The following Fedora 27 Security updates need testing:
Age URL
45
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9fd430dba0
wireshark-2.4.2-1.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-195e7ea9a8
lucene4-4.10.4-11.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-72b50be8d4
varnish-5.1.3-4.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f93ebc905e mrbs-1.7.0-1.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f76bf63612
qpid-cpp-1.36.0-8.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf75844225
cacti-1.1.28-1.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1ad512b22 mupdf-1.11-9.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-78a4610238
mediawiki-1.29.2-2.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a20d92573b
couchdb-1.7.1-3.fc27 erlang-jiffy-0.14.13-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-612d3e009f
moodle-3.3.3-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c448cf31d6
transfig-3.2.6a-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-654136ee16
python-werkzeug-0.12.2-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-96d1995b70
openssh-7.6p1-2.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-dabf9a64d9
wildmidi-0.4.2-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c15b709e32
python-sanic-0.6.0-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2e0498d5e1
fedora-arm-installer-2.0-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-15efa72a0c
docker-1.13.1-44.git584d391.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b891f919c5 xrdp-0.9.4-2.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5dd46193e1
rb_libtorrent-1.1.5-1.fc27 qbittorrent-4.0.1-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1c0367d562
asterisk-14.7.2-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-355ac8a91a
linux-firmware-20171126-80.git17e62881.fc27
The following Fedora 27 Critical Path updates have yet to be approved:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-370293d5c3
libguestfs-1.37.34-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6aae17af58
man-db-2.7.6.1-9.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-96d1995b70
openssh-7.6p1-2.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-50372d7dcf
pungi-4.1.20-3.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f7aaad6276
kernel-4.13.15-300.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c33b1c89b
augeas-1.9.0-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-504324a935
groff-1.22.3-12.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-97eab6fef7 sssd-1.16.0-4.fc27
The following builds have been pushed to Fedora 27 updates-testing
R-Rcpp-0.12.14-1.fc27
antimony-0.9.3-1.fc27
apiguardian-1.0.0-1.fc27
asterisk-14.7.2-1.fc27
chromium-native_client-59.0.3071.86-5.20170607gitaac1de2.fc27
cinnamon-3.6.6-9.fc27
clamav-0.99.2-13.fc27
eclipse-4.7.2-0.2.fc27
eclipse-egit-4.9.0-1.fc27
eclipse-egit-github-4.9.0-1.fc27
eclipse-jgit-4.9.0-2.fc27
eclipse-m2e-core-1.8.2-2.fc27
eclipse-xsd-2.13.0-1.fc27
golang-github-tjfoc-gmsm-1.1-1.fc27
jbuilder-1.0-0.5.beta16.fc27
jmh-1.13-5.fc27
jopt-simple-5.0.4-1.fc27
junit5-5.0.0-1.fc27
linux-firmware-20171126-80.git17e62881.fc27
mozilla-noscript-10.1.2-1.fc27
nmh-1.7-2.fc27
opentest4j-1.0.0-1.fc27
osmctools-0.8-1.fc27
perl-Compress-Raw-Zlib-2.076-1.fc27
python-metakernel-0.20.12-2.fc27
syslinux-6.04-0.7.fc27
univocity-parsers-2.5.5-1.fc27
youtube-dl-2017.11.15-1.fc27
Details about builds:
================================================================================
R-Rcpp-0.12.14-1.fc27 (FEDORA-2017-e52d41c437)
Seamless R and C++ Integration
--------------------------------------------------------------------------------
Update Information:
Changes in Rcpp version 0.12.14 (2017-11-17) * Changes in Rcpp API: * * New
const iterators functions cbegin() and cend() added to MatrixRow as well (Dan
Dillon in #750). * * The Rostream object now contains a Buffer rather than
allocating one (Kirill M��ller in #763). * * New DateVector and DatetimeVector
classes are now the default fully deprecating the old classes as announced one
year ago. * Changes in Rcpp Package: * * DESCRIPTION file now list doi
information per CRAN suggestion. * Changes in Rcpp Documentation: * * Update
CITATION file with doi information and PeerJ preprint.
--------------------------------------------------------------------------------
================================================================================
antimony-0.9.3-1.fc27 (FEDORA-2017-bc157c86c8)
Computer-aided design CAD tool
--------------------------------------------------------------------------------
Update Information:
- 0.9.3 stable release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410231 - [abrt] antimony: QGraphicsSceneFindItemBspTreeVisitor::visit():
antimony killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1410231
--------------------------------------------------------------------------------
================================================================================
apiguardian-1.0.0-1.fc27 (FEDORA-2017-b10415f6b6)
API Guardian Java annotation
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
asterisk-14.7.2-1.fc27 (FEDORA-2017-1c0367d562)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
Update to upstream 14.7.2 release for bug fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1377117 - upstream support status
https://bugzilla.redhat.com/show_bug.cgi?id=1377117
[ 2 ] Bug #1374734 - CVE-2016-7551 asterisk: RTP Resource Exhaustion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1374734
--------------------------------------------------------------------------------
================================================================================
chromium-native_client-59.0.3071.86-5.20170607gitaac1de2.fc27 (FEDORA-2017-f9af55ae45)
Google Native Client Toolchain
--------------------------------------------------------------------------------
Update Information:
Strip out library provides, they are not useful.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1515559 - [chromium-native_client] unfiltered library provides
https://bugzilla.redhat.com/show_bug.cgi?id=1515559
--------------------------------------------------------------------------------
================================================================================
cinnamon-3.6.6-9.fc27 (FEDORA-2017-dcf4cf36d3)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
- Switch to libnm on all Fedora releases and EPEL7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413610 - Don't use NetworkManager-glib
https://bugzilla.redhat.com/show_bug.cgi?id=1413610
--------------------------------------------------------------------------------
================================================================================
clamav-0.99.2-13.fc27 (FEDORA-2017-346bbcbc6f)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
- Backported upstream patch to unbreak e2guardian vs. temp files
--------------------------------------------------------------------------------
================================================================================
eclipse-4.7.2-0.2.fc27 (FEDORA-2017-b10415f6b6)
An open, extensible IDE
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
eclipse-egit-4.9.0-1.fc27 (FEDORA-2017-b10415f6b6)
Eclipse Git Integration
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
eclipse-egit-github-4.9.0-1.fc27 (FEDORA-2017-b10415f6b6)
Eclipse EGit Mylyn GitHub Connector
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
eclipse-jgit-4.9.0-2.fc27 (FEDORA-2017-b10415f6b6)
Eclipse JGit
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
eclipse-m2e-core-1.8.2-2.fc27 (FEDORA-2017-b10415f6b6)
Maven integration for Eclipse
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
eclipse-xsd-2.13.0-1.fc27 (FEDORA-2017-b10415f6b6)
XML Schema Definition (XSD) Eclipse plug-in
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
golang-github-tjfoc-gmsm-1.1-1.fc27 (FEDORA-2017-8e53740df4)
GM SM2/3/4 library based on Golang
--------------------------------------------------------------------------------
Update Information:
Bump to version 1.1. This includes performance improvements for SM2 and an
added public/private key encryption mode for SM2.
--------------------------------------------------------------------------------
================================================================================
jbuilder-1.0-0.5.beta16.fc27 (FEDORA-2017-79fbb16774)
A composable build system for OCaml
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release, beta16 (#1509749).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1509749 - jbuilder-1.0+beta16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1509749
--------------------------------------------------------------------------------
================================================================================
jmh-1.13-5.fc27 (FEDORA-2017-b10415f6b6)
Java Microbenchmark Harness
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
jopt-simple-5.0.4-1.fc27 (FEDORA-2017-b10415f6b6)
A Java command line parser
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
junit5-5.0.0-1.fc27 (FEDORA-2017-b10415f6b6)
Java regression testing framework
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
linux-firmware-20171126-80.git17e62881.fc27 (FEDORA-2017-355ac8a91a)
Firmware files used by the Linux kernel
--------------------------------------------------------------------------------
Update Information:
- Updated bcm 4339 4354 4356 4358 firmware, new bcm 43430 - Fixes CVE-2016-0801
CVE-2017-0561 CVE-2017-9417
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-10.1.2-1.fc27 (FEDORA-2017-695b803d89)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
This is the first pure WebExtension release, compatible with Firefox 57+ only.
Notable changes since 5.1.4: * Added "Revoke temporary permissions" button *
Added "Temporarily allow all this page" button * Simplified popup listing,
showing base domains only (full origin URLs can still be entered in the Options
window to further tweak permissions) * Fixed UI not launching in Incognito mode
* Fixed changing permissions in the CUSTOM preset affecting the DEFAULT
permissions sometimes * Fixed UI almost unusable in High Contrast mode * Fixed
live bookmark feeds blocked if "fetch" permissions were not given * Fixed
background requests from other WebExtensions being blocked * CSP-based first-
party script script blocking * Active content blocking with DEFAULT, TRUSTED,
UNTRUSTED and CUSTOM (per site) presets * Extremely responsive XSS filter
leveraging the webRequest asynchronous API * On-the-fly cross-site requests
whitelisting * Next to come: ClearClick and ABE (in the next few weeks). *
Fixed content process cross-framescript leak (thanks dorando for patch)
--------------------------------------------------------------------------------
================================================================================
nmh-1.7-2.fc27 (FEDORA-2017-d43411f5aa)
A capable MIME-email-handling system with a command-line interface
--------------------------------------------------------------------------------
Update Information:
Removed configure --sysconfdir to fix /etc/nmh/ install dir.
--------------------------------------------------------------------------------
================================================================================
opentest4j-1.0.0-1.fc27 (FEDORA-2017-b10415f6b6)
Open Test Alliance for the JVM
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
osmctools-0.8-1.fc27 (FEDORA-2017-edac683b25)
Tools to manipulate OpenStreetMap files
--------------------------------------------------------------------------------
Update Information:
* Update osmfilter.c * Fix spelling errors * Update man pages
--------------------------------------------------------------------------------
================================================================================
perl-Compress-Raw-Zlib-2.076-1.fc27 (FEDORA-2017-79874057fe)
Low-level interface to the zlib compression library
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1516061 - perl-Compress-Raw-Zlib-2.076 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1516061
--------------------------------------------------------------------------------
================================================================================
python-metakernel-0.20.12-2.fc27 (FEDORA-2017-fbe3a48f16)
Metakernel for Jupyter
--------------------------------------------------------------------------------
Update Information:
Fix output in bash kernel.
--------------------------------------------------------------------------------
================================================================================
syslinux-6.04-0.7.fc27 (FEDORA-2017-2e8e9bcb0f)
Simple kernel loader which boots from a FAT filesystem
--------------------------------------------------------------------------------
Update Information:
- Add upstream patch for ext4 64bit feature (#1369934) - Correct non-existent
macro %{x86_64} to x86_64 (#1312748) - Own %{_datadir}/syslinux/diag directory
(#894529) - Allow rebuilding on RHEL/CentOS 6 and 7 (#1291428)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1369934 - Fedora 25 cloud images built with syslinux do not boot
https://bugzilla.redhat.com/show_bug.cgi?id=1369934
[ 2 ] Bug #1312748 - Bootloader in EFI not installed when using extlinux
https://bugzilla.redhat.com/show_bug.cgi?id=1312748
[ 3 ] Bug #894529 - unowned directory /usr/share/syslinux/diag
https://bugzilla.redhat.com/show_bug.cgi?id=894529
[ 4 ] Bug #1291428 - syslinux: request small updates to the spec file to allow rebuild
on RHEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1291428
[ 5 ] Bug #1422687 - Kernel loader EXTLINUX do not work
https://bugzilla.redhat.com/show_bug.cgi?id=1422687
--------------------------------------------------------------------------------
================================================================================
univocity-parsers-2.5.5-1.fc27 (FEDORA-2017-b10415f6b6)
Collection of parsers for Java
--------------------------------------------------------------------------------
Update Information:
Updates to Oxygen.2 release of Eclipse Platform and latest upstream release of
Egit/Jgit. See the upstream release notes: *
https://www.eclipse.org/eclipse/news/4.7/ *
https://wiki.eclipse.org/EGit/New_and_Noteworthy/4.9 *
https://wiki.eclipse.org/JGit/New_and_Noteworthy/4.9
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2017.11.15-1.fc27 (FEDORA-2017-2064e348b9)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1513218 - youtube-dl-2017.11.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1513218
--------------------------------------------------------------------------------