The following Fedora 26 Security updates need testing: Age URL 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab43d1d240 tnef-1.4.14-1.fc26 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01 python-XStatic-jquery-ui-1.12.0.1-2.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2f3096ba16 php-pear-CAS-1.3.5-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e8b639c286 dovecot-2.2.29.1-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2e94c7b518 yara-3.5.0-7.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0e64c4c186 tomcat-8.0.43-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-30e042c42a mingw-gnutls-3.5.11-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1fedb9890c community-mysql-5.7.18-2.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3eec07cb06 curl-7.53.1-6.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8285bc54d9 firefox-53.0-2.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-90bcb067bf fedora-release-26-0.6 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c74484d3bd libfm-1.2.5-3.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a95a89e4ba livecd-tools-24.3-2.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-746673dc6e menu-cache-1.0.2-2.D20170417git54ab9e4576.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3034559ef garcon-0.6.0-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-de09f44c47 uboot-tools-2017.05-0.4.rc2.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4defa84b6d kernel-4.11.0-0.rc7.git0.1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8285bc54d9 firefox-53.0-2.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3eec07cb06 curl-7.53.1-6.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1e844336cd tigervnc-1.7.90-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c9e8822dd xorg-x11-drv-nouveau-1.0.14-2.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b779dd6c08 koji-1.12.0-2.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98 selinux-policy-3.13.1-251.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-400199e1b0 krb5-1.15.1-7.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1e5e717c6 python3-3.6.1-4.fc26 python3-docs-3.6.1-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9986ec55b9 audit-2.7.6-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8c49cfe1c3 koji-1.12.0-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1d33237871 ibus-1.5.15-7.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a10f04bea8 cyrus-sasl-2.1.26-32.fc26 The following builds have been pushed to Fedora 26 updates-testing ansible-2.3.0.0-3.fc26 batik-1.8-8.fc26 community-mysql-5.7.18-2.fc26 curl-7.53.1-6.fc26 firefox-53.0-2.fc26 glite-lb-common-9.1.1-7.fc26 golang-github-milochristiansen-lua-1.1.3-1.fc26 gscan2pdf-1.8.0-2.fc26 ibus-libpinyin-1.9.0-1.fc26 koji-1.12.0-2.fc26 krb5-1.15.1-7.fc26 libimagequant-2.9.1-1.fc26 libpinyin-2.0.0-1.fc26 lumina-desktop-1.2.0-2.p1.Ld700dea.fc26 lxqt-l10n-0.11.2-6.fc26 mate-icon-theme-1.18.2-1.fc26 nfs-ganesha-2.4.5-2.fc26 nodejs-emojione-2.2.7-3.fc26 nvme-cli-1.2-2.fc26 ohc-0.6.1-1.fc26 pass-1.7.1-2.fc26 pngquant-2.9.1-1.fc26 python-libcloud-2.0.0rc2-1.fc26 qt-virt-manager-0.42.67-3.fc26 qterminal-0.7.1-1.fc26 qtermwidget-0.7.1-1.fc26 qtermwidget-qt4-0.6.0-1.fc26 rubygem-unf_ext-0.0.7.4-1.fc26 selinux-policy-3.13.1-251.fc26 squidGuard-1.4-28.fc26 tigervnc-1.7.90-1.fc26 xorg-x11-drv-nouveau-1.0.14-2.fc26 Details about builds: ================================================================================ ansible-2.3.0.0-3.fc26 (FEDORA-2017-09aaf11770) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Backport fix for https://github.com/ansible/ansible/issues/22572 -------------------------------------------------------------------------------- ================================================================================ batik-1.8-8.fc26 (FEDORA-2017-2ef96c0f10) Scalable Vector Graphics for Java -------------------------------------------------------------------------------- Update Information: Add missing requires on xmlgraphics-commons -------------------------------------------------------------------------------- References: [ 1 ] Bug #1443567 - missing Requires: xmlgraphics-commons in squiggle and rasterizer subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1443567 -------------------------------------------------------------------------------- ================================================================================ community-mysql-5.7.18-2.fc26 (FEDORA-2017-1fedb9890c) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information: Update to 5.7.18 CVEs fixed by this update can be found here: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1414386 - CVE-2017-3265 community-mysql: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1414386 [ 2 ] Bug #1443407 - CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3450 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3599 CVE-2017-3600 community-mysql: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1443407 [ 3 ] Bug #1441001 - community-mysql-5.7.