The following Fedora 26 Security updates need testing: Age URL 246 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 77 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 65 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f8a78a5ef squid-4.0.23-1.fc26 40 https://bodhi.fedoraproject.org/updates/FEDORA-2018-db5041e661 bro-2.5.3-1.fc26 27 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c967cee830 dovecot-2.2.34-1.fc26 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-122ea355a7 memcached-1.4.39-2.fc26 16 https://bodhi.fedoraproject.org/updates/FEDORA-2018-505e83d30e webkitgtk4-2.20.0-1.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e03a17fa61 mosquitto-1.4.15-1.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a233dae4ab tomcat-8.0.50-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5673d070df ImageMagick-6.9.9.38-1.fc26 rubygem-rmagick-2.16.0-15.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-010396b4a2 chromium-65.0.3325.181-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-43541091ab libvncserver-0.9.11-3.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6f2df5ab6c librelp-1.2.15-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-331af74020 gd-2.2.5-2.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d5aa3e1d90 bchunk-1.2.2-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c71dd2e199 php-7.1.16-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a61baabbac firefox-59.0.2-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7649fef814 thunderbird-52.7.0-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e672eaf4df nodejs-6.14.0-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d8269e4262 drupal7-7.58-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-922cc2fbaa drupal8-8.3.9-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-02c0e3725e mariadb-10.1.32-1.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 43 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ddd1e5c30a iproute-4.14.1-5.fc26 16 https://bodhi.fedoraproject.org/updates/FEDORA-2018-505e83d30e webkitgtk4-2.20.0-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a37f6f92f7 pcre-8.42-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0ecf7675fc xfce4-settings-4.12.3-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-98ca353528 libdrm-2.4.91-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ab61ad2e1b osinfo-db-20180325-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-005f7a449e enca-1.19-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d4cacdf9bc rpm-4.13.1-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7649fef814 thunderbird-52.7.0-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a61baabbac firefox-59.0.2-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-58a96b7680 passwd-0.80-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-803beecbda publicsuffix-list-20180328-1.fc26 The following builds have been pushed to Fedora 26 updates-testing amarok-2.9.0-1.fc26 ansifilter-2.10-1.fc26 dmlite-1.10.1-3.fc26 highlight-3.42-1.fc26 httpd-2.4.33-1.fc26 jgoodies-common-1.8.1-1.fc26 kernel-4.15.14-200.fc26 lollypop-0.9.403-1.fc26 mate-themes-3.22.16-1.fc26 mod_http2-1.10.16-1.fc26 openssl-1.1.0h-1.fc26 salt-2017.7.5-1.fc26 Details about builds: ================================================================================ amarok-2.9.0-1.fc26 (FEDORA-2018-537a1b8cd0) Media player -------------------------------------------------------------------------------- Update Information: New upstream release, includes many bugfixes and improvements, see also: https://amarok.kde.org/en/node/888 -------------------------------------------------------------------------------- ================================================================================ ansifilter-2.10-1.fc26 (FEDORA-2018-e28a509cef) ANSI terminal escape code converter -------------------------------------------------------------------------------- Update Information: - Updated to new 2.10 upstream version, fixes rhbz #1552957 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1552957 - ansifilter-2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1552957 -------------------------------------------------------------------------------- ================================================================================ dmlite-1.10.1-3.fc26 (FEDORA-2018-a4034d84bd) Lcgdm grid data management and storage framework -------------------------------------------------------------------------------- Update Information: dmlite 1.10 is a major update to DPM internals including Dome. ---- dmlite 1.10 is a major update to DPM internals including Dome. ---- dmlite 1.10 is a major update to DPM internals including Dome. ---- * new upstream release -------------------------------------------------------------------------------- ================================================================================ highlight-3.42-1.fc26 (FEDORA-2018-2ef5c8a9a6) Universal source code to formatted text converter -------------------------------------------------------------------------------- Update Information: - Updated to new 3.42 upstream version -------------------------------------------------------------------------------- ================================================================================ httpd-2.4.33-1.fc26 (FEDORA-2018-22b25bab31) Apache HTTP Server -------------------------------------------------------------------------------- Update Information: This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release: * *Low*: Possible out of bound read in mod_cache_socache (CVE-2018-1303) * *Low*: Possible out of bound access after failure in reading the HTTP request (CVE-2018-1301) * *Low*: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312) * *Low*: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715) * *Low*: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710) * *Moderate*: Tampering of mod_session data for CGI applications (CVE-2018-1283) For more information about changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.33 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1560174 - httpd-2.4.