The following Fedora 28 Security updates need testing: Age URL 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bfdad62cd6 wireshark-2.4.5-3.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d305559481 mosquitto-1.4.15-1.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bb66329dee sqlite-3.22.0-4.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c9f6768cf exempi-2.4.5-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1aeac808ce gd-2.2.5-3.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-633acf0ed6 jackson-databind-2.9.4-3.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-60ec960104 bchunk-1.2.2-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b13b720a3d php-7.2.4-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa5e668e64 thunderbird-52.7.0-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8049b2c488 nodejs-8.11.0-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-75bca4c5a0 drupal7-7.58-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-906ba26b4d drupal8-8.4.6-1.fc28
The following Fedora 28 Critical Path updates have yet to be approved: Age URL 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-654231f9e7 libtirpc-1.0.3-0.fc28 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3c10274df1 pcre2-10.31-4.fc28 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-83ed6f8a9a pcre-8.42-1.fc28 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6019d0a8f0 xfce4-settings-4.12.3-1.fc28 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-64a05f528d hivex-1.3.15-3.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-42200bfff3 python-setuptools-39.0.1-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0c1670b318 realmd-0.16.3-12.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-74acab54cf qemu-2.11.1-2.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-00c5193ae8 libpwquality-1.4.0-7.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb196768cd avahi-0.7-10.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bb66329dee sqlite-3.22.0-4.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-998509b780 python-asn1crypto-0.24.0-1.fc28 python-cryptography-vectors-2.2.1-1.fc28 python-cryptography-2.2.1-1.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c9f6768cf exempi-2.4.5-1.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-370f1fc201 libX11-1.6.5-7.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a4d0ee124 dnsmasq-2.79-1.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2ee87d2721 python-pid-2.1.1-7.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ea9ace8675 libiscsi-1.18.0-3.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c3c9b95a7b readline-7.0-9.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-02e145266f gdbm-1.14.1-4.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a95a4a8d8e osinfo-db-20180325-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-782412cd18 sgabios-0.20170427git-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-08531132c6 checkpolicy-2.7-7.fc28 libselinux-2.7-13.fc28 libsemanage-2.7-12.fc28 libsepol-2.7-6.fc28 policycoreutils-2.7-17.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-543efe8260 SLOF-0.1.git20171214-2.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a2dead92f8 appstream-data-28-6.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-93c3715e80 openldap-2.4.46-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b709c38412 ppp-2.4.7-18.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-efe2f471f2 satyr-0.25-4.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-09a48963ea bcache-tools-1.0.8-12.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a2b3791b2b abrt-2.10.8-2.fc28 bluez-5.49-2.fc28 cryptsetup-2.0.2-2.fc28 device-mapper-multipath-0.7.4-2.git07e7bd5.fc28 fastd-18-9.fc28 filezilla-3.32.0-0.rc1.fc28.1 freeradius-3.0.15-12.fc28 fwts-18.01.00-2.fc28 gdal-2.2.4-2.fc28 gdcm-2.8.4-5.fc28 gfal2-2.15.3-2.fc28 girara-0.2.7-7.fc28 gluster-block-0.3-5.fc28 json-c-0.13.1-1.fc28 lcgdm-dav-0.20.0-2.fc28 libmypaint-1.3.0-7.fc28 libreport-2.9.3-8.fc28 libstorj-1.0.2-5.fc28 libu2f-host-1.1.4-3.fc28 libu2f-server-1.0.1-12.fc28 libverto-jsonrpc-0.1.0-19.fc28 libvmi-0.11.0-13.20170706gite919365.fc28 mypaint-1.2.1-18.fc28 ndctl-59.2-2.fc28 newsbeuter-2.9-9.fc28 openhpi-3.7.0-5.fc28 opensips-2.3.3-3.fc28 postgis-2.4.3-3.fc28 riemann-c-client-1.9.0-10.fc28 strongswan-5.6.2-2.fc28 sway-0.15.1-3.fc28 syslog-ng-3.14.1-4.fc28 systemtap-3.2-8.fc28 tlog-4-3.fc28 zmap-2.1.1-7.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-318a38494a util-linux-2.32-2.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bbffdeb641 kernel-4.16.0-0.rc7.git0.1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2c1484e4cd audit-2.8.3-2.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-109321c535 tcp_wrappers-7.6-91.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a24ede24b4 publicsuffix-list-20180328-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-be5660a0d9 git-2.17.0-0.2.rc2.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1668d86ea9 enca-1.19-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa5e668e64 thunderbird-52.7.0-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-87d72fc01e vte291-0.51.3-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1f0ce82941 libreport-2.9.4-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8d801e7eb7 libsolv-0.6.34-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7f1047b24e pygobject3-3.28.2-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
adapta-gtk-theme-3.93.0.220-1.fc28 amarok-2.9.0-1.fc28 ansifilter-2.10-1.fc28 dialog-1.3-13.20171209.fc28 dmlite-1.10.1-3.fc28 dogtag-pki-10.6.0-0.3.fc28 dogtag-pki-theme-10.6.0-0.3.fc28 gap-pkg-guava-3.14-1.fc28 glibc-2.27-8.fc28 gnome-software-3.28.0-5.fc28 highlight-3.42-1.fc28 httpd-2.4.33-1.fc28 ibus-1.5.18-4.fc28 jgoodies-common-1.8.1-1.fc28 krb5-1.16-18.fc28 libid3tag-0.15.1b-27.fc28 libsecret-0.18.6-1.fc28 lollypop-0.9.403-1.fc28 mariadb-10.2.14-1.fc28 mariadb-connector-c-3.0.3-3.fc28 mate-themes-3.22.16-1.fc28 mod_http2-1.10.16-1.fc28 nano-2.9.5-1.fc28 nvml-1.4-3.fc28 openssl-1.1.0h-2.fc28 passwd-0.80-1.fc28 php-zendframework-zend-diactoros-1.7.1-1.fc28 php-zendframework-zend-dom-2.7.0-1.fc28 pki-console-10.6.0-0.3.fc28 pki-core-10.6.0-0.3.fc28 plymouth-0.9.3-5.fc28 podman-0.3.5-1.gitdb6bf9e.fc28 python-social-auth-app-flask-1.0.0-1.fc28 python-social-auth-app-flask-sqlalchemy-1.0.1-1.fc28 python-social-auth-core-1.7.0-1.fc28 python-social-auth-storage-sqlalchemy-1.1.0-1.fc28 python37-3.7.0-0.14.b3.fc28 salt-2017.7.5-1.fc28 selinux-policy-3.14.1-19.fc28 skopeo-0.1.29-1.git7add6fc.fc28 sqlitebrowser-3.10.1-5.fc28 uwsgi-2.0.16-1.fc28
Details about builds:
================================================================================ adapta-gtk-theme-3.93.0.220-1.fc28 (FEDORA-2018-65e1f5c155) An adaptive Gtk+ theme based on Material Design Guidelines -------------------------------------------------------------------------------- Update Information:
- New upstream release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1562036 - adapta-gtk-theme-3.93.0.204 is available https://bugzilla.redhat.com/show_bug.cgi?id=1562036 --------------------------------------------------------------------------------
================================================================================ amarok-2.9.0-1.fc28 (FEDORA-2018-e635906fa4) Media player -------------------------------------------------------------------------------- Update Information:
New upstream release, includes many bugfixes and improvements, see also: https://amarok.kde.org/en/node/888 --------------------------------------------------------------------------------
================================================================================ ansifilter-2.10-1.fc28 (FEDORA-2018-869769d94f) ANSI terminal escape code converter -------------------------------------------------------------------------------- Update Information:
- Updated to new 2.10 upstream version, fixes rhbz #1552957 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1552957 - ansifilter-2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1552957 --------------------------------------------------------------------------------
================================================================================ dialog-1.3-13.20171209.fc28 (FEDORA-2018-7e2bb6f473) A utility for creating TTY dialog boxes -------------------------------------------------------------------------------- Update Information:
This is an update to the latest upstream release and also a fix for building the package with the latest hardened LDFLAGS. --------------------------------------------------------------------------------
================================================================================ dmlite-1.10.1-3.fc28 (FEDORA-2018-7ce07c8d2c) Lcgdm grid data management and storage framework -------------------------------------------------------------------------------- Update Information:
dmlite 1.10 is a major update to DPM internals including Dome. ---- dmlite 1.10 is a major update to DPM internals including Dome. ---- dmlite 1.10 is a major update to DPM internals including Dome. --------------------------------------------------------------------------------
================================================================================ dogtag-pki-10.6.0-0.3.fc28 (FEDORA-2018-1270ede284) Dogtag Public Key Infrastructure (PKI) Suite -------------------------------------------------------------------------------- Update Information:
Update to PKI 10.6.0 Beta 2 --------------------------------------------------------------------------------
================================================================================ dogtag-pki-theme-10.6.0-0.3.fc28 (FEDORA-2018-1270ede284) Certificate System - Dogtag PKI Theme Components -------------------------------------------------------------------------------- Update Information:
Update to PKI 10.6.0 Beta 2 --------------------------------------------------------------------------------
================================================================================ gap-pkg-guava-3.14-1.fc28 (FEDORA-2018-53b2583bef) Computing with error-correcting codes -------------------------------------------------------------------------------- Update Information:
Changes in version 3.14: - The external binaries from J. S. Leon and Cen Tjhai can now be used on all architectures (Unix/Linux, MacOS, and Windows) - The bug fix for MinimumWeight() from 3.13 was not sufficiently well tested... - The decoding method for cyclic codes fails in certain situations. We are leaving this as a known bug for the moment. - A bug fix for MinimumDistanceLeon() from Alex K. - Lots of clean up of the lib files -- removing old comments, obsolete version strings, leftovers from CVS, etc. - Constructions were added for several of the optimal codes in the bounds tables that were referenced in the now defunct online table by Brouwer and Verhoeff. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1560989 - gap-pkg-guava-v3.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1560989 --------------------------------------------------------------------------------
