The following Fedora 26 Security updates need testing:
Age URL
142
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7
docker-distribution-2.6.2-1.git48294d9.fc26
71
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e6f4f95e6 ruby-2.4.2-84.fc26
34
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3915878e18 ldns-1.7.0-4.fc26
34
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f87ce166c5
chromium-62.0.3202.89-1.fc26
17
https://bodhi.fedoraproject.org/updates/FEDORA-2017-774e7863a4
mongodb-3.4.10-1.fc26
13
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bac3ba7c3
qpid-cpp-1.37.0-1.fc26
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bce9e03721 tor-0.3.1.9-1.fc26
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5cdad4163
libvirt-3.2.1-7.fc26
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-018464cbf9
optipng-0.7.6-6.fc26
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d6402c8005
evince-3.24.2-2.fc26
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2d441a1d98
python26-2.6.9-7.fc26
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf8c62747a
python35-3.5.4-2.fc26
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1dc71e1acd
shellinabox-2.20-5.fc26
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e0abe14016
python34-3.4.7-2.fc26
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bf172b2035
lynx-2.8.9-0.20.dev16.fc26
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7fe2c4bc0e
python33-3.3.7-2.fc26
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f3270406c
libextractor-1.6-2.fc26
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-26c3ab48e4
wayland-1.13.0-3.fc26
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-38fbcdffc3
asterisk-13.18.4-1.fc26
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-80c6b4d3be
sensible-utils-0.0.11-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-aa4cc10bde
qt5-qtbase-5.9.2-6.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-16a414b3c5 xen-4.8.2-9.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2962e58478
heimdal-7.5.0-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba6b6e71f7
kernel-4.14.6-200.fc26
The following Fedora 26 Critical Path updates have yet to be approved:
Age URL
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5cdad4163
libvirt-3.2.1-7.fc26
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8d2a756133
libsmbios-2.3.3-2.fc26
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5ac57e518
selinux-policy-3.13.1-260.18.fc26
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-26c3ab48e4
wayland-1.13.0-3.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-05db2de66b
nfs-utils-2.2.1-1.rc2.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba6b6e71f7
kernel-4.14.6-200.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b79deedf43
linux-firmware-20171215-81.git2451bb22.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d57a06cda1
flatpak-0.10.2-1.fc26 flatpak-builder-0.10.6-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8b51db595f
tigervnc-1.8.0-5.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-16a414b3c5 xen-4.8.2-9.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1ce6bb43a audit-2.8.2-1.fc26
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-aa4cc10bde
qt5-qtbase-5.9.2-6.fc26
The following builds have been pushed to Fedora 26 updates-testing
bind-9.11.1-4.P3.fc26
cri-o-1.9.0-3.git814c6ab.fc26
enchant2-2.2.0-2.fc26
fcitx-unikey-0.2.7-1.fc26
flatpak-0.10.2-1.fc26
flatpak-builder-0.10.6-1.fc26
ghc-gi-gio-2.0.14-2.fc26
ghc-gi-glib-2.0.15-1.fc26
ghc-gi-gobject-2.0.15-2.fc26
ghc-gi-ostree-1.0.5-2.fc26
gnome-photos-3.24.5-1.fc26
kernel-4.14.6-200.fc26
libu2f-server-1.0.1-10.fc26
liferea-1.12.0-2.fc26
linux-firmware-20171215-81.git2451bb22.fc26
mingw-enchant2-2.2.0-2.fc26
mingw-qtspell-0.8.4-1.fc26
nfs-utils-2.2.1-1.rc2.fc26
python-catkin_pkg-0.3.8-2.fc26
qtspell-0.8.4-1.fc26
sway-0.15.0-3.fc26
tigervnc-1.8.0-5.fc26
valgrind-3.13.0-12.fc26
xorgxrdp-0.2.5-1.fc26
xrootd-4.8.0-1.fc26
Details about builds:
================================================================================
bind-9.11.1-4.P3.fc26 (FEDORA-2017-fcd3ad6ba8)
The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
--------------------------------------------------------------------------------
Update Information:
- Own python3-bind isc directory (#1522944) - Make tsstsig system test pass
again (#1500017)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1522944 - spec file should own python module directories
https://bugzilla.redhat.com/show_bug.cgi?id=1522944
[ 2 ] Bug #1500017 - BIND internal tests for TSIG-GSS fail on Fedora 26
https://bugzilla.redhat.com/show_bug.cgi?id=1500017
--------------------------------------------------------------------------------
================================================================================
cri-o-1.9.0-3.git814c6ab.fc26 (FEDORA-2017-f9d3b2cb00)
CRI-O is the Kubernetes Container Runtime Interface for OCI-based containers
--------------------------------------------------------------------------------
Update Information:
Updated for Kubernetes 1.9 release. ---- Update with a couple of bug fixes.
--------------------------------------------------------------------------------
================================================================================
enchant2-2.2.0-2.fc26 (FEDORA-2017-26a66585e0)
An Enchanting Spell Checking Library
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
================================================================================
fcitx-unikey-0.2.7-1.fc26 (FEDORA-2017-b52768de00)
Vietnamese Engine for Fcitx
--------------------------------------------------------------------------------
Update Information:
Update to 0.2.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1511239 - fcitx-unikey-0.2.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1511239
--------------------------------------------------------------------------------
================================================================================
flatpak-0.10.2-1.fc26 (FEDORA-2017-d57a06cda1)
Application deployment framework for desktop apps
--------------------------------------------------------------------------------
Update Information:
flatpak 0.10.2 release: * Flatpak now requires OSTree 2017.14 * flatpak
update now updates from both system and user installations by default. *
flatpak update is less noisy when updating appstream info. * All the remote-*
commands now by default automatically decide to use --user or --system based
on the given remote name. * flatpak remote-ls with no remote lists the content
of all remotes * Fixed regression that made xdg-user-dirs and theme selection
for kde apps break. * flatpak override with no argument now overrides globally,
i.e. for all apps. * flatpak override now supports --nofilesystem properly.
For example flatpak override --nofilesystem=~/.ssh hides the ssh dir for all
apps, even those who have homedir access. * flatpak install now takes a
--reinstall argument which uninstalls a previously installed version if
necessary. This is very useful when you want to install a new version from a
different source. * flatpak install now allows you to pass an absolute pathname
as remote name, which will create a temporary remote and install from
that. The remote will be removed when the app is uninstalled. This is very
useful during development and testing. * Flatpak now creates CLI wrappers for
all installed apps, so if you add /var/lib/flatpak/exports/bin or
~/.local/share/flatpak/exports/bin to your PATH you can easily start flatpak
apps by their application id. flatpak-builder 0.10.6 release: * New checksum
types for file/archive sources: md5, sha1, sha512 * Support including source
snippets from another file, similar to how module includes are supported. *
The app id renaming in the appdata file is now more careful to avoid renaming
other parts. * The cache default repo format for new caches is now bare-user-
only which means building with flatpak-builder works on filesystems that
don't support xattrs. * New --install argument will install the finished build
using the new flatpak install install-directly-from-local-repo feature.
This makes it easier to test local builds.
--------------------------------------------------------------------------------
================================================================================
flatpak-builder-0.10.6-1.fc26 (FEDORA-2017-d57a06cda1)
Tool to build flatpaks from source
--------------------------------------------------------------------------------
Update Information:
flatpak 0.10.2 release: * Flatpak now requires OSTree 2017.14 * flatpak
update now updates from both system and user installations by default. *
flatpak update is less noisy when updating appstream info. * All the remote-*
commands now by default automatically decide to use --user or --system based
on the given remote name. * flatpak remote-ls with no remote lists the content
of all remotes * Fixed regression that made xdg-user-dirs and theme selection
for kde apps break. * flatpak override with no argument now overrides globally,
i.e. for all apps. * flatpak override now supports --nofilesystem properly.
For example flatpak override --nofilesystem=~/.ssh hides the ssh dir for all
apps, even those who have homedir access. * flatpak install now takes a
--reinstall argument which uninstalls a previously installed version if
necessary. This is very useful when you want to install a new version from a
different source. * flatpak install now allows you to pass an absolute pathname
as remote name, which will create a temporary remote and install from
that. The remote will be removed when the app is uninstalled. This is very
useful during development and testing. * Flatpak now creates CLI wrappers for
all installed apps, so if you add /var/lib/flatpak/exports/bin or
~/.local/share/flatpak/exports/bin to your PATH you can easily start flatpak
apps by their application id. flatpak-builder 0.10.6 release: * New checksum
types for file/archive sources: md5, sha1, sha512 * Support including source
snippets from another file, similar to how module includes are supported. *
The app id renaming in the appdata file is now more careful to avoid renaming
other parts. * The cache default repo format for new caches is now bare-user-
only which means building with flatpak-builder works on filesystems that
don't support xattrs. * New --install argument will install the finished build
using the new flatpak install install-directly-from-local-repo feature.
This makes it easier to test local builds.
--------------------------------------------------------------------------------
================================================================================
ghc-gi-gio-2.0.14-2.fc26 (FEDORA-2017-5c1c579e69)
Gio bindings
--------------------------------------------------------------------------------
Update Information:
Update ghc-gi-glib to the upstream gi-glib-2.0.15. This adds an override to mark
the return value of g_time_val_to_iso8601 as nullable, so that the API for
GI.GLib.timeValToIso8601 is consistent across glib versions (the upstream
annotation was marked nullable in glib-2.53.2). This updates ghc-gi-glib and
rebuilds the packages that depend on it.
--------------------------------------------------------------------------------
================================================================================
ghc-gi-glib-2.0.15-1.fc26 (FEDORA-2017-5c1c579e69)
GLib bindings
--------------------------------------------------------------------------------
Update Information:
Update ghc-gi-glib to the upstream gi-glib-2.0.15. This adds an override to mark
the return value of g_time_val_to_iso8601 as nullable, so that the API for
GI.GLib.timeValToIso8601 is consistent across glib versions (the upstream
annotation was marked nullable in glib-2.53.2). This updates ghc-gi-glib and
rebuilds the packages that depend on it.
--------------------------------------------------------------------------------
================================================================================
ghc-gi-gobject-2.0.15-2.fc26 (FEDORA-2017-5c1c579e69)
GObject bindings
--------------------------------------------------------------------------------
Update Information:
Update ghc-gi-glib to the upstream gi-glib-2.0.15. This adds an override to mark
the return value of g_time_val_to_iso8601 as nullable, so that the API for
GI.GLib.timeValToIso8601 is consistent across glib versions (the upstream
annotation was marked nullable in glib-2.53.2). This updates ghc-gi-glib and
rebuilds the packages that depend on it.
--------------------------------------------------------------------------------
================================================================================
ghc-gi-ostree-1.0.5-2.fc26 (FEDORA-2017-5c1c579e69)
OSTree bindings
--------------------------------------------------------------------------------
Update Information:
Update ghc-gi-glib to the upstream gi-glib-2.0.15. This adds an override to mark
the return value of g_time_val_to_iso8601 as nullable, so that the API for
GI.GLib.timeValToIso8601 is consistent across glib versions (the upstream
annotation was marked nullable in glib-2.53.2). This updates ghc-gi-glib and
rebuilds the packages that depend on it.
--------------------------------------------------------------------------------
================================================================================
gnome-photos-3.24.5-1.fc26 (FEDORA-2017-a71ecff53d)
Access, organize and share your photos on GNOME
--------------------------------------------------------------------------------
Update Information:
The link "Settings" in the "No Photos Found" screen does not work
--------------------------------------------------------------------------------
================================================================================
kernel-4.14.6-200.fc26 (FEDORA-2017-ba6b6e71f7)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.14.6 update contains various fixes across the tree.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1525762 - CVE-2017-17449 kernel: Missing namespace check in
net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
https://bugzilla.redhat.com/show_bug.cgi?id=1525762
[ 2 ] Bug #1525761 - CVE-2017-17450 kernel: Unchecked capabilities in
net/netfilter/xt_osf.c allows for unprivileged modification to systemwide fingerprint
list
https://bugzilla.redhat.com/show_bug.cgi?id=1525761
[ 3 ] Bug #1525768 - CVE-2017-17448 kernel: Missing capabilities check in
net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide
nfnl_cthelper_list structure
https://bugzilla.redhat.com/show_bug.cgi?id=1525768
[ 4 ] Bug #1525474 - CVE-2017-17558 kernel: Unallocated memory access by malicious USB
device via bNumInterfaces overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1525474
[ 5 ] Bug #1519591 - CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket
https://bugzilla.redhat.com/show_bug.cgi?id=1519591
--------------------------------------------------------------------------------
================================================================================
libu2f-server-1.0.1-10.fc26 (FEDORA-2017-d857a148d1)
Yubico Universal 2nd Factor (U2F) Server C Library
--------------------------------------------------------------------------------
Update Information:
Fix libjson problems
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1526523 - Undefined behaviour in u2f-server
https://bugzilla.redhat.com/show_bug.cgi?id=1526523
--------------------------------------------------------------------------------
================================================================================
liferea-1.12.0-2.fc26 (FEDORA-2017-3b5d45ad0e)
An RSS/RDF feed reader
--------------------------------------------------------------------------------
Update Information:
Update to 1.12.0 stable
--------------------------------------------------------------------------------
================================================================================
linux-firmware-20171215-81.git2451bb22.fc26 (FEDORA-2017-b79deedf43)
Firmware files used by the Linux kernel
--------------------------------------------------------------------------------
Update Information:
Updated skl DMC, cnl audio, netronome SmartNIC, amdgpu vega10 and raven, intel
bluetooth, brcm CYW4373, and liquidio vswitch firmwares
--------------------------------------------------------------------------------
================================================================================
mingw-enchant2-2.2.0-2.fc26 (FEDORA-2017-26a66585e0)
MinGW Windows enchant2 library
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
================================================================================
mingw-qtspell-0.8.4-1.fc26 (FEDORA-2017-c7f8bfbe96)
Spell checking for Qt text widgets
--------------------------------------------------------------------------------
Update Information:
Update to version 0.8.4, see
https://github.com/manisandro/qtspell/releases for
details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1526376 - Package summary contains rpm macro.
https://bugzilla.redhat.com/show_bug.cgi?id=1526376
--------------------------------------------------------------------------------
================================================================================
nfs-utils-2.2.1-1.rc2.fc26 (FEDORA-2017-05db2de66b)
NFS utilities and supporting clients and daemons for the kernel NFS server
--------------------------------------------------------------------------------
Update Information:
Updated to latest upstream RC release: nfs-utils-2-2-2-rc2
--------------------------------------------------------------------------------
================================================================================
python-catkin_pkg-0.3.8-2.fc26 (FEDORA-2017-57f8f4e393)
Library for retrieving information about catkin packages
--------------------------------------------------------------------------------
Update Information:
Add patch to remove argparse from the requirements
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1526466 - The 'argparse' distribution was not found and is required
by catkin-pkg
https://bugzilla.redhat.com/show_bug.cgi?id=1526466
--------------------------------------------------------------------------------
================================================================================
qtspell-0.8.4-1.fc26 (FEDORA-2017-7ebaf67703)
Spell checking for Qt text widgets
--------------------------------------------------------------------------------
Update Information:
Update to version 0.8.4, see
https://github.com/manisandro/qtspell/releases for
details.
--------------------------------------------------------------------------------
================================================================================
sway-0.15.0-3.fc26 (FEDORA-2017-6aafe5a2f8)
i3-compatible window manager for Wayland
--------------------------------------------------------------------------------
Update Information:
Fix issue with json-c: free() on unowned object
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1526520 - Undefined behaviour in Sway
https://bugzilla.redhat.com/show_bug.cgi?id=1526520
--------------------------------------------------------------------------------
================================================================================
tigervnc-1.8.0-5.fc26 (FEDORA-2017-8b51db595f)
A TigerVNC remote display system
--------------------------------------------------------------------------------
Update Information:
Fixed starting of vncserver using systemd service.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896648 - vncserver fails to load gnome 3 session
https://bugzilla.redhat.com/show_bug.cgi?id=896648
--------------------------------------------------------------------------------
================================================================================
valgrind-3.13.0-12.fc26 (FEDORA-2017-d256dfceb8)
Tool for finding memory management bugs in programs
--------------------------------------------------------------------------------
Update Information:
Fix debug alt file resolving. Fix s390x false positive with cgijnl instruction.
Fix ppc64 timebase.
--------------------------------------------------------------------------------
================================================================================
xorgxrdp-0.2.5-1.fc26 (FEDORA-2017-a907d1c53e)
Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:
This version includes: - Adjust socket file permission #110 - Accept display
number 0 #106 - Assembly code refactoring
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1526668 - xorgxrdp-0.2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1526668
--------------------------------------------------------------------------------
================================================================================
xrootd-4.8.0-1.fc26 (FEDORA-2017-fb52319041)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
------------- Version 4.8.0 ------------- New Features * **[XrdCl]** Local
redirection and local file support. * **[XrdCl]** merge xrdfs ls results if
not unique, closes #541. * **[XrdCl]** Provide client specific CGI info. *
**[XrdCl]** File::WriteV implementation, closes #388. * **[XrdHttp]** Pass the
HTTP verb to the external handler for path matching. *
**[XrdHttp]** Allow one to access the XrdSecEntity object associated
with a request. * **[XrdHttp]** Allow filtering based on HTTP verb in
MatchesPath. * **[XrdHttp]** Allow overwrites to be done on PUT. *
**[XrdHttp]** Allow multiple external handlers to be loaded by XrdHttp. Major
bug fixes * **[Server]** Correctly handle monEnt on file close to avoid SEGV.
Fixes #618. * **[Server]** Poperly handle file descriptors up to 65535.
Fixes #607. * **[Server]** Fix handling of >65K attached files (active links).
Fixes #623. * **[Server]** Make sure doPost does not become <0 (regression
introduced in 4.7.1). * **[Proxy]** Avoid SEGV when
localroot specified w/o remote root. Fixes #627. * **[XrdCl]**
Connection Window should be applied per IP address. Fixes #625.
* **[XrdCl]** Write request and raw data with single writev, fixes #609. *
**[XrdHttp]** Allow XrdSfsGetDefaultFileSystem to be called multiple
times. * **[XrdHttp]** Correct external handling logic. * **[XrdSecgsi]**
Use stack for proper cleaning of invalidated CRLs and CAs. Minor bug fixes
* **[Server]** Print error msg and close socket when a FD cannot.
be handled. * **[Server]** Close additional loophole for fstream disconnect.
* **[Server]** Always unhook the statistcs object from xfr monitoring
if hooked. * **[Server]** Ruggedize TPC to be less sensitive to protocol
violations. * **[Server]** Correct tpc directive scanning and make it more
obvious. Fixes #604. * **[Server]** Enable url rewrites.
Eliminates GSI roadblock. * **[Server]** Do not reference a deleted object.
* **[XrdSsi]** Make sure to finalyze all requests upon disc, fixes #616. *
**[XrdHttp]** Handle properly http.secretkey. * **[XrdCl]** various memory
releated fixes. * **[XrdPy]** Translate binary buffers into bytes objects,
closes #632
--------------------------------------------------------------------------------