The following Fedora 26 Security updates need testing: Age URL 235 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 67 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 54 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f8a78a5ef squid-4.0.23-1.fc26 47 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c7c6160e65 thunderbird-52.6.0-1.fc26 29 https://bodhi.fedoraproject.org/updates/FEDORA-2018-db5041e661 bro-2.5.3-1.fc26 26 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc47f3c85d glibc-arm-linux-gnu-2.26-4.fc26 22 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c1f73debee drupal7-7.57-1.fc26 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-70c191d84a ntp-4.2.8p11-1.fc26 17 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c967cee830 dovecot-2.2.34-1.fc26 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-122ea355a7 memcached-1.4.39-2.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6143b1d911 calibre-3.19.0-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d809bd2fd6 php-simplesamlphp-saml2_1-1.10.6-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f4ab4d96f9 php-simplesamlphp-saml2-2.3.8-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f2097d8937 php-simplesamlphp-saml2_3-3.1.4-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5673d070df ImageMagick-6.9.9.38-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-505e83d30e webkitgtk4-2.20.0-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a0cca16ec6 exim-4.90.1-3.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1d3d0e6f2e monitorix-3.10.1-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c1769746da python-paramiko-2.2.3-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b0f6a5bdbc glpi-9.1.7.1-2.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e03a17fa61 mosquitto-1.4.15-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9406d8e9aa firefox-59.0.1-1.fc26
The following Fedora 26 Critical Path updates have yet to be approved: Age URL 47 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c7c6160e65 thunderbird-52.6.0-1.fc26 33 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ddd1e5c30a iproute-4.14.1-5.fc26 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9efc9ddbb6 xfce4-settings-4.12.2-2.fc26 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3cf2e9af11 redhat-rpm-config-65-1.fc26 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bac26576fe lxpanel-0.9.3-7.D20180305gitb85c71a6.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1e6641ec83 gsm-1.0.17-2.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6b73fc22f3 breeze-icon-theme-5.44.0-1.fc26 extra-cmake-modules-5.44.0-1.fc26 kf5-5.44.0-1.fc26 kf5-attica-5.44.0-1.fc26 kf5-baloo-5.44.0-1.fc26 kf5-bluez-qt-5.44.0-1.fc26 kf5-frameworkintegration-5.44.0-1.fc26 kf5-kactivities-5.44.0-1.fc26 kf5-kactivities-stats-5.44.0-1.fc26 kf5-kapidox-5.44.0-1.fc26 kf5-karchive-5.44.0-1.fc26 kf5-kauth-5.44.0-1.fc26 kf5-kbookmarks-5.44.0-1.fc26 kf5-kcmutils-5.44.0-1.fc26 kf5-kcodecs-5.44.0-1.fc26 kf5-kcompletion-5.44.0-1.fc26 kf5-kconfig-5.44.0-1.fc26 kf5-kconfigwidgets-5.44.0-1.fc26 kf5-kcoreaddons-5.44.0-2.fc26 kf5-kcrash-5.44.0-1.fc26 kf5-kdbusaddons-5.44.0-1.fc26 kf5-kdeclarative-5.44.0-1.fc26 kf5-kded-5.44.0-1.fc26 kf5-kdelibs4support-5.44.0-1.fc26 kf5-kdesignerplugin-5.44.0-1.fc26 kf5-kdesu-5.44.0-1.fc26 kf5-kdewebkit-5.44.0-1.fc26 kf5-kdnssd-5.44.0-1.fc26 kf5-kdoctools-5.44.0-1.fc26 kf5-kemoticons-5.44.0-1.fc26 kf5-kfilemetadata-5.44.0-1.fc26 kf5-kglobalaccel-5.44.0-1.fc26 kf5-kguiad dons-5.44.0-1.fc26 kf5-khtml-5.44.0-1.fc26 kf5-ki18n-5.44.0-1.fc26 kf5-kiconthemes-5.44.0-1.fc26 kf5-kidletime-5.44.0-1.fc26 kf5-kimageformats-5.44.0-1.fc26 kf5-kinit-5.44.0-1.fc26 kf5-kio-5.44.0-2.fc26 kf5-kirigami2-5.44.0-1.fc26 kf5-kitemmodels-5.44.0-1.fc26 kf5-kitemviews-5.44.0-1.fc26 kf5-kjobwidgets-5.44.0-1.fc26 kf5-kjs-5.44.0-1.fc26 kf5-kjsembed-5.44.0-1.fc26 kf5-kmediaplayer-5.44.0-1.fc26 kf5-knewstuff-5.44.0-1.fc26 kf5-knotifications-5.44.0-1.fc26 kf5-knotifyconfig-5.44.0-1.fc26 kf5-kpackage-5.44.0-1.fc26 kf5-kparts-5.44.0-1.fc26 kf5-kpeople-5.44.0-1.fc26 kf5-kplotting-5.44.0-1.fc26 kf5-kpty-5.44.0-1.fc26 kf5-kross-5.44.0-1.fc26 kf5-krunner-5.44.0-1.fc26 kf5-kservice-5.44.0-1.fc26 kf5-ktexteditor-5.44.0-1.fc26 kf5-ktextwidgets-5.44.0-1.fc26 kf5-kunitconversion-5.44.0-1.fc26 kf5-kwallet-5.44.0-1.fc26 kf5-kwayland-5.44.0-1.fc26 kf5-kwidgetsaddons-5.44.0-1.fc26 kf5-kwindowsystem-5.44.0-1.fc26 kf5-kxmlgui-5.44.0-1.fc26 kf5-kxmlrpcclient-5.44.0-1.fc26 kf5-modemmanager-qt-5.44.0- 1.fc26 kf5-networkmanager-qt-5.44.0-1.fc26 kf5-plasma-5.44.0-1.fc26 kf5-prison-5.44.0-1.fc26 kf5-purpose-5.44.0-1.fc26 kf5-solid-5.44.0-1.fc26 kf5-sonnet-5.44.0-1.fc26 kf5-syntax-highlighting-5.44.0-1.fc26 kf5-threadweaver-5.44.0-1.fc26 oxygen-icon-theme-5.44.0-1.fc26 qqc2-desktop-style-5.44.0-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-694c4e8d94 nss-3.36.0-1.0.fc26 nss-softokn-3.36.0-1.0.fc26 nss-util-3.36.0-1.0.fc26 nspr-4.19.0-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-505e83d30e webkitgtk4-2.20.0-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-13dc94ac37 python3-3.6.4-3.