The following Fedora 28 Security updates need testing: Age URL 386 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 335 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 334 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 210 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297 xerces-c27-2.7.0-28.fc28 162 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c nginx-1.14.1-1.fc28 141 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28 68 https://bodhi.fedoraproject.org/updates/FEDORA-2019-86412405d5 bind-9.11.5-4.P4.fc28 56 https://bodhi.fedoraproject.org/updates/FEDORA-2019-63029a7692 libu2f-host-1.1.8-1.fc28 36 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a thunderbird-60.6.1-1.fc28 34 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0927602e59 chromium-73.0.3683.86-2.fc28 28 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a4ed7400f4 httpd-2.4.39-1.fc28 14 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3193a75b06 poppler-0.62.0-22.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ca4ee3510d java-11-openjdk-11.0.3.7-1.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e71f6f36ac pacemaker-1.1.18-3.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2d5de3342 libqb-1.0.5-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-feac6674b7 ruby-2.5.5-108.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9dfd44e1e9 python-gnupg-0.4.4-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a3edd7e8a drupal8-8.6.15-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d109db9c8a libfilezilla-0.15.1-1.fc28 filezilla-3.41.2-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-f563e66380 drupal7-7.66-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bab3944fee php-7.2.18-1.fc28
The following Fedora 28 Critical Path updates have yet to be approved: Age URL 141 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b nfs-utils-2.3.3-1.rc2.fc28 105 https://bodhi.fedoraproject.org/updates/FEDORA-2019-78153d357c totem-pl-parser-3.26.2-1.fc28 97 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb30467485 ostree-2019.1-2.fc28 rpm-ostree-2019.1-1.fc28 89 https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb4a3023ef iproute-4.20.0-1.fc28 72 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0 dhcp-4.3.6-22.fc28 dnsperf-2.2.1-1.fc28 bind-dyndb-ldap-11.1-13.fc28 bind-9.11.5-2.P1.fc28 51 https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb98bf5ace fedfind-4.2.2-1.fc28 python-productmd-1.20-1.fc28 43 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e60ecc03b4 python-productmd-1.21-1.fc28 36 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a0ae4e93b9 sssd-1.16.4-2.fc28 36 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a thunderbird-60.6.1-1.fc28 27 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19af6a58 libldb-1.4.0-5.fc28.1.3.8 samba-4.8.10-0.fc28 14 https://bodhi.fedoraproject.org/updates/FEDORA-2019-7e1c3c9d19 python-mako-1.0.9-1.fc28 14 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3193a75b06 poppler-0.62.0-22.fc28 14 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9308674cab pcre2-10.33-1.fc28 14 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bc14eac80e libblockdev-2.18-2.fc28 10 https://bodhi.fedoraproject.org/updates/FEDORA-2019-dddd3b8418 ceph-12.2.12-1.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9244c8b209 pungi-4.1.36-1.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2d5de3342 libqb-1.0.5-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b3ab59df83 ethtool-5.0-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c82d274716 dhcp-4.3.6-23.fc28
The following builds have been pushed to Fedora 28 updates-testing
community-mysql-5.7.26-1.fc28 fuse3-3.4.2-6.fc28 guayadeque-0.4.5-0.22.beta1gitddb8cbe.fc28 holland-1.1.15-2.fc28 hwdata-0.323-1.fc28 ipmctl-01.00.00.3455-1.fc28 kernel-5.0.11-100.fc28 mediawriter-4.1.4-1.fc28 mingw-mediawriter-4.1.4-1.fc28 openkim-models-2019.03.31-2.fc28 pam_radius-1.4.0-14.fc28 perl-RDF-NS-Curated-1.002-1.fc28 sayonara-1.3.0-1.git20190428.fc28 vim-go-1.20-2.fc28
Details about builds:
================================================================================ community-mysql-5.7.26-1.fc28 (FEDORA-2019-04e7d39ad3) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information:
**MySQL 5.7.26** **Release notes:** https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html **CVEs fixed:** Unfortunatelly, I don't have the list of truly CVEs affecting Fedora yet comopsed. Here's an upstream list: https://www.oracle.com/technetwork/security- advisory/cpuapr2019-5072813.html#AppendixMSQL -------------------------------------------------------------------------------- ChangeLog:
* Thu May 2 2019 Michal Schorm mschorm@redhat.com - 5.7.26-1 - Rebase to 5.7.26 --------------------------------------------------------------------------------
================================================================================ fuse3-3.4.2-6.fc28 (FEDORA-2019-78fff2916e) File System in Userspace (FUSE) v3 utilities -------------------------------------------------------------------------------- Update Information:
Split fuse3 rpms out into separate package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1696454 - Please include fuse3 and fuse3-libs in EPEL https://bugzilla.redhat.com/show_bug.cgi?id=1696454 --------------------------------------------------------------------------------
================================================================================ guayadeque-0.4.5-0.22.beta1gitddb8cbe.fc28 (FEDORA-2019-1f2205ac43) Music player -------------------------------------------------------------------------------- Update Information:
Update to 0.4.5-0.22.beta1gitddb8cbe -------------------------------------------------------------------------------- ChangeLog:
* Thu May 2 2019 Martin Gansser martinkg@fedoraproject.org - 0.4.5-0.22.beta1gitddb8cbe - Update to 0.4.5-0.22.beta1gitddb8cbe * Tue Apr 16 2019 Martin Gansser martinkg@fedoraproject.org - 0.4.5-0.21.beta1git093f588 - Update to 0.4.5-0.21.beta1git093f588 --------------------------------------------------------------------------------
================================================================================ holland-1.1.15-2.fc28 (FEDORA-2019-8b61f7433b) Pluggable Backup Framework -------------------------------------------------------------------------------- Update Information:
upstream 1.1.15, add dependencies for holland-mysql to relevant subpackages -------------------------------------------------------------------------------- ChangeLog:
* Thu May 2 2019 Pete Travis me@petetravis.com - 1.1.15-2 - add dependencies for holland-mysql to relevant subpackages * Thu May 2 2019 Pete Travis immanetize@fedoraproject.org - 1.1.15-1 - Latest upstream -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1701580 - holland-1.1.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1701580 [ 2 ] Bug #1703567 - Subpackage missing dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1703567 --------------------------------------------------------------------------------
================================================================================ hwdata-0.323-1.fc28 (FEDORA-2019-3ab1dba357) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information:
Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ChangeLog:
* Thu May 2 2019 Vitezslav Crhonek vcrhonek@redhat.com - 0.323-1 - Updated pci, usb and vendor ids. --------------------------------------------------------------------------------
================================================================================ ipmctl-01.00.00.3455-1.fc28 (FEDORA-2019-8546984040) Utility for managing Intel Optane DC persistent memory modules -------------------------------------------------------------------------------- Update Information:
Release 01.00.00.3455 -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 26 2019 Juston Li juston.li@intel.com - 01.00.00.3455-1 - Release 01.00.00.3455 --------------------------------------------------------------------------------
================================================================================ kernel-5.0.11-100.fc28 (FEDORA-2019-a6cd583a8d) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 5.0.11 update contains a number of important fixes across the tree. Note there were no changes to headers or tools so there are no builds for those. ---- The 5.0.10 update contains a number of important fixes across the tree. Note there were no changes to the headers or tools packages so there are no builds for them -------------------------------------------------------------------------------- ChangeLog:
* Thu May 2 2019 Laura Abbott labbott@redhat.com - 5.0.11-100 - Linux v5.0.11 * Tue Apr 30 2019 Hans de Goede hdegoede@redhat.com - Fix wifi on various ideapad models not working (rhbz#1703338) * Mon Apr 29 2019 Laura Abbott labbott@redhat.com - 5.0.10-100 - Linux v5.0.10 * Thu Apr 25 2019 Justin M. Forbes jforbes@fedoraproject.org - Fix CVE-2019-3900 (rhbz 1698757 1702940) * Tue Apr 23 2019 Jeremy Cline jcline@redhat.com - Allow modules signed by keys in the platform keyring (rbhz 1701096) * Tue Apr 23 2019 Justin M. Forbes jforbes@fedoraproject.org - Fix CVE-2019-9503 rhbz 1701842 1701843 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1701842 - CVE-2019-9503 kernel: brcmfmac frame validation bypass https://bugzilla.redhat.com/show_bug.cgi?id=1701842 [ 2 ] Bug #1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1698757 --------------------------------------------------------------------------------
================================================================================ mediawriter-4.1.4-1.fc28 (FEDORA-2019-143b08ad16) Fedora Media Writer -------------------------------------------------------------------------------- Update Information:
Update to 4.1.4. The main highlight is the fix for missing Fedora Silverblue variant of Fedora 30. ---- Update to 4.1.3. Mostly a bugfix release. ---- Update to 4.1.2 -------------------------------------------------------------------------------- ChangeLog:
* Thu May 2 2019 Tom���� Popela tpopela@redhat.com - 4.1.4-1 - Update to 4.1.4 * Sun Apr 21 2019 Martin B����za m@rtinbriza.cz - 4.1.3-1 - Update to 4.1.3 - Resolves #1574717 * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 4.1.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1705469 - mingw-mediawriter-4.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1705469 [ 2 ] Bug #1700531 - mediawriter-4.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1700531 [ 3 ] Bug #1664530 - Fedora 29 Media Writer crashes on Windows 7/10 when Server image is selected https://bugzilla.redhat.com/show_bug.cgi?id=1664530 [ 4 ] Bug #1611590 - mingw-mediawriter-4.1.2.90 is available https://bugzilla.redhat.com/show_bug.cgi?id=1611590 --------------------------------------------------------------------------------
================================================================================ mingw-mediawriter-4.1.4-1.fc28 (FEDORA-2019-143b08ad16) Fedora Media Writer -------------------------------------------------------------------------------- Update Information:
