The following Fedora 26 Security updates need testing: Age URL 279 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 110 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 98 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f8a78a5ef squid-4.0.23-1.fc26 73 https://bodhi.fedoraproject.org/updates/FEDORA-2018-db5041e661 bro-2.5.3-1.fc26 39 https://bodhi.fedoraproject.org/updates/FEDORA-2018-010396b4a2 chromium-65.0.3325.181-1.fc26 34 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7649fef814 thunderbird-52.7.0-1.fc26 19 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ac348a00ef opencv-3.2.0-15.fc26 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3622f44a12 scummvm-2.0.0-1.fc26 scummvm-tools-2.0.0-1.fc26 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ba4601398 dovecot-2.2.35-1.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7be77249d4 ruby-2.4.4-88.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8b920c2b00 community-mysql-5.7.22-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0c0671072b knot-resolver-2.3.0-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f9e0f1caf7 glusterfs-3.10.12-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6071a600e8 php-7.1.17-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2359c2ae0e drupal7-7.59-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb69078020 xen-4.8.3-4.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1361f39801 ckeditor-4.9.2-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5e8de70380 quassel-0.12.5-1.fc26
The following Fedora 26 Critical Path updates have yet to be approved: Age URL 76 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ddd1e5c30a iproute-4.14.1-5.fc26 34 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7649fef814 thunderbird-52.7.0-1.fc26 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-58d5da4dde osinfo-db-20180416-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6dde187524 redhat-rpm-config-66-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f9e0f1caf7 glusterfs-3.10.12-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb69078020 xen-4.8.3-4.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6d82adbfeb libnfs-1.11.0-1.fc26
The following builds have been pushed to Fedora 26 updates-testing
adapta-gtk-theme-3.93.1.1-1.fc26 httpd-2.4.33-4.fc26 hwdata-0.312-1.fc26 kernel-4.16.6-100.fc26 libpsl-0.18.0-2.fc26 meshlab-2016.12-6.fc26 mock-core-configs-28.4-1.fc26 publicsuffix-list-20180419-1.fc26 python-neomodel-3.2.8-1.fc26 rubygem-cairo-1.15.13-1.fc26
Details about builds:
================================================================================ adapta-gtk-theme-3.93.1.1-1.fc26 (FEDORA-2018-4431aaaba7) An adaptive Gtk+ theme based on Material Design Guidelines -------------------------------------------------------------------------------- Update Information:
- New upstream release -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 27 2018 Bj��rn Esser besser82@fedoraproject.org - 3.93.1.1-1 - New upstream release (#1571772) * Wed Apr 25 2018 Bj��rn Esser besser82@fedoraproject.org - 3.93.0.280-1 - New upstream release (#1571772) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1571772 - adapta-gtk-theme-3.93.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1571772 --------------------------------------------------------------------------------
================================================================================ httpd-2.4.33-4.fc26 (FEDORA-2018-e6d9251471) Apache HTTP Server -------------------------------------------------------------------------------- Update Information:
This update: * fixes the **mod_md** default store directory * fixes a startup failure in certain **mod_ssl** vhost configurations ---- This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release: * *Low*: Possible out of bound read in mod_cache_socache (CVE-2018-1303) * *Low*: Possible out of bound access after failure in reading the HTTP request (CVE-2018-1301) * *Low*: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312) * *Low*: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715) * *Low*: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710) * *Moderate*: Tampering of mod_session data for CGI applications (CVE-2018-1283) For more information about changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.33 -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 16 2018 Joe Orton jorton@redhat.com - 2.4.33-4 - mod_md: change hard-coded default MdStoreDir to state/md (#1563846) * Thu Apr 12 2018 Joe Orton jorton@redhat.com - 2.4.33-3 - mod_ssl: drop implicit 'SSLEngine on' for vhost w/o certs (#1564537) * Fri Mar 30 2018 Adam Williamson awilliam@redhat.com - 2.4.33-2 - Exclude mod_md config file from main package (#1562413) * Wed Mar 28 2018 Joe Orton jorton@redhat.com - 2.4.33-1 - rebase to 2.4.33 (#1560174) - add mod_md subpackage; load mod_proxy_uwsgi by default -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1560174 - httpd-2.4.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=1560174 [ 2 ] Bug #1560618 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing newline in the file name [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560618 [ 3 ] Bug #1560644 - CVE-2018-1301 httpd: Out of bound access after failure in reading the HTTP request [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560644 [ 4 ] Bug #1560635 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560635 [ 5 ] Bug #1560400 - CVE-2018-1303 httpd: http: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560400 [ 6 ] Bug #1560396 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560396 [ 7 ] Bug #1560616 - CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560616 --------------------------------------------------------------------------------
================================================================================ hwdata-0.312-1.fc26 (FEDORA-2018-4505ea7d09) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information:
Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ChangeLog:
* Wed May 2 2018 Vitezslav Crhonek vcrhonek@redhat.com - 0.312-1 - Updated pci, usb and vendor ids. --------------------------------------------------------------------------------
================================================================================ kernel-4.16.6-100.fc26 (FEDORA-2018-884a105c04) The Linux kernel -------------------------------------------------------------------------------- Update Information:
Update to v4.16.6 which contains fixes across the tree ---- Update to v4.16.5 which contains fixes across the tree ---- Rebase to v4.16.4 ---- The 4.15.18 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 30 2018 Jeremy Cline jeremy@jcline.org - 4.16.6-100 - Linux v4.16.6 * Fri Apr 27 2018 Jeremy Cline jeremy@jcline.org - 4.16.5-100 - Fix an issue with bluetooth autosupsend on some XPS 13 9360 (rhbz 1514836) - Fix prlimit64 with RLIMIT_CPU ignored (rhbz 1568337) - Linux v4.16.5 * Fri Apr 27 2018 Peter Robinson pbrobinson@fedoraproject.org - Enable QLogic NICs on ARM * Wed Apr 25 2018 Jeremy Cline jeremy@jcline.org - Fix a kernel oops when using Thunderbolt 3 docks (rhbz 1565131) * Wed Apr 25 2018 Jeremy Cline jeremy@jcline.org - 4.16.4-100 - Linux v4.16.4 rebase - Fix a regression in backlight interfaces for some laptops (rhbz 1571036) * Thu Apr 19 2018 Justin M. Forbes jforbes@fedoraproject.org - 4.15.18-200 - Linux v4.15.18 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1567306 - CVE-2018-1108 kernel: drivers: getrandom(2) unblocks too early after system boot https://bugzilla.redhat.com/show_bug.cgi?id=1567306 --------------------------------------------------------------------------------
================================================================================ libpsl-0.18.0-2.fc26 (FEDORA-2018-61569dd5b6) C library for the Publix Suffix List -------------------------------------------------------------------------------- Update Information:
Recent revision - 20180419 https://github.com/publicsuffix/list/compare/f85ba...81bcd -------------------------------------------------------------------------------- ChangeLog:
* Wed May 2 2018 Yaakov Selkowitz yselkowi@redhat.com - 0.18.0-2 - Rebuilt for publicsuffix-list 20180419 --------------------------------------------------------------------------------
================================================================================ meshlab-2016.12-6.fc26 (FEDORA-2018-69b8f1bb82) A system for processing and editing unstructured 3D triangular meshes -------------------------------------------------------------------------------- Update Information:
Fix Screened Poisson Surface Reconstruction filter -------------------------------------------------------------------------------- ChangeLog:
* Tue May 1 2018 Miro Hron��ok mhroncok@redhat.com - 2016.12-6 - Fix Screened Poisson Surface Reconstruction filter (RHBZ#1559137) (again) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1559137 - Screened Poisson Surface Reconstruction filter missing for Meshlab https://bugzilla.redhat.com/show_bug.cgi?id=1559137 --------------------------------------------------------------------------------
================================================================================ mock-core-configs-28.4-1.fc26 (FEDORA-2018-30d09f06dd) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information:
- Add initial openSUSE distribution targets - provide fedora-29 configs as symlinks to fedora-rawhide - use correct url for local repos for s390x for F27+ [RHBZ#1553678] - add CentOS SCL repositories to EPEL 7 (aarch64 & ppc64le) -------------------------------------------------------------------------------- ChangeLog:
* Wed May 2 2018 Miroslav Such�� msuchy@redhat.com 28.4-1 - requires distribution-gpg-keys with opensuse keys - Add initial openSUSE distribution targets (ngompa13@gmail.com) - provide fedora-29 configs as symlinks to fedora-rawhide - use cp instead of install to preserve symlinks - use correct url for local repos for s390x for F27+ [RHBZ#1553678] - add CentOS SCL repositories to EPEL 7 (aarch64 & ppc64le) (tmz@pobox.com) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1553678 - mock: Incorrect local repository for fedora-rawhide-s390x https://bugzilla.redhat.com/show_bug.cgi?id=1553678 --------------------------------------------------------------------------------
================================================================================ publicsuffix-list-20180419-1.fc26 (FEDORA-2018-61569dd5b6) Cross-vendor public domain suffix database -------------------------------------------------------------------------------- Update Information:
Recent revision - 20180419 https://github.com/publicsuffix/list/compare/f85ba...81bcd -------------------------------------------------------------------------------- ChangeLog:
* Wed May 2 2018 Yaakov Selkowitz yselkowi@redhat.com - 20180419-1 - Recent revision - 20180419 --------------------------------------------------------------------------------
================================================================================ python-neomodel-3.2.8-1.fc26 (FEDORA-2018-1193cf510f) A Python OGM for Neo4j -------------------------------------------------------------------------------- Update Information:
Update to v3.2.8 ---- Updated to 3.2.7 -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ rubygem-cairo-1.15.13-1.fc26 (FEDORA-2018-ca51131132) Ruby bindings for cairo -------------------------------------------------------------------------------- Update Information:
New version 1.15.13 is released. -------------------------------------------------------------------------------- ChangeLog:
* Wed May 2 2018 Mamoru TASAKA mtasaka@fedoraproject.org - 1.15.13-1 - 1.15.13 --------------------------------------------------------------------------------