The following Fedora 31 Security updates need testing: Age URL 32 https://bodhi.fedoraproject.org/updates/FEDORA-2020-c5ec22e14f libuv-1.39.0-1.fc31 nodejs-12.18.4-1.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-098cba75fe singularity-3.6.4-1.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e33acdea18 python2-2.7.18-6.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-58dc592b7b suricata-4.1.9-1.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-3ce0f55bc5 ant-1.10.9-1.fc31 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-de83d27335 firefox-82.0-4.fc31 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-74bf23e1f1 nodejs-12.19.0-1.fc31 The following Fedora 31 Critical Path updates have yet to be approved: Age URL 70 https://bodhi.fedoraproject.org/updates/FEDORA-2020-72bc7df001 libunwind-1.3.1-7.fc31 13 https://bodhi.fedoraproject.org/updates/FEDORA-2020-421372e1e5 jasper-2.0.22-1.fc31 13 https://bodhi.fedoraproject.org/updates/FEDORA-2020-1eadf02f8d samba-4.11.14-0.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-1d5c8eefee perl-5.30.3-456.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e33acdea18 python2-2.7.18-6.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5608fa4a78 perl-Pod-Usage-2.01-1.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-9bb2c6d5af ethtool-5.9-1.fc31 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e2631f234e kernel-5.8.16-100.fc31 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-de83d27335 firefox-82.0-4.fc31 The following builds have been pushed to Fedora 31 updates-testing bugzilla-5.0.6-5.fc31 ceph-14.2.12-1.fc31 inxi-3.1.08-1.fc31 oniguruma-6.9.4-3.fc31 openbgpd-6.8p0-1.fc31 pcre-8.44-2.fc31 perl-CPAN-Perl-Releases-5.20201020-1.fc31 perl-Module-CoreList-5.20201020-1.fc31 rpki-client-6.8p0-1.fc31 tcpreplay-4.3.3-3.fc31 video-downloader-0.5.9-1.fc31 xen-4.12.3-6.fc31 Details about builds: ================================================================================ bugzilla-5.0.6-5.fc31 (FEDORA-2020-d933f06bdb) Bug tracking system -------------------------------------------------------------------------------- Update Information: The way Bugzilla uses the perl module Email::MIME prior to 1.949 to send mail was incorrect but worked because of a bug in Email::MIME. This was fixed and now Bugzilla's use of the module fails. This update patches the issue away. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 19 2020 Emmanuel Seyman <emmanuel@xxxxxxxxx> - 5.0.6-5 - Replace calls to %{__perl} with /usr/bin/perl - Remove contrib/bugzilla-submit (no longers works) (#1835451) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1835451 - raise ValueError, errmsg # 'File Not Found in bugzilla-submit https://bugzilla.redhat.com/show_bug.cgi?id=1835451 [ 2 ] Bug #1855962 - bugzilla can't send non-html email https://bugzilla.redhat.com/show_bug.cgi?id=1855962 -------------------------------------------------------------------------------- ================================================================================ ceph-14.2.12-1.fc31 (FEDORA-2020-595197a38d) User space components of the Ceph file system -------------------------------------------------------------------------------- Update Information: ceph 14.2.12 GA -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 20 2020 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 2:14.2.12-1 - ceph 14.2.12 GA -------------------------------------------------------------------------------- ================================================================================ inxi-3.1.08-1.fc31 (FEDORA-2020-bd17fbef9c) A full featured system information script -------------------------------------------------------------------------------- Update Information: Update to 3.1.08. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 21 2020 Vasiliy N. Glazov <vascom2@xxxxxxxxx> - 3.1.08-1 - Update to 3.1.08 -------------------------------------------------------------------------------- ================================================================================ oniguruma-6.9.4-3.fc31 (FEDORA-2020-353340d24f) Regular expressions library -------------------------------------------------------------------------------- Update Information: As CVE-2020-26159 was proved to be false positive, this rpm reverts the change for CVE-2020-26159 issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 20 2020 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 6.9.4-3 - Revert the previous change, CVE-2020-26159 is marked as false https://github.com/kkos/oniguruma/issues/221 -------------------------------------------------------------------------------- ================================================================================ openbgpd-6.8p0-1.fc31 (FEDORA-2020-4a85f5395b) OpenBGPD Routing Daemon -------------------------------------------------------------------------------- Update Information: OpenBGPD 6.8p0 ============== Portable release based on OpenBSD 6.8. It includes the following changes to the previous release: * In `bgpctl(8)`, the `reload` command now takes a 'reason' argument to use as Administrative Shutdown Communication to its neighbors. * Added `bgpctl(8)` support for VPNv6 in the family option of the `show rib` command. * Added `bgpctl(8)` support for JSON formatted output in various `show` commands. * Support to build OpenBGPD on Alpine Linux added. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 20 2020 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 6.8p0-1 - Upgrade to 6.8p0 (#1889826) * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 6.7p0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1889826 - openbgpd-6.8p0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1889826 -------------------------------------------------------------------------------- ================================================================================ pcre-8.44-2.fc31 (FEDORA-2020-d979670533) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes reading an unitialized memory when compilnig an expression with named groups wwhere a former group name is a prefix of the later group name. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 19 2020 Petr Pisar <ppisar@xxxxxxxxxx> - 8.44-2 - Fix reading an uninitialized memory when populating a name table (upstream bug #2661) -------------------------------------------------------------------------------- ================================================================================ perl-CPAN-Perl-Releases-5.20201020-1.fc31 (FEDORA-2020-d3f393710c) Mapping Perl releases on CPAN to the location of the tarballs -------------------------------------------------------------------------------- Update Information: Update to the latest version -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 21 2020 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 5.20201020-1 - 5.20201020 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1889922 - perl-CPAN-Perl-Releases-5.20201020 is available https://bugzilla.redhat.com/show_bug.cgi?id=1889922 -------------------------------------------------------------------------------- ================================================================================ perl-Module-CoreList-5.20201020-1.fc31 (FEDORA-2020-25cf8bb317) What modules are shipped with versions of perl -------------------------------------------------------------------------------- Update Information: Update to the latest version -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 21 2020 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1:5.20201020-1 - 5.20201020 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1889925 - perl-Module-CoreList-5.20201020 is available https://bugzilla.redhat.com/show_bug.cgi?id=1889925 -------------------------------------------------------------------------------- ================================================================================ rpki-client-6.8p0-1.fc31 (FEDORA-2020-7a271cee9e) RPKI validator to support BGP Origin Validation -------------------------------------------------------------------------------- Update Information: rpki-client 6.8p0 ================= Portable release based on OpenBSD 6.8. It includes the following changes to the previous release: * Improve how repositories are downloaded: do not fetch symlinks and clean extraneous files in the repositories after download using the cryptographically signed RPKI manifest listings. * Fix a bug where `rpki-client` could hang after calling `rsync`. * Remove the `-f` option, no longer needed. * Improved validation of the trust anchors. * Add new option `-s timeout` to make `rpki-client` automatically terminate after a timeout (default 1 hour). This helps when `rpki-client` is run via `cron` to prevent a hanging process to cause problems. Portability improvements: * Replace `warnc()` with `warnx()` + `strerror()` * Replace `b64_pton()` with code using the `libcrypto EVP_Decode*` functionality. * Adjust for OpenSSL 1.1.x compatible use of the `EVP_ENCODE_CTX` struct. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 20 2020 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 6.8p0-1 - Upgrade to 6.8p0 (#1889618) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1889618 - rpki-client-6.8p0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1889618 -------------------------------------------------------------------------------- ================================================================================ tcpreplay-4.3.3-3.fc31 (FEDORA-2020-e45cf8ea43) Replay captured network traffic -------------------------------------------------------------------------------- Update Information: Patch CVE-2020-24265 and CVE-2020-24266. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 21 2020 Bojan Smojver <bojan@rexursive com> - 4.3.3-2 - CVE-2020-24265 * Wed Jul 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.3.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1889806 - CVE-2020-24265 tcpreplay: heap buffer overflow could result in a crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1889806 [ 2 ] Bug #1889807 - CVE-2020-24265 tcpreplay: heap buffer overflow could result in a crash [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1889807 [ 3 ] Bug #1889809 - CVE-2020-24266 tcpreplay: heap buffer overflow in get_l2len() could result in a crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1889809 [ 4 ] Bug #1889810 - CVE-2020-24266 tcpreplay: heap buffer overflow in get_l2len() could result in a crash [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1889810 -------------------------------------------------------------------------------- ================================================================================ video-downloader-0.5.9-1.fc31 (FEDORA-2020-e40ce3d3be) Download videos from websites like YouTube and many others -------------------------------------------------------------------------------- Update Information: Update to 0.5.9 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 21 2020 Artem Polishchuk <ego.cordatus@xxxxxxxxx> - 0.5.9-1 - build(update): 0.5.9 -------------------------------------------------------------------------------- ================================================================================ xen-4.12.3-6.fc31 (FEDORA-2020-722a0a484a) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: x86: Race condition in Xen mapping code [XSA-345] undue deferral of IOMMU TLB flushes [XSA-346] unsafe AMD IOMMU page table updates [XSA-347] -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 20 2020 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.12.3-6 - x86: Race condition in Xen mapping code [XSA-345] - undue deferral of IOMMU TLB flushes [XSA-346] - unsafe AMD IOMMU page table updates [XSA-347] -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx
