The following Fedora 27 Security updates need testing: Age URL 27 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d270e932a3 nagios-4.3.4-3.fc27 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-523f6a613d botan-1.10.17-1.fc27 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-67f13dd1e1 mingw-taglib-1.11.1-4.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-899c5f6a86 nodejs-forwarded-0.1.2-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-025ff38ac9 poppler-0.57.0-5.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cbb8db2be6 libXfont2-2.0.2-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-39c5f8cd7e sssd-1.15.3-5.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9fd430dba0 wireshark-2.4.2-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0b90d8bb68 thunderbird-52.4.0-2.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1f0519599 git-annex-6.20170925-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-19c9fc71f9 cacti-1.1.26-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9b3e2904bf lucene-6.1.0-6.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aa9927961f kernel-4.13.8-300.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ce403f01ce SDL2-2.0.6-4.fc27 The following builds have been pushed to Fedora 27 updates-testing OpenIPMI-2.0.23-6.fc27 SDL2-2.0.6-4.fc27 argon2-20161029-1.fc27 clustershell-1.7.91-1.fc27 copr-backend-1.106-1.fc27 copr-cli-1.64-1.fc27 copr-frontend-1.123-1.fc27 copr-rpmbuild-0.11-1.fc27 copy-jdk-configs-3.3-1.fc27 dbxtool-8-1.fc27 dnf-2.7.5-1.fc27 gimp-2.8.22-2.fc27.3 kernel-4.13.8-300.fc27 kobo-0.7.0-3.fc27 libqb-1.0.2-11.fc27 netpbm-10.80.00-2.fc27 pag-0.7-1.fc27 pcs-0.9.160-1.fc27 perl-Email-Address-XS-1.01-1.fc27 perl-Net-Appliance-Session-4.300000-1.fc27 perl-Net-CLI-Interact-2.300002-1.fc27 php-bacon-qr-code-1.0.3-1.fc27 php-phpspec-4.1.0-1.fc27 php-sabre-vobject4-4.1.3-1.fc27 python-aiohttp-2.3.0-1.fc27 python-copr-1.82-1.fc27 qemu-2.10.0-5.fc27 rpkg-client-0.10-1.fc27 sparse-0.5.1-1.fc27 suricata-4.0.1-1.fc27 tpm2-abrmd-1.1.0-7.fc27 Details about builds: ================================================================================ OpenIPMI-2.0.23-6.fc27 (FEDORA-2017-4ba77dc959) IPMI (Intelligent Platform Management Interface) library and tools -------------------------------------------------------------------------------- Update Information: Rebuilt for python package -------------------------------------------------------------------------------- ================================================================================ SDL2-2.0.6-4.fc27 (FEDORA-2017-ce403f01ce) A cross-platform multimedia library -------------------------------------------------------------------------------- Update Information: Fix CVE-2017-2888 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1500734 - CVE-2017-2888 SDL2: SDL: Integer overflow while creating a new RGB surface [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1500734 -------------------------------------------------------------------------------- ================================================================================ argon2-20161029-1.fc27 (FEDORA-2017-f4a5530602) The password-hashing tools -------------------------------------------------------------------------------- Update Information: Argon2 is a password-hashing function that summarizes the state of the art in the design of memory-hard functions and can be used to hash passwords for credential storage, key derivation, or other applications. It has a simple design aimed at the highest memory filling rate and effective use of multiple computing units, while still providing defense against tradeoff attacks (by exploiting the cache and memory organization of the recent processors). Argon2 has three variants: Argon2i, Argon2d, and Argon2id. * Argon2d is faster and uses data-depending memory access, which makes it highly resistant against GPU cracking attacks and suitable for applications with no threats from side- channel timing attacks (eg. cryptocurrencies). * Argon2i instead uses data- independent memory access, which is preferred for password hashing and password-based key derivation, but it is slower as it makes more passes over the memory to protect from tradeoff attacks. * Argon2id is a hybrid of Argon2i and Argon2d, using a combination of data-depending and data-independent memory accesses, which gives some of Argon2i's resistance to side-channel cache timing attacks and much of Argon2d's resistance to GPU cracking attacks. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1503609 - Review Request: argon2 - The password-hashing tools https://bugzilla.redhat.com/show_bug.cgi?id=1503609 -------------------------------------------------------------------------------- ================================================================================ clustershell-1.7.91-1.fc27 (FEDORA-2017-68cfc14cf5) Python framework for efficient cluster administration -------------------------------------------------------------------------------- Update Information: 1.8 RC1 for testing ---- ClusterShell 1.8 beta2 targeted for updates-testing only. ---- ClusterShell 1.8 beta1 targeted for updates-testing only. Release #4 removes the vim-clustershell subpackage as it was confusing for the users. VIM extensions are just provided by the main clustershell subpackage, which now requires vim-filesystem instead of vim-common if available (only not on el6). ---- ClusterShell 1.8 beta1 targeted for updates-testing only. Release 3 should fix some packaging issues reported by taskotron. ---- ClusterShell 1.8 beta1 targeted for updates-testing only. This is release 2 with added Python 3 support. ---- ClusterShell 1.8 beta1 targeted for updates-testing only. -------------------------------------------------------------------------------- ================================================================================ copr-backend-1.106-1.fc27 (FEDORA-2017-218af746e5) Backend for Copr -------------------------------------------------------------------------------- Update Information: - invoke copr-rpmbuild with --verbose -------------------------------------------------------------------------------- ================================================================================ copr-cli-1.64-1.fc27 (FEDORA-2017-27a464549c) Command line interface for COPR -------------------------------------------------------------------------------- Update Information: - add SCM api - add deprecation warnings for tito and mockscm methods -------------------------------------------------------------------------------- ================================================================================ copr-frontend-1.123-1.fc27 (FEDORA-2017-6e75909d37) Frontend for Copr -------------------------------------------------------------------------------- Update Information: - also set srpm_url when --initial-pkgs is used when creating new project - for tag webhook events, rebuild the package on the specified tag - check for pagure hostname in pagure auto-rebuilding script - fix for fatal error when accessing old upload builds that do not contain 'url' key in source_json - unify SCM source types - deprecate tito and mock-scm methods - add index on package(webhook_rebuild, source_type) and copr(copr_webhook_secret) - update docs for requests/flask interaction ---- - Fix for internal server error when old srpm upload build is accessed. -------------------------------------------------------------------------------- ================================================================================ copr-rpmbuild-0.11-1.fc27 (FEDORA-2017-93f9f9ba37) Run COPR build tasks -------------------------------------------------------------------------------- Update Information: - provide option to root spec file path in SCM with '/' - fix exception raising in scm provider - make command debug info nicer - print task structure in the beginning even without -v - add listdir after srpm production - some Git backends do not support --depth - remove unused run method - checkout master by default - with limited depth, we need to clone with --no-single-branch - remove original perl script and mock config for it - remove no longer needed options from rpkg.conf.j2 - SCM source types unification - apply continuing line filtering from f4561c149893 - increase clone depth to address pag#129 SCM source type error -------------------------------------------------------------------------------- ================================================================================ copy-jdk-configs-3.3-1.fc27 (FEDORA-2017-57fc8aea94) JDKs configuration files copier -------------------------------------------------------------------------------- Update Information: handled new paths for policies files -------------------------------------------------------------------------------- ================================================================================ dbxtool-8-1.fc27 (FEDORA-2017-671a614067) Secure Boot DBX updater -------------------------------------------------------------------------------- Update Information: This should work around the issue where we try to update dbx on a non-Secure- Boot system and get "Permission Denied", which causes the systemd job on boot to fail. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1489942 - dbxtool fails at boot 'Could not apply database update "DBXUpdate-2016-08-09-13-16-00.bin": Permission denied' https://bugzilla.redhat.com/show_bug.cgi?id=1489942 -------------------------------------------------------------------------------- ================================================================================ dnf-2.7.5-1.fc27 (FEDORA-2017-ee5c678e8b) Package manager forked from Yum, using libsolv as a dependency resolver -------------------------------------------------------------------------------- Update Information: - Improve performance for excludes and includes handling (RHBZ #1500361) - Fixed problem of handling checksums for local repositories (RHBZ #1502106) - Fix traceback when using dnf.Base.close() (RHBZ #1503575) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1503575 - DNF breaks composes: AttributeError: 'NoneType' object has no attribute 'install_set' https://bugzilla.redhat.com/show_bug.cgi?id=1503575 [ 2 ] Bug #1502106 - dnf packages update breaks package removal via ansible https://bugzilla.redhat.com/show_bug.cgi?id=1502106 [ 3 ] Bug #1500361 - DNF in Fedora 26 is terrible slow https://bugzilla.redhat.com/show_bug.cgi?id=1500361 -------------------------------------------------------------------------------- ================================================================================ gimp-2.8.22-2.fc27.3 (FEDORA-2017-1623b75a45) GNU Image Manipulation Program -------------------------------------------------------------------------------- Update Information: Rebuilt for python package -------------------------------------------------------------------------------- ================================================================================ kernel-4.13.8-300.fc27 (FEDORA-2017-aa9927961f) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.13.8 update contains a number of important fixes across the tree. ---- The 4.13.6 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors https://bugzilla.redhat.com/show_bug.cgi?id=1495089 [ 2 ] Bug #1501878 - CVE-2017-15265 kernel: Use-after-free in snd_seq_ioctl_create_port() https://bugzilla.redhat.com/show_bug.cgi?id=1501878 [ 3 ] Bug #1498016 - CVE-2017-15299 kernel: Incorrect updates of uninstantiated keys crash the kernel https://bugzilla.redhat.com/show_bug.cgi?id=1498016 [ 4 ] Bug #1498067 - CVE-2017-1000255 kernel: Arbitrary stack overwrite causing oops via crafted signal frame https://bugzilla.redhat.com/show_bug.cgi?id=1498067 [ 5 ] Bug #1500094 - CVE-2017-5123 kernel: Missing access_ok() checks in waitid() https://bugzilla.redhat.com/show_bug.cgi?id=1500094 -------------------------------------------------------------------------------- ================================================================================ kobo-0.7.0-3.fc27 (FEDORA-2017-74d6988160) Python modules for tools development -------------------------------------------------------------------------------- Update Information: New upstream release 0.7.0; supports python 3 -------------------------------------------------------------------------------- ================================================================================ libqb-1.0.2-11.fc27 (FEDORA-2017-810447425f) An IPC library for high performance servers -------------------------------------------------------------------------------- Update Information: - Mitigate changed treatment of orphaned sections in ld.bfd/binutils-2.29, resulting in logging feature silently severed (rhbz#1478089, rhbz#1487787) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1478089 - libqb: FTBFS in Fedora rawhide (consequence of new binutils 2.29 and ld.bfd with a changed behaviour) https://bugzilla.redhat.com/show_bug.cgi?id=1478089 [ 2 ] Bug #1487787 - libqb (unfinished) fix re-establishing compatibility with ld from binutils 2.29 incomplete https://bugzilla.redhat.com/show_bug.cgi?id=1487787 -------------------------------------------------------------------------------- ================================================================================ netpbm-10.80.00-2.fc27 (FEDORA-2017-dce2d79a96) A library for handling different graphics file formats -------------------------------------------------------------------------------- Update Information: New upstream release 10.80.00 Rebuilt for python package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1496797 - netpbm-10.80.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=1496797 -------------------------------------------------------------------------------- ================================================================================ pag-0.7-1.fc27 (FEDORA-2017-8b04a7633d) Commandline interaction with pagure.io -------------------------------------------------------------------------------- Update Information: New upstream release: * allow anonymous clones via `https://` * allow command passthrough to `git` * add `review` subcommand for checking out pull requests locally * add `create-issue` subcommand * add `upload` subcommand for uploading new release tarballs -------------------------------------------------------------------------------- ================================================================================ pcs-0.9.160-1.fc27 (FEDORA-2017-446a71b4ab) Pacemaker Configuration System -------------------------------------------------------------------------------- Update Information: Rebased to latest upstream sources -------------------------------------------------------------------------------- References: [ 1 ] Bug #1477595 - pcsd fails to start "Could not find 'rack-protection' (~> 1.4)" https://bugzilla.redhat.com/show_bug.cgi?id=1477595 [ 2 ] Bug #927977 - pcs-debuginfo 0.9.139-5 missing sources https://bugzilla.redhat.com/show_bug.cgi?id=927977 -------------------------------------------------------------------------------- ================================================================================ perl-Email-Address-XS-1.01-1.fc27 (FEDORA-2017-f956ef16ba) Parse and format RFC 2822 email addresses and groups -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1503941 - perl-Email-Address-XS-1.01 is available https://bugzilla.redhat.com/show_bug.cgi?id=1503941 -------------------------------------------------------------------------------- ================================================================================ perl-Net-Appliance-Session-4.300000-1.fc27 (FEDORA-2017-5c029ff593) Run command-line sessions to network appliances -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- ================================================================================ perl-Net-CLI-Interact-2.300002-1.fc27 (FEDORA-2017-ba5f8d8291) Toolkit for CLI Automation -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- ================================================================================ php-bacon-qr-code-1.0.3-1.fc27 (FEDORA-2017-c5f2092fff) QR code generator for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.0.3** As [upstream don't provide any changelog](https://github.com/Bacon/BaconQrCode/issues/35), see the [commit history](https://github.com/Bacon/BaconQrCode/commits/master). -------------------------------------------------------------------------------- ================================================================================ php-phpspec-4.1.0-1.fc27 (FEDORA-2017-d7aef1446a) Specification-oriented BDD framework for PHP -------------------------------------------------------------------------------- Update Information: **Version 4.1.0** / 2017-10-18 * New `shouldIterateLike`/`shouldYieldLike` matcher (@sroze) * Checks class name is not a reserved word when creating spec (@avant1) ---- **Version 4.0.4** / 2017-09-13 * Allow installation on PHP 7.2 (@ciaranmcnulty) * [performance] Improved speed when invoking native functions (@bendavies) -------------------------------------------------------------------------------- ================================================================================ php-sabre-vobject4-4.1.3-1.fc27 (FEDORA-2017-33f1602252) Library to parse and manipulate iCalendar and vCard objects -------------------------------------------------------------------------------- Update Information: **Version 4.1.3** (2017-10-18) * 363: Repair script and de-duplicate properties that are only allowed once, but appear more than once. (@ddolcimascolo). * 377: Addes Pacific Time (US & Canada) as exchange timezone * 384: Added fallback for VCards without `FN` -------------------------------------------------------------------------------- ================================================================================ python-aiohttp-2.3.0-1.fc27 (FEDORA-2017-9f5ed90143) Python HTTP client/server for asyncio -------------------------------------------------------------------------------- Update Information: Update to new upstream version 2.3.0 -------------------------------------------------------------------------------- ================================================================================ python-copr-1.82-1.fc27 (FEDORA-2017-27a464549c) Python interface for Copr -------------------------------------------------------------------------------- Update Information: - add SCM api - add deprecation warnings for tito and mockscm methods -------------------------------------------------------------------------------- ================================================================================ qemu-2.10.0-5.fc27 (FEDORA-2017-282fc67179) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: qemu-pr-helper didn't work due to a change in the libmultipath/libmpathpersist APIs exposed by device-mapper-multipath-devel. This has been fixed now. Other small changes to the qemu-pr-helper service are included. ---- Backport qemu- pr-helper from QEMU 2.11. This daemon allows unprivileged users (who have access to the daemon) to use persistent reservation commands on both regular disks and multipath block devices. -------------------------------------------------------------------------------- ================================================================================ rpkg-client-0.10-1.fc27 (FEDORA-2017-5f7b7fc7a9) RPM packaging utitility -------------------------------------------------------------------------------- Update Information: - possibility to give directory to --spec - also take --spec in account for rpmdefines - update spec descriptions - added is-packed subcommand - try reading ~/.config/rpkg before /etc/rpkg - add unittests - for source downloading, try both url formats with/without hashtype - add make-source subcommand - patch srpm to generate Source0 if unpacked content - override load_ns_module_name to work with any length namespaces - added --spec for srpm, make-source, and copr-build - fixed tagging not to include host dist tag - docs update - make all config values optional -------------------------------------------------------------------------------- ================================================================================ sparse-0.5.1-1.fc27 (FEDORA-2017-0f6ca5d72e) A semantic parser of source files -------------------------------------------------------------------------------- Update Information: Update to upstream release v0.5.1. -------------------------------------------------------------------------------- ================================================================================ suricata-4.0.1-1.fc27 (FEDORA-2017-621efeaac2) Intrusion Detection System -------------------------------------------------------------------------------- Update Information: This release adds support for Redis RPUSH. It aslso fixes a number of bugs. -------------------------------------------------------------------------------- ================================================================================ tpm2-abrmd-1.1.0-7.fc27 (FEDORA-2017-46c047f831) A system daemon implementing TPM2 Access Broker and Resource Manager -------------------------------------------------------------------------------- Update Information: tcti-abrmd: Fix null deref bug ---- Fix tpm2-abrmd won't start when tss user does not exist -------------------------------------------------------------------------------- References: [ 1 ] Bug #1503943 - tcti-tabrmd: Fix NULL deref bug https://bugzilla.redhat.com/show_bug.cgi?id=1503943 [ 2 ] Bug #1502996 - Systemd will fail to start tpm2-abrmd if the tss user does not exist. https://bugzilla.redhat.com/show_bug.cgi?id=1502996 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
