In this release, two major bugfixes are included:
1. runc container escape to host filesystem (CVE-2019-5736) [1], fixed with runc RPM version 1.0.0-68.dev.git6635b4f.fc29
2. rpm-ostree labeling of /home symlink to /var/home [2], fixed with rpm-ostree RPM version 2019.2-1.fc29
To reiterate, Atomic Host systems are protected from the runc exploit due to two lines of defense: SELinux, and /usr being mounted as read-only (see [3]). Thus, existing Atomic Host systems should not be affected.
The kernel update to 4.20.3-200.fc29, which introduced bugs that blocked the 20190204 release [4], is now being tracked at [5] and [6]. Since we have confirmed the ppc64le image boots with nested kvm/qemu virtualization on Power9 hardware, we have decided to release.
An example of the diff between this and the previous released version
(for x86_64) is:
ostree diff commit old: cdcbea2ccac7804770be806befd30895457de080d1525ee6050a5bebdfeefeb7
ostree diff commit new: d00adf110907f93f6cdd05deda0e2878c9bd71c74e0c4c2e9a5250d2f4cc8868
Upgraded:
checkpolicy 2.8-2.fc29 -> 2.8-3.fc29
cockpit-bridge 185-1.fc29 -> 187-1.fc29
cockpit-docker 185-1.fc29 -> 187-1.fc29
cockpit-networkmanager 185-1.fc29 -> 187-1.fc29
cockpit-system 185-1.fc29 -> 187-1.fc29
container-selinux 2:2.77-1.git2c57a17.fc29 -> 2:2.81-2.git484806a.fc29
crypto-policies 20181026-1.gitd42aaa6.fc29 -> 20190211-2.gite3eacfc.fc29
curl 7.61.1-6.fc29 -> 7.61.1-9.fc29
dbus 1:1.12.10-1.fc29 -> 1:1.12.12-1.fc29
dbus-common 1:1.12.10-1.fc29 -> 1:1.12.12-1.fc29
dbus-daemon 1:1.12.10-1.fc29 -> 1:1.12.12-1.fc29
dbus-libs 1:1.12.10-1.fc29 -> 1:1.12.12-1.fc29
dbus-tools 1:1.12.10-1.fc29 -> 1:1.12.12-1.fc29
docker 2:1.13.1-62.git9cb56fd.fc29 -> 2:1.13.1-65.git1185cfd.fc29
docker-common 2:1.13.1-62.git9cb56fd.fc29 -> 2:1.13.1-65.git1185cfd.fc29
docker-rhel-push-plugin 2:1.13.1-62.git9cb56fd.fc29 -> 2:1.13.1-65.git1185cfd.fc29
elfutils-default-yama-scope 0.174-5.fc29 -> 0.176-1.fc29
elfutils-libelf 0.174-5.fc29 -> 0.176-1.fc29
elfutils-libs 0.174-5.fc29 -> 0.176-1.fc29
file 5.34-7.fc29 -> 5.34-11.fc29
file-libs 5.34-7.fc29 -> 5.34-11.fc29
geolite2-city 20181204-1.fc29 -> 20190205-1.fc29
geolite2-country 20181204-1.fc29 -> 20190205-1.fc29
glib2 2.58.2-1.fc29 -> 2.58.3-1.fc29
gnutls 3.6.5-2.fc29 -> 3.6.6-1.fc29
gpgme 1.11.1-3.fc29 -> 1.12.0-1.fc29
iproute 4.18.0-3.fc29 -> 4.20.0-1.fc29
iproute-tc 4.18.0-3.fc29 -> 4.20.0-1.fc29
kernel 4.19.15-300.fc29 -> 4.20.8-200.fc29
kernel-core 4.19.15-300.fc29 -> 4.20.8-200.fc29
kernel-modules 4.19.15-300.fc29 -> 4.20.8-200.fc29
libcurl 7.61.1-6.fc29 -> 7.61.1-9.fc29
libidn2 2.0.5-2.fc29 -> 2.1.1a-1.fc29
libpng 2:1.6.34-6.fc29 -> 2:1.6.34-7.fc29
libreport-filesystem 2.9.7-2.fc29 -> 2.10.0-1.fc29
libselinux 2.8-4.fc29 -> 2.8-6.fc29
libselinux-utils 2.8-4.fc29 -> 2.8-6.fc29
libsemanage 2.8-4.fc29 -> 2.8-8.fc29
libsepol 2.8-2.fc29 -> 2.8-3.fc29
libsolv 0.7.2-1.fc29 -> 0.7.2-2.fc29
libxcrypt 4.4.2-3.fc29 -> 4.4.3-2.fc29
libyaml 0.2.1-2.fc29 -> 0.2.1-5.fc29
linux-firmware 20181219-89.git0f22c852.fc29 -> 20190213-93.git710963fe.fc29
lua-libs 5.3.5-2.fc29 -> 5.3.5-3.fc29
nss 3.41.0-3.fc29 -> 3.42.1-1.fc29
nss-softokn 3.41.0-3.fc29 -> 3.42.1-1.fc29
nss-softokn-freebl 3.41.0-3.fc29 -> 3.42.1-1.fc29
nss-sysinit 3.41.0-3.fc29 -> 3.42.1-1.fc29
nss-util 3.41.0-3.fc29 -> 3.42.1-1.fc29
oci-umount 2:2.3.4-2.git87f9237.fc29 -> 2:2.5-1.gitc3cda1f.fc29
openssh 7.9p1-3.fc29 -> 7.9p1-4.fc29
openssh-clients 7.9p1-3.fc29 -> 7.9p1-4.fc29
openssh-server 7.9p1-3.fc29 -> 7.9p1-4.fc29
p11-kit 0.23.14-2.fc29 -> 0.23.15-1.fc29
p11-kit-trust 0.23.14-2.fc29 -> 0.23.15-1.fc29
policycoreutils 2.8-8.fc29 -> 2.8-17.fc29
policycoreutils-python-utils 2.8-8.fc29 -> 2.8-17.fc29
polkit 0.115-4.2.fc29 -> 0.115-4.3.fc29
polkit-libs 0.115-4.2.fc29 -> 0.115-4.3.fc29
python2-libselinux 2.8-4.fc29 -> 2.8-6.fc29
python2-libsemanage 2.8-4.fc29 -> 2.8-8.fc29
python2-policycoreutils 2.8-8.fc29 -> 2.8-17.fc29
python2-pyOpenSSL 18.0.0-3.fc29 -> 19.0.0-1.fc29
python3 3.7.2-1.fc29 -> 3.7.2-4.fc29
python3-dateutil 1:2.7.0-3.fc29 -> 1:2.7.5-1.fc29
python3-jsonschema 2.6.0-5.fc29 -> 2.6.0-6.fc29
python3-libs 3.7.2-1.fc29 -> 3.7.2-4.fc29
python3-libselinux 2.8-4.fc29 -> 2.8-6.fc29
python3-libsemanage 2.8-4.fc29 -> 2.8-8.fc29
python3-policycoreutils 2.8-8.fc29 -> 2.8-17.fc29
python3-pyOpenSSL 18.0.0-3.fc29 -> 19.0.0-1.fc29
rpm-ostree 2018.10-1.fc29 -> 2019.2-1.fc29
rpm-ostree-libs 2018.10-1.fc29 -> 2019.2-1.fc29
runc 2:1.0.0-66.dev.gitbbb17ef.fc29 -> 2:1.0.0-68.dev.git6635b4f.fc29
selinux-policy 3.14.2-47.fc29 -> 3.14.2-49.fc29
selinux-policy-targeted 3.14.2-47.fc29 -> 3.14.2-49.fc29
systemd 239-8.gite339eae.fc29 -> 239-11.git4dc7dce.fc29
systemd-container 239-8.gite339eae.fc29 -> 239-11.git4dc7dce.fc29
systemd-libs 239-8.gite339eae.fc29 -> 239-11.git4dc7dce.fc29
systemd-pam 239-8.gite339eae.fc29 -> 239-11.git4dc7dce.fc29
systemd-udev 239-8.gite339eae.fc29 -> 239-11.git4dc7dce.fc29
vim-minimal 2:8.1.702-1.fc29 -> 2:8.1.897-1.fc29
zchunk-libs 1.0.2-1.fc29 -> 1.0.3-1.fc29
Removed:
python3-IPy-0.81-23.fc29.noarch
Added:
linux-firmware-whence-20190213-93.git710963fe.fc29.noarch
x86_64 AMIs are here:
Fedora-AtomicHost-29-20190219.0.x86_64 eu-west-2 ami-0ec9ed52bec7e243a hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ap-northeast-1 ami-0f0e0f0a2110ffc03 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 eu-central-1 ami-0af0e87e8ed63dd45 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 us-west-1 ami-0f9f2dfdb7825543a hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 us-west-2 ami-0d27a0b6a82bc2737 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ap-southeast-2 ami-0458a3b8c2f19e4f9 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ca-central-1 ami-04ad07470f41a547f hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ap-southeast-1 ami-0601b1fcd48a38040 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 sa-east-1 ami-0656310a3bbb4c745 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ap-northeast-2 ami-0f7a7d20979d3223e hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 eu-west-1 ami-0401658df6c69a65d hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ap-south-1 ami-0fbe9bac04a17820a hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 us-east-1 ami-0c97b936303859c89 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 eu-west-2 ami-012e11237f48309b2 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ap-northeast-1 ami-088e976156e988908 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 eu-central-1 ami-0536ed74c1dcc6c7f hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 us-west-1 ami-0cb526c05de3d75ed hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 us-west-2 ami-045874f74038dab5b hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ap-southeast-2 ami-00a6cafaabfd65de3 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ca-central-1 ami-0cab048455908459a hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ap-southeast-1 ami-0dc00809d23864794 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 sa-east-1 ami-00ffffbf0fa05f024 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ap-northeast-2 ami-04c2c71840279c581 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 eu-west-1 ami-025a9a2d67f5cf8d1 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ap-south-1 ami-081c0af897ecc0cba hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 us-east-1 ami-0a1ebea4bfc1ef073 hvm standard
aarch64 AMIs are here:
Fedora-AtomicHost-29-20190219.0.aarch64 us-west-2 ami-05c281b052ff87d45 hvm gp2
Fedora-AtomicHost-29-20190219.0.aarch64 eu-west-1 ami-0bab5d6192e989266 hvm gp2
Fedora-AtomicHost-29-20190219.0.aarch64 us-east-1 ami-0d57fc3645ee641d4 hvm gp2
The Vagrant Cloud page with the new Atomic Host:
https://app.vagrantup.com/fedora/boxes/29-atomic-host
https://app.vagrantup.com/fedora/boxes/29-atomic-host/versions/29.20190219.0
Thanks,
Fedora Atomic Working Group
[1] https://nvd.nist.gov/vuln/detail/CVE-2019-5736
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1669982
[3] https://lists.projectatomic.io/projectatomic-archives/atomic-announce/2019-February/msg00002.html
[4] https://lists.projectatomic.io/projectatomic-archives/atomic-announce/2019-February/msg00001.html
[5] https://bugzilla.redhat.com/show_bug.cgi?id=1676475
[6] https://bugzilla.redhat.com/show_bug.cgi?id=1668751
On Tue, Feb 19, 2019 at 6:51 PM <noreply@xxxxxxxxxxxxxxxxx> wrote:
>
>
> A new Fedora Atomic Host update is available via an OSTree update:
>
> Version: 29.20190219.0
> Commit(x86_64): d00adf110907f93f6cdd05deda0e2878c9bd71c74e0c4c2e9a5250d2f4cc8868
> Commit(aarch64): b87cb9e59aa668ea0e79c3d2e7c017a340c03dcf79a2f7756fedddb3831ca74e
> Commit(ppc64le): 33ee5adfd3e33c8e03ad460c75fe71858528f0d91cffd9c01c07a92b2ad000c2
>
>
> We are releasing images from multiple architectures but please note
> that x86_64 architecture is the only one that undergoes automated
> testing at this time.
>
> Existing systems can be upgraded in place via e.g. `atomic host upgrade`.
