The following Fedora 26 Security updates need testing:
Age URL
15
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8e4c14eeec
php-onelogin-php-saml-2.10.5-1.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a8add6c46c
texlive-2016-33.20160520.fc26
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-68bd2a916e
python-sleekxmpp-1.3.2-1.fc26
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8c567ee528
icecat-52.0.1-5.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-fc634e7ee7
xorgxrdp-0.2.1-1.fc26 xrdp-0.9.2-1.fc26
The following Fedora 26 Critical Path updates have yet to be approved:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d0d830d7d2
iproute-4.10.0-2.fc26
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-90bcb067bf
fedora-release-26-0.6
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff342c515a
xorg-x11-server-1.19.3-2.fc26
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-10fc897ab1 audit-2.7.4-1.fc26
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a5303b2b8b gdbm-1.13-1.fc26
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cb1c7c3146 cups-2.2.2-3.fc26
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-80e51ff54a git-2.12.2-1.fc26
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-938554ca21 nss-3.29.3-1.3.fc26
nss-softokn-3.29.3-1.0.fc26 nss-util-3.29.3-2.2.fc26
The following builds have been pushed to Fedora 26 updates-testing
dmg2img-1.6.7-1.fc26
dnfdaemon-0.3.16-11.fc26
dnfdragora-1.0.0-8.git20170330.f30c75c.fc26
ecj-4.6.3-1.fc26
eclipse-cdt-9.2.1-2.fc26
eclipse-dltk-5.7.1-1.fc26
eclipse-linuxtools-5.3.1-1.fc26
eclipse-mdt-uml2-5.2.3-1.fc26
eclipse-mpc-1.5.4-1.fc26
eclipse-mylyn-3.21.0-4.fc26
eclipse-photran-9.1.2-1.fc26
eclipse-ptp-9.1.2-1.fc26
eclipse-tm-terminal-4.2.0-1.fc26
eclipse-usage-4.4.3-1.fc26
glusterfs-3.10.1-1.fc26
gnome-chemistry-utils-0.14.17-2.fc26
gnumeric-1.12.34-1.fc26
goffice-0.10.34-1.fc26
gphotoframe-2.0.2-3.hg2084299dffb6.fc26
lynis-2.4.8-1.fc26
mame-0.184-1.fc26
mongodb-3.4.3-1.fc26
perl-Module-Build-0.42.22-1.fc26
pluma-1.18.0-3.fc26
purple-facebook-0.9.3-1.c9b74a765767.fc26
python-application-2.1.0-1.fc26
python-bugzilla-2.1.0-1.fc26
qcad-3.16.7.0-1.fc26
rpkg-1.49-2.fc26
rubygem-ffi-1.9.18-1.fc26
scap-security-guide-0.1.32-1.fc26
starcal-3.0.6-1.fc26
tomcat-8.0.42-1.fc26
upx-3.93-1.fc26
xorgxrdp-0.2.1-1.fc26
xrdp-0.9.2-1.fc26
Details about builds:
================================================================================
dmg2img-1.6.7-1.fc26 (FEDORA-2017-ea68402ce7)
Uncompress the Apple compressed disk image files
--------------------------------------------------------------------------------
Update Information:
* Ver. 1.6.7 * Fix FTBFS in Rawhide
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1423333 - dmg2img: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1423333
--------------------------------------------------------------------------------
================================================================================
dnfdaemon-0.3.16-11.fc26 (FEDORA-2017-171efc2a0f)
DBus daemon for dnf package actions
--------------------------------------------------------------------------------
Update Information:
### Dnfdaemon * Updated Patch fixing new dbus-signal with dnf >= 2.2.0 * Updated
spec-file to latest guidelines * Removed obsolete bits * Moved dbus-config to
non-user config-dir * Require dnf >= 2.2.0 * Add -selinux subpackage and drag it
in through boolean Supplements ### Dnfdragora * Updated to snapshot fixing new
dbus-signal with dnf >= 2.2.0 * Updated to snapshot fixing several translations
* Pick up desktop-file for installing local rpms
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1419140 - dnfdaemon crash on submenu.
https://bugzilla.redhat.com/show_bug.cgi?id=1419140
[ 2 ] Bug #1418379 - Yum Extender errors
https://bugzilla.redhat.com/show_bug.cgi?id=1418379
[ 3 ] Bug #1395531 - dnfdaemon package requires many SELinux-related dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1395531
--------------------------------------------------------------------------------
================================================================================
dnfdragora-1.0.0-8.git20170330.f30c75c.fc26 (FEDORA-2017-171efc2a0f)
DNF package-manager based on libYui abstraction
--------------------------------------------------------------------------------
Update Information:
### Dnfdaemon * Updated Patch fixing new dbus-signal with dnf >= 2.2.0 * Updated
spec-file to latest guidelines * Removed obsolete bits * Moved dbus-config to
non-user config-dir * Require dnf >= 2.2.0 * Add -selinux subpackage and drag it
in through boolean Supplements ### Dnfdragora * Updated to snapshot fixing new
dbus-signal with dnf >= 2.2.0 * Updated to snapshot fixing several translations
* Pick up desktop-file for installing local rpms
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1419140 - dnfdaemon crash on submenu.
https://bugzilla.redhat.com/show_bug.cgi?id=1419140
[ 2 ] Bug #1418379 - Yum Extender errors
https://bugzilla.redhat.com/show_bug.cgi?id=1418379
[ 3 ] Bug #1395531 - dnfdaemon package requires many SELinux-related dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1395531
--------------------------------------------------------------------------------
================================================================================
ecj-4.6.3-1.fc26 (FEDORA-2017-5ad57d5bc6)
Eclipse Compiler for Java
--------------------------------------------------------------------------------
Update Information:
Updates to Neon.3 releases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437415 - FTBFS crash when compiling org.eclipse.cdt.core
https://bugzilla.redhat.com/show_bug.cgi?id=1437415
--------------------------------------------------------------------------------
================================================================================
eclipse-cdt-9.2.1-2.fc26 (FEDORA-2017-5ad57d5bc6)
Eclipse C/C++ Development Tools (CDT) plugin
--------------------------------------------------------------------------------
Update Information:
Updates to Neon.3 releases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437415 - FTBFS crash when compiling org.eclipse.cdt.core
https://bugzilla.redhat.com/show_bug.cgi?id=1437415
--------------------------------------------------------------------------------
================================================================================
eclipse-dltk-5.7.1-1.fc26 (FEDORA-2017-5ad57d5bc6)
Dynamic Languages Toolkit (DLTK) Eclipse plug-in
--------------------------------------------------------------------------------
Update Information:
Updates to Neon.3 releases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437415 - FTBFS crash when compiling org.eclipse.cdt.core
https://bugzilla.redhat.com/show_bug.cgi?id=1437415
--------------------------------------------------------------------------------
================================================================================
eclipse-linuxtools-5.3.1-1.fc26 (FEDORA-2017-5ad57d5bc6)
Linux specific Eclipse plugins
--------------------------------------------------------------------------------
Update Information:
Updates to Neon.3 releases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437415 - FTBFS crash when compiling org.eclipse.cdt.core
https://bugzilla.redhat.com/show_bug.cgi?id=1437415
--------------------------------------------------------------------------------
================================================================================
eclipse-mdt-uml2-5.2.3-1.fc26 (FEDORA-2017-5ad57d5bc6)
Implementation of the UML2 OMG meta-model for Eclipse
--------------------------------------------------------------------------------
Update Information:
Updates to Neon.3 releases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437415 - FTBFS crash when compiling org.eclipse.cdt.core
https://bugzilla.redhat.com/show_bug.cgi?id=1437415
--------------------------------------------------------------------------------
================================================================================
eclipse-mpc-1.5.4-1.fc26 (FEDORA-2017-5ad57d5bc6)
Eclipse Marketplace Client
--------------------------------------------------------------------------------
Update Information:
Updates to Neon.3 releases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437415 - FTBFS crash when compiling org.eclipse.cdt.core
https://bugzilla.redhat.com/show_bug.cgi?id=1437415
--------------------------------------------------------------------------------
================================================================================
eclipse-mylyn-3.21.0-4.fc26 (FEDORA-2017-5ad57d5bc6)
Eclipse Mylyn main feature.
--------------------------------------------------------------------------------
Update Information:
Updates to Neon.3 releases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437415 - FTBFS crash when compiling org.eclipse.cdt.core
https://bugzilla.redhat.com/show_bug.cgi?id=1437415
--------------------------------------------------------------------------------
================================================================================
eclipse-photran-9.1.2-1.fc26 (FEDORA-2017-5ad57d5bc6)
Fortran Development Tools (Photran) for Eclipse
--------------------------------------------------------------------------------
Update Information:
Updates to Neon.3 releases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437415 - FTBFS crash when compiling org.eclipse.cdt.core
https://bugzilla.redhat.com/show_bug.cgi?id=1437415
--------------------------------------------------------------------------------
================================================================================
eclipse-ptp-9.1.2-1.fc26 (FEDORA-2017-5ad57d5bc6)
Eclipse Parallel Tools Platform
--------------------------------------------------------------------------------
Update Information:
Updates to Neon.3 releases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437415 - FTBFS crash when compiling org.eclipse.cdt.core
https://bugzilla.redhat.com/show_bug.cgi?id=1437415
--------------------------------------------------------------------------------
================================================================================
eclipse-tm-terminal-4.2.0-1.fc26 (FEDORA-2017-5ad57d5bc6)
Terminal plug-in for Eclipse
--------------------------------------------------------------------------------
Update Information:
Updates to Neon.3 releases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437415 - FTBFS crash when compiling org.eclipse.cdt.core
https://bugzilla.redhat.com/show_bug.cgi?id=1437415
--------------------------------------------------------------------------------
================================================================================
eclipse-usage-4.4.3-1.fc26 (FEDORA-2017-5ad57d5bc6)
Usage reporting plug-ins for Eclipse
--------------------------------------------------------------------------------
Update Information:
Updates to Neon.3 releases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437415 - FTBFS crash when compiling org.eclipse.cdt.core
https://bugzilla.redhat.com/show_bug.cgi?id=1437415
--------------------------------------------------------------------------------
================================================================================
glusterfs-3.10.1-1.fc26 (FEDORA-2017-b80ab76a74)
Distributed File System
--------------------------------------------------------------------------------
Update Information:
3.10.1 GA
--------------------------------------------------------------------------------
================================================================================
gnome-chemistry-utils-0.14.17-2.fc26 (FEDORA-2017-60b57e9fca)
A set of chemical utilities
--------------------------------------------------------------------------------
Update Information:
An update to the latest gnumeric and goffice releases: *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.34.html
--------------------------------------------------------------------------------
================================================================================
gnumeric-1.12.34-1.fc26 (FEDORA-2017-60b57e9fca)
Spreadsheet program for GNOME
--------------------------------------------------------------------------------
Update Information:
An update to the latest gnumeric and goffice releases: *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.34.html
--------------------------------------------------------------------------------
================================================================================
goffice-0.10.34-1.fc26 (FEDORA-2017-60b57e9fca)
G Office support libraries
--------------------------------------------------------------------------------
Update Information:
An update to the latest gnumeric and goffice releases: *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.34.html
--------------------------------------------------------------------------------
================================================================================
gphotoframe-2.0.2-3.hg2084299dffb6.fc26 (FEDORA-2017-efef11201e)
Photo Frame Gadget for the GNOME Desktop
--------------------------------------------------------------------------------
Update Information:
Switch to use WebKit2 (webkitgtk4)
--------------------------------------------------------------------------------
================================================================================
lynis-2.4.8-1.fc26 (FEDORA-2017-0877e054ef)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437271 - lynis-2.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1437271
--------------------------------------------------------------------------------
================================================================================
mame-0.184-1.fc26 (FEDORA-2017-30830af8c5)
Multiple Arcade Machine Emulator
--------------------------------------------------------------------------------
Update Information:
An update to the latest mame release: *
http://mamedev.org/?p=441
--------------------------------------------------------------------------------
================================================================================
mongodb-3.4.3-1.fc26 (FEDORA-2017-5c8496fd17)
High-performance, schema-free document-oriented database
--------------------------------------------------------------------------------
Update Information:
Upgrade to latest minor update 3.4.3.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1436895 - mongodb-3.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1436895
--------------------------------------------------------------------------------
================================================================================
perl-Module-Build-0.42.22-1.fc26 (FEDORA-2017-84ace47925)
Build and install Perl modules
--------------------------------------------------------------------------------
Update Information:
This release fixes running on Perl without "." in @INC path. It also removes
useless warning about Module::Build deprecation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437701 - perl-Module-Build-0.4222 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1437701
--------------------------------------------------------------------------------
================================================================================
pluma-1.18.0-3.fc26 (FEDORA-2017-b5df7c372b)
Text editor for the MATE desktop
--------------------------------------------------------------------------------
Update Information:
- fix a crash with modeline plugin - fix running under wayland
--------------------------------------------------------------------------------
================================================================================
purple-facebook-0.9.3-1.c9b74a765767.fc26 (FEDORA-2017-9aa9f4aa6a)
Facebook protocol plugin for purple2
--------------------------------------------------------------------------------
Update Information:
* New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437629 - purple-facebook-0.9.3-c9b74a765767 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1437629
[ 2 ] Bug #1437164 - Update to newer
https://bugzilla.redhat.com/show_bug.cgi?id=1437164
[ 3 ] Bug #1437827 - The facebook plugin is broken
https://bugzilla.redhat.com/show_bug.cgi?id=1437827
--------------------------------------------------------------------------------
================================================================================
python-application-2.1.0-1.fc26 (FEDORA-2017-2506eb2b05)
Basic building blocks for python applications
--------------------------------------------------------------------------------
Update Information:
* Ver. 2.1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1210332 - python-application-2.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1210332
--------------------------------------------------------------------------------
================================================================================
python-bugzilla-2.1.0-1.fc26 (FEDORA-2017-2b271e07b7)
python2 library for interacting with Bugzilla
--------------------------------------------------------------------------------
Update Information:
* Rebased to version 2.1.0 * Support for bugzilla 5 API Keys (Dustin J.
Mitchell) * bugzillarc can be used to set default URL for the cli tool * Revive
update_flags wrapper * Bug fixes and minor improvements
--------------------------------------------------------------------------------
================================================================================
qcad-3.16.7.0-1.fc26 (FEDORA-2017-c664f7d20d)
Powerful 2D CAD system
--------------------------------------------------------------------------------
Update Information:
- Update to 3.16.7.0 - Fix detection of QCAD modules
--------------------------------------------------------------------------------
================================================================================
rpkg-1.49-2.fc26 (FEDORA-2017-d9d93502a4)
Python library for interacting with rpm+git
--------------------------------------------------------------------------------
Update Information:
Rename pyrpkg to python2-rpkg. Currently, only Python 2 package is available.
Test cases: - installing ``python2-rpkg`` will replace ``pyrpkg`` with
``python2-rpkg`` - installing ``fedpkg`` should select ``python2-rpkg`` -
original package ``rpkg``, which contains example CLI, is moved to
``%{_datadir}/rpkg/examples/cli``
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400592 - Rename subpackage pyrpkg to python2-rpkg
https://bugzilla.redhat.com/show_bug.cgi?id=1400592
--------------------------------------------------------------------------------
================================================================================
rubygem-ffi-1.9.18-1.fc26 (FEDORA-2017-054895f97f)
FFI Extensions for Ruby
--------------------------------------------------------------------------------
Update Information:
New version 1.9.18 is released.
--------------------------------------------------------------------------------
================================================================================
scap-security-guide-0.1.32-1.fc26 (FEDORA-2017-6a85e7e024)
Security guidance and baselines in SCAP formats
--------------------------------------------------------------------------------
Update Information:
updated to latest upstream release
--------------------------------------------------------------------------------
================================================================================
starcal-3.0.6-1.fc26 (FEDORA-2017-02f7e4cbca)
A full-featured international calendar written in Python
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431416 - starcal-3.0.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1431416
--------------------------------------------------------------------------------
================================================================================
tomcat-8.0.42-1.fc26 (FEDORA-2017-c8cf64a232)
Apache Servlet/JSP Engine, RI for Servlet 3.1/JSP 2.3 API
--------------------------------------------------------------------------------
Update Information:
This updates includes a rebase from tomcat 8.0.41 up to 8.0.42.
--------------------------------------------------------------------------------
================================================================================
upx-3.93-1.fc26 (FEDORA-2017-a1d337603d)
Ultimate Packer for eXecutables
--------------------------------------------------------------------------------
Update Information:
3.93, fix LZMA error.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429197 - UPX can not pack because LZMA support not compiled in
https://bugzilla.redhat.com/show_bug.cgi?id=1429197
--------------------------------------------------------------------------------
================================================================================
xorgxrdp-0.2.1-1.fc26 (FEDORA-2017-fc634e7ee7)
Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:
New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX
codec support is now enabled by default. - Bitmap updates support is now enabled
by default. - TLS ciphers suites and version is now logged. - Connected computer
name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. -
Miscellaneous RemoteFX codec mode improvements. - Socket directory is
configurable at the compile time. Bugfixes in xrdp: - Parallels client for
MacOS / iOS can now connect (audio redirection must be disabled on client or
xrdp server though). - MS RDP client for iOS can now connect using TLS security
layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions
(4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened
throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars
anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored
and rdp security layer could be used instead. - Kill disconnected sessions
feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup
and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc-
minimal. VNC is still the default.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session()
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1433959
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.2-1.fc26 (FEDORA-2017-fc634e7ee7)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX
codec support is now enabled by default. - Bitmap updates support is now enabled
by default. - TLS ciphers suites and version is now logged. - Connected computer
name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. -
Miscellaneous RemoteFX codec mode improvements. - Socket directory is
configurable at the compile time. Bugfixes in xrdp: - Parallels client for
MacOS / iOS can now connect (audio redirection must be disabled on client or
xrdp server though). - MS RDP client for iOS can now connect using TLS security
layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions
(4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened
throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars
anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored
and rdp security layer could be used instead. - Kill disconnected sessions
feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup
and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc-
minimal. VNC is still the default.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session()
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1433959
--------------------------------------------------------------------------------