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9406d8e9aa firefox-59.0.1-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ebb3a0ad9d pytz-2017.2-7.fc26
The following builds have been pushed to Fedora 26 updates-testing
apache-commons-compress-1.13-3.fc26 engrampa-1.18.4-1.fc26 jetring-0.27-1.fc26 libmodulemd-1.1.3-1.fc26 marco-1.18.3-1.fc26 mate-control-center-1.18.3-1.fc26 mate-power-manager-1.18.2-1.fc26 mate-settings-daemon-1.18.3-1.fc26 mate-terminal-1.18.3-1.fc26 mrrescue-1.02e-8.fc26 nss-mdns-0.14.1-1.fc26 orthorobot-1.1.1-6.fc26 osinfo-db-20180318-1.fc26 pluma-1.18.4-1.fc26 python-sqlalchemy-1.1.18-1.fc26 qmapshack-1.11.0-1.fc26 rocksndiamonds-4.0.1.4-1.fc26 tomcat-8.0.50-1.fc26 topgit-0.19.10-1.fc26 translate-shell-0.9.6.7-1.fc26 unboundid-ldapsdk-4.0.5-1.fc26
Details about builds:
================================================================================ apache-commons-compress-1.13-3.fc26 (FEDORA-2018-0c2141fcbc) Java API for working with compressed files and archivers -------------------------------------------------------------------------------- Update Information:
Fix infinite loop security vulnerability (CVE-2018-1324) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1557542 - CVE-2018-1324 apache-commons-compress: Infinite loop via extra field parser in ZipFile and ZipArchiveInputStream classes https://bugzilla.redhat.com/show_bug.cgi?id=1557542 --------------------------------------------------------------------------------
================================================================================ engrampa-1.18.4-1.fc26 (FEDORA-2018-5f7ee62f1e) MATE Desktop file archiver -------------------------------------------------------------------------------- Update Information:
- update to 1.18.4 --------------------------------------------------------------------------------
================================================================================ jetring-0.27-1.fc26 (FEDORA-2018-8f6428fc1a) GPG keyring maintenance using changesets -------------------------------------------------------------------------------- Update Information:
Update to jetring-0.27, see http://metadata.ftp- master.debian.org/changelogs/main/j/jetring/jetring_0.27_changelog for details. ---- Update to jetring-0.26, see http://metadata.ftp- master.debian.org/changelogs/main/j/jetring/jetring_0.26_changelog for details. --------------------------------------------------------------------------------
================================================================================ libmodulemd-1.1.3-1.fc26 (FEDORA-2018-08727d02fb) Module metadata manipulation library -------------------------------------------------------------------------------- Update Information:
- Fixes numerous memory-leak issues ---- - Revert backwards-incompatible change to nsversion for GObject Introspection - Make default stream and profiles optional - Fixes: https://github.com/fedora-modularity/libmodulemd/issues/25 - Fixes: https://github.com/fedora-modularity/libmodulemd/issues/26 - Fixes: https://github.com/fedora-modularity/libmodulemd/issues/27 ---- * Adds support for handling modulemd-defaults YAML documents * Adds peek()/dup() routines to all object properties * Adds Modulemd.Module.dup_nsvc() to retrieve the canonical form of the unique module identifier. * Adds support for boolean types in the XMD section --------------------------------------------------------------------------------
================================================================================ marco-1.18.3-1.fc26 (FEDORA-2018-8ea110ab2e) MATE Desktop window manager -------------------------------------------------------------------------------- Update Information:
- update to 1.18.3 --------------------------------------------------------------------------------
