The following Fedora 33 Security updates need testing:
Age URL
166
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c shim-15.4-1
10
https://bodhi.fedoraproject.org/updates/FEDORA-2021-9fb6da134f
squashfs-tools-4.5-3.20210913gite048580.fc33
7
https://bodhi.fedoraproject.org/updates/FEDORA-2021-fc96a3a749
curl-7.71.1-11.fc33
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-edf6957b7d
webkit2gtk3-2.32.4-1.fc33
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-55198e6804 iaito-5.3.1-3.fc33
radare2-5.4.0-1.fc33
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-87578dca12
ckeditor-4.16.2-1.fc33
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-34760089da
python2.7-2.7.18-15.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-044be3d54e
libspf2-1.2.11-1.20210922git4915c308.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-f2a020a065
libssh-0.9.6-1.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-67b7695f95
python-flask-restx-0.2.0-4.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c87ed13391
cifs-utils-6.13-3.fc33
The following Fedora 33 Critical Path updates have yet to be approved:
Age URL
185
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb
PackageKit-1.2.3-1.fc33
120
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4797e362b3 abrt-2.14.6-1.fc33
libreport-2.15.1-1.fc33 satyr-0.37-2.fc33
36
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4ccf3840ed
gnome-shell-3.38.6-1.fc33 mutter-3.38.6-1.fc33
11
https://bodhi.fedoraproject.org/updates/FEDORA-2021-b23a9bea6a
ethtool-5.14-1.fc33
10
https://bodhi.fedoraproject.org/updates/FEDORA-2021-b45ccbe1a6
libmodulemd-2.13.0-2.fc33
10
https://bodhi.fedoraproject.org/updates/FEDORA-2021-9fb6da134f
squashfs-tools-4.5-3.20210913gite048580.fc33
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-90604978ab pungi-4.3.0-1.fc33
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-fd41bb269a
createrepo_c-0.17.5-1.fc33
7
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2234494a2d
appstream-data-33-4.fc33
7
https://bodhi.fedoraproject.org/updates/FEDORA-2021-fc96a3a749
curl-7.71.1-11.fc33
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-edf6957b7d
webkit2gtk3-2.32.4-1.fc33
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-e2e8b29ae7
libxcrypt-4.4.26-2.fc33
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-31db2a6200
openssl-1.1.1l-2.fc33
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-e63926a1bb
btrfs-progs-5.14.1-1.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-b5e7522780
flatpak-1.10.3-1.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-f2a020a065
libssh-0.9.6-1.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-7e9ae4b0fe
nfs-utils-2.5.4-2.rc3.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-a239487807 dnf-4.9.0-1.fc33
dnf-plugins-core-4.0.23-1.fc33 libcomps-0.1.18-1.fc33 libdnf-0.64.0-1.fc33
librepo-1.14.2-1.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4617be8d14
kernel-5.14.7-100.fc33 kernel-headers-5.14.7-100.fc33 kernel-tools-5.14.7-100.fc33
The following builds have been pushed to Fedora 33 updates-testing
cobbler-3.2.2-2.fc33
conmon-2.0.30-1.fc33
openbgpd-7.2-1.fc33
perl-GnuPG-Interface-1.02-1.fc33
php-laminas-mail-2.14.3-1.fc33
python-flexmock-0.10.10-1.fc33
python-fsspec-2021.9.0-1.fc33~bootstrap
python-mirrors-countme-0.0.7-1.fc33
python-podman-3.2.1-1.fc33
recoll-1.31.0-4.fc33
rpki-client-7.3-1.fc33
Details about builds:
================================================================================
cobbler-3.2.2-2.fc33 (FEDORA-2021-4def184821)
Boot server configurator
--------------------------------------------------------------------------------
Update Information:
* Migrate settings to settings.yaml * Migrate pre-cobbler 3 data if needed
* Fix autoinstall_templates -> templates ---- Update to 3.2.2 New: --- *
Signatures: Add ESXi 7.0 U1 #2525 #2526 #2442 * AlmaLinux & RockyLinux are now
supported * Signatures: Add generic openSUSE Leap 15 #2508 * Settings: Use
.yaml as a file extension #2531 * Settings: Validate what settings we have in
the YAML-File #2533 #2419 #2530 * Modules: We now support automatic Windows
installations #2466 * Docs: Terraform provider now included #2166 #2528
Changes: ----- * Web Frontend: Show VMware as a breed #2449 * Logging
check fails with SELinux #2440 #2441 * Typing: Convert docstring types to
