The following Fedora 27 Security updates need testing: Age URL 22 https://bodhi.fedoraproject.org/updates/FEDORA-2018-969328b17c jhead-3.00-7.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a0a356fb68 cryptopp-5.6.5-2.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-81e1618ab9 glibc-arm-linux-gnu-2.26-4.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-023baab00f mingw-wavpack-5.1.0-4.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9cd3ff3784 quagga-1.2.2-2.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f4b3fa844 sharutils-4.15.2-8.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2eb691e7d7 freexl-1.0.5-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-60c4aa0e01 nx-libs-3.5.0.33-4.fc27 x2goserver-4.0.1.22-2.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-dc984c59e5 drupal7-7.57-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e27b435a7f libXfont-1.5.4-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f5a3e792f libXfont2-2.0.3-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c5dada34b libXcursor-1.1.15-1.fc27 The following Fedora 27 Critical Path updates have yet to be approved: Age URL 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-dab548649a perl-PathTools-3.74-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f076fcd3c pcre-8.41-6.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2db4bd7ebb zerofree-1.1.1-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a6b436d186 sssd-1.16.0-8.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-108cf7dc52 policycoreutils-2.7-5.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a46d993969 libtevent-0.9.36-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-63caeb457a soxr-0.1.3-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc39bbae38 mpfr-3.1.6-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7aa4244196 glade-3.20.3-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6d151d12f9 libwebp-0.6.1-8.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c5dada34b libXcursor-1.1.15-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f5a3e792f libXfont2-2.0.3-1.fc27 The following builds have been pushed to Fedora 27 updates-testing CGAL-4.11.1-1.fc27 agedu-0-15.20171202.8a8299e.fc27 android-tools-20170311gite7195be7725a-5.fc27 community-mysql-5.7.21-6.fc27 gpxsee-5.2-1.fc27 hunspell-de-0.20161207-1.fc27 kernel-4.15.6-300.fc27 leptonica-1.74.4-5.fc27 libcdio-0.94-5.fc27 libinput-1.10.1-1.fc27 libmspub-0.1.4-1.fc27 libp11-0.4.7-3.fc27 mingw-leptonica-1.74.4-4.fc27 openblas-0.2.20-8.fc27 p11-kit-0.23.10-1.fc27 pcre2-10.31-3.fc27 perl-CryptX-0.053-2.fc27 perl-RDF-NS-20180227-1.fc27 perl-RT-Client-REST-0.51-1.fc27 perl-Test-Harness-3.41-1.fc27 perl-libwww-perl-6.33-1.fc27 powerline-2.6-5.fc27 proselint-0.8.0-4.fc27 publicsuffix-list-20180223-1.fc27 py4j-0.10.6-4.fc27 pylint-1.7.5-1.fc27 pymol-1.9.0-1.20180224svn4178.fc27 pyrenamer-0.6.0-21.fc27 python-sqlalchemy-1.1.17-1.fc27 python2-2.7.14-8.fc27 ravada-0.2.13-1.fc27 runc-1.0.0-19.rc5.git4bb1fe4.fc27 subscription-manager-1.21.2-3.fc27 systemtap-3.2-3.fc27 transtats-cli-0.1.2-1.fc27 vacuum-im-1.3.0-0.8.20180214git01910e9.fc27 vim-8.0.1553-1.fc27 xdg-utils-1.1.2-4.fc27 xen-4.9.1-5.fc27 Details about builds: ================================================================================ CGAL-4.11.1-1.fc27 (FEDORA-2018-40ba2772f2) Computational Geometry Algorithms Library -------------------------------------------------------------------------------- Update Information: New bug-fix release [CGAL-4.11.1]. [CGAL-4.11.1]: https://github.com/CGAL/cgal/releases/tag/releases/CGAL-4.11.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1549340 - CGAL-4.11.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1549340 -------------------------------------------------------------------------------- ================================================================================ agedu-0-15.20171202.8a8299e.fc27 (FEDORA-2018-1a9c4db7e8) An utility for tracking down wasted disk space -------------------------------------------------------------------------------- Update Information: Update to the newest snapshot. -------------------------------------------------------------------------------- ================================================================================ android-tools-20170311gite7195be7725a-5.fc27 (FEDORA-2018-ad3b664827) Android platform tools(adb, fastboot) -------------------------------------------------------------------------------- Update Information: This update fixes Android devices constantly connecting and disconnecting when the "adb" daemon has been launched. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1470740 - adb does not reckognize connected devices https://bugzilla.redhat.com/show_bug.cgi?id=1470740 -------------------------------------------------------------------------------- ================================================================================ community-mysql-5.7.21-6.fc27 (FEDORA-2018-ed0277d513) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information: **MySQL 5.7.21** ldconfig fix -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548331 - ldconfig changes breaks package https://bugzilla.redhat.com/show_bug.cgi?id=1548331 -------------------------------------------------------------------------------- ================================================================================ gpxsee-5.2-1.fc27 (FEDORA-2018-0952a0bb67) GPS log file viewer and analyzer -------------------------------------------------------------------------------- Update Information: News in version **5.2**: * Fixed broken GeoTIFF (Web) Mercator projection * Several minor bug fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548602 - gpxsee-5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1548602 -------------------------------------------------------------------------------- ================================================================================ hunspell-de-0.20161207-1.fc27 (FEDORA-2018-cc58dc2de2) German hunspell dictionaries -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1549640 upgrade to latest release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1549640 - Update hunspell-de to upstream https://bugzilla.redhat.com/show_bug.cgi?id=1549640 -------------------------------------------------------------------------------- ================================================================================ kernel-4.15.6-300.fc27 (FEDORA-2018-8a2bd7195f) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.15.6 update contains a number of important fixes across the tree ---- The 4.15.5 update contains a number of important fixes across the tree -------------------------------------------------------------------------------- References: [ 1 ] Bug #1397041 - Brightness controls doesn't work on MacBook Pro Mid 2015 https://bugzilla.redhat.com/show_bug.cgi?id=1397041 -------------------------------------------------------------------------------- ================================================================================ leptonica-1.74.4-5.fc27 (FEDORA-2018-cbf621a53c) C library for efficient image processing and image analysis operations -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2017-18196. ---- This update backports security fixes for CVE-2018-3836, CVE-2018-7186 and CVE-2018-7247. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1549410 - CVE-2017-18196 leptonica: Mishandled pathnames in /tmp subdirectories can allow users to bypass intended file restrictions https://bugzilla.redhat.com/show_bug.cgi?id=1549410 -------------------------------------------------------------------------------- ================================================================================ libcdio-0.94-5.fc27 (FEDORA-2018-30a8492364) CD-ROM input and control library -------------------------------------------------------------------------------- Update Information: Added patch to fix: CVE-2017-18198 (#1549644) Added patch to fix: CVE-2017-18199 (#1549701) Added patches to fix: CVE-2017-18201 (#1549707) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1549644 - CVE-2017-18198 libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c https://bugzilla.redhat.com/show_bug.cgi?id=1549644 [ 2 ] Bug #1549701 - CVE-2017-18199 libcdio: Null pointer dereference in realloc_symlink in rock.c https://bugzilla.redhat.com/show_bug.cgi?id=1549701 [ 3 ] Bug #1549707 - CVE-2017-18201 libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c https://bugzilla.redhat.com/show_bug.cgi?id=1549707 -------------------------------------------------------------------------------- ================================================================================ libinput-1.10.1-1.fc27 (FEDORA-2018-cde0e0bb14) Input device library -------------------------------------------------------------------------------- Update Information: libinput 1.10.1, fixes a touchpad tapping crash and a few resume/init crashers -------------------------------------------------------------------------------- ================================================================================ libmspub-0.1.4-1.fc27 (FEDORA-2018-457a8e22e9) A library for import of Microsoft Publisher documents -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ================================================================================ libp11-0.4.7-3.fc27 (FEDORA-2018-db9929f301) Library for using PKCS#11 modules -------------------------------------------------------------------------------- Update Information: Add a patch to avoid an error in forking processes (commit cf5e7a3) -------------------------------------------------------------------------------- ================================================================================ mingw-leptonica-1.74.4-4.fc27 (FEDORA-2018-cbf621a53c) MinGW Windows Leptonica library -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2017-18196. ---- This update backports security fixes for CVE-2018-3836, CVE-2018-7186 and CVE-2018-7247. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1549410 - CVE-2017-18196 leptonica: Mishandled pathnames in /tmp subdirectories can allow users to bypass intended file restrictions https://bugzilla.redhat.com/show_bug.cgi?id=1549410 -------------------------------------------------------------------------------- ================================================================================ openblas-0.2.20-8.fc27 (FEDORA-2018-977d3a6bef) An optimized BLAS library based on GotoBLAS2 -------------------------------------------------------------------------------- Update Information: Use proper Fedora linker flags. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548750 - openblas: Partial build flags injection https://bugzilla.redhat.com/show_bug.cgi?id=1548750 -------------------------------------------------------------------------------- ================================================================================ p11-kit-0.23.10-1.fc27 (FEDORA-2018-ae0e6e4949) Library for loading and sharing PKCS#11 modules -------------------------------------------------------------------------------- Update Information: - Update to upstream 0.23.10 release -------------------------------------------------------------------------------- ================================================================================ pcre2-10.31-3.fc27 (FEDORA-2018-e27287a733) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes returning unset groups in POSIX interface if REG_STARTEND has a non-zero starting offset, pcre2test -C to correctly show what \R matches, matching repeated character classes against an 8-bit string containting multi- code-unit characters, and compiler warnings in pcre2grep. It also adds support to pcre2grep for binary zeros in -f files. -------------------------------------------------------------------------------- ================================================================================ perl-CryptX-0.053-2.fc27 (FEDORA-2018-ecd4be3fac) Cryptographic toolkit -------------------------------------------------------------------------------- Update Information: This release fixes decode_b58b input validation. -------------------------------------------------------------------------------- ================================================================================ perl-RDF-NS-20180227-1.fc27 (FEDORA-2018-9d85899558) Popular RDF name space prefixes from prefix.cc -------------------------------------------------------------------------------- Update Information: This releases ignores example.com URLs. It also adds besluit, bgt, geo7, and shui prefixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1549884 - perl-RDF-NS-20180227 is available https://bugzilla.redhat.com/show_bug.cgi?id=1549884 -------------------------------------------------------------------------------- ================================================================================ perl-RT-Client-REST-0.51-1.fc27 (FEDORA-2018-2ff63a0451) Talk to RT using REST protocol -------------------------------------------------------------------------------- Update Information: This release fixes file name parsing in get_attachment_ids() method. It also adds a new method to retrieve attachment metadata. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1550056 - perl-RT-Client-REST-0.51 is available https://bugzilla.redhat.com/show_bug.cgi?id=1550056 -------------------------------------------------------------------------------- ================================================================================ perl-Test-Harness-3.41-1.fc27 (FEDORA-2018-675bf97721) Run Perl standard test scripts with statistics -------------------------------------------------------------------------------- Update Information: This release fixes file source handler to accept single extensions option and non-deterministic source handling. It also adds --statefile option to customize the .prove file, adds support for TAPv13 plan with trailing white spaces and returns a handle for pipes and sockets. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1550055 - perl-Test-Harness-3.41 is available https://bugzilla.redhat.com/show_bug.cgi?id=1550055 -------------------------------------------------------------------------------- ================================================================================ perl-libwww-perl-6.33-1.fc27 (FEDORA-2018-d007de5566) A Perl interface to the World-Wide Web -------------------------------------------------------------------------------- Update Information: This release corrects send_te option handling to unbreak LWP::Parallel::UserAgent and Test::Override::UserAgent. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1549556 - perl-libwww-perl-6.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=1549556 -------------------------------------------------------------------------------- ================================================================================ powerline-2.6-5.fc27 (FEDORA-2018-a07ac6bb95) The ultimate status-line/prompt utility -------------------------------------------------------------------------------- Update Information: Fix powerline requiring both python2 and python3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1546752 - powerline: powerline requires both Python 2 and Python 3 https://bugzilla.redhat.com/show_bug.cgi?id=1546752 [ 2 ] Bug #1514830 - Missing "which" dependency https://bugzilla.redhat.com/show_bug.cgi?id=1514830 -------------------------------------------------------------------------------- ================================================================================ proselint-0.8.0-4.fc27 (FEDORA-2018-2014ebe2e6) A linter for English prose -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433617 - Review Request: proselint - A linter for English prose https://bugzilla.redhat.com/show_bug.cgi?id=1433617 -------------------------------------------------------------------------------- ================================================================================ publicsuffix-list-20180223-1.fc27 (FEDORA-2018-6573d822ec) Cross-vendor public domain suffix database -------------------------------------------------------------------------------- Update Information: Recent revision - 20180223 https://github.com/publicsuffix/list/compare/fcd8cc6...d311456 -------------------------------------------------------------------------------- ================================================================================ py4j-0.10.6-4.fc27 (FEDORA-2018-3c296c1b41) Dynamically access in Python programs to arbitrary Java objects -------------------------------------------------------------------------------- Update Information: provide proper update path, rhbz#1548046 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548046 - py4j renamed to python2-py4j https://bugzilla.redhat.com/show_bug.cgi?id=1548046 -------------------------------------------------------------------------------- ================================================================================ pylint-1.7.5-1.fc27 (FEDORA-2018-9ec3e0edb7) Analyzes Python code looking for bugs and signs of poor quality -------------------------------------------------------------------------------- Update Information: 1.7.5 -------------------------------------------------------------------------------- ================================================================================ pymol-1.9.0-1.20180224svn4178.fc27 (FEDORA-2018-42ac8c298a) PyMOL Molecular Graphics System -------------------------------------------------------------------------------- Update Information: - update to 1.9.0, includes fix for BZ 1539225 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1539225 - Pymol loads wrong coordinates from PDB files in some locales https://bugzilla.redhat.com/show_bug.cgi?id=1539225 -------------------------------------------------------------------------------- ================================================================================ pyrenamer-0.6.0-21.fc27 (FEDORA-2018-5e3e38032c) A mass file renamer -------------------------------------------------------------------------------- Update Information: Fix eyed3 imports. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1549840 - Pyrenamer fails to use eyed3 https://bugzilla.redhat.com/show_bug.cgi?id=1549840 -------------------------------------------------------------------------------- ================================================================================ python-sqlalchemy-1.1.17-1.fc27 (FEDORA-2018-e153b77938) Modular and flexible ORM library for python -------------------------------------------------------------------------------- Update Information: This update contains a new upstream bugfix release. The upstream [changelog](ht tp://docs.sqlalchemy.org/en/latest/changelog/changelog_11.html#change-1.1.17) contains a list of all changes in version 1.1.17. -------------------------------------------------------------------------------- ================================================================================ python2-2.7.14-8.fc27 (FEDORA-2018-76e9d22b5c) An interpreted, interactive, object-oriented programming language -------------------------------------------------------------------------------- Update Information: Fix -Wint-in-bool-context warnings when using Python2's public pymem.h header -------------------------------------------------------------------------------- References: [ 1 ] Bug #1473425 - gcc7 throws error on pymem.h (python2-devel) macros https://bugzilla.redhat.com/show_bug.cgi?id=1473425 -------------------------------------------------------------------------------- ================================================================================ ravada-0.2.13-1.fc27 (FEDORA-2018-19cf2b591c) Remote Virtual Desktops Manager -------------------------------------------------------------------------------- Update Information: Release 0.2.13 -------------------------------------------------------------------------------- ================================================================================ runc-1.0.0-19.rc5.git4bb1fe4.fc27 (FEDORA-2018-82e0e81dc3) CLI for running Open Containers -------------------------------------------------------------------------------- Update Information: RC5 -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.21.2-3.fc27 (FEDORA-2018-86e5b34bdd) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: Numerous bug fixes. -------------------------------------------------------------------------------- ================================================================================ systemtap-3.2-3.fc27 (FEDORA-2018-8ef58b06d9) Programmable system-wide instrumentation system -------------------------------------------------------------------------------- Update Information: rhbz1546563 (backport fix for removed timers in kernel 4.15) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1546563 - systemtap breaks with kernel 4.15 due to apparent timer changes https://bugzilla.redhat.com/show_bug.cgi?id=1546563 -------------------------------------------------------------------------------- ================================================================================ transtats-cli-0.1.2-1.fc27 (FEDORA-2018-b47bb6752e) Transtats command line interface to query transtats server -------------------------------------------------------------------------------- Update Information: Update transtats-cli to version 0.1.2, update -------------------------------------------------------------------------------- ================================================================================ vacuum-im-1.3.0-0.8.20180214git01910e9.fc27 (FEDORA-2018-82d268520b) XMPP/Jabber client -------------------------------------------------------------------------------- Update Information: Update to 1.3.0-0.8.20180214git01910e9 -------------------------------------------------------------------------------- ================================================================================ vim-8.0.1553-1.fc27 (FEDORA-2018-49e643a1ee) The VIM editor -------------------------------------------------------------------------------- Update Information: The newest upstream commit -------------------------------------------------------------------------------- ================================================================================ xdg-utils-1.1.2-4.fc27 (FEDORA-2018-c585d8cf91) Basic desktop integration functions -------------------------------------------------------------------------------- Update Information: Pull in upstream fixes, particularly one to improve xdg-open behavior on lxqt -------------------------------------------------------------------------------- References: [ 1 ] Bug #1505149 - file associations completely broken on lxqt https://bugzilla.redhat.com/show_bug.cgi?id=1505149 -------------------------------------------------------------------------------- ================================================================================ xen-4.9.1-5.fc27 (FEDORA-2018-c553a586c8) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: add Xen page-table isolation (XPTI) mitigation and Branch Target Injection (BTI) mitigation for XSA-254 DoS via non-preemptable L3/L4 pagetable freeing [XSA-252] (#1549568) grant table v2 -> v1 transition may crash Xen [XSA-255] (#1549570) x86 PVH guest without LAPIC may DoS the host [XSA-256] (#1549572) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544456 - CVE-2018-7540 xsa252 xen: DoS via non-preemptable L3/L4 pagetable freeing (XSA-252) https://bugzilla.redhat.com/show_bug.cgi?id=1544456 [ 2 ] Bug #1544459 - CVE-2018-7541 xsa255 xen: grant table v2 -> v1 transition may crash Xen (XSA-255) https://bugzilla.redhat.com/show_bug.cgi?id=1544459 [ 3 ] Bug #1544453 - CVE-2018-7542 xsa256 xen: x86 PVH guest without LAPIC may DoS the host (XSA-256) https://bugzilla.redhat.com/show_bug.cgi?id=1544453 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
