The following Fedora 26 Security updates need testing: Age URL 142 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 71 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e6f4f95e6 ruby-2.4.2-84.fc26 34 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3915878e18 ldns-1.7.0-4.fc26 34 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f87ce166c5 chromium-62.0.3202.89-1.fc26 17 https://bodhi.fedoraproject.org/updates/FEDORA-2017-774e7863a4 mongodb-3.4.10-1.fc26 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bac3ba7c3 qpid-cpp-1.37.0-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bce9e03721 tor-0.3.1.9-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5cdad4163 libvirt-3.2.1-7.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-018464cbf9 optipng-0.7.6-6.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d6402c8005 evince-3.24.2-2.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2d441a1d98 python26-2.6.9-7.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf8c62747a python35-3.5.4-2.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1dc71e1acd shellinabox-2.20-5.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e0abe14016 python34-3.4.7-2.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bf172b2035 lynx-2.8.9-0.20.dev16.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7fe2c4bc0e python33-3.3.7-2.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f3270406c libextractor-1.6-2.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-26c3ab48e4 wayland-1.13.0-3.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-38fbcdffc3 asterisk-13.18.4-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-80c6b4d3be sensible-utils-0.0.11-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aa4cc10bde qt5-qtbase-5.9.2-6.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-16a414b3c5 xen-4.8.2-9.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2962e58478 heimdal-7.5.0-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba6b6e71f7 kernel-4.14.6-200.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5cdad4163 libvirt-3.2.1-7.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8d2a756133 libsmbios-2.3.3-2.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5ac57e518 selinux-policy-3.13.1-260.18.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-26c3ab48e4 wayland-1.13.0-3.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-05db2de66b nfs-utils-2.2.1-1.rc2.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba6b6e71f7 kernel-4.14.6-200.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b79deedf43 linux-firmware-20171215-81.git2451bb22.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d57a06cda1 flatpak-0.10.2-1.fc26 flatpak-builder-0.10.6-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8b51db595f tigervnc-1.8.0-5.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-16a414b3c5 xen-4.8.2-9.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1ce6bb43a audit-2.8.2-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aa4cc10bde qt5-qtbase-5.9.2-6.fc26 The following builds have been pushed to Fedora 26 updates-testing bind-9.11.1-4.P3.fc26 cri-o-1.9.0-3.git814c6ab.fc26 enchant2-2.2.0-2.fc26 fcitx-unikey-0.2.7-1.fc26 flatpak-0.10.2-1.fc26 flatpak-builder-0.10.6-1.fc26 ghc-gi-gio-2.0.14-2.fc26 ghc-gi-glib-2.0.15-1.fc26 ghc-gi-gobject-2.0.15-2.fc26 ghc-gi-ostree-1.0.5-2.fc26 gnome-photos-3.24.5-1.fc26 kernel-4.14.6-200.fc26 libu2f-server-1.0.1-10.fc26 liferea-1.12.0-2.fc26 linux-firmware-20171215-81.git2451bb22.fc26 mingw-enchant2-2.2.0-2.fc26 mingw-qtspell-0.8.4-1.fc26 nfs-utils-2.2.1-1.rc2.fc26 python-catkin_pkg-0.3.8-2.fc26 qtspell-0.8.4-1.fc26 sway-0.15.0-3.fc26 tigervnc-1.8.0-5.fc26 valgrind-3.13.0-12.fc26 xorgxrdp-0.2.5-1.fc26 xrootd-4.8.0-1.fc26 Details about builds: ================================================================================ bind-9.11.1-4.P3.fc26 (FEDORA-2017-fcd3ad6ba8) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: - Own python3-bind isc directory (#1522944) - Make tsstsig system test pass again (#1500017) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1522944 - spec file should own python module directories https://bugzilla.redhat.com/show_bug.cgi?id=1522944 [ 2 ] Bug #1500017 - BIND internal tests for TSIG-GSS fail on Fedora 26 https://bugzilla.redhat.com/show_bug.cgi?id=1500017 -------------------------------------------------------------------------------- ================================================================================ cri-o-1.9.0-3.git814c6ab.fc26 (FEDORA-2017-f9d3b2cb00) CRI-O is the Kubernetes Container Runtime Interface for OCI-based containers -------------------------------------------------------------------------------- Update Information: Updated for Kubernetes 1.9 release. ---- Update with a couple of bug fixes. -------------------------------------------------------------------------------- ================================================================================ enchant2-2.2.0-2.fc26 (FEDORA-2017-26a66585e0) An Enchanting Spell Checking Library -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- ================================================================================ fcitx-unikey-0.2.7-1.fc26 (FEDORA-2017-b52768de00) Vietnamese Engine for Fcitx -------------------------------------------------------------------------------- Update Information: Update to 0.2.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1511239 - fcitx-unikey-0.2.