The following Fedora 29 Security updates need testing:
Age URL
101
https://bodhi.fedoraproject.org/updates/FEDORA-2018-51ce232320
xerces-c27-2.7.0-28.fc29
44
https://bodhi.fedoraproject.org/updates/FEDORA-2018-42555731d2
nagios-4.4.2-3.fc29
37
https://bodhi.fedoraproject.org/updates/FEDORA-2018-36115ae788
mysql-selinux-1.0.0-5.fc29
30
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b89746cb9b
tomcat-9.0.13-1.fc29
10
https://bodhi.fedoraproject.org/updates/FEDORA-2019-026d5ab23d
perl-Email-Address-1.912-1.fc29
8
https://bodhi.fedoraproject.org/updates/FEDORA-2019-50cc0c11e9
python36-3.6.8-1.fc29
6
https://bodhi.fedoraproject.org/updates/FEDORA-2019-8fe9d427f1
php-horde-Horde-Form-2.0.19-1.fc29
6
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e818eaa0ac
syslog-ng-3.17.2-2.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b276ee69a8
gitolite3-3.6.11-1.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-5750ad7485
radare2-3.2.0-1.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-aa6036fcb3 php-7.2.14-1.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-2e385f97e2
mingw-libvorbis-1.3.6-2.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c7da53319c
haproxy-1.8.17-1.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b0f7a7b74b
kernel-headers-4.19.14-300.fc29 kernel-4.19.14-300.fc29 kernel-tools-4.19.14-300.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-ae92ca8981
libjpeg-turbo-2.0.0-3.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-a018522ba3
mingw-libjpeg-turbo-2.0.0-2.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-4d914f9257
matrix-synapse-0.34.0.1-1.fc29
The following Fedora 29 Critical Path updates have yet to be approved:
Age URL
31
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3d43e7dd21
SLOF-0.1.git20180702-2.fc29
23
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3d576aa333 lldb-7.0.1-1.fc29
lld-7.0.1-2.fc29 compiler-rt-7.0.1-1.fc29 libomp-7.0.1-1.fc29 clang-7.0.1-1.fc29
llvm-7.0.1-1.fc29 python-lit-0.7.1-1.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-7e427beea7
libguestfs-1.39.11-3.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e5b3682470
perl-File-Temp-0.230.900-1.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d51bb838af pcre-8.42-6.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-1d83808ce6 pcre2-10.32-5.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-ae92ca8981
libjpeg-turbo-2.0.0-3.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-f080abd9ad lorax-29.24-1.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b0f7a7b74b
kernel-headers-4.19.14-300.fc29 kernel-4.19.14-300.fc29 kernel-tools-4.19.14-300.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b1190b5494
pcmanfm-1.3.1-2.D20181227git0619a81f.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-27778372a6
pungi-4.1.32-3.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-f1c9f0f812
ostree-2019.1-2.fc29
The following builds have been pushed to Fedora 29 updates-testing
micropython-1.9.4-2.fc29
python-affine-2.2.2-2.fc29
python-geoplot-0.2.3-1.fc29
python-pipdeptree-0.13.1-2.fc29
python-pytest-helpers-namespace-2019.1.8-1.fc29
python-yarg-0.1.9-4.fc29
selinux-policy-3.14.2-46.fc29
yoshimi-1.5.10-1.fc29
Details about builds:
================================================================================
micropython-1.9.4-2.fc29 (FEDORA-2019-10f0376dc7)
Implementation of Python 3 with very low memory footprint
--------------------------------------------------------------------------------
Update Information:
Enable i686, fix a FTBFS
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 13 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.9.4-2
- Enable i686, fix a FTBFS (#1556924)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1556924 - micropython doesn't build on i686
https://bugzilla.redhat.com/show_bug.cgi?id=1556924
--------------------------------------------------------------------------------
================================================================================
python-affine-2.2.2-2.fc29 (FEDORA-2019-e579d5bd1f)
Matrices describing affine transformation of the plane
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 13 2019 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 2.2.2-2
- Remove testing bytecode
* Sat Jan 12 2019 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 2.2.2-1
- Update to latest version
--------------------------------------------------------------------------------
================================================================================
python-geoplot-0.2.3-1.fc29 (FEDORA-2019-f0fb19509e)
High-level geospatial plotting for Python
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 13 2019 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0.2.3-1
- Update to latest version
--------------------------------------------------------------------------------
================================================================================
python-pipdeptree-0.13.1-2.fc29 (FEDORA-2019-c34eb7a05a)
Command line utility to show dependency tree of packages
--------------------------------------------------------------------------------
Update Information:
Bump version to 0.13.1 and ignore tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1596922 - Review Request: python-pipdeptree - Command line utility to show
dependency tree of package
https://bugzilla.redhat.com/show_bug.cgi?id=1596922
--------------------------------------------------------------------------------
================================================================================
python-pytest-helpers-namespace-2019.1.8-1.fc29 (FEDORA-2019-ae0abfb3bb)
PyTest Helpers Namespace
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 13 2019 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 2019.1.8-1
- Update to latest version
--------------------------------------------------------------------------------
================================================================================
python-yarg-0.1.9-4.fc29 (FEDORA-2019-66b092cf2c)
An easy to use PyPI client
--------------------------------------------------------------------------------
Update Information:
Fix Bug #1655700 - Exclude 'tests' folder
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 13 2019 Dhanesh B. Sabane <dhanesh95(a)fedoraproject.org> - 0.1.9-4
- Fix Bug #1655700 - Exclude 'tests' folder
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1655700 - python3-yarg owns /usr/lib/python3.7/site-packages/tests/...
https://bugzilla.redhat.com/show_bug.cgi?id=1655700
--------------------------------------------------------------------------------
================================================================================
selinux-policy-3.14.2-46.fc29 (FEDORA-2019-6a20cfef61)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
More info:
https://koji.fedoraproject.org/koji/buildinfo?buildID=1178902
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 11 2019 Lukas Vrabec <lvrabec(a)redhat.com> - 3.14.2-46
- Allow sensord_t to execute own binary files
- Allow pcp_pmlogger_t domain to getattr all filesystem BZ(1662432)
- Allow virtd_lxc_t domains use BPF BZ(1662613)
- Allow openvpn_t domain to read systemd state BZ(1661065)
- Dontaudit ptrace all domains for blueman_t BZ(1653671)
- Change label of /usr/libexec/lm_sensors/sensord-service-wrapper from lsmd_exec_t to
sensord_exec_t BZ(1662922)
- Allow hddtemp_t domain to read nvme block devices BZ(1663579)
- Add dac_override capability to spamd_t domain BZ(1645667)
- Allow pcp_pmlogger_t to mount tracefs_t filesystem BZ(1662983)
- Allow pcp_pmlogger_t domain to read al sysctls BZ(1662441)
- Allow saslauthd_t domain to mmap own pid files BZ(1653024)
- Add dac_override capability for snapperd_t domain BZ(1619356)
- Allow staff_t domain to read read_binfmt_misc filesystem
- Add interface fs_read_binfmt_misc()
- Allow init_t domain to mmap init_var_lib_t files and dontaudit leaked fd. BZ(1651008)
- Make workin: systemd-run --system --pty bash BZ(1647162)
- Allow ipsec_t domain dbus chat with systemd_resolved_t BZ(1662443)
- Label /usr/lib/systemd/user as systemd_unit_file_t BZ(1652814)
- Add rules to allow systemd to mounton systemd_timedated_var_lib_t.
* Sun Dec 16 2018 Lukas Vrabec <lvrabec(a)redhat.com> - 3.14.2-45
- Add macro-expander script to selinux-policy-devel package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1657621 - SELinux is preventing ras-mc-ctl from 'map' accesses on the
file /usr/bin/perl.
https://bugzilla.redhat.com/show_bug.cgi?id=1657621
[ 2 ] Bug #1655357 - SELinux is preventing certwatch from 'write' accesses on
the directory /sys/kernel/debug.
https://bugzilla.redhat.com/show_bug.cgi?id=1655357
[ 3 ] Bug #1646202 - SELinux is preventing /usr/lib/systemd/systemd-timesyncd from
'read' accesses on the directory /run/dbus.
https://bugzilla.redhat.com/show_bug.cgi?id=1646202
[ 4 ] Bug #1645822 - SELinux is preventing colord from 'map' accesses on the
file /home/christian/.local/share/icc/edid-4daa39eed4132dd27967977091f97abe.icc.
https://bugzilla.redhat.com/show_bug.cgi?id=1645822
[ 5 ] Bug #1662443 - Strongswan & dns resolver
https://bugzilla.redhat.com/show_bug.cgi?id=1662443
[ 6 ] Bug #1658975 - SELinux is preventing pool from 'read' accesses on the
Datei status.
https://bugzilla.redhat.com/show_bug.cgi?id=1658975
[ 7 ] Bug #1649666 - SELinux is preventing /usr/lib/systemd/systemd-timesyncd from
'getattr' accesses on the lnk_file /var/lib/systemd/timesync.
https://bugzilla.redhat.com/show_bug.cgi?id=1649666
[ 8 ] Bug #1648978 - SELinux is preventing plymouthd from 'getattr' accesses on
the diret��rio /sys/firmware/efi/efivars.
https://bugzilla.redhat.com/show_bug.cgi?id=1648978
[ 9 ] Bug #1630675 - SELinux is preventing dovecot from 'getattr' accesses on
the file /proc/sys/fs/suid_dumpable.
https://bugzilla.redhat.com/show_bug.cgi?id=1630675
[ 10 ] Bug #1644568 - the arpwatch service triggers SELinux denials
https://bugzilla.redhat.com/show_bug.cgi?id=1644568
[ 11 ] Bug #1518807 - range for ephemeral_port_t does not match
net.ipv4.ip_local_port_range tunable
https://bugzilla.redhat.com/show_bug.cgi?id=1518807
[ 12 ] Bug #1655349 - SELinux is preventing certwatch from using the
'dac_override' capabilities.
https://bugzilla.redhat.com/show_bug.cgi?id=1655349
[ 13 ] Bug #1652813 - systemd user service files have wrong context
https://bugzilla.redhat.com/show_bug.cgi?id=1652813
[ 14 ] Bug #1655282 - SELinux is preventing pmdalinux from using the 'ipc_owner'
capabilities.
https://bugzilla.redhat.com/show_bug.cgi?id=1655282
[ 15 ] Bug #1656422 - SELinux is preventing sddm-helper from 'create' accesses
on the file xsession-errors.
https://bugzilla.redhat.com/show_bug.cgi?id=1656422
[ 16 ] Bug #1662983 - SELinux denies mount for "tracefs" to pmlogger
https://bugzilla.redhat.com/show_bug.cgi?id=1662983
[ 17 ] Bug #1648698 - SELinux is preventing dovecot from 'getattr' accesses on
the file /proc/sys/fs/suid_dumpable.
https://bugzilla.redhat.com/show_bug.cgi?id=1648698
[ 18 ] Bug #1658286 - SELinux is preventing systemd from 'create' accesses on
the unix_stream_socket labeled pulseaudio_t.
https://bugzilla.redhat.com/show_bug.cgi?id=1658286
[ 19 ] Bug #1649257 - SELinux is preventing /usr/lib/systemd/systemd-timesyncd from
using the 'nnp_transition' accesses on a process.
https://bugzilla.redhat.com/show_bug.cgi?id=1649257
[ 20 ] Bug #1657489 - SELinux is preventing root two-factor authentication in Cockpit
https://bugzilla.redhat.com/show_bug.cgi?id=1657489
[ 21 ] Bug #1662614 - SELinux is preventing systemd from 'map_create' accesses
on the bpf labeled virtd_lxc_t.
https://bugzilla.redhat.com/show_bug.cgi?id=1662614
[ 22 ] Bug #1663062 - SELinux is preventing tumblerd from 'write' accesses on
the sock_file socket.
https://bugzilla.redhat.com/show_bug.cgi?id=1663062
[ 23 ] Bug #1662441 - SELinux is preventing find from 'getattr' accesses on the
Verzeichnis /proc/irq.
https://bugzilla.redhat.com/show_bug.cgi?id=1662441
[ 24 ] Bug #1652756 - nsd fails at start
https://bugzilla.redhat.com/show_bug.cgi?id=1652756
[ 25 ] Bug #1651654 - Allow NetworkManager to use bpf
https://bugzilla.redhat.com/show_bug.cgi?id=1651654
[ 26 ] Bug #1662615 - SELinux is preventing systemd from 'prog_run' accesses on
the bpf labeled virtd_lxc_t.
https://bugzilla.redhat.com/show_bug.cgi?id=1662615
[ 27 ] Bug #1662432 - SELinux is preventing find from 'getattr' accesses on the
Verzeichnis /sys/kernel/config.
https://bugzilla.redhat.com/show_bug.cgi?id=1662432
[ 28 ] Bug #1663579 - SELinux is preventing hddtemp from 'read' accesses on the
blk_file nvme0n1.
https://bugzilla.redhat.com/show_bug.cgi?id=1663579
[ 29 ] Bug #1652814 - systemd user service files have wrong context
https://bugzilla.redhat.com/show_bug.cgi?id=1652814
[ 30 ] Bug #1655307 - SELinux is preventing boltd from 'getattr' accesses on the
filesystem /var.
https://bugzilla.redhat.com/show_bug.cgi?id=1655307
[ 31 ] Bug #1651008 - Docker start AVCs
https://bugzilla.redhat.com/show_bug.cgi?id=1651008
[ 32 ] Bug #1649668 - SELinux is preventing /usr/lib/systemd/systemd-timesyncd from
'read' accesses on the directory links.
https://bugzilla.redhat.com/show_bug.cgi?id=1649668
[ 33 ] Bug #1662676 - SELinux is preventing spamd from using the 'dac_override'
capabilities.
https://bugzilla.redhat.com/show_bug.cgi?id=1662676
[ 34 ] Bug #1649665 - SELinux is preventing /usr/lib/systemd/systemd-timesyncd from
'search' accesses on the directory /var/lib/systemd.
https://bugzilla.redhat.com/show_bug.cgi?id=1649665
[ 35 ] Bug #1662612 - SELinux is preventing systemd from 'prog_load' accesses on
the bpf labeled virtd_lxc_t.
https://bugzilla.redhat.com/show_bug.cgi?id=1662612
[ 36 ] Bug #1657622 - SELinux is preventing ras-mc-ctl from 'execute' accesses
on the file /usr/bin/perl.
https://bugzilla.redhat.com/show_bug.cgi?id=1657622
[ 37 ] Bug #1662922 - SELinux is preventing sensord from 'getattr' accesses on
the file /sys/devices/platform/thinkpad_hwmon/hwmon/hwmon2/fan1_input.
https://bugzilla.redhat.com/show_bug.cgi?id=1662922
[ 38 ] Bug #1651030 - SELinux is preventing pmsignal from using the 'signal'
accesses on a process.
https://bugzilla.redhat.com/show_bug.cgi?id=1651030
[ 39 ] Bug #1653149 - SELinux is preventing plymouthd from getattr access on the
directory /sys/firmware/efi/efivars.
https://bugzilla.redhat.com/show_bug.cgi?id=1653149
[ 40 ] Bug #1662613 - SELinux is preventing systemd from map_read, map_write access on
the bpf labeled virtd_lxc_t.
https://bugzilla.redhat.com/show_bug.cgi?id=1662613
[ 41 ] Bug #1655335 - SELinux is preventing (sd-openpt) from 'sys_chroot'
accesses on the cap_userns labeled systemd_machined_t.
https://bugzilla.redhat.com/show_bug.cgi?id=1655335
[ 42 ] Bug #1655323 - SELinux is preventing tumblerd from 'write' accesses on
the sock_file socket in Fedora 29
https://bugzilla.redhat.com/show_bug.cgi?id=1655323
[ 43 ] Bug #1655024 - SELinux is preventing /usr/lib/systemd/systemd-timesyncd from
'write' accesses on the file /proc/self/fd/16.
https://bugzilla.redhat.com/show_bug.cgi?id=1655024
[ 44 ] Bug #1661065 - SELinux prevents OpenVPN client from setting DNS server upon
activation
https://bugzilla.redhat.com/show_bug.cgi?id=1661065
[ 45 ] Bug #1653024 - SELinux allow saslauthd to mmap it's own files
https://bugzilla.redhat.com/show_bug.cgi?id=1653024
[ 46 ] Bug #1650997 - massive amounts of selinux denials for
org.freedesktop.resolve1.ResolveHostname for pmie
https://bugzilla.redhat.com/show_bug.cgi?id=1650997
[ 47 ] Bug #1653003 - SELinux conflicts /usr/sbin/dumpe2fs /usr/sbin/e2mmpstatus
https://bugzilla.redhat.com/show_bug.cgi?id=1653003
[ 48 ] Bug #1647162 - systemd-run --system --pty bash -i denied by selinux
https://bugzilla.redhat.com/show_bug.cgi?id=1647162
--------------------------------------------------------------------------------
================================================================================
yoshimi-1.5.10-1.fc29 (FEDORA-2019-4867e11b26)
Rewrite of ZynAddSubFx aiming for better JACK support
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 1.5.10
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 6 2019 Adam Huffman <bloch(a)verdurin.com> - 1.5.10-1
- Update to upstream release 1.5.10
* Wed Sep 26 2018 Adam Huffman <bloch(a)verdurin.com> - 1.5.9-1
- Update to upstream release 1.5.9
--------------------------------------------------------------------------------