The following Fedora 27 Security updates need testing:
Age URL
27
https://bodhi.fedoraproject.org/updates/FEDORA-2017-15efa72a0c
docker-1.13.1-44.git584d391.fc27
23
https://bodhi.fedoraproject.org/updates/FEDORA-2017-913288e9a9
mongodb-3.4.10-1.fc27
19
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d7c0748c1b pdns-4.1.0-1.fc27
19
https://bodhi.fedoraproject.org/updates/FEDORA-2017-14f5c6cdac
qpid-cpp-1.37.0-1.fc27
10
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2e5a17c4cc
python33-3.3.7-2.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8a9862f4b7
php-symfony4-4.0.1-1.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-66e9367f7e
asterisk-14.7.4-1.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0e5ad250c
heimdal-7.5.0-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-20b18a4ffe
json-c-0.12.1-5.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2645aa935
chromium-63.0.3239.108-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2eefd424bd
python-mistune-0.8.3-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-01ad8b3946
heketi-5.0.1-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-06b373d942
webkitgtk4-2.18.4-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3997279e65
wireshark-2.4.3-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1ebb87e7c0
kernel-4.14.8-300.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-54288fb74e
thunderbird-enigmail-1.9.9-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-fd9462d9ef
global-6.5.7-4.fc27
The following builds have been pushed to Fedora 27 updates-testing
R-reshape2-1.4.3-1.fc27
autofs-5.1.4-4.fc27
cmake-3.10.1-4.fc27
createrepo_c-0.10.0-15.fc27
gdeploy-2.0.7-1.fc27
global-6.5.7-4.fc27
gnome-pkg-tools-0.20.0-1.fc27
google-noto-cjk-fonts-20170602-4.fc27
kjots-5.0.2-7.fc27
libcouchbase-2.8.4-2.fc27
libiio-0.12-1.fc27
libmediainfo-17.12-1.fc27
libqb-1.0.3-1.fc27
mediaconch-17.12-1.fc27
mediainfo-17.12-1.fc27
naver-nanum-fonts-3.020-19.20140930.fc27
naver-nanum-gothic-coding-fonts-2.000-9.fc27
ocaml-oasis-0.4.10-3.fc27
openqa-4.5-3.20171220gitbe13358.fc27
os-autoinst-4.5-1.20171220git25191d5.fc27
perl-CPAN-Perl-Releases-3.44-1.fc27
perl-Module-CoreList-5.20171220-1.fc27
perl-Module-Manifest-1.09-1.fc27
perl-Mojolicious-Plugin-AssetPack-2.01-1.fc27
perl-Time-HiRes-1.9749-1.fc27
python-keyring-10.5.1-1.fc27
python-pytest-vcr-0.3.0-2.fc27
qemu-2.10.1-2.fc27
redhat-rpm-config-67-2.fc27
thunderbird-enigmail-1.9.9-1.fc27
Details about builds:
================================================================================
R-reshape2-1.4.3-1.fc27 (FEDORA-2017-1fd4b4cb90)
Flexibly Reshape Data: A Reboot of the Reshape Package
--------------------------------------------------------------------------------
Update Information:
Update to latest version.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528498 - R-reshape2-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1528498
--------------------------------------------------------------------------------
================================================================================
autofs-5.1.4-4.fc27 (FEDORA-2017-eda74692fc)
A tool for automatically mounting and unmounting filesystems
--------------------------------------------------------------------------------
Update Information:
- fix use after free in do_master_list_reset(). ---- - this release (5.1.4)
fixes a couple of regressions in 5.1.3. - it also improves the network not
available at startup problem that users have seen.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1523866 - autofs with NIS logs add_host_addrs: hostname lookup failed: Name
or service not known/No address associated with hostname
https://bugzilla.redhat.com/show_bug.cgi?id=1523866
[ 2 ] Bug #1514506 - -D variable expansion broken on 1:5.1.3-4.fc27
https://bugzilla.redhat.com/show_bug.cgi?id=1514506
[ 3 ] Bug #1409103 - autofs cannot mount samba/cifs shares that end with a dollar sign
https://bugzilla.redhat.com/show_bug.cgi?id=1409103
[ 4 ] Bug #1500027 - Drop preventing bind mounts when port is specified
https://bugzilla.redhat.com/show_bug.cgi?id=1500027
[ 5 ] Bug #698449 - [RFE] Add optional nss map read retries
https://bugzilla.redhat.com/show_bug.cgi?id=698449
--------------------------------------------------------------------------------
================================================================================
cmake-3.10.1-4.fc27 (FEDORA-2017-3935cb7492)
Cross-platform make system
--------------------------------------------------------------------------------
Update Information:
## CMake: - Move rpm macros to own subpackage ## Redhat-rpm-config: - Add
`Requires: cmake-rpm-macros` for CMake auto-{provides,requires}
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1498894 - Non-bootstraped build can miss cmake() Provides
https://bugzilla.redhat.com/show_bug.cgi?id=1498894
--------------------------------------------------------------------------------
================================================================================
createrepo_c-0.10.0-15.fc27 (FEDORA-2017-abd7416fe7)
Creates a common metadata repository
--------------------------------------------------------------------------------
Update Information:
Backport fix for RHBZ#1380012
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1380012 - BZ2 files are not closed when done
https://bugzilla.redhat.com/show_bug.cgi?id=1380012
--------------------------------------------------------------------------------
================================================================================
gdeploy-2.0.7-1.fc27 (FEDORA-2017-3f058f7e8e)
Tool to deploy and manage GlusterFS cluster
--------------------------------------------------------------------------------
Update Information:
ctdb and regex related bugfixes ---- Add vdo support to gdeploy ---- Add
geo-replication support to gdeploy ---- Remove the multiple display support,
broken in Ansible-2.4
--------------------------------------------------------------------------------
