The following Fedora 32 Security updates need testing:
Age URL
47
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4c8458e373
containernetworking-plugins-0.9.1-1.fc32
43
https://bodhi.fedoraproject.org/updates/FEDORA-2021-16d1596c42
buildah-1.19.4-1.fc32
33
https://bodhi.fedoraproject.org/updates/FEDORA-2021-88d9d29680
python3-3.8.8-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2021-87e26421fb
linux-firmware-20210315-119.fc32
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-a468f36bbe xen-4.13.2-8.fc32
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-1d72d8cea2
slic3r-1.3.0-14.fc32
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-265a3c7cb9
dotnet3.1-3.1.113-1.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-edc673e864
rubygem-kramdown-2.1.0-5.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-dc83ae690a
pdfbox-2.0.23-1.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2024803354
busybox-1.32.1-1.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-662680e477
rpm-4.15.1.1-1.fc32.1
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-25441d8137
kernel-5.11.9-100.fc32
The following Fedora 32 Critical Path updates have yet to be approved:
Age URL
105
https://bodhi.fedoraproject.org/updates/FEDORA-2020-345d2fd2aa
iproute-5.9.0-1.fc32
80
https://bodhi.fedoraproject.org/updates/FEDORA-2021-50c22ae8fd
lua-socket-3.0-0.27.rc1.fc32
33
https://bodhi.fedoraproject.org/updates/FEDORA-2021-88d9d29680
python3-3.8.8-1.fc32
24
https://bodhi.fedoraproject.org/updates/FEDORA-2021-5cf5afe520
hwdata-0.345-1.fc32
14
https://bodhi.fedoraproject.org/updates/FEDORA-2021-ef4aa8623e gdisk-1.0.7-1.fc32
13
https://bodhi.fedoraproject.org/updates/FEDORA-2021-b55547281d
osinfo-db-20210312-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2021-d191e54a3c
nfs-utils-2.5.3-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2021-49b5302e38
libmaxminddb-1.5.2-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2021-b48c01f40a
gnome-shell-3.36.9-1.fc32 mutter-3.36.9-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2021-87e26421fb
linux-firmware-20210315-119.fc32
7
https://bodhi.fedoraproject.org/updates/FEDORA-2021-e33f35a999
thunderbird-78.8.1-1.fc32
7
https://bodhi.fedoraproject.org/updates/FEDORA-2021-6540e26fc2 quota-4.05-10.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-38d10033c9
libgweather-3.36.1-2.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-662680e477
rpm-4.15.1.1-1.fc32.1
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-7fa34a0d1f taglib-1.12-3.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-71928b0f1d nspr-4.30.0-1.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-25441d8137
kernel-5.11.9-100.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-a2e909d1fc
libdnf-0.58.0-2.fc32
The following builds have been pushed to Fedora 32 updates-testing
atasm-1.09-1.fc32
beakerlib-1.27-1.fc32
beep-1.4.7-6.fc32
caja-1.24.1-1.fc32
exim-4.94-2.fc32
firefox-87.0-2.fc32
ghc-hakyll-4.13.4.0-5.fc32
libldb-2.1.5-1.fc32
matio-1.5.21-1.fc32
mozjs78-78.9.0-1.fc32
nss-3.63.0-1.fc32
python-curtsies-0.3.5-1.fc32
r2cutter-0.1.1-4.fc32
samba-4.12.14-0.fc32
zsh-5.8-4.fc32
Details about builds:
================================================================================
atasm-1.09-1.fc32 (FEDORA-2021-dc534847b2)
6502 cross-assembler
--------------------------------------------------------------------------------
Update Information:
- update to 1.09
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Dan Hor��k <dan[at]danny.cz> - 1.09-1
- update to 1.09 - CVE-2019-19785 CVE-2019-19786 CVE-2019-19787
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.08-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Jan 21 2021 Dan Hor��k <dan[at]danny.cz> - 1.08-7
- pass correct linker flags
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.08-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Tom Stellard <tstellar(a)redhat.com> - 1.08-5
- Use make macros
-
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1786344 - CVE-2019-19785 atasm: stack-based buffer overflow in to_comma in
asm.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1786344
[ 2 ] Bug #1786346 - CVE-2019-19785 atasm: stack-based buffer overflow in to_comma in
asm.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1786346
[ 3 ] Bug #1786347 - CVE-2019-19786 atasm: stack-based buffer overflow in parse_expr in
setparse.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1786347
[ 4 ] Bug #1786349 - CVE-2019-19786 atasm: stack-based buffer overflow in parse_expr in
setparse.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1786349
[ 5 ] Bug #1786605 - CVE-2019-19787 atasm: stack-based buffer overflow in
get_signed_expression in setparse.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1786605
[ 6 ] Bug #1786607 - CVE-2019-19787 atasm: stack-based buffer overflow in
get_signed_expression in setparse.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1786607
--------------------------------------------------------------------------------
================================================================================
beakerlib-1.27-1.fc32 (FEDORA-2021-f2f8455624)
A shell-level integration testing library
--------------------------------------------------------------------------------
Update Information:
- rlCheckRequirements is now able to check also versioned requirements
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Dalibor Pospisil <dapospis(a)redhat.com> - 1.27-1
- rlCheckRequirements is now able to check also versions requirements
--------------------------------------------------------------------------------
================================================================================