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441001 -------------------------------------------------------------------------------- ================================================================================ curl-7.53.1-6.fc26 (FEDORA-2017-3eec07cb06) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: - fix switching off SSL session id when client cert is used (CVE-2017-7468) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1443384 - CVE-2017-7468 curl: TLS session resumption client cert bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1443384 -------------------------------------------------------------------------------- ================================================================================ firefox-53.0-2.fc26 (FEDORA-2017-8285bc54d9) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: - update to latest upstream (53.0) -------------------------------------------------------------------------------- ================================================================================ glite-lb-common-9.1.1-7.fc26 (FEDORA-2017-c5ae641acd) gLite Logging and Bookkeeping common headers and library -------------------------------------------------------------------------------- Update Information: Rebuilt with condor 8.6.1 -------------------------------------------------------------------------------- ================================================================================ golang-github-milochristiansen-lua-1.1.3-1.fc26 (FEDORA-2017-e960574979) Lua 5.3 VM and compiler written in Go -------------------------------------------------------------------------------- Update Information: Lua 5.3 VM and compiler written in Go -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411962 - Review Request: golang-github-milochristiansen-lua - A Lua 5.3 VM and compiler written in Go https://bugzilla.redhat.com/show_bug.cgi?id=1411962 -------------------------------------------------------------------------------- ================================================================================ gscan2pdf-1.8.0-2.fc26 (FEDORA-2017-9b06d986de) GUI for producing a multipage PDF from a scan -------------------------------------------------------------------------------- Update Information: This release corrects an unpaper test. -------------------------------------------------------------------------------- ================================================================================ ibus-libpinyin-1.9.0-1.fc26 (FEDORA-2017-f2e9944633) Intelligent Pinyin engine based on libpinyin for IBus -------------------------------------------------------------------------------- Update Information: new upstream release. -------------------------------------------------------------------------------- ================================================================================ koji-1.12.0-2.fc26 (FEDORA-2017-b779dd6c08) Build system tools -------------------------------------------------------------------------------- Update Information: update to upstream 1.12.0, add bugfix -------------------------------------------------------------------------------- ================================================================================ krb5-1.15.1-7.fc26 (FEDORA-2017-400199e1b0) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information: Update backport of certauth interface for IPA. -------------------------------------------------------------------------------- ================================================================================ libimagequant-2.9.1-1.fc26 (FEDORA-2017-8886907ddb) Palette quantization library -------------------------------------------------------------------------------- Update Information: update to pngquant-2.9.1 and libimagequant-2.9.1 -------------------------------------------------------------------------------- ================================================================================ libpinyin-2.0.0-1.fc26 (FEDORA-2017-f2e9944633) Library to deal with pinyin -------------------------------------------------------------------------------- Update Information: new upstream release. -------------------------------------------------------------------------------- ================================================================================ lumina-desktop-1.2.0-2.p1.Ld700dea.fc26 (FEDORA-2017-5531d72618) A lightweight, portable desktop environment -------------------------------------------------------------------------------- Update Information: fix dependency to filesystem subpackage, it is noarch -------------------------------------------------------------------------------- ================================================================================ lxqt-l10n-0.11.2-6.fc26 (FEDORA-2017-ec98e192d4) Translations for the LXQt desktop -------------------------------------------------------------------------------- Update Information: qtermwidget and qterminal updates to 0.7.1: * Removed Qt4 builds (no longer supported upstream) * Provide new package qtermwidget-qt4 for legacy Qt4 software * Translations now provided by qterminal-l10n (part of lxqt-l10n) * qt- virt-manager: rebuilt for update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406964 - qterminal-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406964 [ 2 ] Bug #1441222 - Review Request: qtermwidget-qt4 - Qt4 terminal widget https://bugzilla.redhat.com/show_bug.cgi?id=1441222 [ 3 ] Bug #1406965 - qtermwidget-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406965 -------------------------------------------------------------------------------- ================================================================================ mate-icon-theme-1.18.2-1.fc26 (FEDORA-2017-6c44ddae83) Icon theme for MATE Desktop -------------------------------------------------------------------------------- Update Information: - update to new upstream release - fix some broken flags -------------------------------------------------------------------------------- ================================================================================ nfs-ganesha-2.4.5-2.fc26 (FEDORA-2017-f7b10b76a5) NFS-Ganesha is a NFS Server running in user space -------------------------------------------------------------------------------- Update Information: nfs-ganesha 2.4.5 GA, w/ RGW again (cephfs-10.2.7) -------------------------------------------------------------------------------- ================================================================================ nodejs-emojione-2.2.7-3.fc26 (FEDORA-2017-250806ab94) EmojiOne is a complete set of emojis designed for the web -------------------------------------------------------------------------------- Update Information: package.js* are now moved from base package to json package. -------------------------------------------------------------------------------- ================================================================================ nvme-cli-1.2-2.fc26 (FEDORA-2017-d6edab707f) NVMe management command line interface -------------------------------------------------------------------------------- Update Information: Update to 1.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433163 - nvme-cli-1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1433163 -------------------------------------------------------------------------------- ================================================================================ ohc-0.6.1-1.fc26 (FEDORA-2017-3e0d5f925a) Java large off heap cache -------------------------------------------------------------------------------- Update Information: version update, tests are back to normal -------------------------------------------------------------------------------- References: [ 1 ] Bug #1370900 - ohc-0.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1370900 -------------------------------------------------------------------------------- ================================================================================ pass-1.7.1-2.fc26 (FEDORA-2017-53a86967ad) A password manager using standard Unix tools -------------------------------------------------------------------------------- Update Information: New minor upstream release -------------------------------------------------------------------------------- ================================================================================ pngquant-2.9.1-1.fc26 (FEDORA-2017-8886907ddb) PNG quantization tool for reducing image file size -------------------------------------------------------------------------------- Update Information: update to pngquant-2.9.1 and libimagequant-2.9.1 -------------------------------------------------------------------------------- ================================================================================ python-libcloud-2.0.0rc2-1.fc26 (FEDORA-2017-435fedd281) A Python library to address multiple cloud provider APIs -------------------------------------------------------------------------------- Update Information: Apache Libcloud version 2.0.0rc2 upgrade -------------------------------------------------------------------------------- ================================================================================ qt-virt-manager-0.42.67-3.fc26 (FEDORA-2017-ec98e192d4) Qt Virtual Machine Manager -------------------------------------------------------------------------------- Update Information: qtermwidget and qterminal updates to 0.7.1: * Removed Qt4 builds (no longer supported upstream) * Provide new package qtermwidget-qt4 for legacy Qt4 software * Translations now provided by qterminal-l10n (part of lxqt-l10n) * qt- virt-manager: rebuilt for update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406964 - qterminal-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406964 [ 2 ] Bug #1441222 - Review Request: qtermwidget-qt4 - Qt4 terminal widget https://bugzilla.redhat.com/show_bug.cgi?id=1441222 [ 3 ] Bug #1406965 - qtermwidget-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406965 -------------------------------------------------------------------------------- ================================================================================ qterminal-0.7.1-1.fc26 (FEDORA-2017-ec98e192d4) Advanced Qt5-based terminal emulator -------------------------------------------------------------------------------- Update Information: qtermwidget and qterminal updates to 0.7.1: * Removed Qt4 builds (no longer supported upstream) * Provide new package qtermwidget-qt4 for legacy Qt4 software * Translations now provided by qterminal-l10n (part of lxqt-l10n) * qt- virt-manager: rebuilt for update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406964 - qterminal-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406964 [ 2 ] Bug #1441222 - Review Request: qtermwidget-qt4 - Qt4 terminal widget https://bugzilla.redhat.com/show_bug.cgi?id=1441222 [ 3 ] Bug #1406965 - qtermwidget-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406965 -------------------------------------------------------------------------------- ================================================================================ qtermwidget-0.7.1-1.fc26 (FEDORA-2017-ec98e192d4) Qt5 terminal widget -------------------------------------------------------------------------------- Update Information: qtermwidget and qterminal updates to 0.7.1: * Removed Qt4 builds (no longer supported upstream) * Provide new package qtermwidget-qt4 for legacy Qt4 software * Translations now provided by qterminal-l10n (part of lxqt-l10n) * qt- virt-manager: rebuilt for update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406964 - qterminal-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406964 [ 2 ] Bug #1441222 - Review Request: qtermwidget-qt4 - Qt4 terminal widget https://bugzilla.redhat.com/show_bug.cgi?id=1441222 [ 3 ] Bug #1406965 - qtermwidget-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406965 -------------------------------------------------------------------------------- ================================================================================ qtermwidget-qt4-0.6.0-1.fc26 (FEDORA-2017-ec98e192d4) Qt4 terminal widget -------------------------------------------------------------------------------- Update Information: qtermwidget and qterminal updates to 0.7.1: * Removed Qt4 builds (no longer supported upstream) * Provide new package qtermwidget-qt4 for legacy Qt4 software * Translations now provided by qterminal-l10n (part of lxqt-l10n) * qt- virt-manager: rebuilt for update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406964 - qterminal-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406964 [ 2 ] Bug #1441222 - Review Request: qtermwidget-qt4 - Qt4 terminal widget https://bugzilla.redhat.com/show_bug.cgi?id=1441222 [ 3 ] Bug #1406965 - qtermwidget-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406965 -------------------------------------------------------------------------------- ================================================================================ rubygem-unf_ext-0.0.7.4-1.fc26 (FEDORA-2017-d7186fd0f9) Unicode Normalization Form support library for CRuby -------------------------------------------------------------------------------- Update Information: New version 0.0.7.4 is released. -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.13.1-251.fc26 (FEDORA-2017-f36794dd98) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=881092 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1442572 - SELinux is preventing useradd from write access on the sock_file system_bus_socket https://bugzilla.redhat.com/show_bug.cgi?id=1442572 [ 2 ] Bug #1433191 - SELinux is preventing gdm-session-wor from 'view' accesses on the key Unknown. https://bugzilla.redhat.com/show_bug.cgi?id=1433191 [ 3 ] Bug #1426646 - AVCs caused by FreeIPA code change https://bugzilla.redhat.com/show_bug.cgi?id=1426646 [ 4 ] Bug #1418682 - SELinux is preventing systemd from 'connectto' accesses on the unix_stream_socket /run/systemd/journal/stdout. https://bugzilla.redhat.com/show_bug.cgi?id=1418682 [ 5 ] Bug #1416963 - SELinux is preventing groupadd from 'write' accesses on the sock_file system_bus_socket. https://bugzilla.redhat.com/show_bug.cgi?id=1416963 [ 6 ] Bug #1413298 - SELinux is preventing qemu-system-x86 from 'search' accesses on the directory 3278. https://bugzilla.redhat.com/show_bug.cgi?id=1413298 [ 7 ] Bug #1410505 - RELP port for rsyslog https://bugzilla.redhat.com/show_bug.cgi?id=1410505 [ 8 ] Bug #1401634 - SELinux is preventing cups-browsed from create access on the lnk_file 58456ab283fca. https://bugzilla.redhat.com/show_bug.cgi?id=1401634 [ 9 ] Bug #1400470 - SELinux: Files in /usr/local/bin get mislabeled as var_t instead of bin_t https://bugzilla.redhat.com/show_bug.cgi?id=1400470 [ 10 ] Bug #1392162 - SELinux is preventing gutenprint52+us from using the 'wake_alarm' capabilities. https://bugzilla.redhat.com/show_bug.cgi?id=1392162 [ 11 ] Bug #1391337 - please allow /usr/sbin/abrt-server to read /proc/[pid]/ns/ipc file https://bugzilla.redhat.com/show_bug.cgi?id=1391337 [ 12 ] Bug #1391040 - please allow /usr/libexec/abrt-hook-ccpp (kernel.core_pattern) to drop Capabilities https://bugzilla.redhat.com/show_bug.cgi?id=1391040 -------------------------------------------------------------------------------- ================================================================================ squidGuard-1.4-28.fc26 (FEDORA-2017-506365da3e) Filter, redirector and access controller plugin for squid -------------------------------------------------------------------------------- Update Information: Maintenance changes only: - Helper protocol patch (bug #1443273, bug #1418267) - Fix logrotate configuration (bug #1394601) - Fix typo in transparent- proxying.service -------------------------------------------------------------------------------- References: [ 1 ] Bug #1443273 - squidGuard does not work with current squid in F25 (and probably other versions) https://bugzilla.redhat.com/show_bug.cgi?id=1443273 [ 2 ] Bug #1418267 - UPGRADE WARNING from squid "url rewriter responded with garbage" https://bugzilla.redhat.com/show_bug.cgi?id=1418267 [ 3 ] Bug #1394601 - squidGuard logrotate config uses wildcard incorrectly https://bugzilla.redhat.com/show_bug.cgi?id=1394601 -------------------------------------------------------------------------------- ================================================================================ tigervnc-1.7.90-1.fc26 (FEDORA-2017-1e844336cd) A TigerVNC remote display system -------------------------------------------------------------------------------- Update Information: Tigervnc 1.7.90 release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440247 - DeferUpdate is broken in tigervnc-1.7.1 https://bugzilla.redhat.com/show_bug.cgi?id=1440247 [ 2 ] Bug #1443796 - tigervnc-1.7.90 is available https://bugzilla.redhat.com/show_bug.cgi?id=1443796 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-drv-nouveau-1.0.14-2.fc26 (FEDORA-2017-4c9e8822dd) Xorg X11 nouveau video driver for NVIDIA graphics chipsets -------------------------------------------------------------------------------- Update Information: Fixes crashing that resulted from the 1.0.14-1 update. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