================================================================================
global-6.5.7-4.fc27 (FEDORA-2017-fd9462d9ef)
Source code tag system
--------------------------------------------------------------------------------
Update Information:
Security fix for [PUT CVEs HERE]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528415 - CVE-2017-17531 global: Command injection in gozilla.c
https://bugzilla.redhat.com/show_bug.cgi?id=1528415
--------------------------------------------------------------------------------
================================================================================
gnome-pkg-tools-0.20.0-1.fc27 (FEDORA-2017-e9160937cb)
Tools for the Debian GNOME Packaging Team
--------------------------------------------------------------------------------
Update Information:
Update to version 0.20.0, see
http://metadata.ftp-
master.debian.org/changelogs/main/g/gnome-pkg-tools/gnome-pkg-
tools_0.20.0_changelog for details.
--------------------------------------------------------------------------------
================================================================================
google-noto-cjk-fonts-20170602-4.fc27 (FEDORA-2017-00edb729a2)
Google Noto Sans CJK Fonts
--------------------------------------------------------------------------------
Update Information:
Include more fonts and sub package fonts
--------------------------------------------------------------------------------
================================================================================
kjots-5.0.2-7.fc27 (FEDORA-2017-744b79a9e1)
KDE Notes application
--------------------------------------------------------------------------------
Update Information:
Rebuild for kde pim-17.12.x
--------------------------------------------------------------------------------
================================================================================
libcouchbase-2.8.4-2.fc27 (FEDORA-2017-cd0476631d)
Client and protocol library for the Couchbase project
--------------------------------------------------------------------------------
Update Information:
Update to 2.8.4
--------------------------------------------------------------------------------
================================================================================
libiio-0.12-1.fc27 (FEDORA-2017-d34857a882)
Library for Industrial IO
--------------------------------------------------------------------------------
Update Information:
Update to 0.12
--------------------------------------------------------------------------------
================================================================================
libmediainfo-17.12-1.fc27 (FEDORA-2017-c282a0a31d)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 17.12.
--------------------------------------------------------------------------------
================================================================================
libqb-1.0.3-1.fc27 (FEDORA-2017-6aac5ee27d)
An IPC library for high performance servers
--------------------------------------------------------------------------------
Update Information:
- Update to libqb-1.0.3, for list of changes see:
https://github.com/ClusterLabs/libqb/releases/tag/v1.0.3 - Make -devel package
dependency on the main package arch-qualified
--------------------------------------------------------------------------------
================================================================================
mediaconch-17.12-1.fc27 (FEDORA-2017-c282a0a31d)
Most relevant technical and tag data for video and audio files (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 17.12.
--------------------------------------------------------------------------------
================================================================================
mediainfo-17.12-1.fc27 (FEDORA-2017-c282a0a31d)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 17.12.
--------------------------------------------------------------------------------
================================================================================
naver-nanum-fonts-3.020-19.20140930.fc27 (FEDORA-2017-e15543dadc)
Nanum family of Korean TrueType fonts
--------------------------------------------------------------------------------
Update Information:
Obsoletes nhn-nanum-gothic-light-fonts
--------------------------------------------------------------------------------
================================================================================
naver-nanum-gothic-coding-fonts-2.000-9.fc27 (FEDORA-2017-dbfe23fb09)
Nanum Gothic Coding family of Korean TrueType fonts
--------------------------------------------------------------------------------
Update Information:
Renamed from nhn-nanum-gothic-coding-fonts
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1525860 - Review Request: naver-nanum-gothic-coding-fonts - Nanum Gothic
Coding family of Korean TrueType fonts
https://bugzilla.redhat.com/show_bug.cgi?id=1525860
--------------------------------------------------------------------------------
================================================================================
ocaml-oasis-0.4.10-3.fc27 (FEDORA-2017-1b7266f53e)
Tooling for building OCaml libraries and applications
--------------------------------------------------------------------------------
Update Information:
Tooling for building OCaml libraries and applications
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1513290 - Review Request: ocaml-oasis - Tooling for building OCaml libraries
and applications
https://bugzilla.redhat.com/show_bug.cgi?id=1513290
--------------------------------------------------------------------------------
================================================================================
openqa-4.5-3.20171220gitbe13358.fc27 (FEDORA-2017-3baf6dc7e4)
OS-level automated testing framework
--------------------------------------------------------------------------------
Update Information:
This update provides the latest git snapshots of both os-autoinst and openQA,
with many changes and enhancements. See the upstream commit logs for more
details.
--------------------------------------------------------------------------------
================================================================================
os-autoinst-4.5-1.20171220git25191d5.fc27 (FEDORA-2017-3baf6dc7e4)
OS-level test automation
--------------------------------------------------------------------------------
Update Information:
This update provides the latest git snapshots of both os-autoinst and openQA,
with many changes and enhancements. See the upstream commit logs for more
details.
--------------------------------------------------------------------------------
================================================================================
perl-CPAN-Perl-Releases-3.44-1.fc27 (FEDORA-2017-7a80eaddbd)
Mapping Perl releases on CPAN to the location of the tarballs
--------------------------------------------------------------------------------
Update Information:
This release provides data about Perl 5.27.7 release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528276 - perl-CPAN-Perl-Releases-3.44 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1528276
--------------------------------------------------------------------------------
================================================================================
perl-Module-CoreList-5.20171220-1.fc27 (FEDORA-2017-586f0eac44)
What modules are shipped with versions of perl
--------------------------------------------------------------------------------
Update Information:
This release provides data about Perl 5.27.7 release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528483 - perl-Module-CoreList-5.20171220 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1528483
--------------------------------------------------------------------------------
================================================================================
perl-Module-Manifest-1.09-1.fc27 (FEDORA-2017-de55bf602f)
Parse and examine a Perl distribution MANIFEST file
--------------------------------------------------------------------------------
Update Information:
This release improves documentation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528090 - perl-Module-Manifest-1.09 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1528090
--------------------------------------------------------------------------------
================================================================================
perl-Mojolicious-Plugin-AssetPack-2.01-1.fc27 (FEDORA-2017-3baf6dc7e4)
Compress and convert CSS, Less, Sass, JavaScript and CoffeeScript files
--------------------------------------------------------------------------------
Update Information:
This update provides the latest git snapshots of both os-autoinst and openQA,
with many changes and enhancements. See the upstream commit logs for more
details.
--------------------------------------------------------------------------------
================================================================================
perl-Time-HiRes-1.9749-1.fc27 (FEDORA-2017-a3ec3e670c)
High resolution alarm, sleep, gettimeofday, interval timers
--------------------------------------------------------------------------------
Update Information:
This release fixes some compiler warnings, improves tests, compatbility with
developmental Perl and with some compilers. It also corrects tests.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528493 - perl-Time-HiRes-1.9749 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1528493
--------------------------------------------------------------------------------
================================================================================
python-keyring-10.5.1-1.fc27 (FEDORA-2017-e4fb48be55)
Store and access your passwords safely
--------------------------------------------------------------------------------
Update Information:
Update to 10.5.1; fix AttributeError with kwallet backend (bz#1526653) This
fixes upstream bug
https://github.com/jaraco/keyring/issues/296
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1526653 - python-keyring-10.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1526653
--------------------------------------------------------------------------------
================================================================================
python-pytest-vcr-0.3.0-2.fc27 (FEDORA-2017-f0a4ab9a51)
Py.test plugin for managing VCR.py cassettes
--------------------------------------------------------------------------------
Update Information:
Initial build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528303 - Review Request: python-pytest-vcr - Py.test plugin for managing
VCR.py cassettes
https://bugzilla.redhat.com/show_bug.cgi?id=1528303
--------------------------------------------------------------------------------
================================================================================
qemu-2.10.1-2.fc27 (FEDORA-2017-fc9dc910e4)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
Re-enable RBD on arm/ppc (rhbz #1528378)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528378 - qemu rbd subpackages should be enabled for F27+ on arm and ppc64
(unbreak upgrade path!)
https://bugzilla.redhat.com/show_bug.cgi?id=1528378
--------------------------------------------------------------------------------
================================================================================
redhat-rpm-config-67-2.fc27 (FEDORA-2017-3935cb7492)
Red Hat specific rpm configuration files
--------------------------------------------------------------------------------
Update Information:
## CMake: - Move rpm macros to own subpackage ## Redhat-rpm-config: - Add
`Requires: cmake-rpm-macros` for CMake auto-{provides,requires}
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1498894 - Non-bootstraped build can miss cmake() Provides
https://bugzilla.redhat.com/show_bug.cgi?id=1498894
--------------------------------------------------------------------------------
================================================================================
thunderbird-enigmail-1.9.9-1.fc27 (FEDORA-2017-54288fb74e)
Authentication and encryption extension for Mozilla Thunderbird
--------------------------------------------------------------------------------
Update Information:
Update to 1.9.9. This release addresses security vulnerabilities discovered by
Cure53. Details can be found in the Security Audit Report:
https://enigmail.net/
download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528403 - thunderbird-enigmail: Multiple flaws fixed in 1.9.9 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1528403
--------------------------------------------------------------------------------