The following Fedora 31 Security updates need testing:
Age URL
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-3813e1317b
seamonkey-2.53.4-1.fc31
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-20ab468a33
libxml2-2.9.10-4.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e19b87f4f5
grub2-2.02-110.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c1c4cb96d3
singularity-3.6.3-1.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-f30298614a
perl-DBI-1.643-3.fc31
The following Fedora 31 Critical Path updates have yet to be approved:
Age URL
111
https://bodhi.fedoraproject.org/updates/FEDORA-2020-03e14f6120
dracut-050-61.git20200529.fc31
37
https://bodhi.fedoraproject.org/updates/FEDORA-2020-72bc7df001
libunwind-1.3.1-7.fc31
27
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8f69c7534c
iproute-5.4.0-2.fc31
14
https://bodhi.fedoraproject.org/updates/FEDORA-2020-3e29e08254
firefox-80.0.1-2.fc31
12
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a4a2ad2213 nspr-4.28.0-1.fc31
nss-3.56.0-1.fc31
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-bc09a9568d bluez-5.55-1.fc31
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-9c524230d8
binutils-2.32-33.fc31
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8441d0e5ef
gnome-software-3.34.2-5.fc31
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-055f21fd38 koji-1.22.1-1.fc31
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-20ab468a33
libxml2-2.9.10-4.fc31
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-53998c646c
breeze-icon-theme-5.73.0-1.fc31 extra-cmake-modules-5.73.0-1.fc31 kf5-5.73.0-1.fc31
kf5-attica-5.73.0-1.fc31 kf5-baloo-5.73.0-1.fc31 kf5-bluez-qt-5.73.0-1.fc31
kf5-frameworkintegration-5.73.0-1.fc31 kf5-kactivities-5.73.0-1.fc31
kf5-kactivities-stats-5.73.0-1.fc31 kf5-kapidox-5.73.0-1.fc31 kf5-karchive-5.73.0-2.fc31
kf5-kauth-5.73.0-1.fc31 kf5-kbookmarks-5.73.0-1.fc31 kf5-kcmutils-5.73.0-1.fc31
kf5-kcodecs-5.73.0-1.fc31 kf5-kcompletion-5.73.0-1.fc31 kf5-kconfig-5.73.0-1.fc31
kf5-kconfigwidgets-5.73.0-1.fc31 kf5-kcoreaddons-5.73.0-1.fc31 kf5-kcrash-5.73.0-1.fc31
kf5-kdbusaddons-5.73.0-1.fc31 kf5-kdeclarative-5.73.0-1.fc31 kf5-kded-5.73.0-1.fc31
kf5-kdelibs4support-5.73.0-1.fc31 kf5-kdesignerplugin-5.73.0-1.fc31
kf5-kdesu-5.73.0-1.fc31 kf5-kdewebkit-5.73.0-1.fc31 kf5-kdnssd-5.73.0-1.fc31
kf5-kdoctools-5.73.0-1.fc31 kf5-kemoticons-5.73.0-1.fc31 kf5-kfilemetadata-5.73.0-1.fc31
kf5-kglobalaccel-5.73.0-1.fc31 kf5-kguiad
dons-5.73.0-1.fc31 kf5-kholidays-5.73.0-1.fc31 kf5-khtml-5.73.0-1.fc31
kf5-ki18n-5.73.0-1.fc31 kf5-kiconthemes-5.73.0-1.fc31 kf5-kidletime-5.73.0-1.fc31
kf5-kimageformats-5.73.0-1.fc31 kf5-kinit-5.73.0-1.fc31 kf5-kio-5.73.0-1.fc31
kf5-kirigami2-5.73.0-2.fc31 kf5-kitemmodels-5.73.0-1.fc31 kf5-kitemviews-5.73.0-1.fc31
kf5-kjobwidgets-5.73.0-1.fc31 kf5-kjs-5.73.0-1.fc31 kf5-kjsembed-5.73.0-1.fc31
kf5-kmediaplayer-5.73.0-1.fc31 kf5-knewstuff-5.73.0-1.fc31
kf5-knotifications-5.73.0-1.fc31 kf5-knotifyconfig-5.73.0-1.fc31
kf5-kpackage-5.73.0-1.fc31 kf5-kparts-5.73.0-1.fc31 kf5-kpeople-5.73.0-1.fc31
kf5-kplotting-5.73.0-1.fc31 kf5-kpty-5.73.0-1.fc31 kf5-kquickcharts-5.73.0-1.fc31
kf5-kross-5.73.0-1.fc31 kf5-krunner-5.73.0-1.fc31 kf5-kservice-5.73.0-1.fc31
kf5-ktexteditor-5.73.0-1.fc31 kf5-ktextwidgets-5.73.0-1.fc31
kf5-kunitconversion-5.73.0-1.fc31 kf5-kwallet-5.73.0-1.fc31 kf5-kwayland-5.73.0-1.fc31
kf5-kwidgetsaddons-5.73.0-1.fc31 kf5-kwindowsystem-5.73.0-1.fc31 kf5-kxmlgui-5.73.0-1.fc31
kf5-kxmlrpcclient-5.73.0-1.fc31 kf5-modemmanager-qt-5.73.0-1.fc31
kf5-networkmanager-qt-5.73.0-1.fc31 kf5-plasma-5.73.0-1.fc31 kf5-prison-5.73.0-1.fc31
kf5-purpose-5.73.0-1.fc31 kf5-solid-5.73.0-1.fc31 kf5-sonnet-5.73.0-1.fc31
kf5-syndication-5.73.0-1.fc31 kf5-syntax-highlighting-5.73.0-1.fc31
kf5-threadweaver-5.73.0-1.fc31 oxygen-icon-theme-5.73.0-1.fc31
plasma-wayland-protocols-1.1.1-1.fc31 qqc2-desktop-style-5.73.0-1.fc31
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1ce9fdf311
nfs-utils-2.5.1-4.rc4.fc31
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8aacee8a58
usermode-1.112-9.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e19b87f4f5
grub2-2.02-110.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-12d53b8cf7 sudo-1.9.2-1.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-cff3124992 pcre2-10.35-6.fc31
The following builds have been pushed to Fedora 31 updates-testing
R-ascii-2.4-1.fc31
cups-filters-1.28.2-2.fc31
dnstwist-20200916-1.fc31
fuzza-0.6.0-3.fc31
haskell-platform-2019.2-2.fc31
kernel-5.8.10-100.fc31
libblockdev-2.24-2.fc31
libuv-1.39.0-1.fc31
matio-1.5.18-1.fc31
metamath-0.193-1.fc31
nodejs-12.18.4-1.fc31
perl-OLE-Storage_Lite-0.20-1.fc31
python39-3.9.0~rc2-1.fc31
xtb-6.3.3-1.fc31
Details about builds:
================================================================================
R-ascii-2.4-1.fc31 (FEDORA-2020-9c9408b99f)
Export R Objects to Several Markup Languages
--------------------------------------------------------------------------------
Update Information:
Update to latest version (#1880019)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 18 2020 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 2.4-1
- Update to latest version (#1880019)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1880019 - R-ascii-2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1880019
--------------------------------------------------------------------------------
================================================================================
cups-filters-1.28.2-2.fc31 (FEDORA-2020-f053cee377)
OpenPrinting CUPS filters and backends
--------------------------------------------------------------------------------
Update Information:
1879147 - driverless cannot generate ppd for dns-sd based uris
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 17 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 1.28.2-2
- 1879147 - driverless cannot generate ppd for dns-sd based uris
* Tue Sep 15 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 1.28.2-1
- 1.28.2
* Thu Sep 3 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 1.28.1-2
- revert previous commit - systemd-resolved doesn't work with avahi right now
because missing link in NetworkManager
* Mon Aug 31 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 1.28.1-2
- MDNS resolving should be done by systemd-resolved now
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1879147 - driverless cannot generate ppd for dns-sd based uris
https://bugzilla.redhat.com/show_bug.cgi?id=1879147
--------------------------------------------------------------------------------
================================================================================
dnstwist-20200916-1.fc31 (FEDORA-2020-8b61beb9a8)
Domain name permutation engine
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release (v20200916)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 18 2020 Artur Frenszek-Iwicki <fedora(a)svgames.pl> - 20200916-1
- Update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
fuzza-0.6.0-3.fc31 (FEDORA-2020-9ee656ad5c)
TCP fuzzing tool to test for remote buffer overflows
--------------------------------------------------------------------------------
Update Information:
Disable dependency generator
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
haskell-platform-2019.2-2.fc31 (FEDORA-2020-f1102bae0c)
Standard Haskell distribution
--------------------------------------------------------------------------------
Update Information:
- stack requires gcc and gmp-devel - stack also recommends zlib-devel
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 16 2020 Jens Petersen <petersen(a)redhat.com> - 2019.2-2
- stack requires gcc and gmp-devel
- stack also recommends zlib-devel
--------------------------------------------------------------------------------
================================================================================
kernel-5.8.10-100.fc31 (FEDORA-2020-a3b3084904)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 5.8.10 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 17 2020 Justin M. Forbes <jforbes(a)fedoraproject.org> - 5.8.10-100
- Linux v5.8.10
- Fix (rhbz 1873720 1876997)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1873720 - kernel-5.7.17 and kernel-5.8.4: NFS client can't see files from
NFS mount
https://bugzilla.redhat.com/show_bug.cgi?id=1873720
[ 2 ] Bug #1876997 - Touchpad detected but pointer doesn't move on screen
https://bugzilla.redhat.com/show_bug.cgi?id=1876997
--------------------------------------------------------------------------------
================================================================================