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=1560174 [ 2 ] Bug #1560618 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing newline in the file name [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560618 [ 3 ] Bug #1560644 - CVE-2018-1301 httpd: Out of bound access after failure in reading the HTTP request [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560644 [ 4 ] Bug #1560635 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560635 [ 5 ] Bug #1560400 - CVE-2018-1303 httpd: http: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560400 [ 6 ] Bug #1560396 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560396 [ 7 ] Bug #1560616 - CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560616 -------------------------------------------------------------------------------- ================================================================================ jgoodies-common-1.8.1-1.fc26 (FEDORA-2018-ea73b77275) Common library shared by JGoodies libraries and applications -------------------------------------------------------------------------------- Update Information: * Marked classes ArrayListModel and LinkedListModel as final. * Replaced files package.html by package-info.java. -------------------------------------------------------------------------------- ================================================================================ kernel-4.15.14-200.fc26 (FEDORA-2018-18754260e4) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.15.14 update contains a number of important fixes across the tree. ---- The 4.15.13 update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558977 - NFS mounts failing when keytab present https://bugzilla.redhat.com/show_bug.cgi?id=1558977 [ 2 ] Bug #1511786 - 4.13+ kernels (nouveau) don't provide nv_backlight https://bugzilla.redhat.com/show_bug.cgi?id=1511786 -------------------------------------------------------------------------------- ================================================================================ lollypop-0.9.403-1.fc26 (FEDORA-2018-84507d1bcc) Music player for GNOME -------------------------------------------------------------------------------- Update Information: Update to 0.9.403 ---- - Update lollypop-portal to 0.9.7 ---- Update to 0.9.402 ---- Update to 0.9.401 ---- Update to 0.9.400 -------------------------------------------------------------------------------- ================================================================================ mate-themes-3.22.16-1.fc26 (FEDORA-2018-efec265fdf) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: - update to 3.22.16 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1559045 - gtk+ "Foreign drawing" broken under MATE https://bugzilla.redhat.com/show_bug.cgi?id=1559045 -------------------------------------------------------------------------------- ================================================================================ mod_http2-1.10.16-1.fc26 (FEDORA-2018-6855fa237d) module implementing HTTP/2 for Apache 2 -------------------------------------------------------------------------------- Update Information: This update includes the latest upstream release of mod_http2, version 1.10.16. This includes a security fix (CVE-2018-1302): When an HTTP/2 stream was destroyed after being handled, mod_http2 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1561570 - CVE-2018-1302 mod_http2: httpd: Use-after-free on HTTP/2 stream shutdown [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1561570 [ 2 ] Bug #1560627 - CVE-2018-1302 httpd: Use-after-free on HTTP/2 stream shutdown [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560627 -------------------------------------------------------------------------------- ================================================================================ openssl-1.1.0h-1.fc26 (FEDORA-2018-40dc8b8b16) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information: Minor update to version 1.1.0h. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1561260 - CVE-2018-0733 openssl: Implementation bug in PA-RISC CRYPTO_memcmp function allows attackers to forge authenticated messages in a reduced number of attempts https://bugzilla.redhat.com/show_bug.cgi?id=1561260 [ 2 ] Bug #1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1561266 -------------------------------------------------------------------------------- ================================================================================ salt-2017.7.5-1.fc26 (FEDORA-2018-24642bfc00) A parallel remote execution system -------------------------------------------------------------------------------- Update Information: Update to feature release 2017.7.5-1 for Python 2 ---- Update to feature release 2017.7.4 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
