The following Fedora 27 Security updates need testing:
Age URL
271
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27
203
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408
dpdk-17.08.2-1.fc27
166
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01
nodejs-brace-expansion-1.1.11-1.fc27
158
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219
unrtf-0.21.9-8.fc27
134
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750
mailman-2.1.21-9.fc27
134
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1
openslp-2.0.0-15.fc27
92
https://bodhi.fedoraproject.org/updates/FEDORA-2018-21ffebf41c
tomcat-8.0.53-1.fc27
92
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8533a3ef1
unixODBC-2.3.7-1.fc27
41
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc2ba807a6
xerces-c27-2.7.0-28.fc27
14
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4c0b99a9eb
drupal7-7.60-2.fc27
14
https://bodhi.fedoraproject.org/updates/FEDORA-2018-60c74d2b16
php-Smarty2-2.6.31-2.fc27
14
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc3018b1bd
NetworkManager-1.8.8-2.fc27
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cca4732a99
thunderbird-60.3.0-1.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c73d257297
cabextract-1.9-1.fc27 libmspack-0.9.1-0.1.alpha.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a1e2759aa pdns-4.1.5-1.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d05860129f
suricata-4.0.6-1.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fe24359b69 xen-4.9.3-3.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5201a9c4dc
kde-connect-1.3.3-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0363fec36c
chromium-70.0.3538.77-4.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7daf712625
flatpak-1.0.5-2.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5743ef02a1
rubygem-rack-2.0.3-4.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4febd7f702
rubygem-i18n-0.7.0-6.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-190ecd2ef8 ruby-2.4.5-90.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-291f75cf0f
libconfuse-3.2.2-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4ce40afcb6
rubygem-loofah-2.0.3-6.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6b10449b15
python-urllib3-1.24.1-2.fc27
The following Fedora 27 Critical Path updates have yet to be approved:
Age URL
187
https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27
mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1
147
https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93
upower-0.99.8-1.fc27
111
https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e
geoclue2-2.4.11-1.fc27
92
https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c3deae24
iproute-4.17.0-1.fc27
14
https://bodhi.fedoraproject.org/updates/FEDORA-2018-653a7a63f1
pungi-4.1.30-1.fc27
14
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc3018b1bd
NetworkManager-1.8.8-2.fc27
13
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e093a9ce9c
hwdata-0.317-1.fc27
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-553390b29e
osinfo-db-20181101-1.fc27
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cca4732a99
thunderbird-60.3.0-1.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6c6faa135b
selinux-policy-3.13.1-284.38.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9ead2a6776
firefox-63.0.1-5.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fe24359b69 xen-4.9.3-3.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ce9924c3ba
libdnf-0.11.1-2.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-537a8330dc vim-8.1.513-2.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7daf712625
flatpak-1.0.5-2.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6b10449b15
python-urllib3-1.24.1-2.fc27
The following builds have been pushed to Fedora 27 updates-testing
golang-github-BurntSushi-freetype-go-0-0.5.20181114gite2365df.fc27
gpxsee-6.3-1.fc27
libtiff-4.0.10-1.fc27
soundtouch-2.1.1-1.fc27
whois-5.4.0-1.fc27
xrdp-0.9.8-2.fc27
Details about builds:
================================================================================
golang-github-BurntSushi-freetype-go-0-0.5.20181114gite2365df.fc27
(FEDORA-2018-c52b9f5b47)
The Freetype font rasterizer in the Go programming language
--------------------------------------------------------------------------------
Update Information:
Change upstream to
github.com/golang/freetype ---- Initial package build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1480958 - Review Request: golang-github-BurntSushi-freetype-go - A fork of
freetype-go with bounding box calculations
https://bugzilla.redhat.com/show_bug.cgi?id=1480958
--------------------------------------------------------------------------------
================================================================================
gpxsee-6.3-1.fc27 (FEDORA-2018-3c16ec85fc)
GPS log file viewer and analyzer
--------------------------------------------------------------------------------
Update Information:
**News in version 6.3:** * Fixed broken OSM maps non-default bounds handling *
Fixed broken cleanup on exit (introduced in 6.1) * Added Danish localization
**News in version 6.2:** * Fixed Norwegian localization language code **News
in version 6.1:** * Fixed broken tiles rendering on OSM/TMS map borders (broken
in 5.18) * Fixed `enable HTTP2` configuration handling * Added Norwegian
localization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 14 2018 Nikola Forr�� <nforro(a)redhat.com> - 6.3-1
- Update to version 6.3
--------------------------------------------------------------------------------
================================================================================
libtiff-4.0.10-1.fc27 (FEDORA-2018-399bce9f8f)
Library of functions for manipulating TIFF format image files
--------------------------------------------------------------------------------
Update Information:
New release with a lot of security fixes:
http://www.simplesystems.org/libtiff/v4.0.10.html
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 14 2018 Nikola Forr�� <nforro(a)redhat.com> - 4.0.10-1
- New upstream version libtiff-4.0.10
* Thu Oct 11 2018 Nikola Forr�� <nforro(a)redhat.com> - 4.0.9-13
- Fix CVE-2018-17100 (#1631070) and CVE-2018-17101 (#1631079)
* Thu Oct 11 2018 Nikola Forr�� <nforro(a)redhat.com> - 4.0.9-12
- Fix CVE-2018-10779 (#1577316)
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.9-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644449 - CVE-2018-18661 libtiff: tiff2bw tool failed memory allocation leads
to crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1644449
[ 2 ] Bug #1644230 - CVE-2018-18557 libtiff: Out-of-bounds write in tif_jbig.c
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1644230
--------------------------------------------------------------------------------
================================================================================
soundtouch-2.1.1-1.fc27 (FEDORA-2018-dbe9da512d)
Audio Processing library for changing Tempo, Pitch and Playback Rates
--------------------------------------------------------------------------------
Update Information:
Security fix version for CVE-2018-17098 , CVE-2018-17096 and CVE-2018-17097
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 14 2018 S��rgio Basto <sergio(a)serjux.com> - 2.1.1-1
- Update to 2.1.1
Bugfixes: Fixed potential buffer overwrite bugs in WavFile routines. Replaced asserts
with runtime exceptions.
Android: Migrated the SoundTouch Android example to new Android Studio
Automake: unset ACLOCAL in bootstrap script to avoid error in case earlier build script
has set it
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1631065 - CVE-2018-17098 soundtouch: Heap corruption in WavFileBase class in
WavFile.cpp [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1631065
[ 2 ] Bug #1631061 - CVE-2018-17096 soundtouch: Assertion failure in BPMDetect class in
BPMDetect.cpp [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1631061
[ 3 ] Bug #1631056 - CVE-2018-17097 soundtouch: Double free in WavFileBase class in
WavFile.cpp [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1631056
--------------------------------------------------------------------------------
================================================================================
whois-5.4.0-1.fc27 (FEDORA-2018-779b898f3c)
Improved WHOIS client
--------------------------------------------------------------------------------
Update Information:
This release adds a record for inc. TLD and updates a record for gp. TLD. It
also adds mkpasswd tool into whois-mkpasswd package that cannot be installed
with "expect" package at same time.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 14 2018 Petr Pisar <ppisar(a)redhat.com> - 5.4.0-1
- 5.4.0 bump
* Tue Nov 13 2018 Petr Pisar <ppisar(a)redhat.com> - 5.3.2-2
- Package mkpasswd tool into whois-mkpasswd package (bug #1649426)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1649426 - Please include the mkpasswd binary.
https://bugzilla.redhat.com/show_bug.cgi?id=1649426
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.8-2.fc27 (FEDORA-2018-4074c93150)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
Required xrdp-selinux sub-package.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 14 2018 Bojan Smojver <bojan(a)rexurive.com> - 1:0.9.8-2
- Make main and selinux packages codependent
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1575019 - xrdp should require xrdp-selinux sub-package
https://bugzilla.redhat.com/show_bug.cgi?id=1575019
--------------------------------------------------------------------------------