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1511239 -------------------------------------------------------------------------------- ================================================================================ flatpak-0.10.2-1.fc26 (FEDORA-2017-d57a06cda1) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information: flatpak 0.10.2 release: * Flatpak now requires OSTree 2017.14 * flatpak update now updates from both system and user installations by default. * flatpak update is less noisy when updating appstream info. * All the remote-* commands now by default automatically decide to use --user or --system based on the given remote name. * flatpak remote-ls with no remote lists the content of all remotes * Fixed regression that made xdg-user-dirs and theme selection for kde apps break. * flatpak override with no argument now overrides globally, i.e. for all apps. * flatpak override now supports --nofilesystem properly. For example flatpak override --nofilesystem=~/.ssh hides the ssh dir for all apps, even those who have homedir access. * flatpak install now takes a --reinstall argument which uninstalls a previously installed version if necessary. This is very useful when you want to install a new version from a different source. * flatpak install now allows you to pass an absolute pathname as remote name, which will create a temporary remote and install from that. The remote will be removed when the app is uninstalled. This is very useful during development and testing. * Flatpak now creates CLI wrappers for all installed apps, so if you add /var/lib/flatpak/exports/bin or ~/.local/share/flatpak/exports/bin to your PATH you can easily start flatpak apps by their application id. flatpak-builder 0.10.6 release: * New checksum types for file/archive sources: md5, sha1, sha512 * Support including source snippets from another file, similar to how module includes are supported. * The app id renaming in the appdata file is now more careful to avoid renaming other parts. * The cache default repo format for new caches is now bare-user- only which means building with flatpak-builder works on filesystems that don't support xattrs. * New --install argument will install the finished build using the new flatpak install install-directly-from-local-repo feature. This makes it easier to test local builds. -------------------------------------------------------------------------------- ================================================================================ flatpak-builder-0.10.6-1.fc26 (FEDORA-2017-d57a06cda1) Tool to build flatpaks from source -------------------------------------------------------------------------------- Update Information: flatpak 0.10.2 release: * Flatpak now requires OSTree 2017.14 * flatpak update now updates from both system and user installations by default. * flatpak update is less noisy when updating appstream info. * All the remote-* commands now by default automatically decide to use --user or --system based on the given remote name. * flatpak remote-ls with no remote lists the content of all remotes * Fixed regression that made xdg-user-dirs and theme selection for kde apps break. * flatpak override with no argument now overrides globally, i.e. for all apps. * flatpak override now supports --nofilesystem properly. For example flatpak override --nofilesystem=~/.ssh hides the ssh dir for all apps, even those who have homedir access. * flatpak install now takes a --reinstall argument which uninstalls a previously installed version if necessary. This is very useful when you want to install a new version from a different source. * flatpak install now allows you to pass an absolute pathname as remote name, which will create a temporary remote and install from that. The remote will be removed when the app is uninstalled. This is very useful during development and testing. * Flatpak now creates CLI wrappers for all installed apps, so if you add /var/lib/flatpak/exports/bin or ~/.local/share/flatpak/exports/bin to your PATH you can easily start flatpak apps by their application id. flatpak-builder 0.10.6 release: * New checksum types for file/archive sources: md5, sha1, sha512 * Support including source snippets from another file, similar to how module includes are supported. * The app id renaming in the appdata file is now more careful to avoid renaming other parts. * The cache default repo format for new caches is now bare-user- only which means building with flatpak-builder works on filesystems that don't support xattrs. * New --install argument will install the finished build using the new flatpak install install-directly-from-local-repo feature. This makes it easier to test local builds. -------------------------------------------------------------------------------- ================================================================================ ghc-gi-gio-2.0.14-2.fc26 (FEDORA-2017-5c1c579e69) Gio bindings -------------------------------------------------------------------------------- Update Information: Update ghc-gi-glib to the upstream gi-glib-2.0.15. This adds an override to mark the return value of g_time_val_to_iso8601 as nullable, so that the API for GI.GLib.timeValToIso8601 is consistent across glib versions (the upstream annotation was marked nullable in glib-2.53.2). This updates ghc-gi-glib and rebuilds the packages that depend on it. -------------------------------------------------------------------------------- ================================================================================ ghc-gi-glib-2.0.15-1.fc26 (FEDORA-2017-5c1c579e69) GLib bindings -------------------------------------------------------------------------------- Update Information: Update ghc-gi-glib to the upstream gi-glib-2.0.15. This adds an override to mark the return value of g_time_val_to_iso8601 as nullable, so that the API for GI.GLib.timeValToIso8601 is consistent across glib versions (the upstream annotation was marked nullable in glib-2.53.2). This updates ghc-gi-glib