================================================================================ mate-control-center-1.18.3-1.fc26 (FEDORA-2018-365baa3185) MATE Desktop control-center -------------------------------------------------------------------------------- Update Information:
- update to 1.18.3 --------------------------------------------------------------------------------
================================================================================ mate-power-manager-1.18.2-1.fc26 (FEDORA-2018-97968b4551) MATE power management service -------------------------------------------------------------------------------- Update Information:
- update to 1.18.2 --------------------------------------------------------------------------------
================================================================================ mate-settings-daemon-1.18.3-1.fc26 (FEDORA-2018-fa841337a3) MATE Desktop settings daemon -------------------------------------------------------------------------------- Update Information:
- update to 1.18.3 --------------------------------------------------------------------------------
================================================================================ mate-terminal-1.18.3-1.fc26 (FEDORA-2018-b4af77be65) Terminal emulator for MATE -------------------------------------------------------------------------------- Update Information:
- update to 1.18.3 --------------------------------------------------------------------------------
================================================================================ mrrescue-1.02e-8.fc26 (FEDORA-2018-b203229889) Arcade-style fire fighting game -------------------------------------------------------------------------------- Update Information:
Add readme docs, reduce redundant love binary size --------------------------------------------------------------------------------
================================================================================ nss-mdns-0.14.1-1.fc26 (FEDORA-2018-67ab47821b) glibc plugin for .local name resolution -------------------------------------------------------------------------------- Update Information:
nss-mdns is back after 10 years! * Moved to new GitHub location, docs migrated to markdown * The long-deprecated LEGACY mode is removed * The long-deprecated HONOUR_SEARCH_DOMAINS option is removed * Unit tests are now included, with make check * nss-mdns now implements standard heuristics for detecting .local unicast resolution and will automatically disable resolution when a local server responds to .local requests (**no need to manually disable anything anymore when the local network resolves with .local**) * _nss_mdns_gethostbyname3_r and _nss_mdns_gethostbyname4_r are now implemented * Full dual-stack IPv4/IPv6 support is implemented See https://github.com/lathiat/nss- mdns/blob/master/NEWS.md -------------------------------------------------------------------------------- References:
[ 1 ] Bug #454453 - Provide _nss_mdns_gethostbyname4_r interface https://bugzilla.redhat.com/show_bug.cgi?id=454453 [ 2 ] Bug #1366021 - New upstream location for nss-mdns https://bugzilla.redhat.com/show_bug.cgi?id=1366021 [ 3 ] Bug #1544608 - nss-mdns outstanding issues https://bugzilla.redhat.com/show_bug.cgi?id=1544608 --------------------------------------------------------------------------------
================================================================================ orthorobot-1.1.1-6.fc26 (FEDORA-2018-9fb63fb018) A perspective based puzzle game -------------------------------------------------------------------------------- Update Information:
Reduce binary size --------------------------------------------------------------------------------
================================================================================ osinfo-db-20180318-1.fc26 (FEDORA-2018-8b79ef546d) osinfo database files -------------------------------------------------------------------------------- Update Information:
Update to new release --------------------------------------------------------------------------------
================================================================================ pluma-1.18.4-1.fc26 (FEDORA-2018-35623b162c) Text editor for the MATE desktop -------------------------------------------------------------------------------- Update Information:
- update to 1.18.4 --------------------------------------------------------------------------------
================================================================================ python-sqlalchemy-1.1.18-1.fc26 (FEDORA-2018-4d05e99cba) Modular and flexible ORM library for python -------------------------------------------------------------------------------- Update Information:
This update contains a new upstream bugfix release. The upstream [changelog](ht tp://docs.sqlalchemy.org/en/latest/changelog/changelog_11.html#change-1.1.18) contains a list of all changes in version 1.1.18. --------------------------------------------------------------------------------
================================================================================ qmapshack-1.11.0-1.fc26 (FEDORA-2018-71350d90a7) GPS mapping and management tool -------------------------------------------------------------------------------- Update Information:
- updated to 1.11.0 - introduce qmaptool subpackage - changelog https://bitbucke t.org/maproom/qmapshack/raw/b47d434915f32c5a8c1de3c4581c01d2ee5686e5/changelog.t xt -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1551560 - qmapshack-1.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1551560 --------------------------------------------------------------------------------
================================================================================ rocksndiamonds-4.0.1.4-1.fc26 (FEDORA-2018-9f6153333a) Underground digging game -------------------------------------------------------------------------------- Update Information:
Update to 4.0.1.4. --------------------------------------------------------------------------------
================================================================================ tomcat-8.0.50-1.fc26 (FEDORA-2018-a233dae4ab) Apache Servlet/JSP Engine, RI for Servlet 3.1/JSP 2.3 API -------------------------------------------------------------------------------- Update Information:
This update includes a rebase from 8.0.49 up to 8.0.50 which resolves two CVEs along with various other bugs/features: * rhbz#1548290 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unitended exposure of resources * rhbz#1548284 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1548284 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1548284 [ 2 ] Bug #1548290 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unitended exposure of resources [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1548290 --------------------------------------------------------------------------------
================================================================================ topgit-0.19.10-1.fc26 (FEDORA-2018-d89ee92fc3) A different patch queue manager -------------------------------------------------------------------------------- Update Information:
Switch to TopGit's new upstream. This version of TopGit contains everything from its parent (including the parent���s new location) and then it���s Patched Really Overall (PRO) to fix a number of bugs. A formatted ChangeLog and Manual can be found [here](https://mackyle.github.io/topgit/). --------------------------------------------------------------------------------
================================================================================ translate-shell-0.9.6.7-1.fc26 (FEDORA-2018-c7f6a0c4f3) A command-line online translator -------------------------------------------------------------------------------- Update Information:
Update to 0.9.6.7. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1557717 - translate-shell-v0.9.6.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1557717 --------------------------------------------------------------------------------
================================================================================ unboundid-ldapsdk-4.0.5-1.fc26 (FEDORA-2018-c188d3f09a) UnboundID LDAP SDK for Java -------------------------------------------------------------------------------- Update Information:
Rebase package(s) to version: 4.0.5 CVE-2018-1000134 has been fixed in 4.0.5 release of the UnboundID LDAP SDK for Java. A blog post has been written covering the details of this CVE and is available at https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-ldap-sdk-... java/ Further bugfixing and improvements are detailed in 4.0.5 release notes at https://github.com/pingidentity/ldapsdk/releases/tag/4.0.5 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1557531 - CVE-2018-1000134 unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class https://bugzilla.redhat.com/show_bug.cgi?id=1557531 --------------------------------------------------------------------------------
-
updates@fedoraproject.org