The following Fedora 27 Security updates need testing:
Age URL
277
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27
209
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408
dpdk-17.08.2-1.fc27
173
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01
nodejs-brace-expansion-1.1.11-1.fc27
164
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219
unrtf-0.21.9-8.fc27
141
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750
mailman-2.1.21-9.fc27
141
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1
openslp-2.0.0-15.fc27
98
https://bodhi.fedoraproject.org/updates/FEDORA-2018-21ffebf41c
tomcat-8.0.53-1.fc27
98
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8533a3ef1
unixODBC-2.3.7-1.fc27
47
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc2ba807a6
xerces-c27-2.7.0-28.fc27
20
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4c0b99a9eb
drupal7-7.60-2.fc27
20
https://bodhi.fedoraproject.org/updates/FEDORA-2018-60c74d2b16
php-Smarty2-2.6.31-2.fc27
18
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cca4732a99
thunderbird-60.3.0-1.fc27
11
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fe24359b69 xen-4.9.3-3.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0363fec36c
chromium-70.0.3538.77-4.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5743ef02a1
rubygem-rack-2.0.3-4.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4febd7f702
rubygem-i18n-0.7.0-6.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-291f75cf0f
libconfuse-3.2.2-1.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4ce40afcb6
rubygem-loofah-2.0.3-6.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-399bce9f8f
libtiff-4.0.10-1.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-dbe9da512d
soundtouch-2.1.1-1.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4ae94c8deb
community-mysql-5.7.24-1.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b68776e5b0
kernel-headers-4.18.19-100.fc27 kernel-tools-4.18.19-100.fc27 kernel-4.18.19-100.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-192148f4ff
mariadb-10.2.19-1.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-50eceed44a
kio-extras-17.12.3-1.fc27.1
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-daee493feb
php-PHPMailer-5.2.27-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-46b92c9064
php-phpmailer6-6.0.6-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-382362e255
firefox-63.0.3-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9b7d7a155b
flatpak-1.0.6-1.fc27
The following Fedora 27 Critical Path updates have yet to be approved:
Age URL
193
https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27
mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1
154
https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93
upower-0.99.8-1.fc27
118
https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e
geoclue2-2.4.11-1.fc27
98
https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c3deae24
iproute-4.17.0-1.fc27
18
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cca4732a99
thunderbird-60.3.0-1.fc27
14
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6c6faa135b
selinux-policy-3.13.1-284.38.fc27
11
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fe24359b69 xen-4.9.3-3.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-399bce9f8f
libtiff-4.0.10-1.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b68776e5b0
kernel-headers-4.18.19-100.fc27 kernel-tools-4.18.19-100.fc27 kernel-4.18.19-100.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9b7d7a155b
flatpak-1.0.6-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-382362e255
firefox-63.0.3-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a864e8515f
osinfo-db-20181116-1.fc27
The following builds have been pushed to Fedora 27 updates-testing
GraphicsMagick-1.3.31-1.fc27
foremost-1.5.7-20.fc27
gnome-shell-extension-openweather-1-0.35.20181119git7ea4ce7.fc27
hdhomerun-20180817-1.fc27
module-build-service-2.8.1-2.fc27
muParser-2.2.5-8.fc27
nginx-1.14.1-1.fc27
pdfgrep-2.1.2-1.fc27
python-pycryptodomex-3.7.0-1.fc27
vrms-rpm-2.0-1.fc27
Details about builds:
================================================================================
GraphicsMagick-1.3.31-1.fc27 (FEDORA-2018-cd8b85dbab)
An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:
New upstream release,
http://www.graphicsmagick.org/NEWS.html#november-17-2018
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 20 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.3.31-1
- GraphicsMasgick-1.3.31
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.30-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sun Jul 1 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.3.30-2
- Perl 5.28 rebuild
* Sun Jul 1 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.3.30-1
- GraphicsMagick-1.3.30
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.3.29-2
- Perl 5.28 rebuild
--------------------------------------------------------------------------------
================================================================================
foremost-1.5.7-20.fc27 (FEDORA-2018-15219ff2fb)
Recover files by "carving" them from a raw disk
--------------------------------------------------------------------------------
Update Information:
- rebuilt to fix rhbz #1650955 replace format security patch (thanks to Jon
Burgess)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 18 2018 Filipe Rosset <rosset.filipe(a)gmail.com> - 1.5.7-20
- rebuilt to fix rhbz #1650955 replace format security patch (thanks to Jon Burgess)
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.7-19
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sun Apr 8 2018 Filipe Rosset <rosset.filipe(a)gmail.com> - 1.5.7-18
- added gcc as BR
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.7-17
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1650955 - foremost crashes due to bad fedora patch
https://bugzilla.redhat.com/show_bug.cgi?id=1650955
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-openweather-1-0.35.20181119git7ea4ce7.fc27
(FEDORA-2018-ec17c62140)
Display weather information from many locations in the world
--------------------------------------------------------------------------------
Update Information:
- Fix invisble location-list in prefs (F29). - Fix an issue where all symbols
are shown in symbolic-version (F29). - Add some languages.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 19 2018 Jens Lody <fedora(a)jenslody.de> - 1-0.35.20181119git7ea4ce7
- Fix invisble location-list in prefs.
- Fix an issue where all symbols are shown in symbolic-version.
- Add some languages.
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
1-0.34.20180616git401d68e
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
hdhomerun-20180817-1.fc27 (FEDORA-2018-bdc1307c78)
Silicon Dust HDHomeRun configuration utility
--------------------------------------------------------------------------------
Update Information:
Update from ancient to current release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 19 2018 Richard Shaw <hobbes1069(a)gmail.com> - 20180817-1
- Update to 20180817.
