The following Fedora 27 Security updates need testing: Age URL 285 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 217 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408 dpdk-17.08.2-1.fc27 180 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01 nodejs-brace-expansion-1.1.11-1.fc27 172 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219 unrtf-0.21.9-8.fc27 148 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750 mailman-2.1.21-9.fc27 148 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1 openslp-2.0.0-15.fc27 106 https://bodhi.fedoraproject.org/updates/FEDORA-2018-21ffebf41c tomcat-8.0.53-1.fc27 106 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8533a3ef1 unixODBC-2.3.7-1.fc27 55 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc2ba807a6 xerces-c27-2.7.0-28.fc27 28 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4c0b99a9eb drupal7-7.60-2.fc27 28 https://bodhi.fedoraproject.org/updates/FEDORA-2018-60c74d2b16 php-Smarty2-2.6.31-2.fc27 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0363fec36c chromium-70.0.3538.77-4.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c271659b1e nginx-1.14.1-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4ec3eecd7f moodle-3.3.9-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-28b19d8c63 tmux-2.8-2.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-65848eed6d webkitgtk4-2.22.4-1.fc27 The following Fedora 27 Critical Path updates have yet to be approved: Age URL 201 https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27 mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1 161 https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93 upower-0.99.8-1.fc27 125 https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e geoclue2-2.4.11-1.fc27 105 https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c3deae24 iproute-4.17.0-1.fc27 21 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6c6faa135b selinux-policy-3.13.1-284.38.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a864e8515f osinfo-db-20181116-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-65848eed6d webkitgtk4-2.22.4-1.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-692dd693ab thunderbird-60.3.1-1.fc27 The following builds have been pushed to Fedora 27 updates-testing glibc-2.26-32.fc27 ibus-typing-booster-2.2.1-2.fc27 java-runtime-decompiler-2.0-2.fc27 mysql-connector-java-8.0.13-1.fc27 Details about builds: ================================================================================ glibc-2.26-32.fc27 (FEDORA-2018-f27586cce9) The GNU libc libraries -------------------------------------------------------------------------------- Update Information: This update for the `glibc` package addresses one moderate security vulnerability and several defects. * CVE-2018-19591: A file descriptor leak in `if_nametoindex` can lead to a denial of service due to resource exhaustion when processing `getaddrinfo` calls with crafted host names. Reported by Guido Vranken. (RHBZ#1654000) * Failure to create the helper thread for `getaddrinfo_a`/`libanl` could result in a crash. (RHBZ#1646381) * On certain Haswell-class Intel CPUs, string function feature flags could be set incorrectly, leading to a suboptimal choice of string functions. (RHBZ#1641980) * Parallel building of locales led to nondeterminism in the RPM build process. (RHBZ#1652228) * Various minor bug fixes from the upstream 2.26 release branch were imported as part of this update ([swbz#17630](https://sourceware.org/bugzilla/show_bug.cgi?id=17630), [swbz#22446](https://sourceware.org/bugzilla/show_bug.cgi?id=22446), [swbz#22463](https://sourceware.org/bugzilla/show_bug.cgi?id=22463), [swbz#22447](https://sourceware.org/bugzilla/show_bug.cgi?id=22447), [swbz#23562](https://sourceware.org/bugzilla/show_bug.cgi?id=23562), [swbz#23579](https://sourceware.org/bugzilla/show_bug.cgi?id=23579), [swbz#22753](https://sourceware.org/bugzilla/show_bug.cgi?id=22753)). -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Florian Weimer <fweimer@xxxxxxxxxx> - 2.26-32 - Auto-sync with upstream branch release/2.26/master, commit a0bc5dd3bed4b04814047265b3bcead7ab973b87: - CVE-2018-19591: if_nametoindex: Fix descriptor leak (#1654000) - libanl: proper cleanup if first helper thread creation failed (#1646381) - x86: Fix Haswell CPU string flags (#1641980) - resolv/tst-resolv-network.c: Additional test case (swbz#17630) - Disable -Wrestrict for two nptl/tst-attr3.c tests - Fix string/bug-strncat1.c build with GCC 8 - Ignore -Wrestrict for one strncat test - Disable strncat test array-bounds warnings for GCC 8. - Fix string/tester.c build with GCC 8. - Fix nscd readlink argument aliasing (swbz#22446) - nscd: Increase buffer size due to warning from ToT GCC - Fix p_secstodate overflow handling (swbz#22463) - timezone: pacify GCC -Wstringop-truncation - utmp: Avoid -Wstringop-truncation warning - Avoid use of strlen in getlogin_r (swbz#22447) - signal: Use correct type for si_band in siginfo_t (swbz#23562) - Fix misreported errno on preadv2/pwritev2 (swbz#23579) - preadv2/pwritev2: Handle offset == -1 (swbz#22753) - posix_spawn: Fix potential segmentation fault * Mon Nov 26 2018 Florian Weimer <fweimer@xxxxxxxxxx> - 2.26-31 - Do not use parallel make for building locales (#1652228) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1653993 - CVE-2018-19591 glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c https://bugzilla.redhat.com/show_bug.cgi?id=1653993 -------------------------------------------------------------------------------- ================================================================================ ibus-typing-booster-2.2.1-2.fc27 (FEDORA-2018-4a9d6f1827) A completion input method -------------------------------------------------------------------------------- Update Information: Udate pl and uk translations from zanata ---- Inline completion feature added -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Mike FABIAN <mfabian@xxxxxxxxxx> - 2.2.1-2 - Add desktop-file-utils, python3-gobject-base, gtk3, dbus-x11, dconf, and ibus to BuildRequires (without that the build started failing on F28). * Wed Nov 28 2018 Mike FABIAN <mfabian@xxxxxxxxxx> - 2.2.1-1 - Update to 2.2.1 - Update translations from zanata (pl, uk updated) * Wed Nov 21 2018 Mike FABIAN <mfabian@xxxxxxxxxx> - 2.2.0-1 - Update translations from zanata (de updated) - Save some screen space in the setup tool - Add inline completion feature - Tab should force a lookup when the minimum number of characters is not yet reached -------------------------------------------------------------------------------- ================================================================================ java-runtime-decompiler-2.0-2.fc27 (FEDORA-2018-a5bce09d26) Application for extraction and decompilation of JVM byte code -------------------------------------------------------------------------------- Update Information: This is a new package for java-runtime-decompiler, a tool used for extraction of byte code from running JVM. The byte code can be then decompiled using external decompilers back to source code. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1636019 - None https://bugzilla.redhat.com/show_bug.cgi?id=1636019 -------------------------------------------------------------------------------- ================================================================================ mysql-connector-java-8.0.13-1.fc27 (FEDORA-2018-ad2d98a4f5) Official JDBC driver for MySQL -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-3523 CVE-2017-3586 CVE-2017-3589 CVE-2018-3258 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 22 2018 Jakub Janco <jjanco@xxxxxxxxxx> - 1:8.0.13-1 - Update to 8.0.13 * Tue Aug 7 2018 Jakub Janco <jjanco@xxxxxxxxxx> - 1:8.0.12-1 - new version * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:5.1.38-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:5.1.38-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1444759 - CVE-2017-3523 mysql-connector-java: Improper automatic deserialization of binary data (CPU Apr 2017) https://bugzilla.redhat.com/show_bug.cgi?id=1444759 [ 2 ] Bug #1444407 - CVE-2017-3589 mysql-connector-java: Connector/J unspecified vulnerability (CPU Apr 2017) https://bugzilla.redhat.com/show_bug.cgi?id=1444407 [ 3 ] Bug #1444406 - CVE-2017-3586 mysql-connector-java: Connector/J unspecified vulnerability (CPU Apr 2017) https://bugzilla.redhat.com/show_bug.cgi?id=1444406 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx
