Fedora 26: Bodhi Update Notification Critical: JavaScript Injection
fedora
August 20, 2017
Update to [2.9.1](https://github.com/fedora-infra/bodhi/releases/tag/2.9.1), which addresses [CVE-2017-1002152](https://github.com/fedora-infra/bodhi/issues/1740).
Summary
Bodhi is a web application that facilitates the process of publishing
updates for a software distribution.
A modular piece of the Fedora Infrastructure stack
* Utilizes the Koji Buildsystem for tracking RPMs
* Creates the update repositories using Mash, which composes a repository based
on tagged builds in Koji.
Update to [2.9.1](https://github.com/fedora-infra/bodhi/releases/tag/2.9.1),
which addresses [CVE-2017-1002152](https://github.com/fedora-infra/bodhi/issues/1740).
[ 1 ] Bug #1478587 - Bodhi: Javascript injection in detail view
https://bugzilla.redhat.com/show_bug.cgi?id=1478587
su -c 'dnf upgrade bodhi' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References
Update Instructions
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Product: Fedora 26
Version: 2.9.1
Release: 1.fc26
Summary: A modular framework that facilitates publishing software updates
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!