Update to 4.1.4. The main highlight is the fix for missing Fedora Silverblue variant of Fedora 30. ---- Update to 4.1.3. Mostly a bugfix release. ---- Update to 4.1.2 -------------------------------------------------------------------------------- ChangeLog:
* Thu May 2 2019 Tom���� Popela tpopela@redhat.com - 4.1.4-1 - Update to 4.1.4 * Sun Apr 21 2019 Martin B����za m@rtinbriza.cz - 4.1.3-1 - Update to 4.1.3 - Resolves #1664530 * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 4.1.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Aug 2 2018 Martin B����za m@rtinbriza.cz - 4.1.2-1 - Update to 4.1.2 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 4.1.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 4.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1705469 - mingw-mediawriter-4.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1705469 [ 2 ] Bug #1700531 - mediawriter-4.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1700531 [ 3 ] Bug #1664530 - Fedora 29 Media Writer crashes on Windows 7/10 when Server image is selected https://bugzilla.redhat.com/show_bug.cgi?id=1664530 [ 4 ] Bug #1611590 - mingw-mediawriter-4.1.2.90 is available https://bugzilla.redhat.com/show_bug.cgi?id=1611590 --------------------------------------------------------------------------------
================================================================================ openkim-models-2019.03.31-2.fc28 (FEDORA-2019-8b59431556) Open Knowledgebase of Interatomic Models -------------------------------------------------------------------------------- Update Information:
Initial import -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1703235 - Review Request: openkim-models - Open Knowledgebase of Interatomic Models https://bugzilla.redhat.com/show_bug.cgi?id=1703235 --------------------------------------------------------------------------------
================================================================================ pam_radius-1.4.0-14.fc28 (FEDORA-2019-3d1314d6a0) PAM Module for RADIUS Authentication -------------------------------------------------------------------------------- Update Information:
Update match rawhide; see changelog for fixed bugs. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 22 2019 Alexander Scheel ascheel@redhat.com - 1.4.0-14 - Fix NULL-termination of password buffer, garbage contents prior to hashing * Mon Apr 1 2019 Jason Taylor jtfas90@gmail.com - 1.4.0-13 - Fixed broken patch definition * Mon Apr 1 2019 Jason Taylor jtfas90@gmail.com - 1.4.0-12 - Rebuild with gcc buildrequires * Thu Mar 14 2019 Jason Taylor jtfas90@gmail.com - 1.4.0-11 - Rebuilt with patch for password length buffer overflow * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 1.4.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.4.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 1.4.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering releng@fedoraproject.org - 1.4.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering releng@fedoraproject.org - 1.4.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sat Feb 11 2017 Fedora Release Engineering releng@fedoraproject.org - 1.4.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Thu Feb 4 2016 Fedora Release Engineering releng@fedoraproject.org - 1.4.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Thu Jun 18 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ perl-RDF-NS-Curated-1.002-1.fc28 (FEDORA-2019-872695a73b) Curated set of RDF prefixes -------------------------------------------------------------------------------- Update Information:
This release adds a prefix for http://ontologi.es/doap-deps# URI. -------------------------------------------------------------------------------- ChangeLog:
* Thu May 2 2019 Petr Pisar ppisar@redhat.com - 1.002-1 - 1.002 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1704911 - perl-RDF-NS-Curated-1.002 is available https://bugzilla.redhat.com/show_bug.cgi?id=1704911 --------------------------------------------------------------------------------
================================================================================ sayonara-1.3.0-1.git20190428.fc28 (FEDORA-2019-7acb72c9da) A lightweight Qt Audio player -------------------------------------------------------------------------------- Update Information:
Update to 1.3.0-1.git20190428 -------------------------------------------------------------------------------- ChangeLog:
* Thu May 2 2019 Martin Gansser martinkg@fedoraproject.org - 1.3.0-1.git20190428 - Update to 1.3.0-1.git20190428 * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 1.1.1-2.git20180828 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ vim-go-1.20-2.fc28 (FEDORA-2019-7ad77aaa68) Go development plugin for Vim -------------------------------------------------------------------------------- Update Information:
Fix error `E484` when creating a new file. -------------------------------------------------------------------------------- ChangeLog:
* Thu May 2 2019 Nikola Forr�� nforro@redhat.com - 1.20-2 - Install missing directories Resolves: #1704897 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1704897 - "E484: Can't open file /usr/share/vim/vimfiles/templates/hello_world.go" when creating a new file https://bugzilla.redhat.com/show_bug.cgi?id=1704897 --------------------------------------------------------------------------------