The following Fedora 26 Security updates need testing: Age URL 189 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 82 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3915878e18 ldns-1.7.0-4.fc26 35 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d75a88f263 monit-5.25.1-1.fc26 27 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ccef1ced42 gimp-2.8.22-3.fc26 21 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 20 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0db545e976 ruby-2.4.3-86.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9780220f7d dnsmasq-2.76-6.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a10a19e06a unbound-1.6.8-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b166805347 transmission-2.92-12.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f8a78a5ef squid-4.0.23-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f73abc5680 knot-resolver-1.5.3-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a6b59d8f78 libxml2-2.9.7-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bbf8c38b51 jackson-databind-2.7.6-8.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-43712163de webkitgtk4-2.18.6-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-958b22c73f clamav-0.99.3-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d4746c772f mujs-0-11.20180129git25821e6.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c7c6160e65 thunderbird-52.6.0-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-034101216d rsync-3.1.3-2.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b5ecac9405 flatpak-0.10.3-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-48d385a6fd apache-commons-email-1.5-1.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 27 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2eed6bd99 iproute-4.14.1-4.fc26 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4818a0a3fb lxpanel-0.9.3-2.D20180109git2ddf8dfc.fc26 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ba521808e0 gnome-settings-daemon-3.24.3-4.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8633570be3 nfs-utils-2.2.1-4.rc2.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fcda2573ac python-rpm-macros-3-21.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9780220f7d dnsmasq-2.76-6.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f200f504b3 dtc-1.4.6-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6fe92b98df perl-threads-shared-1.58-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0f208aa267 perl-threads-2.21-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a9a5708bef python3-3.6.4-2.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a6b59d8f78 libxml2-2.9.7-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-49cd53ff36 libguestfs-1.36.13-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-be2cb3e65a xen-4.8.3-2.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b88532d5ee satyr-0.23-2.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-43712163de webkitgtk4-2.18.6-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-034101216d rsync-3.1.3-2.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c7c6160e65 thunderbird-52.6.0-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-24006fc98f redhat-rpm-config-64-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0f5d497bce krb5-1.15.2-5.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b830db2f1e gnupg2-2.2.4-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d267a6b7f6 vim-8.0.1438-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c541c1d598 glusterfs-3.10.10-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fb7da310cb perl-Socket-2.027-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa879be08e gcc-7.3.1-2.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b5ecac9405 flatpak-0.10.3-1.fc26 The following builds have been pushed to Fedora 26 updates-testing 389-ds-base-1.3.6.13-1.fc26 autofs-5.1.4-5.fc26 composer-1.6.3-1.fc26 kernel-4.14.16-200.fc26 libabigail-1.1-1.fc26 mozilla-noscript-10.1.6.4-1.fc26 mozilla-ublock-origin-1.14.24-1.fc26 onionshare-1.2-1.fc26 pcre-8.41-5.fc26 perl-List-UtilsBy-0.11-1.fc26 php-composer-spdx-licenses-1.3.0-1.fc26 php-phpunit-PHPUnit-5.7.27-1.fc26 php-zendframework-zend-session-2.8.4-1.fc26 postfix-3.2.5-1.fc26 python-fedora-0.10.0-1.fc26 qupzilla-2.2.5-2.fc26 rpmgrill-0.32-2.fc26 sox-14.4.2.0-16.fc26 tig-2.3.3-1.fc26 tomcat-native-1.2.16-1.fc26 weechat-2.0.1-1.fc26 Details about builds: ================================================================================ 389-ds-base-1.3.6.13-1.fc26 (FEDORA-2018-7f7f7051e9) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: Bump version to 1.3.6.13 -------------------------------------------------------------------------------- ================================================================================ autofs-5.1.4-5.fc26 (FEDORA-2017-164b3ee23a) A tool for automatically mounting and unmounting filesystems -------------------------------------------------------------------------------- Update Information: - fix deadlock in dumpmaps and some amd map handling problems. - fix use after free in do_master_list_reset(). ---- - this release (5.1.4) fixes a couple of regressions in 5.1.3. - it also improves the network not available at startup problem that users have seen. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1523866 - autofs with NIS logs add_host_addrs: hostname lookup failed: Name or service not known/No address associated with hostname https://bugzilla.redhat.com/show_bug.cgi?id=1523866 [ 2 ] Bug #1409103 - autofs cannot mount samba/cifs shares that end with a dollar sign https://bugzilla.redhat.com/show_bug.cgi?id=1409103 [ 3 ] Bug #1500027 - Drop preventing bind mounts when port is specified https://bugzilla.redhat.com/show_bug.cgi?id=1500027 [ 4 ] Bug #698449 - [RFE] Add optional nss map read retries https://bugzilla.redhat.com/show_bug.cgi?id=698449 -------------------------------------------------------------------------------- ================================================================================ composer-1.6.3-1.fc26 (FEDORA-2018-3f59cf8988) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **composer/spdx-licenses 1.3.0**- 2018-01-31 * Added: `SpdxLicenses::getLicenses` to get the whole list of methods. * Changed: license identifiers are now case insensitive. ---- **composer 1.6.3** - 2018-01-31 * Fixed GitLab downloads failing in some edge cases * Fixed ctrl-C handling during create-project * Fixed GitHub VCS repositories not prompting for a token in some conditions * Fixed SPDX license identifiers being case sensitive * Fixed and clarified a few dependency resolution error reporting strings * Fixed SVN commit log fetching in verbose mode when using private repositories -------------------------------------------------------------------------------- ================================================================================ kernel-4.14.16-200.fc26 (FEDORA-2018-d82b617d6c) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.14.16 stable kernel update contains a number of important fixes across the tree. ---- The 4.14.15-301 update reverts the retpoline VERMAGIC ABI change for modules. ---- The 4.14.15 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1492664 - kernel: Soft lockup in warn_alloc https://bugzilla.redhat.com/show_bug.cgi?id=1492664 [ 2 ] Bug #1539706 - CVE-2018-5750 kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass https://bugzilla.redhat.com/show_bug.cgi?id=1539706 [ 3 ] Bug #1535315 - CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1535315 -------------------------------------------------------------------------------- ================================================================================ libabigail-1.1-1.fc26 (FEDORA-2018-c7ae501e67) Set of ABI analysis tools -------------------------------------------------------------------------------- Update Information: Update to upstream 1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1532670 - in compare_dies at: abg-dwarf-reader.cc:11423 https://bugzilla.redhat.com/show_bug.cgi?id=1532670 -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-10.1.6.4-1.fc26 (FEDORA-2018-7e290aa4cb) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: **NOTE:** All packaged Firefox add-ons are affected by Firefox bug fedora#1508827 . A workaround is provided in the bug report. Please do not give negative karma just because of that bug. **Fedora changes:** The package is now split into three. Firefox WebExtension (`firefox-noscript`) and SeaMonkey legacy XPI Extension (`seamonkey-noscript`) while the main package (`mozilla- noscript`) became a metapackage and requires both. You can uninstall the one you're not using along with the metapackage. **Upstream changes:** * Fixed race condition on XSS filter first load * Fixed duplicate entries in UI on page reloads (thanks 8-bit for reporting) * Spinner for long sites lists in Options page * Removed obsolete work-around for accidental TRUSTED preset wiping * [UI] Fixed clicking on capability's label doesn't toggle the related checkbox (thanks dhouwn and olf for reporting) * [XSS] Fixed false positives on badly encoded URLs (thanks sage11 for reporting) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1539464 - mozilla-noscript-10.1.6.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1539464 -------------------------------------------------------------------------------- ================================================================================ mozilla-ublock-origin-1.14.24-1.fc26 (FEDORA-2018-6ff92e773b) An efficient blocker for Firefox -------------------------------------------------------------------------------- Update Information: **NOTE:** All packaged Firefox add-ons are affected by Firefox bug fedora#1508827 . A workaround is provided in the bug report. Please do not give negative karma just because of that bug. Emergency fix for "[Cannot full support Domain restrictive Inverse type options](https://github.com/nikrolls /uBlock-Edge/issues/101)". -------------------------------------------------------------------------------- ================================================================================ onionshare-1.2-1.fc26 (FEDORA-2018-1f56ebb970) Securely and anonymously share files of any size -------------------------------------------------------------------------------- Update Information: Update to 1.2 -------------------------------------------------------------------------------- ================================================================================ pcre-8.41-5.fc26 (FEDORA-2018-97c235c370) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes an out-out-bound read for a partial match against an emptry string when the newline type is CRLF. -------------------------------------------------------------------------------- ================================================================================ perl-List-UtilsBy-0.11-1.fc26 (FEDORA-2018-675479fbc8) Higher-order list utility functions -------------------------------------------------------------------------------- Update Information: Upstream update. -------------------------------------------------------------------------------- ================================================================================ php-composer-spdx-licenses-1.3.0-1.fc26 (FEDORA-2018-3f59cf8988) SPDX licenses list and validation library -------------------------------------------------------------------------------- Update Information: **composer/spdx-licenses 1.3.0**- 2018-01-31 * Added: `SpdxLicenses::getLicenses` to get the whole list of methods. * Changed: license identifiers are now case insensitive. ---- **composer 1.6.3** - 2018-01-31 * Fixed GitLab downloads failing in some edge cases * Fixed ctrl-C handling during create-project * Fixed GitHub VCS repositories not prompting for a token in some conditions * Fixed SPDX license identifiers being case sensitive * Fixed and clarified a few dependency resolution error reporting strings * Fixed SVN commit log fetching in verbose mode when using private repositories -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-5.7.27-1.fc26 (FEDORA-2018-05c0c8883f) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 5.7.27** - 2018-02-01 * **Fixed** * Fixed [#2236](https://github.com/sebastianbergmann/phpunit/issues/2236): Exceptions in `tearDown()` do not affect `getStatus()` * Fixed [#2950](https://github.com/sebastianbergmann/phpunit/issues/2950): Class extending `PHPUnit\Framework\TestSuite` does not extend `PHPUnit\FrameworkTestCase` * Fixed [#2972](https://github.com/sebastianbergmann/phpunit/issues/2972): PHPUnit crashes when test suite contains both `.phpt` files and unconventionally named tests -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-session-2.8.4-1.fc26 (FEDORA-2018-870022cc2f) Zend Framework Session component -------------------------------------------------------------------------------- Update Information: **Version 2.8.4** - 2018-01-31 * **Fixed** - [#107](https://github.com/zendframework/zend-session/pull/107) fixes an error raised by `ini_set()` within `SessionConfig::setStorageOption()` that occurs for certain INI values that cannot be set if the session is active. When this situation occurs, the class performs a `session_write_close()`, sets the new INI value, and then restarts the session. As such, we recommend that you either set production INI values in your production `php.ini`, and/or always pass your fully configured session manager to container instances you create. - [#105](https://github.com/zendframework/zend-session/pull/105) fixes an edge case whereby if the special `__ZF` session value is a non-array value, initializing the session would result in errors. - [#102](https://github.com/zendframework/zend-session/pull/102) fixes an issue introduced with 2.8.0 with `AbstractContainer::offsetGet`. Starting in 2.8.0, if the provided `$key` did not exist, the method would raise an error regarding an invalid variable reference; this release provides a fix that resolves that issue. -------------------------------------------------------------------------------- ================================================================================ postfix-3.2.5-1.fc26 (FEDORA-2018-83e9689d6f) Postfix Mail Transport Agent -------------------------------------------------------------------------------- Update Information: This is new version of postfix, for details see upstream announcement: http://www.postfix.org/announcements/postfix-3.2.5.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1539465 - postfix-3.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1539465 -------------------------------------------------------------------------------- ================================================================================ python-fedora-0.10.0-1.fc26 (FEDORA-2018-ea972dd79c) Python modules for talking to Fedora Infrastructure Services -------------------------------------------------------------------------------- Update Information: Rebase to upstream 0.10.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1481210 - spec file points to URL: https://fedorahosted.org/python-fedora/ https://bugzilla.redhat.com/show_bug.cgi?id=1481210 [ 2 ] Bug #1540970 - python-fedora-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1540970 -------------------------------------------------------------------------------- ================================================================================ qupzilla-2.2.5-2.fc26 (FEDORA-2018-a98a820850) Modern web browser -------------------------------------------------------------------------------- Update Information: An update of QupZilla to the latest upstream release, version 2.2.5. New in QupZilla 2.2.4: * added option to disable search suggestions from locationbar * added support for detaching and moving tabs to other windows with drag&drop * added support for dropping