>
> Corresponding image media for new installations can be downloaded from:
>
> https://getfedora.org/en/atomic/download/
>
> Alternatively, image artifacts can be found at the following links:
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/aarch64/images/Fedora-AtomicHost-29-20190219.0.aarch64.qcow2
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/aarch64/images/Fedora-AtomicHost-29-20190219.0.aarch64.raw.xz
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/aarch64/iso/Fedora-AtomicHost-ostree-aarch64-29-20190219.0.iso
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/ppc64le/images/Fedora-AtomicHost-29-20190219.0.ppc64le.qcow2
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/ppc64le/images/Fedora-AtomicHost-29-20190219.0.ppc64le.raw.xz
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/ppc64le/iso/Fedora-AtomicHost-ostree-ppc64le-29-20190219.0.iso
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/images/Fedora-AtomicHost-29-20190219.0.x86_64.qcow2
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/images/Fedora-AtomicHost-29-20190219.0.x86_64.raw.xz
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/images/Fedora-AtomicHost-Vagrant-29-20190219.0.x86_64.vagrant-libvirt.box
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/images/Fedora-AtomicHost-Vagrant-29-20190219.0.x86_64.vagrant-virtualbox.box
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/iso/Fedora-AtomicHost-ostree-x86_64-29-20190219.0.iso
>
> Respective signed CHECKSUM files can be found here:
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/aarch64/images/Fedora-AtomicHost-29-20190219.0-aarch64-CHECKSUM
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/aarch64/iso/Fedora-AtomicHost-29-20190219.0-aarch64-CHECKSUM
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/ppc64le/images/Fedora-AtomicHost-29-20190219.0-ppc64le-CHECKSUM
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/ppc64le/iso/Fedora-AtomicHost-29-20190219.0-ppc64le-CHECKSUM
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/images/Fedora-AtomicHost-29-20190219.0-x86_64-CHECKSUM
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/iso/Fedora-AtomicHost-29-20190219.0-x86_64-CHECKSUM
>
> For direct download, the "latest" targets are always available here:
> x86_64:
> https://getfedora.org/atomic_qcow2_x86_64_latest
> https://getfedora.org/atomic_raw_x86_64_latest
> https://getfedora.org/atomic_vagrant_libvirt_x86_64_latest
> https://getfedora.org/atomic_vagrant_virtualbox_x86_64_latest
> https://getfedora.org/atomic_dvd_ostree_x86_64_latest
>
> aarch64:
> https://getfedora.org/atomic_qcow2_aarch64_latest
> https://getfedora.org/atomic_raw_aarch64_latest
> https://getfedora.org/atomic_dvd_ostree_aarch64_latest
>
> ppc64le:
> https://getfedora.org/atomic_qcow2_ppc64le_latest
> https://getfedora.org/atomic_raw_ppc64le_latest
> https://getfedora.org/atomic_dvd_ostree_ppc64le_latest
>
> Filename fetching URLs are available here:
> x86_64:
> https://getfedora.org/atomic_qcow2_x86_64_latest_filename
> https://getfedora.org/atomic_raw_x86_64_latest_filename
> https://getfedora.org/atomic_vagrant_libvirt_x86_64_latest_filename
> https://getfedora.org/atomic_vagrant_virtualbox_x86_64_latest_filename
> https://getfedora.org/atomic_dvd_ostree_x86_64_latest_filename
>
> aarch64:
> https://getfedora.org/atomic_qcow2_aarch64_latest_filename
> https://getfedora.org/atomic_raw_aarch64_latest_filename
> https://getfedora.org/atomic_dvd_ostree_aarch64_latest_filename
>
> ppc64le:
> https://getfedora.org/atomic_qcow2_ppc64le_latest_filename
> https://getfedora.org/atomic_raw_ppc64le_latest_filename
> https://getfedora.org/atomic_dvd_ostree_ppc64le_latest_filename
>
> For more information about the latest targets, please reference the Fedora
> Atomic Wiki space.
>
> https://fedoraproject.org/wiki/Atomic_WG#Fedora_Atomic_Image_Download_Links
>
> Do note that it can take some of the mirrors up to 12 hours to "check-in" at
> their own discretion.
>
> Thank you,
> Fedora Release Engineering
>
1. runc container escape to host filesystem (CVE-2019-5736) [1], fixed with runc RPM version 1.0.0-68.dev.git6635b4f.fc29
2. rpm-ostree labeling of /home symlink to /var/home [2], fixed with rpm-ostree RPM version 2019.2-1.fc29
To reiterate, Atomic Host systems are protected from the runc exploit due to two lines of defense: SELinux, and /usr being mounted as read-only (see [3]). Thus, existing Atomic Host systems should not be affected.
The kernel update to 4.20.3-200.fc29, which introduced bugs that blocked the 20190204 release [4], is now being tracked at [5] and [6]. Since we have confirmed the ppc64le image boots with nested kvm/qemu virtualization on Power9 hardware, we have decided to release.
An example of the diff between this and the previous released version
(for x86_64) is:
ostree diff commit old: cdcbea2ccac7804770be806befd30895457de080d1525ee6050a5bebdfeefeb7
ostree diff commit new: d00adf110907f93f6cdd05deda0e2878c9bd71c74e0c4c2e9a5250d2f4cc8868
Upgraded:
checkpolicy 2.8-2.fc29 -> 2.8-3.fc29
cockpit-bridge 185-1.fc29 -> 187-1.fc29
cockpit-docker 185-1.fc29 -> 187-1.fc29
cockpit-networkmanager 185-1.fc29 -> 187-1.fc29
cockpit-system 185-1.fc29 -> 187-1.fc29
container-selinux 2:2.77-1.git2c57a17.fc29 -> 2:2.81-2.git484806a.fc29
crypto-policies 20181026-1.gitd42aaa6.fc29 -> 20190211-2.gite3eacfc.fc29
curl 7.61.1-6.fc29 -> 7.61.1-9.fc29
dbus 1:1.12.10-1.fc29 -> 1:1.12.12-1.fc29
dbus-common 1:1.12.10-1.fc29 -> 1:1.12.12-1.fc29
dbus-daemon 1:1.12.10-1.fc29 -> 1:1.12.12-1.fc29
dbus-libs 1:1.12.10-1.fc29 -> 1:1.12.12-1.fc29
dbus-tools 1:1.12.10-1.fc29 -> 1:1.12.12-1.fc29
docker 2:1.13.1-62.git9cb56fd.fc29 -> 2:1.13.1-65.git1185cfd.fc29
docker-common 2:1.13.1-62.git9cb56fd.fc29 -> 2:1.13.1-65.git1185cfd.fc29
docker-rhel-push-plugin 2:1.13.1-62.git9cb56fd.fc29 -> 2:1.13.1-65.git1185cfd.fc29
elfutils-default-yama-scope 0.174-5.fc29 -> 0.176-1.fc29
elfutils-libelf 0.174-5.fc29 -> 0.176-1.fc29
elfutils-libs 0.174-5.fc29 -> 0.176-1.fc29
file 5.34-7.fc29 -> 5.34-11.fc29
file-libs 5.34-7.fc29 -> 5.34-11.fc29
geolite2-city 20181204-1.fc29 -> 20190205-1.fc29
geolite2-country 20181204-1.fc29 -> 20190205-1.fc29
glib2 2.58.2-1.fc29 -> 2.58.3-1.fc29
gnutls 3.6.5-2.fc29 -> 3.6.6-1.fc29
gpgme 1.11.1-3.fc29 -> 1.12.0-1.fc29
iproute 4.18.0-3.fc29 -> 4.20.0-1.fc29
iproute-tc 4.18.0-3.fc29 -> 4.20.0-1.fc29
kernel 4.19.15-300.fc29 -> 4.20.8-200.fc29
kernel-core 4.19.15-300.fc29 -> 4.20.8-200.fc29
kernel-modules 4.19.15-300.fc29 -> 4.20.8-200.fc29
libcurl 7.61.1-6.fc29 -> 7.61.1-9.fc29
libidn2 2.0.5-2.fc29 -> 2.1.1a-1.fc29
libpng 2:1.6.34-6.fc29 -> 2:1.6.34-7.fc29
libreport-filesystem 2.9.7-2.fc29 -> 2.10.0-1.fc29
libselinux 2.8-4.fc29 -> 2.8-6.fc29
libselinux-utils 2.8-4.fc29 -> 2.8-6.fc29
libsemanage 2.8-4.fc29 -> 2.8-8.fc29
libsepol 2.8-2.fc29 -> 2.8-3.fc29
libsolv 0.7.2-1.fc29 -> 0.7.2-2.fc29
libxcrypt 4.4.2-3.fc29 -> 4.4.3-2.fc29
libyaml 0.2.1-2.fc29 -> 0.2.1-5.fc29