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.0-0.35.20161117
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.0-0.34.20161117
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1651217 - Outdated version in EPEL; the version from fc29 rebuilds with mock
in fc28
https://bugzilla.redhat.com/show_bug.cgi?id=1651217
--------------------------------------------------------------------------------
================================================================================
module-build-service-2.8.1-2.fc27 (FEDORA-2018-0f388d974e)
The Module Build Service for Modularity
--------------------------------------------------------------------------------
Update Information:
Release v2.8.1 ---- Release v2.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 19 2018 mprahl <mprahl(a)redhat.com> - 2.8.1-2
- Don't assume the context is set on base modules in the
526fb7d445f7_module_buildrequires migration
* Mon Nov 19 2018 mprahl <mprahl(a)redhat.com> - 2.8.1-1
- new version
--------------------------------------------------------------------------------
================================================================================
muParser-2.2.5-8.fc27 (FEDORA-2018-30ad7f90b3)
A fast math parser library
--------------------------------------------------------------------------------
Update Information:
- rebuilt to fix FTBFS rhbz #1604900 #1316595 and #1448721
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 20 2018 Filipe Rosset <rosset.filipe(a)gmail.com> - 2.2.5-8
- rebuilt to fix FTBFS rhbz #1604900 #1316595 and #1448721
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.5-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.5-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1448721 - [muParser] Upgrade to version 2.2.5 on epel7
https://bugzilla.redhat.com/show_bug.cgi?id=1448721
[ 2 ] Bug #1604900 - muParser: FTBFS in Fedora rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1604900
[ 3 ] Bug #1316595 - muParser-v2.2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1316595
--------------------------------------------------------------------------------
================================================================================
nginx-1.14.1-1.fc27 (FEDORA-2018-c271659b1e)
A high performance web server and reverse proxy server
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2018-16843, CVE-2018-16844, CVE-2018-16845 + nginx rebase
to 1.14.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 20 2018 Lubos Uhliarik <luhliari(a)redhat.com> - 1:1.14.1-1
- new version 1.14.1
- Resolves: #1584426 - Upstream Nginx 1.14.0 is now available
- Resolves: #1647255 - CVE-2018-16845 nginx: Denial of service and memory
disclosure via mp4 module
- Resolves: #1647259 - CVE-2018-16843 nginx: Excessive memory consumption
via flaw in HTTP/2 implementation
- Resolves: #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw
in HTTP/2 implementation
* Tue Sep 19 2017 Remi Collet <remi(a)fedoraproject.org> - 1:1.12.1-2
- own system drop-in directories #1493036
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1584426 - Upstream Nginx 1.14.0 is now available
https://bugzilla.redhat.com/show_bug.cgi?id=1584426
[ 2 ] Bug #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw in HTTP/2
implementation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1647258
[ 3 ] Bug #1647259 - CVE-2018-16843 nginx: Excessive memory consumption via flaw in
HTTP/2 implementation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1647259
[ 4 ] Bug #1647255 - CVE-2018-16845 nginx: Denial of service and memory disclosure via
mp4 module [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1647255
--------------------------------------------------------------------------------
================================================================================
pdfgrep-2.1.2-1.fc27 (FEDORA-2018-4379fa3f2a)
Tool to search text in PDF files
--------------------------------------------------------------------------------
Update Information:
pdfgrep 2.1.2 (2018-11-19) ========================== - Bugfix: Fix crash
when compiled with hardened compiler flags (specifically
`-D_GLIBCXX_ASSERTIONS`)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 19 2018 Robert Scheck <robert(a)fedoraproject.org> - 2.1.2-1
- Upgrade to 2.1.2 (#1648154)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1648154 - pdfgrep crashing when searching recursive
https://bugzilla.redhat.com/show_bug.cgi?id=1648154
--------------------------------------------------------------------------------
================================================================================
python-pycryptodomex-3.7.0-1.fc27 (FEDORA-2018-fc576a8e2f)
A self-contained cryptographic library for Python
--------------------------------------------------------------------------------
Update Information:
This update provides the latest version of the pycryptodomex python library.
New features ------------ * Added support for Poly1305 MAC (with AES and
ChaCha20 ciphers for key derivation). * Added support for ChaCha20-Poly1305 AEAD
cipher. * New parameter ``output`` for ``Crypto.Util.strxor.strxor``,
``Crypto.Util.strxor.strxor_c``, ``encrypt`` and ``decrypt`` methods in
symmetric ciphers (``Crypto.Cipher`` package). ``output`` is a pre-allocated
buffer (a ``bytearray`` or a writeable ``memoryview``) where the result must
be stored. This requires less memory for very large payloads; it is also more
efficient when encrypting (or decrypting) several small payloads. Resolved
issues --------------- * GH#266: AES-GCM hangs when processing more than 4GB at
a time on x86 with PCLMULQDQ instruction. Breaks in compatibility
----------------------- * Drop support for Python 3.3. * Remove
``Crypto.Util.py3compat.unhexlify`` and ``Crypto.Util.py3compat.hexlify``. *
With the old Python 2.6, use only ``ctypes`` (and not ``cffi``) to interface to
native code.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 19 2018 Mohamed El Morabity <melmorabity(a)fedoraproject.org> - 3.7.0-1
- Update to 3.7.0
- Use the same .spec file for all supported releases of Fedora and EL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1649088 - Upgrade from Fedora 27 to 29 fails with python2-pycryptodomex
conflict
https://bugzilla.redhat.com/show_bug.cgi?id=1649088
--------------------------------------------------------------------------------
================================================================================
vrms-rpm-2.0-1.fc27 (FEDORA-2018-c79d9148da)
Report non-free software
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 2.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 20 2018 Artur Iwicki <fedora(a)svgames.pl> - 2.0-1
- Update to newest upstream release
- No longer a noarch package
--------------------------------------------------------------------------------