and rebuilds the packages that depend on it. -------------------------------------------------------------------------------- ================================================================================ ghc-gi-gobject-2.0.15-2.fc26 (FEDORA-2017-5c1c579e69) GObject bindings -------------------------------------------------------------------------------- Update Information: Update ghc-gi-glib to the upstream gi-glib-2.0.15. This adds an override to mark the return value of g_time_val_to_iso8601 as nullable, so that the API for GI.GLib.timeValToIso8601 is consistent across glib versions (the upstream annotation was marked nullable in glib-2.53.2). This updates ghc-gi-glib and rebuilds the packages that depend on it. -------------------------------------------------------------------------------- ================================================================================ ghc-gi-ostree-1.0.5-2.fc26 (FEDORA-2017-5c1c579e69) OSTree bindings -------------------------------------------------------------------------------- Update Information: Update ghc-gi-glib to the upstream gi-glib-2.0.15. This adds an override to mark the return value of g_time_val_to_iso8601 as nullable, so that the API for GI.GLib.timeValToIso8601 is consistent across glib versions (the upstream annotation was marked nullable in glib-2.53.2). This updates ghc-gi-glib and rebuilds the packages that depend on it. -------------------------------------------------------------------------------- ================================================================================ gnome-photos-3.24.5-1.fc26 (FEDORA-2017-a71ecff53d) Access, organize and share your photos on GNOME -------------------------------------------------------------------------------- Update Information: The link "Settings" in the "No Photos Found" screen does not work -------------------------------------------------------------------------------- ================================================================================ kernel-4.14.6-200.fc26 (FEDORA-2017-ba6b6e71f7) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.14.6 update contains various fixes across the tree. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1525762 - CVE-2017-17449 kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity https://bugzilla.redhat.com/show_bug.cgi?id=1525762 [ 2 ] Bug #1525761 - CVE-2017-17450 kernel: Unchecked capabilities in net/netfilter/xt_osf.c allows for unprivileged modification to systemwide fingerprint list https://bugzilla.redhat.com/show_bug.cgi?id=1525761 [ 3 ] Bug #1525768 - CVE-2017-17448 kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure https://bugzilla.redhat.com/show_bug.cgi?id=1525768 [ 4 ] Bug #1525474 - CVE-2017-17558 kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow https://bugzilla.redhat.com/show_bug.cgi?id=1525474 [ 5 ] Bug #1519591 - CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket https://bugzilla.redhat.com/show_bug.cgi?id=1519591 -------------------------------------------------------------------------------- ================================================================================ libu2f-server-1.0.1-10.fc26 (FEDORA-2017-d857a148d1) Yubico Universal 2nd Factor (U2F) Server C Library -------------------------------------------------------------------------------- Update Information: Fix libjson problems -------------------------------------------------------------------------------- References: [ 1 ] Bug #1526523 - Undefined behaviour in u2f-server https://bugzilla.redhat.com/show_bug.cgi?id=1526523 -------------------------------------------------------------------------------- ================================================================================ liferea-1.12.0-2.fc26 (FEDORA-2017-3b5d45ad0e) An RSS/RDF feed reader -------------------------------------------------------------------------------- Update Information: Update to 1.12.0 stable -------------------------------------------------------------------------------- ================================================================================ linux-firmware-20171215-81.git2451bb22.fc26 (FEDORA-2017-b79deedf43) Firmware files used by the Linux kernel -------------------------------------------------------------------------------- Update Information: Updated skl DMC, cnl audio, netronome SmartNIC, amdgpu vega10 and raven, intel bluetooth, brcm CYW4373, and liquidio vswitch firmwares -------------------------------------------------------------------------------- ================================================================================ mingw-enchant2-2.2.0-2.fc26 (FEDORA-2017-26a66585e0) MinGW Windows enchant2 library -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- ================================================================================ mingw-qtspell-0.8.4-1.fc26 (FEDORA-2017-c7f8bfbe96) Spell checking for Qt text widgets -------------------------------------------------------------------------------- Update Information: Update to version 0.8.4, see https://github.com/manisandro/qtspell/releases for details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1526376 - Package summary contains rpm macro. https://bugzilla.redhat.com/show_bug.cgi?id=1526376 -------------------------------------------------------------------------------- ================================================================================ nfs-utils-2.2.1-1.rc2.fc26 (FEDORA-2017-05db2de66b) NFS utilities and supporting clients and daemons for the kernel NFS server -------------------------------------------------------------------------------- Update Information: Updated to latest upstream RC release: nfs-utils-2-2-2-rc2 -------------------------------------------------------------------------------- ================================================================================ python-catkin_pkg-0.3.8-2.fc26 (FEDORA-2017-57f8f4e393) Library for retrieving information about catkin packages -------------------------------------------------------------------------------- Update Information: Add patch to remove argparse from the requirements -------------------------------------------------------------------------------- References: [ 1 ] Bug #1526466 - The 'argparse' distribution was not found and is required by catkin-pkg https://bugzilla.redhat.com/show_bug.cgi?id=1526466 -------------------------------------------------------------------------------- ================================================================================ qtspell-0.8.4-1.fc26 (FEDORA-2017-7ebaf67703) Spell checking for Qt text widgets -------------------------------------------------------------------------------- Update Information: Update to version 0.8.4, see https://github.com/manisandro/qtspell/releases for details. -------------------------------------------------------------------------------- ================================================================================ sway-0.15.0-3.fc26 (FEDORA-2017-6aafe5a2f8) i3-compatible window manager for Wayland -------------------------------------------------------------------------------- Update Information: Fix issue with json-c: free() on unowned object -------------------------------------------------------------------------------- References: [ 1 ] Bug #1526520 - Undefined behaviour in Sway https://bugzilla.redhat.com/show_bug.cgi?id=1526520 -------------------------------------------------------------------------------- ================================================================================ tigervnc-1.8.0-5.fc26 (FEDORA-2017-8b51db595f) A TigerVNC remote display system -------------------------------------------------------------------------------- Update Information: Fixed starting of vncserver using systemd service. -------------------------------------------------------------------------------- References: [ 1 ] Bug #896648 - vncserver fails to load gnome 3 session https://bugzilla.redhat.com/show_bug.cgi?id=896648 -------------------------------------------------------------------------------- ================================================================================ valgrind-3.13.0-12.fc26 (FEDORA-2017-d256dfceb8) Tool for finding memory management bugs in programs -------------------------------------------------------------------------------- Update Information: Fix debug alt file resolving. Fix s390x false positive with cgijnl instruction. Fix ppc64 timebase. -------------------------------------------------------------------------------- ================================================================================ xorgxrdp-0.2.5-1.fc26 (FEDORA-2017-a907d1c53e) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information: This version includes: - Adjust socket file permission #110 - Accept display number 0 #106 - Assembly code refactoring -------------------------------------------------------------------------------- References: [ 1 ] Bug #1526668 - xorgxrdp-0.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1526668 -------------------------------------------------------------------------------- ================================================================================ xrootd-4.8.0-1.fc26 (FEDORA-2017-fb52319041) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: ------------- Version 4.8.0 ------------- New Features * **[XrdCl]** Local redirection and local file support. * **[XrdCl]** merge xrdfs ls results if not unique, closes #541. * **[XrdCl]** Provide client specific CGI info. * **[XrdCl]** File::WriteV implementation, closes #388. * **[XrdHttp]** Pass the HTTP verb to the external handler for path matching. * **[XrdHttp]** Allow one to access the XrdSecEntity object associated with a request. * **[XrdHttp]** Allow filtering based on HTTP verb in MatchesPath. * **[XrdHttp]** Allow overwrites to be done on PUT. * **[XrdHttp]** Allow multiple external handlers to be loaded by XrdHttp. Major bug fixes * **[Server]** Correctly handle monEnt on file close to avoid SEGV. Fixes #618. * **[Server]** Poperly handle file descriptors up to 65535. Fixes #607. * **[Server]** Fix handling of >65K attached files (active links). Fixes #623. * **[Server]** Make sure doPost does not become <0 (regression introduced in 4.7.1). * **[Proxy]** Avoid SEGV when localroot specified w/o remote root. Fixes #627. * **[XrdCl]** Connection Window should be applied per IP address. Fixes #625. * **[XrdCl]** Write request and raw data with single writev, fixes #609. * **[XrdHttp]** Allow XrdSfsGetDefaultFileSystem to be called multiple times. * **[XrdHttp]** Correct external handling logic. * **[XrdSecgsi]** Use stack for proper cleaning of invalidated CRLs and CAs. Minor bug fixes * **[Server]** Print error msg and close socket when a FD cannot. be handled. * **[Server]** Close additional loophole for fstream disconnect. * **[Server]** Always unhook the statistcs object from xfr monitoring if hooked. * **[Server]** Ruggedize TPC to be less sensitive to protocol violations. * **[Server]** Correct tpc directive scanning and make it more obvious. Fixes #604. * **[Server]** Enable url rewrites. Eliminates GSI roadblock. * **[Server]** Do not reference a deleted object. * **[XrdSsi]** Make sure to finalyze all requests upon disc, fixes #616. * **[XrdHttp]** Handle properly http.secretkey. * **[XrdCl]** various memory releated fixes. * **[XrdPy]** Translate binary buffers into bytes objects, closes #632 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx