The following Fedora 27 Security updates need testing: Age URL 48 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2d4c9a6e37 monit-5.25.1-1.fc27 20 https://bodhi.fedoraproject.org/updates/FEDORA-2018-be361f407a knot-resolver-1.5.3-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-969328b17c jhead-3.00-7.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5562b6e2c0 golang-1.9.4-1.fc27 The following Fedora 27 Critical Path updates have yet to be approved: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3082496e05 pungi-4.1.22-2.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c46fa8e392 perl-5.26.1-403.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-17cc6eb403 mesa-17.3.3-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdb6b936e4 nss-3.35.0-1.1.fc27 nss-softokn-3.35.0-1.0.fc27 nss-util-3.35.0-1.0.fc27 nspr-4.18.0-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d73421f7e6 pcre2-10.31-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c9b5e3f68c libguestfs-1.38.0-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d89e5bb152 gcab-1.1-1.fc27 The following builds have been pushed to Fedora 27 updates-testing OCE-0.18.3-1.fc27 aftertheflood-sparks-fonts-2.0-1.fc27 bluez-tools-0.2.0-0.7.git20170912.7cb788c.fc27 bpython-0.17.1-1.fc27 caja-1.19.3-2.fc27 djvulibre-3.5.27-5.fc27 ejabberd-18.1.0-1.fc27 exim-4.90.1-1.fc27 fcitx-qt5-1.2.2-3.fc27 geary-0.12.1-1.fc27 glslang-3.1-0.6.20180205.git2651cca.fc27 glusterfs-3.12.6-1.fc27 golang-github-billziss-gh-cgofuse-1.0.4-1.fc27 hplip-3.17.11-8.fc27 iproute-4.15.0-1.fc27 kernel-4.15.3-300.fc27 krb5-1.15.2-7.fc27 libvirt-3.7.0-4.fc27 logstalgia-1.1.1-1.fc27 lxpanel-0.9.3-4.D20180109git2ddf8dfc.fc27 menulibre-2.1.5-1.fc27 mupdf-1.12.0-5.fc27 mypaint-1.2.1-11.fc27 novacom-server-1.1.0-0.21.rc1.fc27 openqa-4.5-5.20180207git3977d2f.fc27 os-autoinst-4.5-4.20180208gitab8eeda.fc27 owncloud-client-2.4.0-1.fc27 perl-Net-DNS-1.15-1.fc27 perl-Net-DNS-SEC-1.03_08-1.fc27 php-7.1.15~RC1-1.fc27 podman-0.2-2.git3d0100b.fc27 pwkickstart-1.0.2-1.fc27 python-Naked-0.1.31-3.fc27 python-cattrs-0.6.0-3.fc27 python-hglib-2.5-2.fc27 python-regex-2018.02.08-1.fc27 qesteidutil-3.12.10-1.fc27 qt-creator-4.5.1-1.fc27 rho-0.0.32-1.fc27 sane-backends-1.0.27-12.fc27 sblim-sfcb-1.4.9-9.fc27 smokeping-2.7.1-2.fc27 spirv-headers-1.2-0.4.20180201.gitce30920.fc27 spirv-tools-2018.1-0.2.20180205.git9e19fc0.fc27 standard-test-roles-2.8-1.fc27 strace-4.21-1.fc27 vulkan-1.0.68.0-2.fc27 wine-3.1-2.fc27 xorg-x11-server-1.19.6-5.fc27 Details about builds: ================================================================================ OCE-0.18.3-1.fc27 (FEDORA-2018-7116208a3d) OpenCASCADE Community Edition -------------------------------------------------------------------------------- Update Information: Version 0.18.3 - February 2018 = This version is binary compatible with OCE 0.18.x * Fix some typos / some rephrasing in README * Update for vtk 8 * Fixed osx issue with xlocale * Added missing Precision.hxx header * Added missing header in Quantity_Color_1.hxx * Fixed MinGW issue in OSD_MemInfo.cxx * travis-ci (gcc-5/6/7, osx images) and appveyor updates (Mingw) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544990 - OCE-0.18.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1544990 -------------------------------------------------------------------------------- ================================================================================ aftertheflood-sparks-fonts-2.0-1.fc27 (FEDORA-2018-bd6471dbac) After the Flood Sparks, a font to display charts within text -------------------------------------------------------------------------------- Update Information: initial RPM release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1492475 - Review Request: aftertheflood-sparks-fonts - a font to display charts within text https://bugzilla.redhat.com/show_bug.cgi?id=1492475 -------------------------------------------------------------------------------- ================================================================================ bluez-tools-0.2.0-0.7.git20170912.7cb788c.fc27 (FEDORA-2018-19cec41cee) A set of tools to manage Bluetooth devices for Linux -------------------------------------------------------------------------------- Update Information: - New snapshot -------------------------------------------------------------------------------- ================================================================================ bpython-0.17.1-1.fc27 (FEDORA-2018-8f07e59a4c) Fancy curses interface to the Python interactive interpreter -------------------------------------------------------------------------------- Update Information: Update to latest upstream release bpython 0.17.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544578 - bpython-0.17.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1544578 -------------------------------------------------------------------------------- ================================================================================ caja-1.19.3-2.fc27 (FEDORA-2018-4c8c436d07) File manager for MATE -------------------------------------------------------------------------------- Update Information: - fix emblem and backgrounds preferences UI -------------------------------------------------------------------------------- ================================================================================ djvulibre-3.5.27-5.fc27 (FEDORA-2018-d964753372) DjVu viewers, encoders, and utilities -------------------------------------------------------------------------------- Update Information: This update fixes issue which prevented correct recognition of DjVu files. The update has to be performed by rpm-4.14.1-1.fc27 or newer. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1513188 - multipage djvu files are misidentified https://bugzilla.redhat.com/show_bug.cgi?id=1513188 -------------------------------------------------------------------------------- ================================================================================ ejabberd-18.1.0-1.fc27 (FEDORA-2018-2ab8be7af1) A distributed, fault-tolerant Jabber/XMPP server -------------------------------------------------------------------------------- Update Information: Update to 18.1.0, which only corrects build files from 18.01. User should not notice a difference with that. Also, fix rhbz#1542927. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1542927 - ejabberd-18.01 needs erlang-os_mon but does not require its installation https://bugzilla.redhat.com/show_bug.cgi?id=1542927 [ 2 ] Bug #1537324 - ejabberd-18.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1537324 -------------------------------------------------------------------------------- ================================================================================ exim-4.90.1-1.fc27 (FEDORA-2018-c101bc4a93) The exim mail transfer agent -------------------------------------------------------------------------------- Update Information: This is new version fixing CVE-2018-6789. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1543268 - CVE-2018-6789 exim: Buffer overflow in utility function, when pre-conditions are met, can lead to remote code execution https://bugzilla.redhat.com/show_bug.cgi?id=1543268 -------------------------------------------------------------------------------- ================================================================================ fcitx-qt5-1.2.2-3.fc27 (FEDORA-2018-dec2208224) Fcitx IM module for Qt5 -------------------------------------------------------------------------------- Update Information: Minor update for fcitx-qt5 and rebuilt for Qt 5.9.4. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544601 - Cannot upgrade qt5-qtbase because of fcitx-qt5 https://bugzilla.redhat.com/show_bug.cgi?id=1544601 -------------------------------------------------------------------------------- ================================================================================ geary-0.12.1-1.fc27 (FEDORA-2018-ca7c367a52) A lightweight email program designed around conversations -------------------------------------------------------------------------------- Update Information: #### Version 0.12.1 #### Released: 2018-02-13 Bug fixes included in this release: * Parts of multipart/digest message do not expand when clicked upon. Bug 788637. * Geary does not unlock keyring at start. Bug 784300. * Syntax error in IMAP greeting from AliYun IMAP server. Bug 781488. * Message body text caret (cursor) not initially visible. Bug 788797. * Losing focus when clicking in empty part of the composer. Bug 779369. * Line breaks lost when selecting and replying to certain messages. Bug 781178. * Always display an in-window app-menu under Unity. Bug 770618. * Crash in SoupCacheInputStream when cancelling a message load. Bug 778720. * Do not show Labels on sidebar if no label is present. Bug 754802. * Unable to use Ctrl+C shortcut to copy e-mail subject; must use context menu instead. Bug 788494. * After clicking on mailto link in Geary, the body in the composer is not writable. Bug 771504. * Editing message does not support RTL. Bug 713607. -------------------------------------------------------------------------------- ================================================================================ glslang-3.1-0.6.20180205.git2651cca.fc27 (FEDORA-2018-057ab90060) OpenGL and OpenGL ES shader front end and validator -------------------------------------------------------------------------------- Update Information: vulkan-1.0.68.0 update -------------------------------------------------------------------------------- ================================================================================ glusterfs-3.12.6-1.fc27 (FEDORA-2018-03fdf95310) Distributed File System -------------------------------------------------------------------------------- Update Information: 3.12.6 GA -------------------------------------------------------------------------------- ================================================================================ golang-github-billziss-gh-cgofuse-1.0.4-1.fc27 (FEDORA-2017-b8e27293a2) Cross-platform FUSE library for Go -------------------------------------------------------------------------------- Update Information: Upstream release 1.0.4 -------------------------------------------------------------------------------- ================================================================================ hplip-3.17.11-8.fc27 (FEDORA-2018-9f748f5531) HP Linux Imaging and Printing Project -------------------------------------------------------------------------------- Update Information: 1544788 - HP ColorLaserjet MFP M278-M281 missing family-class -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544788 - HP ColorLaserjet MFP M278-M281 missing family-class https://bugzilla.redhat.com/show_bug.cgi?id=1544788 -------------------------------------------------------------------------------- ================================================================================ iproute-4.15.0-1.fc27 (FEDORA-2018-b9f662dec5) Advanced IP routing and network device configuration tools -------------------------------------------------------------------------------- Update Information: New version 4.15.0 to match kernel version. -------------------------------------------------------------------------------- ================================================================================ kernel-4.15.3-300.fc27 (FEDORA-2018-380eff4288) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.15.3 update contains a number of important fixes across the tree ---- Rebase to 4.15.2 -------------------------------------------------------------------------------- ================================================================================ krb5-1.15.2-7.fc27 (FEDORA-2018-391a1f3e61) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information: Fix CVE-2018-5729, CVE-2018-5730. These are low-impact, requiring administrator access to exploit. ---- Fix leak in previous version. ---- Always read config snippets in alphabetical order per-directory. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1535576 - CVE-2018-5729, CVE-2018-5730 krb5: null pointer deference in strlen function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1535576 [ 2 ] Bug #1540939 - krb5-libs are leaking memory when parsing krb5 configuration https://bugzilla.redhat.com/show_bug.cgi?id=1540939 -------------------------------------------------------------------------------- ================================================================================ libvirt-3.7.0-4.fc27 (FEDORA-2018-b22d46eabb) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: * CVE-2018-5748: resource exhaustion via qemuMonitorIORead() (bz #1535785) * CVE-2018-6764: code injection via libvirt_lxc (bz #1542815) * Fix hotplug disk failure (bz #1540872) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1528396 - CVE-2018-5748 Libvirt: resource exhaustion via qemuMonitorIORead() method https://bugzilla.redhat.com/show_bug.cgi?id=1528396 [ 2 ] Bug #1541444 - CVE-2018-6764 libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init https://bugzilla.redhat.com/show_bug.cgi?id=1541444 -------------------------------------------------------------------------------- ================================================================================ logstalgia-1.1.1-1.fc27 (FEDORA-2018-7feb3c4241) Web server access log visualizer -------------------------------------------------------------------------------- Update Information: Update to latest upstream release logstalgia 1.1.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544746 - logstalgia-1.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1544746 -------------------------------------------------------------------------------- ================================================================================ lxpanel-0.9.3-4.D20180109git2ddf8dfc.fc27 (FEDORA-2018-1a17274733) A lightweight X11 desktop panel -------------------------------------------------------------------------------- Update Information: Monitors plugin may crash when once cleaning up color entry, or copy / pasting color value from somewhere else. This new rpm will fix such crash issue. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544406 - [abrt] lxpanel: strncmp(): lxpanel killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1544406 -------------------------------------------------------------------------------- ================================================================================ menulibre-2.1.5-1.fc27 (FEDORA-2018-97cee8baa1) FreeDesktop.org compliant menu editor -------------------------------------------------------------------------------- Update Information: Update to upstream release 2.1.5 -------------------------------------------------------------------------------- ================================================================================ mupdf-1.12.0-5.fc27 (FEDORA-2018-da6f76b446) A lightweight PDF viewer and toolkit -------------------------------------------------------------------------------- Update Information: CVE-2018-6192 CVE-2018-6544 CVE-2018-1000051 CVE-2018-6187 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1539845 - CVE-2018-6192 mupdf: Segment violation in pdf_read_new_xref function in pdf/pdf-xref.c https://bugzilla.redhat.com/show_bug.cgi?id=1539845 [ 2 ] Bug #1542264 - CVE-2018-6544 mupdf: denial of service (DoS) via a crafted PDF document https://bugzilla.redhat.com/show_bug.cgi?id=1542264 [ 3 ] Bug #1544847 - CVE-2018-1000051 mupdf: use-after-free in fz_keep_key_storable function https://bugzilla.redhat.com/show_bug.cgi?id=1544847 [ 4 ] Bug #1538432 - CVE-2018-6187 mupdf: heap-based buffer overflow in pdf/pdf-write.c:do_pdf_save_document() https://bugzilla.redhat.com/show_bug.cgi?id=1538432 -------------------------------------------------------------------------------- ================================================================================ mypaint-1.2.1-11.fc27 (FEDORA-2018-77293fd5f4) A fast and easy graphics application for digital painters -------------------------------------------------------------------------------- Update Information: * Remove arch-dependent BuildRequires (fixes #1545198) -------------------------------------------------------------------------------- ================================================================================ novacom-server-1.1.0-0.21.rc1.fc27 (FEDORA-2018-6a04c73b2e) Service for utility that connects to WebOS devices -------------------------------------------------------------------------------- Update Information: Clean up packaging bug that might cause problems with packaging tools -------------------------------------------------------------------------------- References: [ 1 ] Bug #1545200 - novacom-server is using arch-dependent BuildRequires https://bugzilla.redhat.com/show_bug.cgi?id=1545200 -------------------------------------------------------------------------------- ================================================================================ openqa-4.5-5.20180207git3977d2f.fc27 (FEDORA-2018-e6f1a6e171) OS-level automated testing framework -------------------------------------------------------------------------------- Update Information: This update provides a recent git snapshot of both openQA and os-autoinst, with various bug fixes and enhancements from upstream. The major change that affects us is a [rewrite of the asset garbage collection code](https://github.com/os- autoinst/openQA/commit/9e021e6b52ed279a523e5506d5b97a78a79dd6a3). The Fedora staging instance is currently running this code; the production instance is on the older packages still in F27 stable. -------------------------------------------------------------------------------- ================================================================================ os-autoinst-4.5-4.20180208gitab8eeda.fc27 (FEDORA-2018-e6f1a6e171) OS-level test automation -------------------------------------------------------------------------------- Update Information: This update provides a recent git snapshot of both openQA and os-autoinst, with various bug fixes and enhancements from upstream. The major change that affects us is a [rewrite of the asset garbage collection code](https://github.com/os- autoinst/openQA/commit/9e021e6b52ed279a523e5506d5b97a78a79dd6a3). The Fedora staging instance is currently running this code; the production instance is on the older packages still in F27 stable. -------------------------------------------------------------------------------- ================================================================================ owncloud-client-2.4.0-1.fc27 (FEDORA-2018-8307b72678) The ownCloud Client -------------------------------------------------------------------------------- Update Information: 2.4.0 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1526657 - owncloud-client-2.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1526657 -------------------------------------------------------------------------------- ================================================================================ perl-Net-DNS-1.15-1.fc27 (FEDORA-2018-2697615f0c) DNS resolver modules for Perl -------------------------------------------------------------------------------- Update Information: Resolves rhbz#1544065 Update to 1.15 - Maintenance only -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544065 - perl-Net-DNS-1.