Stay Secure with the Latest Linux Advisories

security advisorysecurity issuefedora

Fedora 30: FEDORA-2019-ac2a21ff07 moderate: libdparse SELinux Issue

This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-ac2a21ff07 2019-04-17 16:04:32.355044 --------------------------------------------------------------------------------Name : libdparse Product : Fedora 30 Version : 0.9.9 Release : 7.fc30 URL : https://github.com/dlang-community/libdparse Summary : Library for lexing and parsing D source code Description : Library for lexing and parsing D source code. --------------------------------------------------------------------------------Update Information: This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy Meson, excepting packages for updates were already pending (in those cases, those updates have been edited instead). This includes gnome-initial-setup, which was affected by this problem, resulting in a [release-blocking bug](https://bugzilla.redhat.com/show_bug.cgi?id=1699099) that prevented it running correctly with SELinux in enforcing mode. --------------------------------------------------------------------------------References: [ 1 ] Bug #1699099 - gnome-initial-setup 3.32.0+ crashes due to SELinux denials (because it has execstack flag set, because meson 0.50.0 sets it when it shouldn't) https://bugzilla.redhat.com/show_bug.cgi?id=1699099 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-ac2a21ff07' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The recent update to Libdparse addresses vulnerabilities resulting from the Meson build system, which were leading to issues with executable stacks and SELinux permission denials.. Fedora Security Update, Libdparse Bug Fix, SELinux Vulnerability, Executable Stack Issue, Open Source Security. . LinuxSecurity.com Team

Apr 17, 2019 Fedora