The following Fedora 30 Security updates need testing:
Age URL
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-da7dcee2ec
wireshark-3.2.3-1.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2b53cff132
thunderbird-68.7.0-1.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-96cb012029 php-7.3.17-1.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-0c71c00af4
libxml2-2.9.10-3.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-fc00fe1705 git-2.21.2-1.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-520fc718af xen-4.11.3-4.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-fc1291b66c
chromium-81.0.4044.113-1.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-11b0f45883
webkit2gtk3-2.28.1-3.fc30
The following Fedora 30 Critical Path updates have yet to be approved:
Age URL
283
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c05e4425d1
dash-0.5.10.2-3.fc30
36
https://bodhi.fedoraproject.org/updates/FEDORA-2020-fffba1c2dd
python3-3.7.7-1.fc30 python3-docs-3.7.7-1.fc30
15
https://bodhi.fedoraproject.org/updates/FEDORA-2020-703f700e48
perl-5.28.2-444.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8995ab0593
btrfs-progs-5.6-1.fc30
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1f5fc160d9
python-productmd-1.26-1.fc30
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a8aa6ac039
graphite2-1.3.14-1.fc30
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-44b769adaf
net-snmp-5.8-19.fc30
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-767953662f
json-c-0.13.1-11.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-fc00fe1705 git-2.21.2-1.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b3aa343948
libtirpc-1.2.6-0.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-0c71c00af4
libxml2-2.9.10-3.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2b53cff132
thunderbird-68.7.0-1.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-12a5371d67
kernel-5.5.17-100.fc30 kernel-headers-5.5.17-100.fc30 kernel-tools-5.5.17-100.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8824216b0e
gnome-shell-3.32.2-3.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a7509f2334
nfs-utils-2.4.3-1.rc1.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-520fc718af xen-4.11.3-4.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1208e2a2b8 vim-8.2.587-1.fc30
The following builds have been pushed to Fedora 30 updates-testing
ansible-2.9.7-1.fc30
colordiff-1.0.19-1.fc30
gnuchess-6.2.6-1.fc30
kernel-5.5.18-100.fc30
lis-2.0.21-3.fc30
oval-graph-1.1.1-1.fc30
python-click-7.1.1-1.fc30
recoll-1.26.7-1.fc30
rubygem-rake-12.3.3-200.fc30
rubygem-rouge-3.18.0-1.fc30
simde-0.0.0-1.git29b9110.fc30
terminator-1.92-1.fc30
wingpanel-applications-menu-2.6.0-1.fc30
xournalpp-1.0.18-1.fc30
Details about builds:
================================================================================
ansible-2.9.7-1.fc30 (FEDORA-2020-1b6ce91e37)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to upstream bugfix and security update 2.9.7. See
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v...
for a detailed list of changes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 17 2020 Kevin Fenzi <kevin(a)scrye.com> - 2.9.7-1
- Update to 2.9.7.
- fixes CVE-2020-1733 CVE-2020-1735 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753
CVE-2020-10684 CVE-2020-10685 CVE-2020-10691
- Drop the -s from the shebang to allow ansible to use locally installed modules.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1805318 - CVE-2020-1740 ansible: secrets readable after ansible-vault edit
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805318
[ 2 ] Bug #1805333 - CVE-2020-1735 ansible: path injection on dest parameter in fetch
module [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805333
[ 3 ] Bug #1805341 - CVE-2020-1733 ansible: insecure temporary directory when running
become_user from become directive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805341
[ 4 ] Bug #1808471 - CVE-2020-1746 ansible: Information disclosure issue in ldap_attr
and ldap_entry modules [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1808471
[ 5 ] Bug #1811934 - CVE-2020-1753 ansible: kubectl connection plugin leaks sensitive
information [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1811934
[ 6 ] Bug #1816310 - CVE-2020-10684 ansible: code injection when using ansible_facts as
a subkey [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1816310
[ 7 ] Bug #1816313 - CVE-2020-10685 ansible: modules which use files encrypted with
vault are not properly cleaned up [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1816313
[ 8 ] Bug #1817980 - CVE-2020-10691 ansible: archive traversal vulnerability in
ansible-galaxy collection install [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1817980
[ 9 ] Bug #1825070 - ansible-2.9.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825070
--------------------------------------------------------------------------------
================================================================================
colordiff-1.0.19-1.fc30 (FEDORA-2020-6f310eeef1)
Color terminal highlighter for diff files
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.19. Changes in this version: * Add `difffile` color option,
allowing more git-like coloring (separate color for header of each changed file)
* Provide support for 24-bit colour strings
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 19 2020 Richard Fearn <richardfearn(a)gmail.com> - 1.0.19-1
- Update to 1.0.19
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.18-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.18-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
gnuchess-6.2.6-1.fc30 (FEDORA-2020-3eaf264c4b)
The GNU chess program
--------------------------------------------------------------------------------
Update Information:
6.2.6
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 19 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 6.2.6-1
- 6.2.6
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.2.5-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.2.5-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1749177 - CVE-2019-15767 gnuchess: stack-based overflow in cmd_load in
frontend/cmd.cc via crafted EPD file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1749177
[ 2 ] Bug #1749178 - CVE-2019-15767 gnuchess: stack-based overflow in cmd_load in
frontend/cmd.cc via crafted EPD file [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1749178
[ 3 ] Bug #1825541 - gnuchess-6.2.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825541
--------------------------------------------------------------------------------
================================================================================
kernel-5.5.18-100.fc30 (FEDORA-2020-4c207c9ab5)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 5.5.18 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 17 2020 Justin M. Forbes <jforbes(a)fedoraproject.org> - 5.5.18-100
- Linux v5.5.18
* Mon Apr 13 2020 Justin M. Forbes <jforbes(a)fedoraproject.org> - 5.5.17-100
- Linux v5.5.17
--------------------------------------------------------------------------------
================================================================================
lis-2.0.21-3.fc30 (FEDORA-2020-8f89b68588)
A library for solving linear equations and eigenvalue problems
--------------------------------------------------------------------------------
Update Information:
Fix date in changelog
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Florian Lehner <dev(a)der-flo.net> - 2.0.21-3
- Fix date in changelog
* Sat Apr 18 2020 Florian Lehner <dev(a)der-flo.net> - 2.0.21-2
- Fix whitespace in changelog
* Sat Apr 18 2020 Florian Lehner <dev(a)der-flo.net> - 2.0.21-1
- Update to 2.0.21
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.14-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.14-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
oval-graph-1.1.1-1.fc30 (FEDORA-2020-74c6dfd994)
Tool for visualization of SCAP rule evaluation results
--------------------------------------------------------------------------------
Update Information:
release 1.1.1 ---- Fixes the required dependency ---- release 1.1.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 17 2020 Jan Rodak <jrodak(a)redhat.com> - 1.1.1-1
- release 1.1.1
* Fri Apr 17 2020 Jan Rodak <jrodak(a)redhat.com> - 1.1.0-2
- Fixes the required dependency
* Wed Apr 15 2020 Jan Rodak <jrodak(a)redhat.com> - 1.1.0-1
- release 1.1.0
--------------------------------------------------------------------------------
================================================================================
python-click-7.1.1-1.fc30 (FEDORA-2020-f19d1cb033)
Simple wrapper around optparse for powerful command line utilities
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 7.1.1 (rhbz#1811727)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 7.1.1-1
- Update to latest upstream release 7.1.1 (rhbz#1811727)
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Sep 18 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 7.0-6
- Subpackage python2-click has been removed
See
https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
* Thu Aug 15 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 7.0-5
- Rebuilt for Python 3.8
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1811727 - python-click-7.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1811727
--------------------------------------------------------------------------------
================================================================================
recoll-1.26.7-1.fc30 (FEDORA-2020-abf8cd3f10)
Desktop full text search tool with Qt GUI
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release recoll 1.26.7
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 13 2020 Terje Rosten <terje.rosten(a)ntnu.no> - 1.26.7-1
- 1.26.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1817960 - recoll-1.26.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1817960
--------------------------------------------------------------------------------
================================================================================
rubygem-rake-12.3.3-200.fc30 (FEDORA-2020-28e06b5f08)
Rake is a Make-like program implemented in Ruby
--------------------------------------------------------------------------------
Update Information:
A security flaw is found on rake which may case arbitrary command execution
under file existence with crafted name. This new rpm will fix the issue
(CVE-2020-8130)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 12.3.3-200
- 12.3.3 (CVE-2020-8130 #1816270)
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
12.3.2-201.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1816272 - CVE-2020-8130 rubygem-rake: rake: OS Command Injection via egrep in
Rake::FileList [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1816272
--------------------------------------------------------------------------------
================================================================================
rubygem-rouge-3.18.0-1.fc30 (FEDORA-2020-ee8c21e657)
Pure-ruby colorizer based on pygments
--------------------------------------------------------------------------------
Update Information:
Update to version 3.18.0. Release notes:
https://github.com/rouge-
ruby/rouge/releases/tag/v3.18.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Fabio Valentini <decathorpe(a)gmail.com> - 3.18.0-1
- Update to version 3.18.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1823952 - rubygem-rouge-3.18.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1823952
--------------------------------------------------------------------------------
================================================================================
simde-0.0.0-1.git29b9110.fc30 (FEDORA-2020-5f3eb71f3b)
SIMD Everywhere
--------------------------------------------------------------------------------
Update Information:
* Initial import. * Skip s390x clang flags tests.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1823001 - Review Request: simde - SIMD Everywhere
https://bugzilla.redhat.com/show_bug.cgi?id=1823001
--------------------------------------------------------------------------------
================================================================================
terminator-1.92-1.fc30 (FEDORA-2020-ac15a5672d)
Store and run multiple GNOME terminals in one window
--------------------------------------------------------------------------------
Update Information:
This update brings the new Terminator release 1.92 to a Fedora box near you.
This is the first release of the new Terminator Team at GitHub
(
https://github.com/gnome-terminator/terminator). It finally supports Python 3
and fixes a lot of bugs. You can find a detailed changelog here:
https://github.com/gnome-terminator/terminator/blob/master/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Dominic Hopf <dmaphy(a)fedoraproject.org> - 1.92-1
- New upstream release: 1.92
* Fri Jan 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.91-15
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Dec 20 2019 Matt Rose <mattrose(a)folkwolf.net> - 1.91-14
- fix bug 1573927
* Tue Dec 17 2019 Matt Rose <mattrose(a)folkwolf.net> - 1.91-12
- Fix url Drag and Drop. Thanks to Egmont Koblinger
* Mon Dec 16 2019 Matt Rose <mattrose(a)folkwolf.net> - 1.91-11
- Patched with python3 support, with thanks from Egmont Koblinger and Roman Kovtyukh
* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.91-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
wingpanel-applications-menu-2.6.0-1.fc30 (FEDORA-2020-6ee3ff3cc7)
Lightweight and stylish app launcher
--------------------------------------------------------------------------------
Update Information:
Update to version 2.6.0. Release notes:
https://github.com/elementary/applications-menu/releases/tag/2.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Fabio Valentini <decathorpe(a)gmail.com> - 2.6.0-1
- Update to version 2.6.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1822818 - wingpanel-applications-menu-2.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1822818
--------------------------------------------------------------------------------
================================================================================
xournalpp-1.0.18-1.fc30 (FEDORA-2020-607765f0db)
Handwriting note-taking software with PDF annotation support
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.18
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 16 2020 Fedora Release Monitoring <release-monitoring(a)fedoraproject.org> -
1.0.18-1
- Update to 1.0.18 (#1824351)
* Tue Feb 4 2020 Luya Tshimbalanga <luya(a)fedoraproject.org> - 1.0.17-1
- Update to 1.0.17 (#1798239)
- Drop unneeded texlive dependencies
- Fix build with translations parameter
* Fri Jan 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.16-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jan 17 2020 Marek Kasik <mkasik(a)redhat.com> - 1.0.16-9
- Rebuild for poppler-0.84.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1798239 - xournalpp-1.0.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1798239
[ 2 ] Bug #1824351 - xournalpp-1.0.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1824351
--------------------------------------------------------------------------------