The following Fedora 26 Security updates need testing: Age URL 211 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 103 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3915878e18 ldns-1.7.0-4.fc26 43 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 30 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b166805347 transmission-2.92-12.fc26 30 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f8a78a5ef squid-4.0.23-1.fc26 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c7c6160e65 thunderbird-52.6.0-1.fc26 17 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fff755ee8e jhead-3.00-7.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c54ced412e gcab-1.1-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f97cb1c9b0 krb5-1.15.2-7.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5cdc56766f firefox-58.0.2-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-71fac70309 patch-2.7.6-3.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c1b8e0176c freetype-2.7.1-10.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-db5041e661 bro-2.5.3-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cbc52e8812 irssi-1.0.7-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-25a7ba3cb6 exim-4.90.1-2.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7d90e269a4 milkytracker-1.01.00-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b2d76ba048 seamonkey-2.49.2-2.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9817f1dafa mbedtls-2.7.0-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b79f325c48 bugzilla-5.0.4-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-844a1e9778 knot-resolver-2.1.0-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2293c571b1 electrum-3.0.6-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d94e205df8 wavpack-5.1.0-7.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a249b4214 cryptopp-5.6.5-2.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2012089e37 libsamplerate-0.1.9-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc47f3c85d glibc-arm-linux-gnu-2.26-4.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-147d33439c php-phpmyadmin-motranslator-4.0-1.fc26 php-phpmyadmin-sql-parser-4.2.4-3.fc26 phpMyAdmin-4.7.8-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5950093e69 mingw-wavpack-5.1.0-4.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c7c6160e65 thunderbird-52.6.0-1.fc26 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-27cb0cd918 ibus-1.5.17-6.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc14e16004 nss-3.35.0-1.0.fc26 nss-softokn-3.35.0-1.0.fc26 nss-util-3.35.0-1.0.fc26 nspr-4.18.0-1.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3e5558f0ff vim-8.0.1505-1.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c54ced412e gcab-1.1-1.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9ef65cf422 perl-5.24.3-396.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-85dd2a6ff9 curl-7.53.1-15.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5cdc56766f firefox-58.0.2-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6fe397a796 lxpanel-0.9.3-4.D20180109git2ddf8dfc.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ddd1e5c30a iproute-4.14.1-5.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f97cb1c9b0 krb5-1.15.2-7.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c1b8e0176c freetype-2.7.1-10.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a2e230b9d net-snmp-5.7.3-26.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9d8876b830 samba-4.6.13-0.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-18c1baca23 qt5-qtbase-5.9.4-4.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-71fac70309 patch-2.7.6-3.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5e5bb3f1fb koji-1.15.0-4.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-53c4737dfb git-2.13.6-3.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4c127acb0f libwebp-0.6.1-5.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4c28b00507 gnutls-3.5.18-2.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-be760d6d28 libidn2-2.0.4-3.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-800cf2f81e ethtool-4.15-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0be6ceb3e0 python2-2.7.14-5.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d94e205df8 wavpack-5.1.0-7.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-70fbfc5434 pcre-8.41-6.