The following Fedora 26 Security updates need testing: Age URL 248 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 79 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 67 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f8a78a5ef squid-4.0.23-1.fc26 42 https://bodhi.fedoraproject.org/updates/FEDORA-2018-db5041e661 bro-2.5.3-1.fc26 29 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c967cee830 dovecot-2.2.34-1.fc26 25 https://bodhi.fedoraproject.org/updates/FEDORA-2018-122ea355a7 memcached-1.4.39-2.fc26 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-505e83d30e webkitgtk4-2.20.0-1.fc26 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e03a17fa61 mosquitto-1.4.15-1.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a233dae4ab tomcat-8.0.50-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5673d070df ImageMagick-6.9.9.38-1.fc26 rubygem-rmagick-2.16.0-15.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-010396b4a2 chromium-65.0.3325.181-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-43541091ab libvncserver-0.9.11-3.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6f2df5ab6c librelp-1.2.15-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-331af74020 gd-2.2.5-2.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d5aa3e1d90 bchunk-1.2.2-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c71dd2e199 php-7.1.16-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a61baabbac firefox-59.0.2-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7649fef814 thunderbird-52.7.0-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e672eaf4df nodejs-6.14.0-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d8269e4262 drupal7-7.58-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-922cc2fbaa drupal8-8.3.9-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-02c0e3725e mariadb-10.1.32-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6855fa237d mod_http2-1.10.16-1.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 45 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ddd1e5c30a iproute-4.14.1-5.fc26 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-505e83d30e webkitgtk4-2.20.0-1.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a37f6f92f7 pcre-8.42-1.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0ecf7675fc xfce4-settings-4.12.3-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ab61ad2e1b osinfo-db-20180325-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-005f7a449e enca-1.19-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d4cacdf9bc rpm-4.13.1-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7649fef814 thunderbird-52.7.0-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a61baabbac firefox-59.0.2-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-58a96b7680 passwd-0.80-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-803beecbda publicsuffix-list-20180328-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-18754260e4 kernel-4.15.14-200.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2ef5c8a9a6 highlight-3.42-1.fc26 The following builds have been pushed to Fedora 26 updates-testing httpd-2.4.33-2.fc26 java-1.8.0-openjdk-1.8.0.162-3.b12.fc26 libidn2-2.0.4-4.fc26 persepolis-3.1.0-1.fc26 python37-3.7.0-0.14.b3.fc26 rust-1.25.0-1.fc26 sssd-1.16.1-2.fc26 youtube-dl-2018.03.26.1-1.fc26 Details about builds: ================================================================================ httpd-2.4.33-2.fc26 (FEDORA-2018-22b25bab31) Apache HTTP Server -------------------------------------------------------------------------------- Update Information: This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release: * *Low*: Possible out of bound read in mod_cache_socache (CVE-2018-1303) * *Low*: Possible out of bound access after failure in reading the HTTP request (CVE-2018-1301) * *Low*: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312) * *Low*: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715) * *Low*: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710) * *Moderate*: Tampering of mod_session data for CGI applications (CVE-2018-1283) For more information about changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.33 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1560174 - httpd-2.4.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=1560174 [ 2 ] Bug #1560618 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing newline in the file name [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560618 [ 3 ] Bug #1560644 - CVE-2018-1301 httpd: Out of bound access after failure in reading the HTTP request [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560644 [ 4 ] Bug #1560635 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560635 [ 5 ] Bug #1560400 - CVE-2018-1303 httpd: http: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560400 [ 6 ] Bug #1560396 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560396 [ 7 ] Bug #1560616 - CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560616 -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-1.8.0.162-3.b12.fc26 (FEDORA-2018-a904932bcf) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: Fixed aarch64 build failures on gcc8. ---- updated to u162 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548475 - java-1.8.0-openjdk: Partial build flags injection https://bugzilla.redhat.com/show_bug.cgi?id=1548475 -------------------------------------------------------------------------------- ================================================================================ libidn2-2.0.4-4.fc26 (FEDORA-2018-7e427d9b0d) Library to support IDNA2008 internationalized domain names -------------------------------------------------------------------------------- Update Information: * Added upstream patch to fix silently transliterated decoded domain names (#1556954) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1556954 - libidn2: Silently transliterates decoded domain names https://bugzilla.redhat.com/show_bug.cgi?id=1556954 [ 2 ] Bug #1543010 - idn2: unrecognized option '--nostd3asciirules' https://bugzilla.redhat.com/show_bug.cgi?id=1543010 -------------------------------------------------------------------------------- ================================================================================ persepolis-3.1.0-1.fc26 (FEDORA-2018-1082987a9c) A powerful download manager powered by aria2 -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1561922 - [abrt] persepolis: __init__(): properties.py:190:__init__:TypeError: 'QDateTimeEdit' object is not callable https://bugzilla.redhat.com/show_bug.cgi?id=1561922 [ 2 ] Bug #1562508 - persepolis-3.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1562508 -------------------------------------------------------------------------------- ================================================================================ python37-3.7.0-0.14.b3.fc26 (FEDORA-2018-4294cb82b8) Version 3.7 of the Python interpreter -------------------------------------------------------------------------------- Update Information: Update to 3.7.0b3 -------------------------------------------------------------------------------- ================================================================================ rust-1.25.0-1.fc26 (FEDORA-2018-84f29f35be) The Rust Programming Language -------------------------------------------------------------------------------- Update Information: New version of Rust -- see the release notes for [1.25](https://blog.rust- lang.org/2018/03/29/Rust-1.25.html). Additionally, the new "rustfmt-preview" subpackage provides experimental support for formatting Rust code. -------------------------------------------------------------------------------- ================================================================================ sssd-1.16.1-2.fc26 (FEDORA-2018-5de5bfcbe2) System Security Services Daemon -------------------------------------------------------------------------------- Update Information: resolves: upstream#3573 - sssd won't show netgroups with blank domain upstream#3660 - confdb_expand_app_domains() always fails upstream#3658 - application domain is not interpreted correctly upstream#3687 - kcm: don't pass a non null terminated string to json_loads() upstream#3386 - kcm: payload buffer is too small upstream#3666 - fix usage of str.decode() in our tests a few kcm misc fixes rhbz#1494843 - kcm does not work rhbz#1521110 - sssd-kcm: krb5_cc_cache_match on empty ccache does not work -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494843 - KCM does not work https://bugzilla.redhat.com/show_bug.cgi?id=1494843 [ 2 ] Bug #1521110 - sssd-kcm: krb5_cc_cache_match on empty ccache does not work https://bugzilla.redhat.com/show_bug.cgi?id=1521110 -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2018.03.26.1-1.fc26 (FEDORA-2018-0a6121f39b) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to the latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1556652 - youtube-dl-2018.03.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1556652 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