typing types #2564 * ESXi Support: Now partly supported #2541 * ipmitool
now is upstream supported by fence_agents via ipmilanplus #2542 * cobbler
version remove the b prefix #2543 * We are now using inst.ks instead of ks
#2534 * Use the python-file bindings instead of a subprocess call #2482 #2480
* Web Interface: Make new user management more obvious #2484 Bugfixes: -----
* Remove redundant .json suffix: #2451 #2376 #2545 #2529 * PAM
Authentication failures are fixed now: #2400 #2444 * Templating: Fix Cheetah
macros #2570 #2509 #2403 * Templating: Fix regex replacements #2513 *
Templating: Add http_port to all snippets we are aware of #2058 * API: Have
the legacy fields kickstart and ks_meta present at all times. #2311 #2568 *
Replicate: revert_strip_none prior adding an object on replicate #2548 #2505 *
Replicate: Fix paths during replication #2516 * Web interface: Fix snippet
path #2520 * Web interface: Prevent duplicate pathing of snippets #2485 *
Fix script path from Cobbler #2479 #2478 * Settings: Add missing rsync flags
option #2467 #2468 * Startup: Cobbler starts with sub-profiles now #2259
#2450 * Web: Permissions for /var/lib/cobbler/web.ss #2439 #2452 * Power
management: Follow the fence_agent return codes #1491 * cobbler check: Fix
dnsmasq check #2155 Other: ---- * Cleanup unused import #2551 * Docs:
Improvements at various places #2547 #2481 #2473 #1801 #2228 * Removed unused
multi-language support #2532 * Un-categorized improvements #2524 #2464 *
Items: Streamline template_types type in all items #2262 Breaking Changes: ----
* Possibly the settings file is not correctly migrated and needs to be
manually adjusted. * Rename settings to settings.yaml * Add all keys which
are missing. List will be available in /var/log/cobbler/cobbler.log. * We
dropped support for CentOS 7 since no full Python 3 stack is available #2515
Fedora --- * bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template
Injection * bz#2006897: CVE-2021-40324: Arbitrary file write via
upload_log_data XMLRPC function * bz#2006904: CVE-2021-40325: Authorization
bypass allows modifying settings
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 23 2021 Orion Poplawski <orion(a)nwra.com> - 3.2.2-2
- Migrate settings to settings.yaml
- Migrate pre-cobbler 3 data if needed
- Fix autoinstall_templates -> templates
* Thu Sep 23 2021 Orion Poplawski <orion(a)nwra.com> - 3.2.2-1
- Update to 3.2.2
- bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection
- bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function
- bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings
* Wed Sep 22 2021 Orion Poplawski <orion(a)nwra.com> - 3.2.1-1
- Update to 3.2.1
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2.0-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 3.2.0-5
- Rebuilt for Python 3.10
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 3.2.0-4
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2006840 - CVE-2021-40323 cobbler: Arbitrary File Disclosure/Template
Injection via generate_script RPC method
https://bugzilla.redhat.com/show_bug.cgi?id=2006840
[ 2 ] Bug #2006897 - CVE-2021-40324 cobbler: Arbitrary file write via upload_log_data
XMLRPC function
https://bugzilla.redhat.com/show_bug.cgi?id=2006897
[ 3 ] Bug #2006904 - CVE-2021-40325 cobbler: Authorization bypass allows modifying
settings
https://bugzilla.redhat.com/show_bug.cgi?id=2006904
--------------------------------------------------------------------------------
================================================================================
conmon-2.0.30-1.fc33 (FEDORA-2021-fc0aa5ed74)
OCI container runtime monitor
--------------------------------------------------------------------------------
Update Information:
conmon 2.0.30 ---- Autobuilt v2.0.29 ---- rhbz#1965231: add
/usr/libexec/crio to tracked files ---- Autobuilt v2.0.28
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 22 2021 RH Container Bot <rhcontainerbot(a)fedoraproject.org> - 2:2.0.30-1
- autobuilt v2.0.30
* Mon Aug 16 2021 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 2:2.0.29-2
- build correct tag lol
* Thu Jun 3 2021 RH Container Bot <rhcontainerbot(a)fedoraproject.org> - 2:2.0.29-1
- autobuilt v2.0.29
* Thu May 27 2021 Peter Hunt <pehunt(a)redhat.com> - 2:2.0.28-2
- rhbz#1965231: add /usr/libexec/crio to tracked files
* Fri May 14 2021 RH Container Bot <rhcontainerbot(a)fedoraproject.org> - 2:2.0.28-1
- autobuilt v2.0.28
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1965231 - conmon: unowned directory
https://bugzilla.redhat.com/show_bug.cgi?id=1965231
--------------------------------------------------------------------------------
================================================================================
openbgpd-7.2-1.fc33 (FEDORA-2021-c5b62c45c2)
OpenBGPD Routing Daemon
--------------------------------------------------------------------------------
Update Information:
OpenBGPD 7.2 ============ This release includes the following changes to the
previous release: * Support for RFC 9072 - Extended Optional Parameters
Length for `BGP OPEN` Message * Support for RFC 8050 - MRT Format with BGP
Additional Path Extensions * Implement receive side of RFC 7911 -
Advertisement of Multiple Paths in BGP. OpenBGPD is currently not able to send
multiple paths out. * Improve checks of VRPs loaded via RTR or from the roa-
set table. * Allow to optionally specify an expiry time for `roa-set` entries
to mitigate BGP route decision making based on outdated RPKI data. OpenBGPD's
companion `rpki-client` produces `roa-set`s with the new `expires` property.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 23 2021 Robert Scheck <robert(a)fedoraproject.org> 7.2-1
- Upgrade to 7.2 (#2007210)
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2007210 - openbgpd-7.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2007210
--------------------------------------------------------------------------------
================================================================================
perl-GnuPG-Interface-1.02-1.fc33 (FEDORA-2021-5038241781)
Perl interface to GnuPG
--------------------------------------------------------------------------------
Update Information:
This updates the Perl module GnuPG::Interface to 1.02 (the latest version as of
the time of this update). This allows updating RT to 4.4.5 (a bugfix release).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 12 2021 Emmanuel Seyman <emmanuel(a)seyman.fr> - 1.02-1
- Update to 1.02
* Sun Jan 31 2021 Emmanuel Seyman <emmanuel(a)seyman.fr> - 1.01-1
- Update to 1.01
- Remove Patch* declarations since patches are not applied
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2007499 - Please update to > 1.02
https://bugzilla.redhat.com/show_bug.cgi?id=2007499
--------------------------------------------------------------------------------
================================================================================
php-laminas-mail-2.14.3-1.fc33 (FEDORA-2021-b7a0a6a569)
Laminas Framework Mail component
--------------------------------------------------------------------------------
Update Information:
**Version 2.14.3** Bug * 168: Update from 2.14.1 to 2.14.2 breaks Magento
2.4 using external SMTP thanks to @n2diving-dgx * 167: fix has timed out
thanks to @kokspflanze --- **Version 2.14.2** Bug * 164: Fix encoding in
sendmail transport with php8 (based on 2.14.x) thanks to @Fahl-Design
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 23 2021 Remi Collet <remi(a)remirepo.net> - 2.14.3-1
- update to 2.14.3
--------------------------------------------------------------------------------
================================================================================
python-flexmock-0.10.10-1.fc33 (FEDORA-2021-87e06462c0)
Testing library that makes it easy to create mocks, stubs and fakes
--------------------------------------------------------------------------------
Update Information:
Update to 0.10.10
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 22 2021 Hunor Csomort��ni <csomh(a)redhat.com> - 0.10.10-1
- Update to 0.10.10 (#2001223)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2001223 - python-flexmock-0.10.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2001223
--------------------------------------------------------------------------------
================================================================================
python-fsspec-2021.9.0-1.fc33~bootstrap (FEDORA-2021-fd5fa7c382)
Specification for Pythonic file system interfaces
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 24 2021 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> 2021.9.0-1
- Update to latest version (#2007409)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2007409 - python-fsspec-2021.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2007409
--------------------------------------------------------------------------------
================================================================================
python-mirrors-countme-0.0.7-1.fc33 (FEDORA-2021-d2d4245b08)
Parse access_log and count hosts accessing DNF mirrors
--------------------------------------------------------------------------------
Update Information:
This upstream version speeds up processing log data by pre-filtering it and
fixes a bug where progress was printed even though the corresponding command
line option wasn't set.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 24 2021 Nils Philippsen <nils(a)redhat.com> 0.0.7-1
- Version 0.0.7
--------------------------------------------------------------------------------
================================================================================
python-podman-3.2.1-1.fc33 (FEDORA-2021-765150b72a)
RESTful API for Podman
--------------------------------------------------------------------------------
Update Information:
* Update packaging * Update CI to support testing against released and main
podman branches * Cleanup CI configuration Bug Fixes: *
https://github.com/containers/podman-py/pull/125 *
https://github.com/containers/podman-py/pull/122 *
https://github.com/containers/podman-py/pull/119 *
https://github.com/containers/podman-py/pull/117 *
https://github.com/containers/podman-py/pull/116 *
https://github.com/containers/podman-py/pull/108
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2021 RH Container Bot <rhcontainerbot(a)fedoraproject.org> - 3:3.2.1-1
- autobuilt v3.2.1
* Mon Aug 16 2021 RH Container Bot <rhcontainerbot(a)fedoraproject.org> - 3:3.2.0-1
- autobuilt v3.2.0
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
3:3.1.2.4-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2004877 - python-podman-3.2.0-1.fc36 FTBFS: ModuleNotFoundError: No module
named 'xdg'
https://bugzilla.redhat.com/show_bug.cgi?id=2004877
--------------------------------------------------------------------------------
================================================================================
recoll-1.31.0-4.fc33 (FEDORA-2021-955d0ea8ea)
Desktop full text search tool with Qt GUI
--------------------------------------------------------------------------------
Update Information:
Fix an issue with Recoll GSSP.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 23 2021 Terje Rosten <terje.rosten(a)ntnu.no> - 1.31.0-4
- GSSP 1.1.1
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.31.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 1.31.0-2
- Rebuilt for Python 3.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2007188 - recoll-1.31.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2007188
--------------------------------------------------------------------------------
================================================================================
rpki-client-7.3-1.fc33 (FEDORA-2021-fa942441d4)
RPKI validator to support BGP Origin Validation
--------------------------------------------------------------------------------
Update Information:
rpki-client 7.3 =============== * Improve the HTTP client code (status code
handling, http proxy support, keep-alive). * In RRDP, do not access URI with
userinfo (`@`-sign). * Improve RRDP syncing by considering a notification file
serial jumping backwards as synced repository. * Make `-R` (`rsync` only) also
apply to the fetching of TA files. * Only sync `*.{cer,crl,gbr,mft,roa}` files
via `rsync` and exclude all others. * When producing output for OpenBGPd, make
use of the `roa-set expires` attribute to prevent machines from loading outdated
`roa-set`s. * In RRDP, limit the number of deltas to 300 per repo. If more
deltas exist, downloading a full snapshot is faster. * Limit the validation
depth of X509 certificate chains to 12, double the current depth seen in RPKI.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 23 2021 Robert Scheck <robert(a)fedoraproject.org> 7.3-1
- Upgrade to 7.3 (#2007447)
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 7.2-2
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2007447 - rpki-client-7.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2007447
--------------------------------------------------------------------------------