text/url on tabbar to create new tabs * added support for GreaseMonkey 4.0 API in userscripts * added support for customizing navigation bar layout and widgets * added support for loading userChrome.css stylesheet from profile to configure interface * added new buttons to navigation bar: Tools, Downloads, GreaseMonkey and AdBlock * added new Windows theme and improve every other theme * added support for printing from JavaScript with window.print() * closed windows can now be restored using history menu or Ctrl+Shit+N shortcut * multiple windows in session now each restore its geometry, state and settings * number of fixes and improvements in tabbar * greatly improved compatibility with various GreaseMonkey userscripts * updated design for SpeedDial * fix infinite loading animation on some sites with QtWebEngine 5.10 * fix restoring maximized state after leaving fullscreen * fix internal pages not working when JavaScript is disabled * fix showing close button in Web Inspector * fix tabs not being restored when activated in some cases * fix loading "localhost" from locationbar * fix applying web settings when in private mode New in QupZilla 2.2.5: * added Unload Tab action * added search engine buttons to locationbar completer * added option to disable automatic password completion on sites * plugins are now always enabled (fixes missing AdBlock) * bring back AdBlock and GreaseMonkey icons in statusbar + add new buttons * fix incorrect size of buttons in bookmarks toolbar with some styles * fix losing session when loading newer profile with old application version * fix temporariliy enabling/disabling JavaScript using StatusBarIcons plugin * fix user agent settings not being applied on startup * fix calculating remaining time in download manager See also http://blog.qupzilla.com/2018/01 /whats-new-in-qupzilla-224.html Note that qupzilla-2.2.5-2.fc26 enables the workaround for the tab loading animation not stopping on some websites when using QtWebEngine 5.10.0 (see https://github.com/QupZilla/qupzilla/issues/2479 and https://bugreports.qt.io/browse/QTBUG-65223) unconditionally, because upstream enabled it only if the Qt version is 5.10.0, but we ship only QtWebEngine 5.10.0, Qt is still 5.9.x LTS, so it did not work as shipped by upstream. -------------------------------------------------------------------------------- ================================================================================ rpmgrill-0.32-2.fc26 (FEDORA-2018-477684233b) A utility for catching problems in koji builds -------------------------------------------------------------------------------- Update Information: bz1520003 - Do not hard require clamav-data -------------------------------------------------------------------------------- References: [ 1 ] Bug #1520003 - minimal .spec file change to assist lessening load https://bugzilla.redhat.com/show_bug.cgi?id=1520003 -------------------------------------------------------------------------------- ================================================================================ sox-14.4.2.0-16.fc26 (FEDORA-2018-790e7e720d) A general purpose sound file conversion tool -------------------------------------------------------------------------------- Update Information: Security fix for **CVE-2017-15372**, **CVE-2017-15642**. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1510923 - CVE-2017-15642 sox: Use-after-free in lsx_aiffstartread https://bugzilla.redhat.com/show_bug.cgi?id=1510923 [ 2 ] Bug #1510919 - CVE-2017-15372 sox: Stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function https://bugzilla.redhat.com/show_bug.cgi?id=1510919 -------------------------------------------------------------------------------- ================================================================================ tig-2.3.3-1.fc26 (FEDORA-2018-e2fac3d5a7) Text-mode interface for the git revision control system -------------------------------------------------------------------------------- Update Information: Update to version 2.3.3, which includes several bug fixes. See the release notes at https://jonas.github.io/tig/NEWS.html. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1527726 - tig-2.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1527726 -------------------------------------------------------------------------------- ================================================================================ tomcat-native-1.2.16-1.fc26 (FEDORA-2018-318b5d74bd) Tomcat native library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-15698 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1540824 - CVE-2017-15698 tomcat-native: Mishandling of client certificates can allow for OCSP check bypass https://bugzilla.redhat.com/show_bug.cgi?id=1540824 -------------------------------------------------------------------------------- ================================================================================ weechat-2.0.1-1.fc26 (FEDORA-2018-1aea02d8b7) Portable, fast, light and extensible IRC client -------------------------------------------------------------------------------- Update Information: Update to 2.0.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1528100 - weechat-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1528100 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
