The following Fedora 33 Security updates need testing: Age URL 219 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c shim-15.4-1 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-31012ee5a0 rpki-client-7.5-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-cfadac570a vim-8.2.3582-1.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ac23d9e47f freerdp-2.4.1-1.fc33 gnome-boxes-3.38.2-3.fc33 gnome-remote-desktop-0.1.9-3.fc33 guacamole-server-1.3.0-9.fc33 hydra-9.2-3.fc33 medusa-2.2-14.20181216git292193b.fc33 pidgin-sipe-1.25.0-7.fc33 remmina-1.4.21-1.fc33 vinagre-3.22.0-21.fc33 weston-8.0.0-7.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-013ab302be js-jquery-ui-1.13.0-1.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-f36ffd91af wordpress-5.8.2-1.fc33 The following Fedora 33 Critical Path updates have yet to be approved: Age URL 238 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb PackageKit-1.2.3-1.fc33 173 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4797e362b3 abrt-2.14.6-1.fc33 libreport-2.15.1-1.fc33 satyr-0.37-2.fc33 89 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4ccf3840ed gnome-shell-3.38.6-1.fc33 mutter-3.38.6-1.fc33 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-daa75353ff hwdata-0.353-1.fc33 9 https://bodhi.fedoraproject.org/updates/FEDORA-2021-8ece66acb6 libseccomp-2.5.3-1.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6b0de8ad53 ethtool-5.15-1.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ac23d9e47f freerdp-2.4.1-1.fc33 gnome-boxes-3.38.2-3.fc33 gnome-remote-desktop-0.1.9-3.fc33 guacamole-server-1.3.0-9.fc33 hydra-9.2-3.fc33 medusa-2.2-14.20181216git292193b.fc33 pidgin-sipe-1.25.0-7.fc33 remmina-1.4.21-1.fc33 vinagre-3.22.0-21.fc33 weston-8.0.0-7.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ecbf8a75c2 kernel-5.14.18-100.fc33 The following builds have been pushed to Fedora 33 updates-testing cockpit-navigator-0.5.6-1.fc33 corosync-3.1.6-1.fc33 dkms-3.0.1-1.fc33 freeipa-4.9.6-3.fc33 fzf-0.28.0-1.fc33 golang-github-alecthomas-kong-0.2.18-1.fc33 golang-github-gobuffalo-flect-0.2.4-1.fc33 golang-github-yuin-goldmark-1.4.4-1.fc33 libldb-2.2.3-1.fc33 libxls-1.6.2-5.fc33 pungi-4.3.2-2.fc33 roundcubemail-1.4.12-1.fc33 samba-4.13.14-2.fc33 sasutils-0.3.12-1.fc33 xrootd-5.3.3-1.fc33 Details about builds: ================================================================================ cockpit-navigator-0.5.6-1.fc33 (FEDORA-2021-5f0522a73e) A File System Browser for Cockpit -------------------------------------------------------------------------------- Update Information: Fix mangling of large files during upload -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 15 2021 Stephen Gallagher <sgallagh@xxxxxxxxxx> 0.5.6-1 - Fix mangling of large files during upload * Tue Oct 5 2021 Stephen Gallagher <sgallagh@xxxxxxxxxx> 0.5.5-1 - Update to 0.5.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2010537 - cockpit-navigator-0.5.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2010537 -------------------------------------------------------------------------------- ================================================================================ corosync-3.1.6-1.fc33 (FEDORA-2021-1a32cc5ca7) The Corosync Cluster Engine and Application Programming Interfaces -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 15 2021 Jan Friesse <jfriesse@xxxxxxxxxx> - 3.1.6-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ dkms-3.0.1-1.fc33 (FEDORA-2021-0f8577f295) Dynamic Kernel Module Support Framework -------------------------------------------------------------------------------- Update Information: Update to 3.0.0, major cleanup and refactor. Solves the issues of kernel modules disappearing if *both* an updated DKMS module package and a new kernel are in the same YUM/DNF transaction. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 15 2021 Simone Caronni <negativo17@xxxxxxxxx> - 3.0.1-1 - Update to 3.0.1. - Re-enable modprobe on install. * Mon Nov 8 2021 Simone Caronni <negativo17@xxxxxxxxx> - 3.0.0-1 - Update to 3.0.0. * Sat Oct 30 2021 Simone Caronni <negativo17@xxxxxxxxx> - 2.8.8-1 - Update to 2.8.8. * Fri Oct 1 2021 Simone Caronni <negativo17@xxxxxxxxx> - 2.8.7-1 - Update to 2.8.7. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2018763 - dkms-2.8.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2018763 -------------------------------------------------------------------------------- ================================================================================ freeipa-4.9.6-3.fc33 (FEDORA-2021-218ec2d434) The Identity, Policy and Audit system -------------------------------------------------------------------------------- Update Information: Update to latest samba and libldb release (addressing various CVEs) and rebuild freeipa -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 11 2021 Alexander Bokovoy <abokovoy@xxxxxxxxxx> - 4.9.6-3 - Hardening for CVE-2020-25717 part 2 - Handle S4U for users from trusted domains * Wed Nov 10 2021 Alexander Bokovoy <abokovoy@xxxxxxxxxx> - 4.9.6-2 - Hardening for CVE-2020-25717 - Generate SIDs for IPA users and groups by default - Verify MS-PAC consistency when it is generated or validated - Rebuild against samba-4.13.14 - Resolves: rhbz#2021720 - Synchronize with RHEL 8.5 patches for FreeIPA 4.9.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2019660 - CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication https://bugzilla.redhat.com/show_bug.cgi?id=2019660 [ 2 ] Bug #2019666 - CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2019666 [ 3 ] Bug #2019672 - CVE-2020-25717 samba: A user in an AD Domain could become root on domain members https://bugzilla.redhat.com/show_bug.cgi?id=2019672 [ 4 ] Bug #2019726 - CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC https://bugzilla.redhat.com/show_bug.cgi?id=2019726 [ 5 ] Bug #2019732 - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets https://bugzilla.redhat.com/show_bug.cgi?id=2019732 [ 6 ] Bug #2019764 - CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored https://bugzilla.redhat.com/show_bug.cgi?id=2019764 [ 7 ] Bug #2021726 - CVE-2021-3738 samba: Use after free in Samba AD DC RPC server https://bugzilla.redhat.com/show_bug.cgi?id=2021726 [ 8 ] Bug #2021728 - CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) https://bugzilla.redhat.com/show_bug.cgi?id=2021728 -------------------------------------------------------------------------------- ================================================================================ fzf-0.28.0-1.fc33 (FEDORA-2021-507eaf89eb) A command-line fuzzy finder written in Go -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 15 2021 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> 0.28.0-1 - Update to latest version (#2014738) * Wed Jul 21 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.27.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2014738 - fzf-0.28.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2014738 -------------------------------------------------------------------------------- ================================================================================ golang-github-alecthomas-kong-0.2.18-1.fc33 (FEDORA-2021-a3c94edbae) Command-line parser for Go -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 15 2021 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> 0.2.18-1 - Update to latest version (#2020027) * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.17-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2020027 - golang-github-alecthomas-kong-0.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=2020027 -------------------------------------------------------------------------------- ================================================================================ golang-github-gobuffalo-flect-0.2.4-1.fc33 (FEDORA-2021-829d774728) Inflection engine for Golang -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 15 2021 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> 0.2.4-1 - Update to latest version (#2020120) * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2020120 - golang-github-gobuffalo-flect-0.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2020120 -------------------------------------------------------------------------------- ================================================================================ golang-github-yuin-goldmark-1.4.4-1.fc33 (FEDORA-2021-dac2082750) Markdown parser written in Go -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 15 2021 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> 1.4.4-1 - Update to latest version (#2016351) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2016351 - golang-github-yuin-goldmark-1.4.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2016351 -------------------------------------------------------------------------------- ================================================================================ libldb-2.2.3-1.fc33 (FEDORA-2021-218ec2d434) A schema-less, ldap like, API and database -------------------------------------------------------------------------------- Update Information: Update to latest samba and libldb release (addressing various CVEs) and rebuild freeipa -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 4 2021 Guenther Deschner <gdeschner@xxxxxxxxxx> - 2.2.3-1 - libldb-2.2.3 is required for new samba -------------------------------------------------------------------------------- References: [ 1 ] Bug #2019660 - CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication https://bugzilla.redhat.com/show_bug.cgi?id=2019660 [ 2 ] Bug #2019666 - CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2019666 [ 3 ] Bug #2019672 - CVE-2020-25717 samba: A user in an AD Domain could become root on domain members https://bugzilla.redhat.com/show_bug.cgi?id=2019672 [ 4 ] Bug #2019726 - CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC https://bugzilla.redhat.com/show_bug.cgi?id=2019726 [ 5 ] Bug #2019732 - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets https://bugzilla.redhat.com/show_bug.cgi?id=2019732 [ 6 ] Bug #2019764 - CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored https://bugzilla.redhat.com/show_bug.cgi?id=2019764 [ 7 ] Bug #2021726 - CVE-2021-3738 samba: Use after free in Samba AD DC RPC server https://bugzilla.redhat.com/show_bug.cgi?id=2021726 [ 8 ] Bug #2021728 - CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) https://bugzilla.redhat.com/show_bug.cgi?id=2021728 -------------------------------------------------------------------------------- ================================================================================ libxls-1.6.2-5.fc33 (FEDORA-2021-25e89d9374) Read binary Excel files from C/C++ -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2021-27836 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 16 2021 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> 1.6.2-5 - Fix release * Tue Nov 16 2021 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> 1.6.2-5 - Fix CVE-2021-27836 (#2023409) * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.6.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.6.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2023408 - CVE-2021-27836 libxls: a denial of service via a crafted XLS file https://bugzilla.redhat.com/show_bug.cgi?id=2023408 -------------------------------------------------------------------------------- ================================================================================ pungi-4.3.2-2.fc33 (FEDORA-2021-474baeb685) Distribution compose tool -------------------------------------------------------------------------------- Update Information: pungi-4.3.2-2 fixes a bug in pungi-4.3.2-1 which will cause test phase fail. ---- New pungi release 4.3.2-1 - gather: Load JSON mapping relative to config dir (lsedlar) - gather: Stop requiring all variants/arches in JSON (lsedlar) - doc: make dnf "backend" settings easier to discover (kdreyer) - Remove with_jigdo argument (lsedlar) - Check dependencies after config validation (lsedlar) - default "with_jigdo" to False (kdreyer) - Stop trying to validate non-existent metadata (lsedlar) - test images for metadata deserialization error (fdipretre) - repoclosure: Use --forcearch for dnf repoclosure (lsedlar) - extra_isos: Allow reusing old images (lsedlar) - createiso: Allow reusing old images (lsedlar) - Remove default runroot channel (lsedlar) -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 15 2021 Haibo Lin <hlin@xxxxxxxxxx> - 4.3.2-2 - Backport patch for generating images.json * Thu Nov 11 2021 Haibo Lin <hlin@xxxxxxxxxx> - 4.3.2-1 - gather: Load JSON mapping relative to config dir (lsedlar) - gather: Stop requiring all variants/arches in JSON (lsedlar) - doc: make dnf "backend" settings easier to discover (kdreyer) - Remove with_jigdo argument (lsedlar) - Check dependencies after config validation (lsedlar) - default "with_jigdo" to False (kdreyer) - Stop trying to validate non-existent metadata (lsedlar) - test images for metadata deserialization error (fdipretre) - repoclosure: Use --forcearch for dnf repoclosure (lsedlar) - extra_isos: Allow reusing old images (lsedlar) - createiso: Allow reusing old images (lsedlar) - Remove default runroot channel (lsedlar) -------------------------------------------------------------------------------- ================================================================================ roundcubemail-1.4.12-1.fc33 (FEDORA-2021-43d3c10590) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: **Version 1.4.12** * Enigma: Fix bug where signature verification could fail for non-ascii bodies (#7919) * Fix bug where contacts search didn't work with addressbook_search_mods set to an empty array (#7974) * Fix bug causing some HTML message content to be not centered in Elastic skin (#7911) * Fix bug where consecutive LDAP searches could return wrong results (#8064) * Fix bug where plus characters in attachment filename could have been ignored (#8074) * Fix displaying HTML body with inline images encapsulated using TNEF format (winmail.dat) * Fix handling of custom sender addresses with names (#8106) * Fix shift + drag'n'drop menu not working in Elastic skin with Chrome browser (#8107) * Fix Firefox infinite loading display on mail screen (#8128) * Fix XSS issue in handling attachment filename extension in mimetype mismatch warning (#8193) * Fix SQL injection via some session variables -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 15 2021 Remi Collet <remi@xxxxxxxxxxxx> - 1.4.12-1 - update to 1.4.12 -------------------------------------------------------------------------------- ================================================================================ samba-4.13.14-2.fc33 (FEDORA-2021-218ec2d434) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information: Update to latest samba and libldb release (addressing various CVEs) and rebuild freeipa -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 13 2021 Guenther Deschner <gdeschner@xxxxxxxxxx> - 4.13.14-2 - Fix IPA DC schannel support * Thu Nov 11 2021 Guenther Deschner <gdeschner@xxxxxxxxxx> - 4.13.14-1 - Fix winbind trusted domain regression - related: #2021716 * Tue Nov 9 2021 Guenther Deschner <gdeschner@xxxxxxxxxx> - 4.13.14-0 - Update to Samba 4.13.14 - resolves: #2019660, #2021711 - Security fixes for CVE-2016-2124 - resolves: #2019672, #2021716 - Security fixes for CVE-2020-25717 - resolves: #2019726, #2021718 - Security fixes for CVE-2020-25718 - resolves: #2019732, #2021719 - Security fixes for CVE-2020-25719 - resolves: #2021728, #2021729 - Security fixes for CVE-2020-25721 - resolves: #2019764, #2021721 - Security fixes for CVE-2020-25722 - resolves: #2021726, #2021727 - Security fixes for CVE-2021-3738 - resolves: #2019666, #2021715 - Security fixes for CVE-2021-23192 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2019660 - CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication https://bugzilla.redhat.com/show_bug.cgi?id=2019660 [ 2 ] Bug #2019666 - CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2019666 [ 3 ] Bug #2019672 - CVE-2020-25717 samba: A user in an AD Domain could become root on domain members https://bugzilla.redhat.com/show_bug.cgi?id=2019672 [ 4 ] Bug #2019726 - CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC https://bugzilla.redhat.com/show_bug.cgi?id=2019726 [ 5 ] Bug #2019732 - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets https://bugzilla.redhat.com/show_bug.cgi?id=2019732 [ 6 ] Bug #2019764 - CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored https://bugzilla.redhat.com/show_bug.cgi?id=2019764 [ 7 ] Bug #2021726 - CVE-2021-3738 samba: Use after free in Samba AD DC RPC server https://bugzilla.redhat.com/show_bug.cgi?id=2021726 [ 8 ] Bug #2021728 - CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid) https://bugzilla.redhat.com/show_bug.cgi?id=2021728 -------------------------------------------------------------------------------- ================================================================================ sasutils-0.3.12-1.fc33 (FEDORA-2021-ee88f4e0bb) Serial Attached SCSI (SAS) utilities -------------------------------------------------------------------------------- Update Information: Update to upstream version 0.3.12 with the following fixes: - Fix MutableMapping import error for Python3.8+ - sysfs: keep a non-decodable sysfs attribute as unmodified bytes ---- Update to upstream version 0.3.11 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 15 2021 Stephane Thiell <sthiell@xxxxxxxxxxxx> 0.3.12-1 - update version * Fri Nov 12 2021 Stephane Thiell <sthiell@xxxxxxxxxxxx> 0.3.11-1 - update version * Fri Jul 23 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.3.10-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri Jun 4 2021 Python Maint <python-maint@xxxxxxxxxx> - 0.3.10-6 - Rebuilt for Python 3.10 * Wed Jan 27 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.3.10-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ xrootd-5.3.3-1.fc33 (FEDORA-2021-3ced819781) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: XrootD 5.3.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 16 2021 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.3.3-1 - Update to version 5.3.3 - Drop patches accepted upstream: - 0001-Fix-compilation-failure-on-32-bit-architectures.patch - 0001-Fix-build-failure-on-platforms-where-char-is-unsigne.patch -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