================================================================================ glibc-2.27-8.fc28 (FEDORA-2018-7da76edc12) The GNU libc libraries -------------------------------------------------------------------------------- Update Information:
This update incorporates various fixes from the upstream glibc 2.27 branch, including updated locale definitions for `ca_ES` (RHBZ#1546495). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1546495 - ca_ES: update date definitions from CLDR https://bugzilla.redhat.com/show_bug.cgi?id=1546495 --------------------------------------------------------------------------------
================================================================================ gnome-software-3.28.0-5.fc28 (FEDORA-2018-df398f7390) A software center for GNOME -------------------------------------------------------------------------------- Update Information:
- Fix empty OS Updates showing up - Make rpm-ostree update triggering work --------------------------------------------------------------------------------
================================================================================ highlight-3.42-1.fc28 (FEDORA-2018-4e6661d114) Universal source code to formatted text converter -------------------------------------------------------------------------------- Update Information:
- Updated to new 3.42 upstream version --------------------------------------------------------------------------------
================================================================================ httpd-2.4.33-1.fc28 (FEDORA-2018-6744ca470d) Apache HTTP Server -------------------------------------------------------------------------------- Update Information:
This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release: * *Low*: Possible out of bound read in mod_cache_socache (CVE-2018-1303) * *Low*: Possible out of bound access after failure in reading the HTTP request (CVE-2018-1301) * *Low*: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312) * *Low*: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715) * *Low*: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710) * *Moderate*: Tampering of mod_session data for CGI applications (CVE-2018-1283) For more information about changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.33 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1560174 - httpd-2.4.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=1560174 [ 2 ] Bug #1560618 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing newline in the file name [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560618 [ 3 ] Bug #1560644 - CVE-2018-1301 httpd: Out of bound access after failure in reading the HTTP request [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560644 [ 4 ] Bug #1560635 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560635 [ 5 ] Bug #1560400 - CVE-2018-1303 httpd: http: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560400 [ 6 ] Bug #1560396 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560396 [ 7 ] Bug #1560616 - CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560616 --------------------------------------------------------------------------------
================================================================================ ibus-1.5.18-4.fc28 (FEDORA-2018-7442c8ce1c) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information:
improve order of unicode matches -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1554714 - improve order of unicode matches https://bugzilla.redhat.com/show_bug.cgi?id=1554714 --------------------------------------------------------------------------------
================================================================================ jgoodies-common-1.8.1-1.fc28 (FEDORA-2018-a38eb01a35) Common library shared by JGoodies libraries and applications -------------------------------------------------------------------------------- Update Information:
* Marked classes ArrayListModel and LinkedListModel as final. * Replaced files package.html by package-info.java. --------------------------------------------------------------------------------
================================================================================ krb5-1.16-18.fc28 (FEDORA-2018-a0cb211d9c) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information:
Fix issue with calling `kdestroy -A` when the ccache is KCM ---- * Enable SPAKE on clients and servers. In its current form, SPAKE makes brute force attacks on passwords infeasible and makes Kerberos less reliant on time synchronization. More information: https://datatracker.ietf.org/doc/draft-ietf- kitten-krb-spake-preauth/?include_text=1 * Improve protections for internal, sensitive buffers. * Improve internal hex-encoding/decoding support. ---- - List preauth types in trace output when known - Add support for pkinit freshness (rfc8070) - misc bugfixes -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1561917 - kdestroy -A does not work with multiple principals when using KCM https://bugzilla.redhat.com/show_bug.cgi?id=1561917 [ 2 ] Bug #1540086 - [RFE] make preauth types more descriptive in krb5 trace https://bugzilla.redhat.com/show_bug.cgi?id=1540086 --------------------------------------------------------------------------------
================================================================================ libid3tag-0.15.1b-27.fc28 (FEDORA-2018-d187b44f75) ID3 tag manipulation library -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2004-2779 and CVE-2017-11550 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1561983 - CVE-2004-2779 libid3tag: id3_utf16_deserialize() misparses ID3v2 tags with an odd number of bytes resulting in an endless loop https://bugzilla.redhat.com/show_bug.cgi?id=1561983 [ 2 ] Bug #1478934 - CVE-2017-11550 libid3tag: NULL Pointer Dereference in id3_ucs4_length function in ucs4.c https://bugzilla.redhat.com/show_bug.cgi?id=1478934 --------------------------------------------------------------------------------
================================================================================ libsecret-0.18.6-1.fc28 (FEDORA-2018-5af20cd3ac) Library for storing and retrieving passwords and other secrets -------------------------------------------------------------------------------- Update Information:
libsecret 0.18.6 release. * Fix shared key derivation between libsecret and gnome-keyring [#778357] * Avoid run-time error when gnome-keyring is not responding [#787391] * Enable cross compilation [#748111] * Port build scripts to Python 3 [#687637] * Build and test fixes [#767002, #777826, #734630, #768112] * GI annotation fixes [#785034] * Fix textual typos [#782206, ...] * Updated translations --------------------------------------------------------------------------------
================================================================================ lollypop-0.9.403-1.fc28 (FEDORA-2018-6a600adbe1) Music player for GNOME -------------------------------------------------------------------------------- Update Information:
Update to 0.9.403 ---- - Update lollypop-portal to 0.9.7 --------------------------------------------------------------------------------
================================================================================ mariadb-10.2.14-1.fc28 (FEDORA-2018-12f271b5a2) A community developed branch of MySQL -------------------------------------------------------------------------------- Update Information:
**MariaDB 10.2.14** Release notes: https://mariadb.com/kb/en/library/mariadb-10214-release-notes/ Maintainer Update I do now consider Spider storage engine ready to use in Fedora, as I was finally able to run its testsuite successfully Upstream Warning Upgrading from earlier 10.2.x versions is highly recommended for all Galera users due to bug MDEV-12837 which caused serious stability issues with earlier versions. See the bug issue page for more information. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1561251 - mariadb-10.2.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1561251 --------------------------------------------------------------------------------
================================================================================ mariadb-connector-c-3.0.3-3.fc28 (FEDORA-2018-b161e11f7f) The MariaDB Native Client library (C driver) -------------------------------------------------------------------------------- Update Information:
Fix of the plugindir --------------------------------------------------------------------------------
================================================================================ mate-themes-3.22.16-1.fc28 (FEDORA-2018-cb1b196799) MATE Desktop themes -------------------------------------------------------------------------------- Update Information:
- update to 3.22.16 --------------------------------------------------------------------------------
================================================================================ mod_http2-1.10.16-1.fc28 (FEDORA-2018-eec13e2e8d) module implementing HTTP/2 for Apache 2 -------------------------------------------------------------------------------- Update Information:
This update includes the latest upstream release of mod_http2, version 1.10.16. This includes a security fix (CVE-2018-1302): When an HTTP/2 stream was destroyed after being handled, mod_http2 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1561570 - CVE-2018-1302 mod_http2: httpd: Use-after-free on HTTP/2 stream shutdown [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1561570 [ 2 ] Bug #1560627 - CVE-2018-1302 httpd: Use-after-free on HTTP/2 stream shutdown [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560627 --------------------------------------------------------------------------------
================================================================================ nano-2.9.5-1.fc28 (FEDORA-2018-bd7aefcc75) A small text editor -------------------------------------------------------------------------------- Update Information:
GNU nano 2.9.5 "Ki��a pada" changes the way the Scroll-Up and Scroll-Down commands work (M-- and M-+): instead of keeping the cursor in the same screen position they now keep the cursor in the same text position (if possible). This version further adds a new color name, "normal", which gives the default foreground or background color, which is useful when you want to undo some overzealous painting by earlier syntax regexes. --------------------------------------------------------------------------------
================================================================================ nvml-1.4-3.fc28 (FEDORA-2018-4f96e400d5) Persistent Memory Development Kit (former NVML) -------------------------------------------------------------------------------- Update Information:
update to PMDK version 1.4 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1539562 - nvml: redhat-rpm-config linker flags not injected into build https://bugzilla.redhat.com/show_bug.cgi?id=1539562 [ 2 ] Bug #1539564 - nvml: Missing -lpthread for some library links https://bugzilla.redhat.com/show_bug.cgi?id=1539564 [ 3 ] Bug #1480578 - nvml-1.4-rc4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1480578 --------------------------------------------------------------------------------
================================================================================ openssl-1.1.0h-2.fc28 (FEDORA-2018-49651b2236) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information:
Minor update to version 1.1.0h. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1561260 - CVE-2018-0733 openssl: Implementation bug in PA-RISC CRYPTO_memcmp function allows attackers to forge authenticated messages in a reduced number of attempts https://bugzilla.redhat.com/show_bug.cgi?id=1561260 [ 2 ] Bug #1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1561266 --------------------------------------------------------------------------------
================================================================================ passwd-0.80-1.fc28 (FEDORA-2018-82b50aece6) An utility for setting or changing passwords using PAM -------------------------------------------------------------------------------- Update Information:
Update to **passwd-0.80** -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1293929 - passwd man page is incomplete https://bugzilla.redhat.com/show_bug.cgi?id=1293929 --------------------------------------------------------------------------------
================================================================================ php-zendframework-zend-diactoros-1.7.1-1.fc28 (FEDORA-2018-c433d8f226) PSR HTTP Message implementations -------------------------------------------------------------------------------- Update Information:
**Version 1.7.1** - 2018-02-26 * **Changed** - [#293](https://github.com/zendframework/zend-diactoros/pull/293) updates `Uri::getHost()` to cast the value via `strtolower()` before returning it. While this represents a change, it is fixing a bug in our implementation: the PSR-7 specification for the method, which follows IETF RFC 3986 section 3.2.2, requires that the host name be normalized to lowercase. * **Fixed** - [#290](https://github.com/zendframework/zend-diactoros/pull/290) fixes `Stream::getSize()` such that it checks that the result of `fstat` was succesful before attempting to return its `size` member; in the case of an error, it now returns `null`. --------------------------------------------------------------------------------
================================================================================ php-zendframework-zend-dom-2.7.0-1.fc28 (FEDORA-2018-39557dac3e) Zend Framework Dom component -------------------------------------------------------------------------------- Update Information:
**Version 2.7.0** - 2018-03-27 * **Added** - [#20](https://github.com/zendframework/zend-dom/pull/4) adds support for attribute selectors that contain spaces, such as `input[value="Marty McFly"]`. Previously, spaces within the selector value would result in a query per space- separated word; they now, correctly, result in a single query for the exact value. - [#19](https://github.com/zendframework/zend-dom/pull/4) adds support for PHP versions 7.1 and 7.2. - Adds documentation and publishes it to https://docs.zendframework.com/zend-dom/ * **Removed** - [#13](https://github.com/zendframework/zend-dom/pull/4) and [#19](https://github.com/zendframework/zend-dom/pull/4) remove support for PHP versions prior to 5.6. - [#13](https://github.com/zendframework/zend- dom/pull/4) and [#19](https://github.com/zendframework/zend-dom/pull/4) remove support for HHVM. --------------------------------------------------------------------------------
================================================================================ pki-console-10.6.0-0.3.fc28 (FEDORA-2018-1270ede284) Certificate System - PKI Console -------------------------------------------------------------------------------- Update Information:
Update to PKI 10.6.0 Beta 2 --------------------------------------------------------------------------------
================================================================================ pki-core-10.6.0-0.3.fc28 (FEDORA-2018-1270ede284) Certificate System - PKI Core Components -------------------------------------------------------------------------------- Update Information:
Update to PKI 10.6.0 Beta 2 --------------------------------------------------------------------------------
================================================================================ plymouth-0.9.3-5.fc28 (FEDORA-2018-1d88d843bf) Graphical Boot Animation and Logger -------------------------------------------------------------------------------- Update Information:
https://src.fedoraproject.org/rpms/plymouth/c/daa9884553360ae7cf21ecddb30e7c... 931329?branch=master --------------------------------------------------------------------------------
================================================================================ podman-0.3.5-1.gitdb6bf9e.fc28 (FEDORA-2018-3c6bce4c98) Manage Pods, Containers and Container Images -------------------------------------------------------------------------------- Update Information:
Upstream release 0.3.5 --------------------------------------------------------------------------------
================================================================================ python-social-auth-app-flask-1.0.0-1.fc28 (FEDORA-2018-a083d68bda) The Flask app component of python-social-auth -------------------------------------------------------------------------------- Update Information:
The initial python-social-auth packages --------------------------------------------------------------------------------
================================================================================ python-social-auth-app-flask-sqlalchemy-1.0.1-1.fc28 (FEDORA-2018-a083d68bda) The Flask app component of python-social-auth with SQLAlchemy integration -------------------------------------------------------------------------------- Update Information:
The initial python-social-auth packages --------------------------------------------------------------------------------
================================================================================ python-social-auth-core-1.7.0-1.fc28 (FEDORA-2018-a083d68bda) The core component of the python-social-auth ecosystem -------------------------------------------------------------------------------- Update Information:
The initial python-social-auth packages --------------------------------------------------------------------------------
================================================================================ python-social-auth-storage-sqlalchemy-1.1.0-1.fc28 (FEDORA-2018-a083d68bda) The SQLAlchemy storage component of python-social-auth -------------------------------------------------------------------------------- Update Information:
The initial python-social-auth packages --------------------------------------------------------------------------------
================================================================================ python37-3.7.0-0.14.b3.fc28 (FEDORA-2018-53b3891e8d) Version 3.7 of the Python interpreter -------------------------------------------------------------------------------- Update Information:
Update to 3.7.0b3 --------------------------------------------------------------------------------
================================================================================ salt-2017.7.5-1.fc28 (FEDORA-2018-ee16b473ba) A parallel remote execution system -------------------------------------------------------------------------------- Update Information:
Update to feature release 2017.7.5-1 for Python 2 --------------------------------------------------------------------------------
================================================================================ selinux-policy-3.14.1-19.fc28 (FEDORA-2018-234de0ee13) SELinux policy configuration -------------------------------------------------------------------------------- Update Information:
More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=1063900 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1561304 - SELinux is preventing accounts-daemon from using the 'dac_override' capabilities. https://bugzilla.redhat.com/show_bug.cgi?id=1561304 [ 2 ] Bug #1561467 - SELinux is preventing abrt-hook-ccpp from using the 'dac_override' capabilities. https://bugzilla.redhat.com/show_bug.cgi?id=1561467 [ 3 ] Bug #1561053 - SELinux is preventing cockpit-ws read access on cpuinfo https://bugzilla.redhat.com/show_bug.cgi?id=1561053 --------------------------------------------------------------------------------
================================================================================ skopeo-0.1.29-1.git7add6fc.fc28 (FEDORA-2018-a0399ca7a2) Inspect Docker images and repositories on registries -------------------------------------------------------------------------------- Update Information:
docker-archive generates docker legacy compatible images Do not create $DiffID subdirectories for layers with no configs Ensure the layer IDs in legacy docker/tarfile metadata are unique docker-archive: repeated layers are symlinked in the tar file sysregistries: remove all trailing slashes Improve docker/* error messages Fix failure to make auth directory Create a new slice in Schema1.UpdateLayerInfos Drop unused storageImageDestination.{image,systemContext} Load a *storage.Image only once in storageImageSource Support gzip for docker-archive files Remove .tar extension from blob and config file names ostree, src: support copy of compressed layers ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size image: fix docker schema v1 -> OCI conversion Add /etc/containers/certs.d as default certs directory --------------------------------------------------------------------------------
================================================================================ sqlitebrowser-3.10.1-5.fc28 (FEDORA-2018-66ee458330) Create, design, and edit SQLite database files -------------------------------------------------------------------------------- Update Information:
This update fixes an issue where the sqlitebrowser application could not be minimized when using certain desktop environments, among which gnome shell. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1561976 - Unable to minimize and to switch workspaces https://bugzilla.redhat.com/show_bug.cgi?id=1561976 --------------------------------------------------------------------------------
================================================================================ uwsgi-2.0.16-1.fc28 (FEDORA-2018-81823acb6d) Fast, self-healing, application container server -------------------------------------------------------------------------------- Update Information:
- Disable tcp_wrapper support -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1518795 - [F28 change] uwsgi should not require tcp_wrappers https://bugzilla.redhat.com/show_bug.cgi?id=1518795 --------------------------------------------------------------------------------