linux-firmware 20181219-89.git0f22c852.fc29 -> 20190213-93.git710963fe.fc29
lua-libs 5.3.5-2.fc29 -> 5.3.5-3.fc29
nss 3.41.0-3.fc29 -> 3.42.1-1.fc29
nss-softokn 3.41.0-3.fc29 -> 3.42.1-1.fc29
nss-softokn-freebl 3.41.0-3.fc29 -> 3.42.1-1.fc29
nss-sysinit 3.41.0-3.fc29 -> 3.42.1-1.fc29
nss-util 3.41.0-3.fc29 -> 3.42.1-1.fc29
oci-umount 2:2.3.4-2.git87f9237.fc29 -> 2:2.5-1.gitc3cda1f.fc29
openssh 7.9p1-3.fc29 -> 7.9p1-4.fc29
openssh-clients 7.9p1-3.fc29 -> 7.9p1-4.fc29
openssh-server 7.9p1-3.fc29 -> 7.9p1-4.fc29
p11-kit 0.23.14-2.fc29 -> 0.23.15-1.fc29
p11-kit-trust 0.23.14-2.fc29 -> 0.23.15-1.fc29
policycoreutils 2.8-8.fc29 -> 2.8-17.fc29
policycoreutils-python-utils 2.8-8.fc29 -> 2.8-17.fc29
polkit 0.115-4.2.fc29 -> 0.115-4.3.fc29
polkit-libs 0.115-4.2.fc29 -> 0.115-4.3.fc29
python2-libselinux 2.8-4.fc29 -> 2.8-6.fc29
python2-libsemanage 2.8-4.fc29 -> 2.8-8.fc29
python2-policycoreutils 2.8-8.fc29 -> 2.8-17.fc29
python2-pyOpenSSL 18.0.0-3.fc29 -> 19.0.0-1.fc29
python3 3.7.2-1.fc29 -> 3.7.2-4.fc29
python3-dateutil 1:2.7.0-3.fc29 -> 1:2.7.5-1.fc29
python3-jsonschema 2.6.0-5.fc29 -> 2.6.0-6.fc29
python3-libs 3.7.2-1.fc29 -> 3.7.2-4.fc29
python3-libselinux 2.8-4.fc29 -> 2.8-6.fc29
python3-libsemanage 2.8-4.fc29 -> 2.8-8.fc29
python3-policycoreutils 2.8-8.fc29 -> 2.8-17.fc29
python3-pyOpenSSL 18.0.0-3.fc29 -> 19.0.0-1.fc29
rpm-ostree 2018.10-1.fc29 -> 2019.2-1.fc29
rpm-ostree-libs 2018.10-1.fc29 -> 2019.2-1.fc29
runc 2:1.0.0-66.dev.gitbbb17ef.fc29 -> 2:1.0.0-68.dev.git6635b4f.fc29
selinux-policy 3.14.2-47.fc29 -> 3.14.2-49.fc29
selinux-policy-targeted 3.14.2-47.fc29 -> 3.14.2-49.fc29
systemd 239-8.gite339eae.fc29 -> 239-11.git4dc7dce.fc29
systemd-container 239-8.gite339eae.fc29 -> 239-11.git4dc7dce.fc29
systemd-libs 239-8.gite339eae.fc29 -> 239-11.git4dc7dce.fc29
systemd-pam 239-8.gite339eae.fc29 -> 239-11.git4dc7dce.fc29
systemd-udev 239-8.gite339eae.fc29 -> 239-11.git4dc7dce.fc29
vim-minimal 2:8.1.702-1.fc29 -> 2:8.1.897-1.fc29
zchunk-libs 1.0.2-1.fc29 -> 1.0.3-1.fc29
Removed:
python3-IPy-0.81-23.fc29.noarch
Added:
linux-firmware-whence-20190213-93.git710963fe.fc29.noarch
x86_64 AMIs are here:
Fedora-AtomicHost-29-20190219.0.x86_64 eu-west-2 ami-0ec9ed52bec7e243a hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ap-northeast-1 ami-0f0e0f0a2110ffc03 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 eu-central-1 ami-0af0e87e8ed63dd45 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 us-west-1 ami-0f9f2dfdb7825543a hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 us-west-2 ami-0d27a0b6a82bc2737 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ap-southeast-2 ami-0458a3b8c2f19e4f9 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ca-central-1 ami-04ad07470f41a547f hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ap-southeast-1 ami-0601b1fcd48a38040 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 sa-east-1 ami-0656310a3bbb4c745 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ap-northeast-2 ami-0f7a7d20979d3223e hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 eu-west-1 ami-0401658df6c69a65d hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 ap-south-1 ami-0fbe9bac04a17820a hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 us-east-1 ami-0c97b936303859c89 hvm gp2
Fedora-AtomicHost-29-20190219.0.x86_64 eu-west-2 ami-012e11237f48309b2 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ap-northeast-1 ami-088e976156e988908 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 eu-central-1 ami-0536ed74c1dcc6c7f hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 us-west-1 ami-0cb526c05de3d75ed hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 us-west-2 ami-045874f74038dab5b hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ap-southeast-2 ami-00a6cafaabfd65de3 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ca-central-1 ami-0cab048455908459a hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ap-southeast-1 ami-0dc00809d23864794 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 sa-east-1 ami-00ffffbf0fa05f024 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ap-northeast-2 ami-04c2c71840279c581 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 eu-west-1 ami-025a9a2d67f5cf8d1 hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 ap-south-1 ami-081c0af897ecc0cba hvm standard
Fedora-AtomicHost-29-20190219.0.x86_64 us-east-1 ami-0a1ebea4bfc1ef073 hvm standard
aarch64 AMIs are here:
Fedora-AtomicHost-29-20190219.0.aarch64 us-west-2 ami-05c281b052ff87d45 hvm gp2
Fedora-AtomicHost-29-20190219.0.aarch64 eu-west-1 ami-0bab5d6192e989266 hvm gp2
Fedora-AtomicHost-29-20190219.0.aarch64 us-east-1 ami-0d57fc3645ee641d4 hvm gp2
The Vagrant Cloud page with the new Atomic Host:
https://app.vagrantup.com/fedora/boxes/29-atomic-host
https://app.vagrantup.com/fedora/boxes/29-atomic-host/versions/29.20190219.0
Thanks,
Fedora Atomic Working Group
[1] https://nvd.nist.gov/vuln/detail/CVE-2019-5736
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1669982
[3] https://lists.projectatomic.io/projectatomic-archives/atomic-announce/2019-February/msg00002.html
[4] https://lists.projectatomic.io/projectatomic-archives/atomic-announce/2019-February/msg00001.html
[5] https://bugzilla.redhat.com/show_bug.cgi?id=1676475
[6] https://bugzilla.redhat.com/show_bug.cgi?id=1668751
On Tue, Feb 19, 2019 at 6:51 PM <noreply@xxxxxxxxxxxxxxxxx> wrote:
>
>
> A new Fedora Atomic Host update is available via an OSTree update:
>
> Version: 29.20190219.0
> Commit(x86_64): d00adf110907f93f6cdd05deda0e2878c9bd71c74e0c4c2e9a5250d2f4cc8868
> Commit(aarch64): b87cb9e59aa668ea0e79c3d2e7c017a340c03dcf79a2f7756fedddb3831ca74e
> Commit(ppc64le): 33ee5adfd3e33c8e03ad460c75fe71858528f0d91cffd9c01c07a92b2ad000c2
>
>
> We are releasing images from multiple architectures but please note
> that x86_64 architecture is the only one that undergoes automated
> testing at this time.
>
> Existing systems can be upgraded in place via e.g. `atomic host upgrade`.