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c753faab74 zerofree-1.1.1-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b7b864a29e breeze-icon-theme-5.43.0-1.fc26 extra-cmake-modules-5.43.0-1.fc26 kf5-5.43.0-1.fc26 kf5-attica-5.43.0-1.fc26 kf5-baloo-5.43.0-1.fc26 kf5-bluez-qt-5.43.0-1.fc26 kf5-frameworkintegration-5.43.0-2.fc26 kf5-kactivities-5.43.0-2.fc26 kf5-kactivities-stats-5.43.0-2.fc26 kf5-kapidox-5.43.0-1.fc26 kf5-karchive-5.43.0-1.fc26 kf5-kauth-5.43.0-1.fc26 kf5-kbookmarks-5.43.0-2.fc26 kf5-kcmutils-5.43.0-3.fc26 kf5-kcodecs-5.43.0-1.fc26 kf5-kcompletion-5.43.0-1.fc26 kf5-kconfig-5.43.0-1.fc26 kf5-kconfigwidgets-5.43.0-1.fc26 kf5-kcoreaddons-5.43.0-1.fc26 kf5-kcrash-5.43.0-1.fc26 kf5-kdbusaddons-5.43.0-1.fc26 kf5-kdeclarative-5.43.0-2.fc26 kf5-kded-5.43.0-3.fc26 kf5-kdelibs4support-5.43.0-3.fc26 kf5-kdesignerplugin-5.43.0-2.fc26 kf5-kdesu-5.43.0-1.fc26 kf5-kdewebkit-5.43.0-2.fc26 kf5-kdnssd-5.43.0-1.fc26 kf5-kdoctools-5.43.0-1.fc26 kf5-kemoticons-5.43.0-1.fc26 kf5-kfilemetadata-5.43.0-1.fc26 kf5-kglobalaccel-5.43.0-1.fc26 kf5-kguiad dons-5.43.0-1.fc26 kf5-khtml-5.43.0-3.fc26 kf5-ki18n-5.43.0-1.fc26 kf5-kiconthemes-5.43.0-1.fc26 kf5-kidletime-5.43.0-1.fc26 kf5-kimageformats-5.43.0-1.fc26 kf5-kinit-5.43.0-2.fc26 kf5-kio-5.43.0-3.fc26 kf5-kirigami2-5.43.0-1.fc26 kf5-kitemmodels-5.43.0-1.fc26 kf5-kitemviews-5.43.0-1.fc26 kf5-kjobwidgets-5.43.0-1.fc26 kf5-kjs-5.43.0-1.fc26 kf5-kjsembed-5.43.0-1.fc26 kf5-kmediaplayer-5.43.0-2.fc26 kf5-knewstuff-5.43.0-2.fc26 kf5-knotifications-5.43.0-1.fc26 kf5-knotifyconfig-5.43.0-2.fc26 kf5-kpackage-5.43.0-1.fc26 kf5-kparts-5.43.0-2.fc26 kf5-kpeople-5.43.0-1.fc26 kf5-kplotting-5.43.0-1.fc26 kf5-kpty-5.43.0-1.fc26 kf5-kross-5.43.0-2.fc26 kf5-krunner-5.43.0-3.fc26 kf5-kservice-5.43.0-1.fc26 kf5-ktexteditor-5.43.0-3.fc26 kf5-ktextwidgets-5.43.0-1.fc26 kf5-kunitconversion-5.43.0-1.fc26 kf5-kwallet-5.43.0-1.fc26 kf5-kwayland-5.43.0-1.fc26 kf5-kwidgetsaddons-5.43.0-1.fc26 kf5-kwindowsystem-5.43.0-1.fc26 kf5-kxmlgui-5.43.0-1.fc26 kf5-kxmlrpcclient-5.43.0-2.fc26 kf5-modemmanager-qt-5.43.0- 1.fc26 kf5-networkmanager-qt-5.43.0-1.fc26 kf5-plasma-5.43.0-3.fc26 kf5-prison-5.43.0-1.fc26 kf5-purpose-5.43.0-1.fc26 kf5-solid-5.43.0-2.fc26 kf5-sonnet-5.43.0-1.fc26 kf5-syntax-highlighting-5.43.0-1.fc26 kf5-threadweaver-5.43.0-1.fc26 oxygen-icon-theme-5.43.0-1.fc26 qqc2-desktop-style-5.43.0-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-562467e141 sssd-1.16.0-7.fc26 The following builds have been pushed to Fedora 26 updates-testing compat-gcc-34-3.4.6-46.fc26 datagrepper-0.9.1-2.fc26 freexl-1.0.5-1.fc26 golang-github-oschwald-geoip2-golang-1.2.0-1.fc26 iptables-1.6.2-1.fc26 lcgdm-1.10.0-5.fc26 leptonica-1.74.4-4.fc26 libnftnl-1.0.9-2.fc26 lynis-2.6.2-1.fc26 mingw-leptonica-1.74.4-3.fc26 nftables-0.8.2-2.fc26 nodejs-6.13.0-1.fc26 nsd-4.1.20-1.fc26 paraview-5.4.1-13.fc26 perl-DateTime-Format-Flexible-0.29-1.fc26 php-cs-fixer-2.2.17-1.fc26 qbittorrent-4.0.4-1.fc26 qt-virt-manager-0.52.80-1.fc26 quagga-1.2.2-2.fc26 sharutils-4.15.2-6.fc26 spglib-1.10.3-1.fc26 synergy-1.8.8-3.fc26 systemtap-3.2-7.fc26 Details about builds: ================================================================================ compat-gcc-34-3.4.6-46.fc26 (FEDORA-2018-61e0f160ba) Compatibility GNU Compiler Collection -------------------------------------------------------------------------------- Update Information: Update the compat-gcc-34 package to work on F26 and F27. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514870 - Cannot install compat-gcc-34-c++ // nothing provides libstdc++ < 7.0.0 https://bugzilla.redhat.com/show_bug.cgi?id=1514870 [ 2 ] Bug #1534033 - gcc34 cannot create static executables https://bugzilla.redhat.com/show_bug.cgi?id=1534033 [ 3 ] Bug #1423303 - compat-gcc-34: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1423303 -------------------------------------------------------------------------------- ================================================================================ datagrepper-0.9.1-2.fc26 (FEDORA-2018-80f105a556) A webapp to query fedmsg history -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ freexl-1.0.5-1.fc26 (FEDORA-2018-5573046c3b) Library to extract data from within an Excel spreadsheet -------------------------------------------------------------------------------- Update Information: Fixes several heap-buffer-overflows, see related Bugzilla tickets! -------------------------------------------------------------------------------- References: [ 1 ] Bug #1547892 - heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record of FreeXL 1.0.4 https://bugzilla.redhat.com/show_bug.cgi?id=1547892 [ 2 ] Bug #1547889 - heap-buffer-overflow in freexl.c:383 parse_unicode_string of FreeXL 1.0.4 https://bugzilla.redhat.com/show_bug.cgi?id=1547889 [ 3 ] Bug #1547885 - heap-buffer-overflow in freexl.c:1866 parse_SST of FreeXL 1.0.4 https://bugzilla.redhat.com/show_bug.cgi?id=1547885 [ 4 ] Bug #1547883 - heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST https://bugzilla.redhat.com/show_bug.cgi?id=1547883 [ 5 ] Bug #1547879 - heap-buffer-overflow in freexl::destroy_cell of FreeXL 1.0.4 https://bugzilla.redhat.com/show_bug.cgi?id=1547879 -------------------------------------------------------------------------------- ================================================================================ golang-github-oschwald-geoip2-golang-1.2.0-1.fc26 (FEDORA-2018-cf1457e528) GeoIP2 lookup library for Go -------------------------------------------------------------------------------- Update Information: Update to version 1.2.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1547481 - golang-github-oschwald-geoip2-golang-v1.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1547481 -------------------------------------------------------------------------------- ================================================================================ iptables-1.6.2-1.fc26 (FEDORA-2018-e3590e7463) Tools for managing Linux kernel packet filtering capabilities -------------------------------------------------------------------------------- Update Information: http://www.netfilter.org/projects/iptables/files/changes-iptables-1.6.2.txt -------------------------------------------------------------------------------- References: [ 1 ] Bug #1417323 - iptables-1.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1417323 -------------------------------------------------------------------------------- ================================================================================ lcgdm-1.10.0-5.fc26 (FEDORA-2018-7877b30d1e) LHC Computing Grid Data Management -------------------------------------------------------------------------------- Update Information: * new upstream release ---- * new upstream release -------------------------------------------------------------------------------- ================================================================================ leptonica-1.74.4-4.fc26 (FEDORA-2018-4f810ecfaf) C library for efficient image processing and image analysis operations -------------------------------------------------------------------------------- Update Information: This update backports security fixes for CVE-2018-3836, CVE-2018-7186 and CVE-2018-7247. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1547133 - CVE-2018-7247 mingw-leptonica: leptonica: Unsanitized input in pixHtmlViewer in prog/htmlviewer.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1547133 [ 2 ] Bug #1542009 - CVE-2018-3836 CVE-2018-7186 mingw-leptonica: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1542009 [ 3 ] Bug #1547126 - CVE-2018-7247 leptonica: Unsanitized input in pixHtmlViewer in prog/htmlviewer.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1547126 [ 4 ] Bug #1542008 - CVE-2018-3836 CVE-2018-7186 leptonica: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1542008 -------------------------------------------------------------------------------- ================================================================================ libnftnl-1.0.9-2.fc26 (FEDORA-2018-e3590e7463) Library for low-level interaction with nftables Netlink's API over libmnl -------------------------------------------------------------------------------- Update Information: http://www.netfilter.org/projects/iptables/files/changes-iptables-1.6.2.txt -------------------------------------------------------------------------------- References: [ 1 ] Bug #1417323 - iptables-1.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1417323 -------------------------------------------------------------------------------- ================================================================================ lynis-2.6.2-1.fc26 (FEDORA-2018-b9c6ab9d8e) Security and system auditing tool -------------------------------------------------------------------------------- Update Information: Update to 2.6.2 (rhbz #1539272) ---- Update to 2.6.1 (rhbz #1539272) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1539272 - lynis-2.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1539272 -------------------------------------------------------------------------------- ================================================================================ mingw-leptonica-1.74.4-3.fc26 (FEDORA-2018-4f810ecfaf) MinGW Windows Leptonica library -------------------------------------------------------------------------------- Update Information: This update backports security fixes for CVE-2018-3836, CVE-2018-7186 and CVE-2018-7247. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1547133 - CVE-2018-7247 mingw-leptonica: leptonica: Unsanitized input in pixHtmlViewer in prog/htmlviewer.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1547133 [ 2 ] Bug #1542009 - CVE-2018-3836 CVE-2018-7186 mingw-leptonica: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1542009 [ 3 ] Bug #1547126 - CVE-2018-7247 leptonica: Unsanitized input in pixHtmlViewer in prog/htmlviewer.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1547126 [ 4 ] Bug #1542008 - CVE-2018-3836 CVE-2018-7186 leptonica: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1542008 -------------------------------------------------------------------------------- ================================================================================ nftables-0.8.2-2.fc26 (FEDORA-2018-e3590e7463) Netfilter Tables userspace utillites -------------------------------------------------------------------------------- Update Information: http://www.netfilter.org/projects/iptables/files/changes-iptables-1.6.2.txt -------------------------------------------------------------------------------- References: [ 1 ] Bug #1417323 - iptables-1.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1417323 -------------------------------------------------------------------------------- ================================================================================ nodejs-6.13.0-1.fc26 (FEDORA-2018-33f6615342) JavaScript runtime -------------------------------------------------------------------------------- Update Information: Update -------------------------------------------------------------------------------- ================================================================================ nsd-4.1.20-1.fc26 (FEDORA-2018-88c502cb4d) Fast and lean authoritative DNS Name Server -------------------------------------------------------------------------------- Update Information: Updated to 4.1.20 (fixup memory leaks) -------------------------------------------------------------------------------- ================================================================================ paraview-5.4.1-13.fc26 (FEDORA-2018-5629e2ec4f) Parallel visualization application -------------------------------------------------------------------------------- Update Information: - Enable VisitBridge support (bz#1546474) - Patched for building VisItBridge plugin -------------------------------------------------------------------------------- References: [ 1 ] Bug #1546474 - Enable VisIt bridge https://bugzilla.redhat.com/show_bug.cgi?id=1546474 -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-Format-Flexible-0.29-1.fc26 (FEDORA-2018-5ea674b664) Flexibly parse strings and turn them into DateTime objects -------------------------------------------------------------------------------- Update Information: This release adds support for parsing dates like "19 February 2018 at 10:33". -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548207 - perl-DateTime-Format-Flexible-0.29 is available https://bugzilla.redhat.com/show_bug.cgi?id=1548207 -------------------------------------------------------------------------------- ================================================================================ php-cs-fixer-2.2.17-1.fc26 (FEDORA-2018-8d8428393b) A tool to automatically fix PHP code style -------------------------------------------------------------------------------- Update Information: Changelog for v2.2.17 --------------------- * bug #3504 NoBlankLinesAfterPhpdocFixer - allow blank line before declare statement (julienfalque) * bug #3522 Remove LOCK_EX (SpacePossum) * bug #3560 SelfAccessorFixer is risky (Slamdunk) * minor #3435 Add tests for general_phpdoc_annotation_remove (BackEndTea) * minor #3484 Create Tokens::findBlockStart (ntzm) * minor #3512 Add missing array typehints (ntzm) * minor #3516 Use null|type instead of ?type in PHPDocs (ntzm) * minor #3518 FixerFactoryTest - Test each priority test file is listed as test (SpacePossum) * minor #3520 Fix typos: ran vs. run (SpacePossum) * minor #3521 Use HTTPS (carusogabriel) * minor #3526 Remove gecko dependency (SpacePossum, keradus, julienfalque) * minor #3531 Backport PHPMD to LTS version to ease maintainability (keradus) * minor #3532 Implement Tokens::findOppositeBlockEdge (ntzm) * minor #3533 DX: SCA - drop src/Resources exclusion (keradus) * minor #3538 Don't use third parameter of Tokens::findBlockStart (ntzm) * minor #3542 Enhancement: Run composer-normalize on Travis CI (localheinz, keradus) * minor #3555 DX: composer.json - drop branch-alias, branch is already following the version (keradus) * minor #3556 DX: Add AutoReview/ComposerTest (keradus) * minor #3559 Don't expose new files under Test namespace (keradus) -------------------------------------------------------------------------------- ================================================================================ qbittorrent-4.0.4-1.fc26 (FEDORA-2018-cf943c3e99) A Bittorrent Client -------------------------------------------------------------------------------- Update Information: 4.0.