux-policy-37.22-1.fc37 (FEDORA-2023-e74ea79879)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
New F37 selinux-policy build
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 29 2023 Zdenek Pytela <zpytela(a)redhat.com> - 37.22-1
- Allow exim read network sysctls
- Allow kernel to manage its own BPF objects
- Allow plymouthd read/write X server miscellaneous devices
- Allow blueman send general signals to unprivileged user domains
- Allow logwatch_mail_t read network sysctls
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2101151 - plymouthd was denied reading and writing to /dev/dri/card1 while
booting Rawhide in a VM
https://bugzilla.redhat.com/show_bug.cgi?id=2101151
[ 2 ] Bug #2181362 - SELinux is preventing blueman-mechani from using the
'signal' accesses on a process.
https://bugzilla.redhat.com/show_bug.cgi?id=2181362
[ 3 ] Bug #2211025 - SELinux denial on every Exim queue run
https://bugzilla.redhat.com/show_bug.cgi?id=2211025
--------------------------------------------------------------------------------
================================================================================
webkitgtk-2.40.3-1.fc37 (FEDORA-2023-be1ed6a2b4)
GTK web content engine library
--------------------------------------------------------------------------------
Update Information:
Update to 2.40.3: * Make memory pressure monitor honor
memory.memsw.usage_in_bytes if exists. * Include key modifiers in wheel events.
* Apply cookie blocking policy to WebSocket handshakes. * Fix several crashes
and rendering issues. * Security fixes: CVE-2023-32439
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 28 2023 Michael Catanzaro <mcatanzaro(a)redhat.com> - 2.40.3-1
- Update to 2.40.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2212303 - [abrt] epiphany-runtime: std::__glibcxx_assert_fail(char const*,
int, char const*, char const*)(): epiphany killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2212303
[ 2 ] Bug #2218641 - TRIAGE-CVE-2023-32439 webkitgtk: type confusion issue leading to
arbitrary code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2218641
--------------------------------------------------------------------------------