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1544065 -------------------------------------------------------------------------------- ================================================================================ perl-Net-DNS-SEC-1.03_08-1.fc27 (FEDORA-2018-51c358383f) DNSSEC modules for Perl -------------------------------------------------------------------------------- Update Information: Updated to 1.03_08 - rewrite to use custom code to support openssl-1.1 -------------------------------------------------------------------------------- ================================================================================ php-7.1.15~RC1-1.fc27 (FEDORA-2018-fd711d678b) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: # ONLY FOR TESTS AND QA 7.1.15 is planed for March 1st **PHP version 7.1.15RC1** (15 Feb 2018) **Apache2Handler:** * Fixed bug php#75882 (a simple way for segfaults in threadsafe php just with configuration). (Anatol) **Date:** * Fixed bug php#75857 (Timezone gets truncated when formatted). (carusogabriel) * Fixed bug php#75928 (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`). (Pedro Lacerda) * Fixed bug php#68406 (calling var_dump on a DateTimeZone object modifies it). (jhdxr) **PGSQL:** * Fixed php#75838 (Memory leak in pg_escape_bytea()). (ard_1 at mail dot ru) **ODBC:** * Fixed bug php#73725 (Unable to retrieve value of varchar(max) type). (Anatol) **LDAP:** * Fixed bug php#49876 (Fix LDAP path lookup on 64-bit distros). (dzuelke) **libxml2:** * Fixed bug php#75871 (use pkg-config where available). (pmmaga) **Phar:** * Fixed bug php#65414 (deal with leading slash when adding files correctly). (bishopb) **SPL:** * Fixed bug php#74519 (strange behavior of AppendIterator). (jhdxr) **Standard:** * Fixed bug php#75916 (DNS_CAA record results contain garbage). (Mike, Philip Sharp) -------------------------------------------------------------------------------- ================================================================================ podman-0.2-2.git3d0100b.fc27 (FEDORA-2018-23fa359f4c) Manage Pods, Containers and Container Images -------------------------------------------------------------------------------- Update Information: alpha release ---- First alpha release. ---- Resolves: #1541554 - first official build -------------------------------------------------------------------------------- References: [ 1 ] Bug #1541554 - Review Request: podman - Manage Pods, Containers and Container Images https://bugzilla.redhat.com/show_bug.cgi?id=1541554 -------------------------------------------------------------------------------- ================================================================================ pwkickstart-1.0.2-1.fc27 (FEDORA-2018-fcd5fb27e1) Helps to generate kickstart passwords -------------------------------------------------------------------------------- Update Information: Initial version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1543813 - Review Request: pwkickstart - generate kickstart passwords https://bugzilla.redhat.com/show_bug.cgi?id=1543813 -------------------------------------------------------------------------------- ================================================================================ python-Naked-0.1.31-3.fc27 (FEDORA-2018-91d06f2add) A command line application framework -------------------------------------------------------------------------------- Update Information: Fixed Requires for python2/3 packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1495293 - Review Request: python-Naked - A command line application framework https://bugzilla.redhat.com/show_bug.cgi?id=1495293 -------------------------------------------------------------------------------- ================================================================================ python-cattrs-0.6.0-3.fc27 (FEDORA-2018-bb6df012c9) Python library for structuring and unstructuring data -------------------------------------------------------------------------------- Update Information: Python library for structuring and unstructuring data. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1537727 - Review Request: python-cattrs - Python library for structuring and unstructuring data https://bugzilla.redhat.com/show_bug.cgi?id=1537727 -------------------------------------------------------------------------------- ================================================================================ python-hglib-2.5-2.fc27 (FEDORA-2018-3b4a174563) Mercurial Python library -------------------------------------------------------------------------------- Update Information: Update to latest upstream release python-hglib 2.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1541196 - python-hglib-2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1541196 -------------------------------------------------------------------------------- ================================================================================ python-regex-2018.02.08-1.fc27 (FEDORA-2018-0c492dbf57) Alternative regular expression module, to replace re -------------------------------------------------------------------------------- Update Information: Update to the latest released version. -------------------------------------------------------------------------------- ================================================================================ qesteidutil-3.12.10-1.fc27 (FEDORA-2018-54c7a5b01b) Estonian ID card utility -------------------------------------------------------------------------------- Update Information: 3.12 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544723 - Update sandbox compilation patch https://bugzilla.redhat.com/show_bug.cgi?id=1544723 [ 2 ] Bug #1519323 - Review request: qesteidutil - Estonian ID card utility https://bugzilla.redhat.com/show_bug.cgi?id=1519323 -------------------------------------------------------------------------------- ================================================================================ qt-creator-4.5.1-1.fc27 (FEDORA-2018-c7344af686) Cross-platform IDE for Qt -------------------------------------------------------------------------------- Update Information: Update to version 4.5.1, see https://code.qt.io/cgit/qt-creator/qt- creator.git/tree/dist/changes-4.5.1.md for details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1541807 - Design mode not available for *.ui.qml files https://bugzilla.redhat.com/show_bug.cgi?id=1541807 -------------------------------------------------------------------------------- ================================================================================ rho-0.0.32-1.fc27 (FEDORA-2018-e17ef1a297) An SSH system profiler -------------------------------------------------------------------------------- Update Information: # Testing Rho To set up Rho, you create profiles that control how to run each scan. - Authentication profiles contain user credentials for a user with sufficient authority to complete the scan (for example, a root user or one with root-level access obtained through -sudo privilege escalation). - Network profiles contain network identifiers (for example, a hostname, IP address, or range of IP addresses) and the authentication profiles to be used for a scan. Complete the following steps, repeating them as necessary to access all parts of your environment that you want to scan: 1. Create at least one authentication profile with root-level access to Rho: ``` rho auth add --name auth_name --username root_name(--sshkeyfile key_file | --password) ``` a. At the Rho vault password prompt, create a new Rho vault password. This password is required to access the encrypted Rho data, such as authentication and network profiles, scan data, and other information. b. If you did not use the sshkeyfile option to provide an SSH key for the username value, enter the password of the user with root-level access at the connection password prompt. For example, for an authentication profile where the authentication profile name is roothost1, the user with root-level access is root, and the SSH key for the user is in the path ~/.ssh/id_rsa, you would enter the following command: ``` rho auth add --name roothost1 --username root --sshkeyfile ~/.ssh/id_rsa ``` You can also use the sudo-password option to create an authentication profile for a user with root-level access who requires a password to obtain this privilege. You can use the sudo-password option with either the sshkeyfile or the password option. For example, for an authentication profile where the authentication profile name is sudouser1, the user with root-level access is sysadmin, and the access is obtained through the password option, you would enter the following command: ``` rho auth add --name sudouser1 --username sysadmin --password --sudo-password ``` After you enter this command, you are prompted to enter two passwords. First, you would enter the connection password for the username user, and then you would enter the password for the sudo command. 2. Create at least one network profile that specifies one or more network identifiers, such as a host name, an IP address, a list of IP addresses, or an IP range, and one or more authentication profiles to be used for the scan: ``` rho profile add --name profile_name --hosts host_name_or_file --auth auth_name ``` For example, for a network profile where the name of the network profile is mynetwork, the network to be scanned is the 192.0.2.0/24 subnet, and the authentication profiles that are used to run the scan are roothost1 and roothost2, you would enter the following command: ``` rho profile add --name mynetwork --hosts 192.0.2.[1:254] --auth roothost1 roothost2 ``` You can also use a file to pass in the network identifiers. If you use a file to enter multiple network identifiers, such as multiple individual IP addresses, enter each on a single line. For example, for a network profile where the path to this file is /home/user1/hosts_file, you would enter the following command: ``` rho profile add --name mynetwork --hosts /home/user1/hosts_file --auth roothost1 roothost2 ``` # Running a scan Run the scan by using the scan command, specifying a network profile for the profile option and a location to store the output as a file in the comma-separated variables (CSV) format for the reportfile option: ``` rho scan --profile profile_name --reportfile filename.csv ``` For example, if you want to use the network profile mynetwork and save the report as mynetwork_scan1.csv, you would enter the following command: ``` rho scan --profile mynetwork --reportfile mynetwork_scan1.csv ``` -------------------------------------------------------------------------------- ================================================================================ sane-backends-1.0.27-12.fc27 (FEDORA-2018-2d4395ed65) Scanner access software -------------------------------------------------------------------------------- Update Information: 1540370 - Black vertical band in color and gray images with Canon LIDE 100 scanner -------------------------------------------------------------------------------- References: [ 1 ] Bug #1540370 - Black vertical band in color and gray images with Canon LIDE 100 scanner https://bugzilla.redhat.com/show_bug.cgi?id=1540370 -------------------------------------------------------------------------------- ================================================================================ sblim-sfcb-1.4.9-9.fc27 (FEDORA-2018-9d6a122887) Small Footprint CIM Broker -------------------------------------------------------------------------------- Update Information: Fix null pointer (DoS) vulnerability via POST request to /cimom (CVE-2018-6644) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1543825 - CVE-2018-6644 sblim-sfcb: null pointer (DoS) vulnerability via POST request to /cimom https://bugzilla.redhat.com/show_bug.cgi?id=1543825 -------------------------------------------------------------------------------- ================================================================================ smokeping-2.7.1-2.fc27 (FEDORA-2018-7da58a68ef) Latency Logging and Graphing System -------------------------------------------------------------------------------- Update Information: Update to smokeping 2.7.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1456408 - smokeping is too noisy for ipv6-only sites https://bugzilla.redhat.com/show_bug.cgi?id=1456408 [ 2 ] Bug #1541585 - smokeping-2.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1541585 -------------------------------------------------------------------------------- ================================================================================ spirv-headers-1.2-0.4.20180201.gitce30920.fc27 (FEDORA-2018-057ab90060) Header files from the SPIR-V registry -------------------------------------------------------------------------------- Update Information: vulkan-1.0.68.0 update -------------------------------------------------------------------------------- ================================================================================ spirv-tools-2018.1-0.2.20180205.git9e19fc0.fc27 (FEDORA-2018-057ab90060) API and commands for processing SPIR-V modules -------------------------------------------------------------------------------- Update Information: vulkan-1.0.68.0 update -------------------------------------------------------------------------------- ================================================================================ standard-test-roles-2.8-1.fc27 (FEDORA-2018-d7bdf506ff) Standard Test Interface Ansible roles -------------------------------------------------------------------------------- Update Information: Update to 2.8 ---- Update to 2.7 -------------------------------------------------------------------------------- ================================================================================ strace-4.21-1.fc27 (FEDORA-2018-010da6481f) Tracks and displays system calls associated with a running process -------------------------------------------------------------------------------- Update Information: v4.20 -> v4.21. -------------------------------------------------------------------------------- ================================================================================ vulkan-1.0.68.0-2.fc27 (FEDORA-2018-057ab90060) Vulkan loader and validation layers -------------------------------------------------------------------------------- Update Information: vulkan-1.0.68.0 update -------------------------------------------------------------------------------- ================================================================================ wine-3.1-2.fc27 (FEDORA-2018-0a41fdd8f0) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: WineHq.org 3.1 This release will disable Wine-Staging as the maintainer is no longer producing updates. Please test all of your apps and report any changes. -------------------------------------------------------------------------------- ================================================================================ xorg-x11-server-1.19.6-5.fc27 (FEDORA-2018-f985e8e9e6) X.Org X11 X server -------------------------------------------------------------------------------- Update Information: Fix for keymap not being applied initially in Xwayland, focus issue and missing pointer with tablet on Xwayland, updated xfvb-run script -------------------------------------------------------------------------------- References: [ 1 ] Bug #1519961 - Wacom tablet in xwayland gets missing cursor, random focus https://bugzilla.redhat.com/show_bug.cgi?id=1519961 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
