Stay Secure with the Latest Linux Advisories

security advisorycriticalFedora

Fedora 29: FEDORA-2019-1fccede810 Critical: libdnf Modular Update

**createrepo_c** * Include file timestamp in repomd.xml to allow reproducing exact metadata as produced in the past * Support of zchunk **libcomps** **librepo** * Add zchunk support **libdnf** * Enhance modular solver to handle enabled and default module streams differently (RhBug:1648839) * Add support of wild cards for modules (RhBug:1644588) * Revert commit that adds best. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-1fccede810 2019-02-21 02:56:16.171936 --------------------------------------------------------------------------------Name : libdnf Product : Fedora 29 Version : 0.26.0 Release : 1.fc29 URL : https://github.com/rpm-software-management/libdnf Summary : Library providing simplified C and Python API to libsolv Description : A Library providing simplified C and Python API to libsolv. --------------------------------------------------------------------------------Update Information: **createrepo_c** * Include file timestamp in repomd.xml to allow reproducing exact metadata as produced in the past * Support of zchunk **libcomps** **librepo** * Add zchunk support **libdnf** * Enhance modular solver to handle enabled and default module streams differently (RhBug:1648839) * Add support of wild cards for modules (RhBug:1644588) * Revert commit that adds best as default behavior **dnf** * Updated difference YUM vs. DNF for yum-updateonboot * Added new command ``dnf alias [options] [list|add|delete] [ ...]`` to allow the user to define and manage a list of aliases * Enhanced documentation * Unifying return codes for remove operations * [transaction] Make transaction content available for commands * Triggering transaction hooks if no transaction (RhBug:1650157) * Add hotfix packages to install pool (RhBug:1654738) * Report group operation in transaction table * [sack] Change algorithm to calculate rpmdb_version * Allow to enable modules that break default modules(RhBug:1648839) * Enhance documentation - API examples * Add --nobest option * Revert commit that adds best as default behavior **dnf-plugins-core** * [download] Do not download src without ``--source`` (RhBug:1666648) **dnf-plugins-extras** --------------------------------------------------------------------------------ChangeLog: * Wed Feb 13 2019 Pavla Kratochvilova - 0.26.0-1 - Update to 0.26.0-1 - Enhance modular solver to handle enabled and default module streams differently (RhBug:1648839) - Add support of wild cards for modules (RhBug:1644588) - Revert commit that adds best as default behavior * Fri Feb 1 2019 Fedora Release Engineering - 0.24.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Dec 12 2018 Jaroslav Mracek - 0.24.1-1 - Update to 0.24.1 - Add support for zchunk - Enhance LIBDNF plugins support - Enhance sorting for module list (RhBug:1590358) - [repo] Check whether metadata cache is expired (RhBug:1539620,1648274) - [DnfRepo] Add methods for alternative repository metadata type and download (RhBug:1656314) - Remove installed profile on module enable or disable (RhBug:1653623) - [sack] Implement dnf_sack_get_rpmdb_version() * Thu Nov 22 2018 Jaroslav Mracek - 0.22.3-1 - Permanently disable Python2 build for Fedora 30+ - Update to 0.22.3 - Modify solver_describe_decision to report cleaned (RhBug:1486749) - [swdb] create persistent WAL files (RhBug:1640235) - Relocate ModuleContainer save hook (RhBug:1632518) - [transaction] Fix transaction item lookup for obsoleted packages (RhBug: 1642796) - Fix memory leaks and memory allocations - [repo] Possibility to extend downloaded repository metadata * Wed Nov 7 2018 Jaroslav Mracek - 0.22.0-8 - Backport fixes for RHBZ#1642796 from upstream master * Tue Oct 30 2018 Igor Gnatenko - 0.22.0-7 - Rebuild for libsolv 0.7 --------------------------------------------------------------------------------References: [ 1 ] Bug #1653623 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1653623 [ 2 ] Bug #1651701 - DNF module conflict error on dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1651701 [ 3 ] Bug #1648274 - dnf fails to refresh expired metadata https://bugzilla.redhat.com/show_bug.cgi?id=1648274 [ 