The following Fedora 31 Security updates need testing:
Age URL
47
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c5ec22e14f libuv-1.39.0-1.fc31
nodejs-12.18.4-1.fc31
12
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd
freetype-2.10.0-4.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1da8aa9dd3
thunderbird-78.4.0-1.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d1ce381889
pngcheck-2.3.0-3.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8aca25b5c8
chromium-86.0.4240.111-1.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-53df1c05be
community-mysql-8.0.22-1.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b0ea9e2d33
mariadb-10.3.25-1.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e083225fa1
blueman-2.1.4-1.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-bf41fcdeba libntlm-1.6-1.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-477b00a4d8
libtpms-0.7.4-0.20201031git2452a24dab.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a857113c7a nss-3.58.0-3.fc31
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-53773f4954 mujs-1.0.9-1.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-15e15c35da
wordpress-5.5.3-1.fc31
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-84137f197e
java-latest-openjdk-15.0.1.9-1.rolling.fc31
The following Fedora 31 Critical Path updates have yet to be approved:
Age URL
85
https://bodhi.fedoraproject.org/updates/FEDORA-2020-72bc7df001
libunwind-1.3.1-7.fc31
12
https://bodhi.fedoraproject.org/updates/FEDORA-2020-747b6fb156
linux-firmware-20201022-113.fc31
12
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd
freetype-2.10.0-4.fc31
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-43eb9f7d6a pcre2-10.35-8.fc31
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-df2ee7a68b
nfs-utils-2.5.2-0.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1da8aa9dd3
thunderbird-78.4.0-1.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-eeb0523bd0
mtools-4.0.25-1.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a857113c7a nss-3.58.0-3.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c635688f4e
libbluray-1.2.1-2.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2f6168af2a
vim-8.2.1941-1.fc31
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2770d15afa
hwdata-0.341-1.fc31
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-877dddf7f8
kernel-5.8.18-100.fc31 kernel-headers-5.8.18-100.fc31 kernel-tools-5.8.18-200.fc31
The following builds have been pushed to Fedora 31 updates-testing
fedora-upgrade-33.2-1.fc31
firefox-82.0.2-3.fc31
mozilla-noscript-11.1.4-1.fc31
python-metakernel-0.27.1-1.fc31
rust-bodhi-cli-0.4.1-1.fc31
rust-fedora-update-feedback-0.6.0-1.fc31
stalld-1.2-1.fc31
xen-4.12.3-8.fc31
Details about builds:
================================================================================
fedora-upgrade-33.2-1.fc31 (FEDORA-2020-d2531b4995)
Upgrade Fedora to next version using dnf upgrade (unofficial tool)
--------------------------------------------------------------------------------
Update Information:
do not check if F33 is prerelease
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 4 2020 Miroslav Such�� <msuchy(a)redhat.com> 33.2-1
- do not test if F33 is prerelease
--------------------------------------------------------------------------------
================================================================================
firefox-82.0.2-3.fc31 (FEDORA-2020-fc8baf8df4)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
- Disabled LTO due to database access issues (rhbz#1893474)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 3 2020 Martin Stransky <stransky(a)redhat.com> - 82.0.2-3
- Disabled LTO again.
* Tue Nov 3 2020 Martin Stransky <stransky(a)redhat.com> - 82.0.2-2
- NSS debug build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1893474 - firefox-82.0.2-1.fc33 breaks gmail and several extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1893474
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-11.1.4-1.fc31 (FEDORA-2020-7840083db7)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
* Fixed sloppy CSP media blocker detection breaking MSE blob: media placeholders
on Chromium * Fixed race condition causing temporary settings not to survive
updates sometimes * Updated TLDs * Fixed regression: document media and font
restrictions always cascaded (thanks BrainDedd for report) * Remove domPolicy
logging when debugging is off * Trivial reordering from Mozilla source * Better
heuristic to figure out missing data while computing contextual policies * Fixed
regression breaking per-tab restrictions disablement (thanks Horsefly for
report) * Improved blocking of media documents unaffected by webRequest *
Improved NOSCRIPT element emulation compatibility with XML documents *
webNavigation.onCommitted + tabs.executeScript to deliver DOM policies earlier
whenever possible * Partial work-around for Fx 80 file:// documents parsing
inconsistencies (further fix for issue #156) * Cache policy on top document for
file:// subdocuments (fixes issue #156) * Enforce more restrictive CSP on
media/object documents * Better cross-browser media handling * Fix browser UI
for image, audio and video content being partially broken on file:// URLs *
Normalize file:// directory paths on Firefox * Allow browser UI scripts for
file:// directory navigation * [L10n] Updated mk * Fixed typo causing CSP-based
media blocking to skip requests with no content-type header
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 4 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 11.1.4-1
- update to 11.1.4 (#1885187)
- switch to AMO URL for source
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1885187 - mozilla-noscript-11.1.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1885187
--------------------------------------------------------------------------------
================================================================================
python-metakernel-0.27.1-1.fc31 (FEDORA-2020-b9b67e5233)
Metakernel for Jupyter
--------------------------------------------------------------------------------
Update Information:
metakernel 0.27.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 4 2020 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.27.1-1
- Update to version 0.27.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1894355 - python-metakernel-0.27.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1894355
--------------------------------------------------------------------------------
================================================================================
rust-bodhi-cli-0.4.1-1.fc31 (FEDORA-2020-4958e96797)
Bodhi CLI client based on bodhi-rs
--------------------------------------------------------------------------------
Update Information:
Update to version 0.4.1. Release notes:
https://github.com/ironthree/bodhi-
cli/blob/0.4.1/NEWS.md
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 3 2020 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.1-1
- Update to version 0.4.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1892367 - rust-bodhi-cli-0.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1892367
--------------------------------------------------------------------------------
================================================================================
rust-fedora-update-feedback-0.6.0-1.fc31 (FEDORA-2020-090853e2a8)
Provide feedback for fedora updates (inspired by fedora-easy-karma)
--------------------------------------------------------------------------------
Update Information:
Update to version 0.6.0. Release notes:
https://github.com/ironthree/fedora-
update-feedback/blob/0.6.0/NEWS.md
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 3 2020 Fabio Valentini <decathorpe(a)gmail.com> - 0.6.0-1
- Update to version 0.6.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1893493 - rust-fedora-update-feedback-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1893493
--------------------------------------------------------------------------------
================================================================================
stalld-1.2-1.fc31 (FEDORA-2020-d11fd95d75)
Daemon that finds starving tasks and gives them a temporary boost
--------------------------------------------------------------------------------
Update Information:
Handle old-format /proc/sched_debug; code clean up and minor fixes * Mon Nov 02
2020 Clark Williams <williams(a)redhat.com> - 1.2-1 - utils.c: added info()
functions - detect and correctly parse old-style /proc/sched_debug - src/stalld:
Fix an retval check while reading sched_debug - src/throttling: Fix a
compilation warning - ensure we only count task lines in old-format sched_debug
info - Add comments, clean up trailing whitespace - src/utils: Fix runtime
parameters check - stalld: Do not take actions if log_only is set - remove
warning from parse_old_task_format * Tue Oct 27 2020 Clark Williams
<williams(a)redhat.com> - 1.1-1 - Fix an option in README.md; consistency in user
facing docs. - Makefile: add 'static' target to link stalld statically -
gitignore: ignore object files and the stalld executable - use FIFO for boosting
(v3) - stalld.c: fix sched_debug parsing and modify waiting task parsing -
redhat: update release for features and bugfix - stalld: Do not die if
sched_debug returns an invalid value - src/stalld: Do not die if the comm is too
large - src/stalld: Do not die if cannot write a message to the log -
src/stalld: Do not die if the main runs while a thread is monitoring the CPU -
implement RT throttling management and refactor source files - more refactoring
- src/stalld: Reuse already read nr_running nr_rt_running - src/stalld:
Gracefully handle CPUs not found on sched_debug - src/stalld: Use dynamically
allocated memory to read sched_debug - src/utils: Die with a divizion by zero if
verbose - src/stalld: Add config_buffer_size variable - src/stalld: Increase the
sched_debug read buffer if it gets too small - src/stalld: Fix an retval check
while reading sched_debug - src/throttling: Fix a compilation warning
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Clark Williams <williams(a)redhat.com> - 1.2-1
- utils.c: added info() functions
- detect and correctly parse old-style /proc/sched_debug
- src/stalld: Fix an retval check while reading sched_debug
- src/throttling: Fix a compilation warning
- ensure we only count task lines in old-format sched_debug info
- Add comments, clean up trailing whitespace
- src/utils: Fix runtime parameters check
- stalld: Do not take actions if log_only is set
- remove warning from parse_old_task_format
* Tue Oct 27 2020 Clark Williams <williams(a)redhat.com> - 1.1-1
- Fix an option in README.md; consistency in user facing docs.
- Makefile: add 'static' target to link stalld statically
- gitignore: ignore object files and the stalld executable
- use FIFO for boosting (v3)
- stalld.c: fix sched_debug parsing and modify waiting task parsing
- redhat: update release for features and bugfix
- stalld: Do not die if sched_debug returns an invalid value
- src/stalld: Do not die if the comm is too large
- src/stalld: Do not die if cannot write a message to the log
- src/stalld: Do not die if the main runs while a thread is monitoring the CPU
- implement RT throttling management and refactor source files
- more refactoring
- src/stalld: Reuse already read nr_running nr_rt_running
- src/stalld: Gracefully handle CPUs not found on sched_debug
- src/stalld: Use dynamically allocated memory to read sched_debug
- src/utils: Die with a divizion by zero if verbose
- src/stalld: Add config_buffer_size variable
- src/stalld: Increase the sched_debug read buffer if it gets too small
- src/stalld: Fix an retval check while reading sched_debug
- src/throttling: Fix a compilation warning
--------------------------------------------------------------------------------
================================================================================
xen-4.12.3-8.fc31 (FEDORA-2020-6dd36a716c)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
revised patch for XSA-286 (mitigating performance impact) ---- x86 PV guest
INVLPG-like flushes may leave stale TLB entries [XSA-286, CVE-2020-27674]
(#1891092) ---- x86: Race condition in Xen mapping code [XSA-345] undue
deferral of IOMMU TLB flushes [XSA-346] unsafe AMD IOMMU page table updates
[XSA-347]
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 3 2020 Michael Young <m.a.young(a)durham.ac.uk> - 4.12.3-8
- revised patch for XSA-286 (mitigating performance impact)
* Thu Oct 29 2020 Michael Young <m.a.young(a)durham.ac.uk> - 4.12.3-7
- x86 PV guest INVLPG-like flushes may leave stale TLB entries
[XSA-286, CVE-2020-27674] (#1891092)
* Tue Oct 20 2020 Michael Young <m.a.young(a)durham.ac.uk> - 4.12.3-6
- x86: Race condition in Xen mapping code [XSA-345, CVE-2020-27672]
(#1891097)
- undue deferral of IOMMU TLB flushes [XSA-346, CVE-2020-27671]
(#1891093)
- unsafe AMD IOMMU page table updates [XSA-347, CVE-2020-27670]
(#1891088)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1891087 - CVE-2020-27670 xen: unsafe AMD IOMMU page table updates (XSA-347)
https://bugzilla.redhat.com/show_bug.cgi?id=1891087
[ 2 ] Bug #1891089 - CVE-2020-27674 xen: x86 PV guest INVLPG-like flushes may leave
stale TLB entries (XSA-286)
https://bugzilla.redhat.com/show_bug.cgi?id=1891089
[ 3 ] Bug #1891091 - CVE-2020-27671 xen: undue deferral of IOMMU TLB flushes (XSA-346)
https://bugzilla.redhat.com/show_bug.cgi?id=1891091
[ 4 ] Bug #1891096 - CVE-2020-27672 xen: x86: race condition in Xen mapping code
(XSA-345)
https://bugzilla.redhat.com/show_bug.cgi?id=1891096
--------------------------------------------------------------------------------