>
> Corresponding image media for new installations can be downloaded from:
>
> https://getfedora.org/en/atomic/download/
>
> Alternatively, image artifacts can be found at the following links:
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/aarch64/images/Fedora-AtomicHost-29-20190219.0.aarch64.qcow2
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/aarch64/images/Fedora-AtomicHost-29-20190219.0.aarch64.raw.xz
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/aarch64/iso/Fedora-AtomicHost-ostree-aarch64-29-20190219.0.iso
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/ppc64le/images/Fedora-AtomicHost-29-20190219.0.ppc64le.qcow2
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/ppc64le/images/Fedora-AtomicHost-29-20190219.0.ppc64le.raw.xz
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/ppc64le/iso/Fedora-AtomicHost-ostree-ppc64le-29-20190219.0.iso
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/images/Fedora-AtomicHost-29-20190219.0.x86_64.qcow2
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/images/Fedora-AtomicHost-29-20190219.0.x86_64.raw.xz
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/images/Fedora-AtomicHost-Vagrant-29-20190219.0.x86_64.vagrant-libvirt.box
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/images/Fedora-AtomicHost-Vagrant-29-20190219.0.x86_64.vagrant-virtualbox.box
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/iso/Fedora-AtomicHost-ostree-x86_64-29-20190219.0.iso
>
> Respective signed CHECKSUM files can be found here:
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/aarch64/images/Fedora-AtomicHost-29-20190219.0-aarch64-CHECKSUM
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/aarch64/iso/Fedora-AtomicHost-29-20190219.0-aarch64-CHECKSUM
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/ppc64le/images/Fedora-AtomicHost-29-20190219.0-ppc64le-CHECKSUM
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/ppc64le/iso/Fedora-AtomicHost-29-20190219.0-ppc64le-CHECKSUM
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/images/Fedora-AtomicHost-29-20190219.0-x86_64-CHECKSUM
> https://alt.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20190219.0/AtomicHost/x86_64/iso/Fedora-AtomicHost-29-20190219.0-x86_64-CHECKSUM
>
> For direct download, the "latest" targets are always available here:
> x86_64:
> https://getfedora.org/atomic_qcow2_x86_64_latest
> https://getfedora.org/atomic_raw_x86_64_latest
> https://getfedora.org/atomic_vagrant_libvirt_x86_64_latest
> https://getfedora.org/atomic_vagrant_virtualbox_x86_64_latest
> https://getfedora.org/atomic_dvd_ostree_x86_64_latest
>
> aarch64:
> https://getfedora.org/atomic_qcow2_aarch64_latest
> https://getfedora.org/atomic_raw_aarch64_latest
> https://getfedora.org/atomic_dvd_ostree_aarch64_latest
>
> ppc64le:
> https://getfedora.org/atomic_qcow2_ppc64le_latest
> https://getfedora.org/atomic_raw_ppc64le_latest
> https://getfedora.org/atomic_dvd_ostree_ppc64le_latest
>
> Filename fetching URLs are available here:
> x86_64:
> https://getfedora.org/atomic_qcow2_x86_64_latest_filename
> https://getfedora.org/atomic_raw_x86_64_latest_filename
> https://getfedora.org/atomic_vagrant_libvirt_x86_64_latest_filename
> https://getfedora.org/atomic_vagrant_virtualbox_x86_64_latest_filename
> https://getfedora.org/atomic_dvd_ostree_x86_64_latest_filename
>
> aarch64:
> https://getfedora.org/atomic_qcow2_aarch64_latest_filename
> https://getfedora.org/atomic_raw_aarch64_latest_filename
> https://getfedora.org/atomic_dvd_ostree_aarch64_latest_filename
>
> ppc64le:
> https://getfedora.org/atomic_qcow2_ppc64le_latest_filename
> https://getfedora.org/atomic_raw_ppc64le_latest_filename
> https://getfedora.org/atomic_dvd_ostree_ppc64le_latest_filename
>
> For more information about the latest targets, please reference the Fedora
> Atomic Wiki space.
>
> https://fedoraproject.org/wiki/Atomic_WG#Fedora_Atomic_Image_Download_Links
>
> Do note that it can take some of the mirrors up to 12 hours to "check-in" at
> their own discretion.
>
> Thank you,
> Fedora Release Engineering
>
_______________________________________________ cloud mailing list -- cloud@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to cloud-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/cloud@xxxxxxxxxxxxxxxxxxxxxxx