libblockdev-2.24-2.fc31 (FEDORA-2020-0462f60a30)
A library for low-level manipulation with block devices
--------------------------------------------------------------------------------
Update Information:
exec: Fix setting locale for util calls
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 17 2020 Vojtech Trefny <vtrefny(a)redhat.com> - 2.24-2
- exec: Fix setting locale for util calls
--------------------------------------------------------------------------------
================================================================================
libuv-1.39.0-1.fc31 (FEDORA-2020-c5ec22e14f)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
Update to Node.js 12.18.4 September 2020 security release -
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 8 2020 Stephen Gallagher <sgallagh(a)redhat.com> - 1.39.0-1
- Update to 1.39.0
* Fri Jul 31 2020 Stephen Gallagher <sgallagh(a)redhat.com> - 1.38.1-1
- Update to 1.38.1
-
https://github.com/libuv/libuv/blob/v1.38.1/ChangeLog
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.38.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
matio-1.5.18-1.fc31 (FEDORA-2020-6cc434b937)
Library for reading/writing Matlab MAT files
--------------------------------------------------------------------------------
Update Information:
1.5.18
https://github.com/tbeu/matio/releases/tag/v1.5.18
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 17 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 1.5.18-1
- 1.5.18
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1769546 - CVE-2019-17533 matio: improper null termination in
Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1769546
[ 2 ] Bug #1769548 - CVE-2019-17533 matio: improper null termination in
Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1769548
[ 3 ] Bug #1769550 - CVE-2019-17533 matio: improper null termination in
Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1769550
[ 4 ] Bug #1792008 - CVE-2019-20019 matio: excessive memory allocation in Mat_VarRead5
in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792008
[ 5 ] Bug #1792009 - CVE-2019-20019 matio: excessive memory allocation in Mat_VarRead5
in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792009
[ 6 ] Bug #1792295 - CVE-2019-20020 matio: stack-based buffer overflow in
ReadNextStructField in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792295
[ 7 ] Bug #1792296 - CVE-2019-20020 matio: stack-based buffer overflow in
ReadNextStructField in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792296
[ 8 ] Bug #1792301 - CVE-2019-20018 matio: stack-based buffer overflow in ReadNextCell
in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792301
[ 9 ] Bug #1792303 - CVE-2019-20018 matio: stack-based buffer overflow in ReadNextCell
in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792303
[ 10 ] Bug #1792333 - CVE-2019-20017 matio: stack-based buffer overflow in
Mat_VarReadNextInfo5 in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792333
[ 11 ] Bug #1792336 - CVE-2019-20017 matio: stack-based buffer overflow in
Mat_VarReadNextInfo5 in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792336
[ 12 ] Bug #1794726 - CVE-2019-20052 matio: memory leak in Mat_VarCalloc in mat.c
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1794726
[ 13 ] Bug #1794727 - CVE-2019-20052 matio: memory leak in Mat_VarCalloc in mat.c
[epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1794727
[ 14 ] Bug #1880167 - matio-1.5.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1880167
--------------------------------------------------------------------------------
================================================================================
metamath-0.193-1.fc31 (FEDORA-2020-455922b656)
Construct mathematics from basic axioms
--------------------------------------------------------------------------------
Update Information:
Changes in version 0.193: - Make the output of /EXTRACT stable in the sense
that, with the same <label-list> parameter, extract(extract(file)) =
extract(file) except that the date stamp at the top will be updated. (The first
extraction even if "*" will usually be different because it discards non-
relevant content. Note that the include file directives "$( $[ Begin..." etc.
and comments with "$j" are currently discarded.) - Update set.mm to 12 Sep 2020
version
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 17 2020 Jerry James <loganjerry(a)gmail.com> - 0.193-1
- Version 0.193
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1878534 - metamath-0.193 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1878534
--------------------------------------------------------------------------------
================================================================================
nodejs-12.18.4-1.fc31 (FEDORA-2020-c5ec22e14f)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
Update to Node.js 12.18.4 September 2020 security release -
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 16 2020 Stephen Gallagher <sgallagh(a)redhat.com> - 1:12.18.4-1
- Update to 12.18.4
--------------------------------------------------------------------------------
================================================================================
perl-OLE-Storage_Lite-0.20-1.fc31 (FEDORA-2020-d3803c370c)
Simple Class for OLE document interface
--------------------------------------------------------------------------------
Update Information:
This release fixes handling the dates after year 2020.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 6 2020 Petr Pisar <ppisar(a)redhat.com> - 0.20-1
- 0.20 bump (CPAN RT#124513)
* Mon Oct 7 2019 Paul Howarth <paul(a)city-fan.org> - 0.19-27
- Spec tidy-up
- Specify all build dependencies
- Drop redundant buildroot cleaning in %install section
- Don't need to remove empty directories from the buildroot
- Simplify find command using -delete
- Fix permissions verbosely
- Make %files list more explicit
- Use tabs consistently
--------------------------------------------------------------------------------
================================================================================
python39-3.9.0~rc2-1.fc31 (FEDORA-2020-0249c4a287)
Version 3.9 of the Python interpreter
--------------------------------------------------------------------------------
Update Information:
This is the second release candidate of Python 3.9 This release,
[
3.9.0rc2](https://www.python.org/downloads/release/python-390rc2/), is the last
preview before the final release of Python 3.9.0 on 2020-10-05. In the mean
time, we strongly encourage maintainers of third-party Python projects to
prepare their projects for 3.9 compatibility during this phase. As always,
report any issues.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 17 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 3.9.0~rc2-1
- Update to 3.9.0rc2
--------------------------------------------------------------------------------
================================================================================
xtb-6.3.3-1.fc31 (FEDORA-2020-24bca545d9)
Semiempirical Extended Tight-Binding Program Package
--------------------------------------------------------------------------------
Update Information:
Maintenance and bugfix update to version 6.3.3, see full changelog at
https://github.com/grimme-lab/xtb/releases/tag/v6.3.3
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 17 2020 Susi Lehtola <jussilehtola(a)fedoraproject.org> - 6.3.3-1
- Update to 6.3.3.
* Sun Aug 16 2020 I��aki ��car <iucar(a)fedoraproject.org> - 6.3.2-2
-
https://fedoraproject.org/wiki/Changes/FlexiBLAS_as_BLAS/LAPACK_manager
* Wed Aug 5 2020 Susi Lehtola <jussilehtola(a)fedoraproject.org> - 6.3.2-1
- Update to 6.3.2.
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.3.1-7
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.3.1-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1880108 - xtb-6.3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1880108
--------------------------------------------------------------------------------