beep-1.4.7-6.fc32 (FEDORA-2021-d51ef56327)
Beep the PC speaker any number of ways
--------------------------------------------------------------------------------
Update Information:
Documentation update: To have the `beep` package actually beep the PC speaker,
you need to **manually** (!) install the `kernel-modules-extra` package (which
contains the `pcspkr.ko` kernel module). There are no functional changes in
this update, so this should be an easy update even down to F32.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Hans Ulrich Niedermann <hun(a)n-dimensional.de> - 1.4.7-6
- Remove any kmod(pcspkr.ko) dependencies as they install the wrong package
* Wed Mar 24 2021 Hans Ulrich Niedermann <hun(a)n-dimensional.de> - 1.4.7-5
- Add "Recommends: kmod(pcspkr.ko)" to install the driver if available
(#1942670)
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.7-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.7-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1942670 - beep doesn't work without pcspkr which is now in
kernel-modules-extra (suggested patch included)
https://bugzilla.redhat.com/show_bug.cgi?id=1942670
--------------------------------------------------------------------------------
================================================================================
caja-1.24.1-1.fc32 (FEDORA-2021-f91f4f310a)
File manager for MATE
--------------------------------------------------------------------------------
Update Information:
- update to 1.24.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Wolfgang Ulbrich <fedora(a)raveit.de> - 1.24.1-1
- update to 1.24.1
--------------------------------------------------------------------------------
================================================================================
exim-4.94-2.fc32 (FEDORA-2021-89cb264e4d)
The exim mail transfer agent
--------------------------------------------------------------------------------
Update Information:
Fixed cname handling in TLS certificate verification
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.94-2
- Fixed cname handling in TLS certificate verification
Resolves: rhbz#1942582
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1942581 - exim: CNAME handling can break TLS certificate verification
https://bugzilla.redhat.com/show_bug.cgi?id=1942581
--------------------------------------------------------------------------------
================================================================================
firefox-87.0-2.fc32 (FEDORA-2021-9fac28274f)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
New upstream version (87.0) Release notes are available here -
https://www.mozilla.org/en-US/firefox/87.0/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 24 2021 Martin Stransky <stransky(a)redhat.com> - 87.0-2
- More test fixes
* Tue Mar 23 2021 Martin Stransky <stransky(a)redhat.com> - 87.0-1
- Disabled ARM due to build failures
- Updated to 87.0
* Sat Mar 13 2021 Martin Stransky <stransky(a)redhat.com> - 86.0.1-2
- Enabled ARM
--------------------------------------------------------------------------------
================================================================================
ghc-hakyll-4.13.4.0-5.fc32 (FEDORA-2021-e76664b72d)
A static website compiler library
--------------------------------------------------------------------------------
Update Information:
correct location of examples/ for hakyll-init (#1942237)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Jens Petersen <petersen(a)redhat.com> - 4.13.4.0-5
- examples/ is used by hakyll-init (#1942237, reported by Martin Bukatovic)
- enable the testsuite
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
4.13.4.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Sep 19 2020 Jens Petersen <petersen(a)redhat.com> - 4.13.4.0-3
- rebuild for pandoc: cmark-gfm-0.2.2 fixes exponential parse (#1854329)
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
4.13.4.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1942237 - hakyll-init fails to create example site
https://bugzilla.redhat.com/show_bug.cgi?id=1942237
--------------------------------------------------------------------------------
================================================================================
libldb-2.1.5-1.fc32 (FEDORA-2021-c93a3a5d3f)
A schema-less, ldap like, API and database
--------------------------------------------------------------------------------
Update Information:
Update to Samba 4.12.14 - Security fixes for CVE-2020-27840 and CVE-2021-20277
---- Update to Samba 4.12.13 - Security fixes for CVE-2020-27840 and
CVE-2021-20277
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Guenther Deschner <gdeschner(a)redhat.com> - 2.1.5-1
- New upstream release 2.1.5
- rhbz#1941402,1942497 - Security fix for CVE-2021-20277
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1941400 - CVE-2020-27840 samba: Heap corruption via crafted DN strings
https://bugzilla.redhat.com/show_bug.cgi?id=1941400
[ 2 ] Bug #1941402 - CVE-2021-20277 samba: Out of bounds read in AD DC LDAP server
https://bugzilla.redhat.com/show_bug.cgi?id=1941402
--------------------------------------------------------------------------------
================================================================================
matio-1.5.21-1.fc32 (FEDORA-2021-ca2e22be33)
Library for reading/writing Matlab MAT files
--------------------------------------------------------------------------------
Update Information:
1.5.21 ---- 1.5.20
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Gwyn Ciesla <gwync(a)protonmail.com> - 1.5.21-1
- 1.5.21
* Mon Mar 22 2021 Gwyn Ciesla <gwync(a)protonmail.com> - 1.5.20-1
- 1.5.20
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.19-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Nov 6 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 1.5.19-1
- 1.5.19
* Thu Sep 17 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 1.5.18-1
- 1.5.18
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.17-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jun 25 2020 Orion Poplawski <orion(a)cora.nwra.com> - 1.5.17-3
- Rebuild for hdf5 1.10.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1880167 - matio-1.5.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1880167
[ 2 ] Bug #1941368 - matio-1.5.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1941368
[ 3 ] Bug #1943343 - matio-1.5.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1943343
--------------------------------------------------------------------------------
================================================================================
mozjs78-78.9.0-1.fc32 (FEDORA-2021-8bf1ded9e8)
SpiderMonkey JavaScript library
--------------------------------------------------------------------------------
Update Information:
- Update to mozjs78-78.9.0:
https://www.mozilla.org/en-
US/firefox/78.9.0/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Frantisek Zatloukal <fzatlouk(a)redhat.com> - 78.9.0-1
- Update to 78.9.0
- Rebase patches
- Replace armv7_disable_WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS with patch from Debian to
include vfp defs
--------------------------------------------------------------------------------
================================================================================
nss-3.63.0-1.fc32 (FEDORA-2021-7cf4af5e3f)
Network Security Services
--------------------------------------------------------------------------------
Update Information:
NSS update for Firefox 88
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Bob Relyea <rrelyea(a)redhat.com> - 3.63.0-1
- Update to NSS 3.63.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1941831 - Update nss to 3.63 [F33]
https://bugzilla.redhat.com/show_bug.cgi?id=1941831
[ 2 ] Bug #1941832 - Update nss to 3.63 [F32]
https://bugzilla.redhat.com/show_bug.cgi?id=1941832
--------------------------------------------------------------------------------
================================================================================
python-curtsies-0.3.5-1.fc32 (FEDORA-2021-fc58baec9d)
Curses-like terminal wrapper, with colored strings
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release curties 0.3.5.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 14 2021 Terje Rosten <terje.rosten(a)ntnu.no> - 0.3.5-1
- 0.3.5
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sat Jul 25 2020 Terje Rosten <terje.rosten(a)ntnu.no> - 0.3.4-1
- 0.3.4
* Sun Jul 12 2020 Terje Rosten <terje.rosten(a)ntnu.no> - 0.3.3-1
- 0.3.3
* Tue May 26 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 0.3.1-3
- Rebuilt for Python 3.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1920084 - python-curtsies-0.3.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1920084
--------------------------------------------------------------------------------
================================================================================
r2cutter-0.1.1-4.fc32 (FEDORA-2021-65c776f7c9)
GUI for radare2 reverse engineering framework
--------------------------------------------------------------------------------
Update Information:
Add '/usr/lib*/r2cutter/' to plugin search paths
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1941111 - Review Request: r2cutter - GUI for the radare2 reverse engineering
framework
https://bugzilla.redhat.com/show_bug.cgi?id=1941111
--------------------------------------------------------------------------------
================================================================================
samba-4.12.14-0.fc32 (FEDORA-2021-c93a3a5d3f)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
Update Information:
Update to Samba 4.12.14 - Security fixes for CVE-2020-27840 and CVE-2021-20277
---- Update to Samba 4.12.13 - Security fixes for CVE-2020-27840 and
CVE-2021-20277
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Guenther Deschner <gdeschner(a)redhat.com> - 4.12.14-0
- Update to Samba 4.12.14
- related: #1941400, #1942496 - Security fixes for CVE-2020-27840
- related: #1941402, #1942497 - Security fixes for CVE-2021-20277
* Wed Mar 24 2021 Guenther Deschner <gdeschner(a)redhat.com> - 4.12.13-0
- Update to Samba 4.12.13
- resolves: #1941400, #1942496 - Security fixes for CVE-2020-27840
- resolves: #1941402, #1942497 - Security fixes for CVE-2021-20277
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1941400 - CVE-2020-27840 samba: Heap corruption via crafted DN strings
https://bugzilla.redhat.com/show_bug.cgi?id=1941400
[ 2 ] Bug #1941402 - CVE-2021-20277 samba: Out of bounds read in AD DC LDAP server
https://bugzilla.redhat.com/show_bug.cgi?id=1941402
--------------------------------------------------------------------------------
================================================================================
zsh-5.8-4.fc32 (FEDORA-2021-9656d20ff5)
Powerful interactive shell
--------------------------------------------------------------------------------
Update Information:
- complete file arguments after rpmbuild -r/-b/-t
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Kamil Dudka <kdudka(a)redhat.com> - 5.8-4
- complete file arguments after rpmbuild -r/-b/-t
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.8-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 14 2020 Tom Stellard <tstellar(a)redhat.com> - 5.8-2
- Use make macros
-
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
--------------------------------------------------------------------------------