4 ] Bug #1643129 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1643129 [ 5 ] Bug #1590358 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1590358 [ 6 ] Bug #1569908 - decompress compressed files https://bugzilla.redhat.com/show_bug.cgi?id=1569908 [ 7 ] Bug #1539620 - The --setopt=ID.metadata_expire=1 doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=1539620 [ 8 ] Bug #1672432 - Group and module operations in transaction table not marked for translation https://bugzilla.redhat.com/show_bug.cgi?id=1672432 [ 9 ] Bug #1667426 - The doc/examples/list_obsoletes_plugin.py produces traceback https://bugzilla.redhat.com/show_bug.cgi?id=1667426 [ 10 ] Bug #1667423 - The doc/examples/install_plugin.py leads to traceback https://bugzilla.redhat.com/show_bug.cgi?id=1667423 [ 11 ] Bug #1666648 - dnf download command downloads also a srpm https://bugzilla.redhat.com/show_bug.cgi?id=1666648 [ 12 ] Bug #1660863 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1660863 [ 13 ] Bug #1659390 - [RFE] print additional information about skipped packages after the transaction https://bugzilla.redhat.com/show_bug.cgi?id=1659390 [ 14 ] Bug #1657703 - [abrt] [faf] dnf: hdrFromFdno(): /usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error https://bugzilla.redhat.com/show_bug.cgi?id=1657703 [ 15 ] Bug #1656726 - Show excluded packages https://bugzilla.redhat.com/show_bug.cgi?id=1656726 [ 16 ] Bug #1656019 - dnf doesn't complain on conflict in modulemd defaults https://bugzilla.redhat.com/show_bug.cgi?id=1656019 [ 17 ] Bug #1654738- hotfix repository content is not used when installing a module stream https://bugzilla.redhat.com/show_bug.cgi?id=1654738 [ 18 ] Bug #1654529 - dnf versionlock will accept NEVRA forms for additions which it then cannot match when deleting https://bugzilla.redhat.com/show_bug.cgi?id=1654529 [ 19 ] Bug #1651646 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1651646 [ 20 ] Bug #1651280 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1651280 [ 21 ] Bug #1650157 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1650157 [ 22 ] Bug #1649745 - system-upgrade fails with JSONDecodeError if state file corrupt https://bugzilla.redhat.com/show_bug.cgi?id=1649745 [ 23 ] Bug #1649356 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1649356 [ 24 ] Bug #1648839 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1648839 [ 25 ] Bug #1647760 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1647760 [ 26 ] Bug #1644588 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1644588 [ 27 ] Bug #1642791 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1642791 [ 28 ] Bug #1638669 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1638669 [ 29 ] Bug #1637923 - [abrt] PackageKit: repo_mirrorlist_failure_cb(): packagekitd killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1637923 [ 30 ] Bug #1609335 - CVE-2018-10897 dnf-plugins-core: yum-utils: reposync: improper path validation may lead to directory traversal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1609335 [ 31 ] Bug #1600722 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1600722 [ 32 ] Bug #1594121 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1594121 [ 33 ] Bug #1589832 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1589832 [ 34 ] Bug #1585509 -Translation of "Size" in different contexts ought to be different. https://bugzilla.redhat.com/show_bug.cgi?id=1585509 [ 35 ] Bug #1515848 - dnf makes it hard to debug SSL related issues https://bugzilla.redhat.com/show_bug.cgi?id=1515848 [ 36 ] Bug #1509393 - Translation missing, when more than one process run https://bugzilla.redhat.com/show_bug.cgi?id=1509393 [ 37 ] Bug #1495482 - system-upgrade fails when snapper plugin installed https://bugzilla.redhat.com/show_bug.cgi?id=1495482 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1fccede810' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Strengthen your system's defenses with Fedora 29's libdnf upgrades; boosts modular resolution and introduces zchunk capability. Essential updates ready for deployment.. Fedora Security, libdnf Update, Software Integrity, Modular Streams, Update Notification. . Severity: Critical. LinuxSecurity.com Team

Feb 21, 2019 •Critical Fedora