The following Fedora 26 Security updates need testing: Age URL 183 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 76 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3915878e18 ldns-1.7.0-4.fc26 29 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d75a88f263 monit-5.25.1-1.fc26 21 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ccef1ced42 gimp-2.8.22-3.fc26 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0db545e976 ruby-2.4.3-86.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ef303deec6 libtasn1-4.13-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6550550774 dnsperf-2.1.0.0-8.fc26 bind-dyndb-ldap-11.1-6.fc26 bind-9.11.2-1.P1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9780220f7d dnsmasq-2.76-6.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bfb9835edd GraphicsMagick-1.3.28-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a10a19e06a unbound-1.6.8-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7e086e3309 moodle-3.2.7-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b166805347 transmission-2.92-12.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f8a78a5ef squid-4.0.23-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f73abc5680 knot-resolver-1.5.3-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a6b59d8f78 libxml2-2.9.7-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-85655b12b6 curl-7.53.1-14.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7151603128 mupdf-1.12.0-2.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7a461886fb kernel-4.14.15-200.fc26
The following Fedora 26 Critical Path updates have yet to be approved: Age URL 21 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2eed6bd99 iproute-4.14.1-4.fc26 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-240b9e54f9 glusterfs-3.10.9-1.fc26 17 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b3f20ecd11 kmod-25-1.fc26 17 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4818a0a3fb lxpanel-0.9.3-2.D20180109git2ddf8dfc.fc26 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-71094e4775 libseccomp-2.3.3-1.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ba521808e0 gnome-settings-daemon-3.24.3-4.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4bfc82aeb7 pcre-8.41-4.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-194be49026 pcre2-10.23-13.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f1d83a8255 libtevent-0.9.35-1.fc26 libtalloc-2.1.11-1.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1b9b3d815f ostree-2018.1-1.fc26 rpm-ostree-2018.1-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bfc82942f4 pungi-4.1.21-4.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4000c1ba37 python-productmd-1.10-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ef303deec6 libtasn1-4.13-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-61e0dcaf5e qt5-qtdeclarative-5.9.2-3.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8633570be3 nfs-utils-2.2.1-4.rc2.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fcda2573ac python-rpm-macros-3-21.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9780220f7d dnsmasq-2.76-6.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f200f504b3 dtc-1.4.6-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7a461886fb kernel-4.14.15-200.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6fe92b98df perl-threads-shared-1.58-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0f208aa267 perl-threads-2.21-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-85655b12b6 curl-7.53.1-14.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a9a5708bef python3-3.6.4-2.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a6b59d8f78 libxml2-2.9.7-1.fc26
The following builds have been pushed to Fedora 26 updates-testing
firefox-58.0-4.fc26 gnome-pkg-tools-0.20.1-1.fc26 icecat-52.6.0-1.fc26 ixpdimm_sw-01.00.00.2419-2.fc26 jackson-databind-2.7.6-8.fc26 java-1.8.0-openjdk-1.8.0.161-0.b14.fc26 java-9-openjdk-9.0.4.11-3.fc26 libguestfs-1.36.13-1.fc26 libreswan-3.23-1.fc26 metamath-0.160-1.fc26 module-build-service-1.6.3-2.fc26 nodejs-rhea-0.2.9-1.fc26 pbuilder-0.229.1-1.fc26 persepolis-3.0.1-3.fc26 php-alcaeus-mongo-php-adapter-1.1.4-1.fc26 php-horde-Horde-Ldap-2.4.1-1.fc26 php-horde-Horde-Socket-Client-2.1.2-1.fc26 php-nikic-php-parser3-3.1.4-1.fc26 satyr-0.23-2.fc26 snapd-2.30-1.fc26 speech-dispatcher-0.8.8-2.fc26 sscg-2.3.2-1.fc26 vdr-epg2vdr-1.1.79-1.fc26 waiverdb-0.5.0-2.fc26 webkitgtk4-2.18.6-1.fc26 xen-4.8.3-2.fc26 xpra-2.2.3-3.fc26
Details about builds:
================================================================================ firefox-58.0-4.fc26 (FEDORA-2018-0ce24a50c3) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information:
- Latest upstream build (Firefox 58) - This update contains packages for second arches ---- - Update to latest version - Firefox 58.0 --------------------------------------------------------------------------------
================================================================================ gnome-pkg-tools-0.20.1-1.fc26 (FEDORA-2018-17f5e93720) Tools for the Debian GNOME Packaging Team -------------------------------------------------------------------------------- Update Information:
Update to 0.20.1, see http://metadata.ftp-master.debian.org/changelogs/main/g /gnome-pkg-tools/gnome-pkg-tools_0.20.1_changelog for details. --------------------------------------------------------------------------------
================================================================================ icecat-52.6.0-1.fc26 (FEDORA-2018-408668579d) GNU version of Firefox browser -------------------------------------------------------------------------------- Update Information:
- Update to 52.6.0 --------------------------------------------------------------------------------
================================================================================ ixpdimm_sw-01.00.00.2419-2.fc26 (FEDORA-2018-6f0fb7e666) API for development of IXPDIMM management utilities -------------------------------------------------------------------------------- Update Information:
Release v01.00.00.2418 Spec has been refreshed. ixpdimm_sw now a src packages, other packages renamed/reorganized. Some files have been moved to more standard locations. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1523963 - ixpdimm_sw-01.00.00.2419 is available https://bugzilla.redhat.com/show_bug.cgi?id=1523963 --------------------------------------------------------------------------------
================================================================================ jackson-databind-2.7.6-8.fc26 (FEDORA-2018-bbf8c38b51) General data-binding package for Jackson (2.x) -------------------------------------------------------------------------------- Update Information:
Security fixes for CVE-2017-17485 and CVE-2018-5968. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1528565 - CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) https://bugzilla.redhat.com/show_bug.cgi?id=1528565 [ 2 ] Bug #1538332 - CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) https://bugzilla.redhat.com/show_bug.cgi?id=1538332 --------------------------------------------------------------------------------
================================================================================ java-1.8.0-openjdk-1.8.0.161-0.b14.fc26 (FEDORA-2018-d50769efa0) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information:
updated to Security u161 (Oracle CPU 1/2018) --------------------------------------------------------------------------------
================================================================================ java-9-openjdk-9.0.4.11-3.fc26 (FEDORA-2018-9e6e636c60) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information:
January CPU security update. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1492175 - [systemtap] Hotspot tapsets have wrong path reference to libjvm.so https://bugzilla.redhat.com/show_bug.cgi?id=1492175 --------------------------------------------------------------------------------
================================================================================ libguestfs-1.36.13-1.fc26 (FEDORA-2018-49cd53ff36) Access and modify virtual machine disk images -------------------------------------------------------------------------------- Update Information:
New upstream version 1.36.13. Drop libguestfs-gobject-doc because gtk-doc is no longer provided upstream. Add new man page guestfs-gobject(3) to libguestfs- gobject-devel. --------------------------------------------------------------------------------
================================================================================ libreswan-3.23-1.fc26 (FEDORA-2018-7e9b28da95) IPsec implementation with IKEv1 and IKEv2 keying protocols -------------------------------------------------------------------------------- Update Information:
Updated to 3.23 - support for MOBIKE, PPK, CMAC, nic offload and performance improvements --------------------------------------------------------------------------------
================================================================================ metamath-0.160-1.fc26 (FEDORA-2018-6a14186fae) Construct mathematics from basic axioms -------------------------------------------------------------------------------- Update Information:
Changes in version 0.157: - Major rewrite of READ-related functions. - Added HELP MARKUP. - Track line numbers for error messages in included files. - Changed HOME_DIRECTORY to ROOT_DIRECTORY. - add virtual includes "$( Begin $[...$] $)", $( End $[...$] $)", "$( Skip $[...$] $)" Changes in version 0.158: - strip CRs from Windows SUBMIT files run on Linux Changes in version 0.159: - fix crash due to missing include file Changes in version 0.160: - fix bug introduced in version 0.158 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1536242 - metamath-0.157 is available https://bugzilla.redhat.com/show_bug.cgi?id=1536242 [ 2 ] Bug #1538606 - metamath-0.160 is available https://bugzilla.redhat.com/show_bug.cgi?id=1538606 --------------------------------------------------------------------------------
================================================================================ module-build-service-1.6.3-2.fc26 (FEDORA-2018-ea0f7c5312) The Module Build Service for Modularity -------------------------------------------------------------------------------- Update Information:
Changes ------- * Fix a bug that caused a module build to fail when it was cancelled during the module-build-macros phase and then resumed * Reset the "state_reason" field on all components after a module build is resumed * Cancel new repo tasks on module build failures in Koji * Use available Koji repos during local builds instead of building them locally * Add an incrementing prefix to module components' releases * Add a "context" field on component and module releases in Koji for uniqueness for when Module Stream Expansion is implemented * Remove urlgrabber as a dependency * Set an explicit log level on our per-build file handler * Set the timeout on git operations to 60 seconds to help alleviate client tooling timeouts * Improve the efficiency of the stale module builds poller * Fix situations where module-build-macros builds in Koji but fails in MBS and the build is resumed -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1487065 - module-build-service-1.3.26-3.fc26: local build always disables tests https://bugzilla.redhat.com/show_bug.cgi?id=1487065 [ 2 ] Bug #1514631 - module-build-service-1.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1514631 --------------------------------------------------------------------------------
================================================================================ nodejs-rhea-0.2.9-1.fc26 (FEDORA-2018-65584b0561) A reactive messaging library based on the AMQP protocol -------------------------------------------------------------------------------- Update Information:
Rebased to 0.2.9. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1523897 - nodejs-rhea-0.2.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1523897 --------------------------------------------------------------------------------
================================================================================ pbuilder-0.229.1-1.fc26 (FEDORA-2018-40608dae1b) Personal package builder for Debian packages -------------------------------------------------------------------------------- Update Information:
Update to version 0.229.1, see http://metadata.ftp- master.debian.org/changelogs/main/p/pbuilder/pbuilder_0.229.1_changelog for details. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1537512 - pbuilder-0.229.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1537512 --------------------------------------------------------------------------------
================================================================================ persepolis-3.0.1-3.fc26 (FEDORA-2018-84ff3781aa) A powerful download manager powered by aria2 -------------------------------------------------------------------------------- Update Information:
Fixes a small exception for users which don't have any autostart directory. (#1535604) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1535604 - [abrt] persepolis: addstartup(): startup.py:101:addstartup:FileNotFoundError: [Errno 2] No such file or directory: '/home/sajjad/.config/.autostart/persepolis.desktop' https://bugzilla.redhat.com/show_bug.cgi?id=1535604 --------------------------------------------------------------------------------
================================================================================ php-alcaeus-mongo-php-adapter-1.1.4-1.fc26 (FEDORA-2018-2e2fda31db) Mongo PHP Adapter -------------------------------------------------------------------------------- Update Information:
**Version 1.1.4** (2019-01-24) * [#214](https://github.com/alcaeus/mongo-php- adapter/pull/214) fixes the return values of MongoBatch calls with unacknowledged write concerns. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Ldap-2.4.1-1.fc26 (FEDORA-2018-cab98b6e15) Horde LDAP libraries -------------------------------------------------------------------------------- Update Information:
**Horde_Ldap 2.4.1** * [jan] Avoid unnecessary binds. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Socket-Client-2.1.2-1.fc26 (FEDORA-2018-9ad6c7084b) Horde Socket Client -------------------------------------------------------------------------------- Update Information:
**Horde_Socket_Client 2.1.2** * [mjr] Fix issues when retrying a failed connection (PR #1, Antoine Desch��nes). --------------------------------------------------------------------------------
================================================================================ php-nikic-php-parser3-3.1.4-1.fc26 (FEDORA-2018-db14e787a0) A PHP parser written in PHP -------------------------------------------------------------------------------- Update Information:
**Version 3.1.4** * Fixed pretty printing of `-(-$x)` and `+(+$x)`. (#459) --------------------------------------------------------------------------------
================================================================================ satyr-0.23-2.fc26 (FEDORA-2018-b88532d5ee) Tools to create anonymous, machine-friendly problem reports -------------------------------------------------------------------------------- Update Information:
Update list of normalized functions. - These functions are "blacklisted" to not mark crashes as duplicates. --------------------------------------------------------------------------------
================================================================================ snapd-2.30-1.fc26 (FEDORA-2018-798e0f02ff) A transactional software package manager -------------------------------------------------------------------------------- Update Information:
Release 2.30 to Fedora and fix issues with derivatives using snapd -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1527519 - snapd-2.30 is available https://bugzilla.redhat.com/show_bug.cgi?id=1527519 [ 2 ] Bug #1536895 - Snapd support currently broken , missing links to /usr/lib/snapd https://bugzilla.redhat.com/show_bug.cgi?id=1536895 --------------------------------------------------------------------------------
================================================================================ speech-dispatcher-0.8.8-2.fc26 (FEDORA-2018-d4a200bb76) To provide a high-level device independent layer for speech synthesis -------------------------------------------------------------------------------- Update Information:
include translations, pkgconfig support (#1538715) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1538715 - missing pkgconfig support: speech-dispatcher.pc https://bugzilla.redhat.com/show_bug.cgi?id=1538715 --------------------------------------------------------------------------------
================================================================================ sscg-2.3.2-1.fc26 (FEDORA-2018-d8ab83f203) Simple SSL certificate generator -------------------------------------------------------------------------------- Update Information:
Update to 2.3.3 Properly support hostnames up to 64 characters -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1535537 - httpd-init.service fails with long hostname (>=42) https://bugzilla.redhat.com/show_bug.cgi?id=1535537 --------------------------------------------------------------------------------
================================================================================ vdr-epg2vdr-1.1.79-1.fc26 (FEDORA-2018-5e23437722) A plugin to retrieve EPG data from a mysql database into VDR -------------------------------------------------------------------------------- Update Information:
Update to 1.1.79 --------------------------------------------------------------------------------
================================================================================ waiverdb-0.5.0-2.fc26 (FEDORA-2018-63c9e0ba3f) Service for waiving results in ResultsDB -------------------------------------------------------------------------------- Update Information:
Added missing requirement on python2-configparser ---- New upstream release: https://docs.pagure.org/waiverdb/release-notes.html#waiverdb-0-5 ---- Synchronize specfile with upstream. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1538463 - waiverdb-cli --help crashes https://bugzilla.redhat.com/show_bug.cgi?id=1538463 --------------------------------------------------------------------------------
================================================================================ webkitgtk4-2.18.6-1.fc26 (FEDORA-2018-43712163de) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information:
This update addresses the following vulnerabilities: * [CVE-2018-4088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4088), [CVE-2017-13885](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13885), [CVE-2017-7165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7165), [CVE-2017-13884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13884), [CVE-2017-7160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7160), [CVE-2017-7153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7153), [CVE-2017-7161](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7161), [CVE-2018-4096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4096) Additional fixes: * Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled. * Several fixes and improvements in WebDriver. --------------------------------------------------------------------------------
================================================================================ xen-4.8.3-2.fc26 (FEDORA-2018-be2cb3e65a) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information:
update to xen-4.8.3 --------------------------------------------------------------------------------
================================================================================ xpra-2.2.3-3.fc26 (FEDORA-2018-08e048f4f3) Remote display server for applications and desktops -------------------------------------------------------------------------------- Update Information:
- Still require python-gobject on fedora < 27 - Remove obsolete scriptlets - Update to 2.2.3 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1536005 - xpra-2.2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1536005 --------------------------------------------------------------------------------