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1473748 - Qbittorrent 3.3.13 web API does not work with custom clients. https://bugzilla.redhat.com/show_bug.cgi?id=1473748 [ 2 ] Bug #1546526 - qbittorrent-4.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1546526 -------------------------------------------------------------------------------- ================================================================================ qt-virt-manager-0.52.80-1.fc26 (FEDORA-2018-bc0973cd17) Qt Virtual Machine Manager -------------------------------------------------------------------------------- Update Information: some improvements; added Russian, Italian translation; -------------------------------------------------------------------------------- ================================================================================ quagga-1.2.2-2.fc26 (FEDORA-2018-b3e985489b) Routing daemon -------------------------------------------------------------------------------- Update Information: Fixed CVE-2018-5379 - Double free vulnerability in bgpd when processing -------------------------------------------------------------------------------- References: [ 1 ] Bug #1546008 - CVE-2018-5379 quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1546008 [ 2 ] Bug #1546006 - CVE-2018-5380 quagga: bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1546006 [ 3 ] Bug #1546004 - CVE-2018-5381 quagga: Infinite loop issue triggered by invalid OPEN message allows denial-of-service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1546004 [ 4 ] Bug #1546009 - CVE-2018-5378 quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1546009 -------------------------------------------------------------------------------- ================================================================================ sharutils-4.15.2-6.fc26 (FEDORA-2018-4e657bf5e3) The GNU shar utilities for packaging and unpackaging shell archives -------------------------------------------------------------------------------- Update Information: This release fixes a heap buffer overflow when processing a shar archive by unshar tool if the arhive contains overlong lines. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548018 - sharutils: heap-buffer-overflow in find_archive in unshar.c https://bugzilla.redhat.com/show_bug.cgi?id=1548018 -------------------------------------------------------------------------------- ================================================================================ spglib-1.10.3-1.fc26 (FEDORA-2018-f12ea2843b) C library for finding and handling crystal symmetries -------------------------------------------------------------------------------- Update Information: - Update to 1.10.3 -------------------------------------------------------------------------------- ================================================================================ synergy-1.8.8-3.fc26 (FEDORA-2018-137991da60) Share mouse and keyboard between multiple computers over the network -------------------------------------------------------------------------------- Update Information: Revert to 1.8.8 due to users request -------------------------------------------------------------------------------- References: [ 1 ] Bug #1542286 - synergy-2.0.0 should not have been pushed anywhere except rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1542286 -------------------------------------------------------------------------------- ================================================================================ systemtap-3.2-7.fc26 (FEDORA-2018-abaa5db184) Programmable system-wide instrumentation system -------------------------------------------------------------------------------- Update Information: rhbz1546563 (backport fix for removed timers in kernel 4.15) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1546563 - systemtap breaks with kernel 4.15 due to apparent timer changes https://bugzilla.redhat.com/show_bug.cgi?id=1546563 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx