The following Fedora 24 Security updates need testing: Age URL 136 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 120 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f chicken-4.11.0-3.fc24 71 https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea compat-guile18-1.8.8-14.fc24 33 https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b465090499 ipsilon-2.0.2-2.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1f774c3d7 FlightGear-2016.1.2-5.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-04383482b4 game-music-emu-0.6.1-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-608be17784 python-wikitcms-2.1.10-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-631737a49a tracker-1.8.2-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d337166907 freeipa-4.3.2-4.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8586235698 nagios-plugins-2.1.4-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c7e60a9fd4 community-mysql-5.7.17-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b7f39a8c1 openjpeg2-2.1.2-3.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-52a1b18397 mingw-openjpeg2-2.1.2-3.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-09dc3efcd2 samba-4.4.8-0.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-76b646637e tor-0.2.8.12-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-06e8a3f776 js-jquery1-1.12.4-2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8516b7d6fb js-jquery-2.2.4-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1185de6aa6 php-zendframework-zend-mail-2.7.2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-54a717d5d6 zookeeper-3.4.9-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d22f50d985 httpd-2.4.25-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bc02bff7f5 xen-4.6.4-5.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5c3d057783 libbsd-0.8.3-1.fc24
The following Fedora 24 Critical Path updates have yet to be approved: Age URL 36 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cddf0ec383 nss-3.27.0-1.3.fc24 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-90bd4d7d33 selinux-policy-3.13.1-191.23.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4be615424 libfm-1.2.5-1.fc24 lxsession-0.5.3-2.fc24 pcmanfm-1.2.5-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d2820fc67d libvorbis-1.3.5-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-700f16d3f3 gnome-online-accounts-3.20.5-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0281ab71ff vim-8.0.134-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab5b9ae96b audit-2.7-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8b3063d71c meson-0.36.0-4.fc24 redhat-rpm-config-42-2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5c57e05b6 openssl-1.0.2j-3.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-09dc3efcd2 samba-4.4.8-0.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-85dffa754f perl-5.22.2-365.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b938403605 gcc-6.3.1-1.fc24 libtool-2.4.6-13.fc24 gcc-python-plugin-0.15-8.1.fc24
The following builds have been pushed to Fedora 24 updates-testing
COPASI-4.18.138-1.fc24 be-1.1.1-6.fc24 cinnamon-3.2.7-1.fc24 cinnamon-screensaver-3.2.11-1.fc24 fedora-packager-0.6.0.1-1.fc24 gcc-6.3.1-1.fc24 gcc-python-plugin-0.15-8.1.fc24 groonga-6.1.1-1.fc24 httpd-2.4.25-1.fc24 ipxe-20160622-1.git0418631.fc24 libbsd-0.8.3-1.fc24 libtool-2.4.6-13.fc24 photocollage-1.4.3-1.fc24 php-justinrainbow-json-schema4-4.1.0-1.fc24 php-pear-phing-2.16.0-1.fc24 purple-hangouts-0-42.20161222hg7c0a620.fc24 purple-skypeweb-1.2.2-6.20161220gitfa888e0.fc24 python-egenix-mx-base-3.2.9-1.fc24 python-ladon-0.9.38-1.fc24 python-linux-procfs-0.4.10-1.fc24 python-schedutils-0.5-1.fc24 qcad-3.16.2.0-2.fc24 xen-4.6.4-5.fc24
Details about builds:
================================================================================ COPASI-4.18.138-1.fc24 (FEDORA-2016-dc785a3f57) Biochemical network simulator -------------------------------------------------------------------------------- Update Information:
- Update to build 138 (bug fixes from upstream) --------------------------------------------------------------------------------
================================================================================ be-1.1.1-6.fc24 (FEDORA-2016-86b52df607) Bugs Everywhere, a distributed bug tracker -------------------------------------------------------------------------------- Update Information:
Update to the latest upstream and bug fixes. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1375592 - package owns /etc/bash_completion.d but it should not own it https://bugzilla.redhat.com/show_bug.cgi?id=1375592 --------------------------------------------------------------------------------
================================================================================ cinnamon-3.2.7-1.fc24 (FEDORA-2016-6bebfa24d5) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information:
- Update --------------------------------------------------------------------------------
================================================================================ cinnamon-screensaver-3.2.11-1.fc24 (FEDORA-2016-6bebfa24d5) Cinnamon Screensaver -------------------------------------------------------------------------------- Update Information:
- Update --------------------------------------------------------------------------------
================================================================================ fedora-packager-0.6.0.1-1.fc24 (FEDORA-2016-c41af0ea54) Tools for setting up a fedora maintainer environment -------------------------------------------------------------------------------- Update Information:
fix up the locations of the alternative arch koji configs, add a config for a fedora profile, switch to using fast_upload to koji -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1406376 - arm-koji fails authentication https://bugzilla.redhat.com/show_bug.cgi?id=1406376 --------------------------------------------------------------------------------
================================================================================ gcc-6.3.1-1.fc24 (FEDORA-2016-b938403605) Various compilers (C, C++, Objective-C, Java, ...) -------------------------------------------------------------------------------- Update Information:
Fixed bugs (http://gcc.gnu.org/PRNNNNN): 41922, 48863, 51960, 57438, 57728, 58001, 58991, 58992, 59874, 60774, 61318, 61420, 66227, 66343, 67219, 67335, 67631, 67710, 68323, 68377, 69183, 69514, 69544, 69741, 69867, 69962, 70006, 70101, 70184, 70564, 70975, 71067, 71115, 71274, 71337, 71496, 71515, 71575, 71709, 71730, 71762, 71767, 71799, 71848, 71859, 71862, 71891, 71895, 71902, 71912, 71979, 72717, 72747, 72808, 72820, 72827, 72832, 77260, 77285, 77288, 77309, 77322, 77326, 77349, 77351, 77372, 77375, 77380, 77391, 77406, 77411, 77420, 77429, 77436, 77450, 77459, 77460, 77467, 77478, 77482, 77483, 77506, 77507, 77514, 77519, 77544, 77550, 77558, 77587, 77591, 77605, 77612, 77621, 77624, 77637, 77638, 77645, 77646, 77648, 77665, 77666, 77670, 77673, 77679, 77686, 77694, 77707, 77722, 77727, 77739, 77745, 77748, 77756, 77759, 77763, 77767, 77768, 77773, 77794, 77795, 77801, 77804, 77822, 77834, 77839, 77855, 77864, 77874, 77879, 77904, 77905, 77907, 77915, 77916, 77919, 77933, 77937, 77942, 77943, 77957, 77973, 77978, 77987, 77990, 77991, 77994, 77995, 78013, 78021, 78025, 78037, 78038, 78039, 78047, 78052, 78057, 78064, 78089, 78092, 78101, 78108, 78111, 78123, 78128, 78129, 78166, 78178, 78185, 78188, 78189, 78206, 78221, 78224, 78227, 78228, 78229, 78252, 78262, 78279, 78294, 78297, 78298, 78299, 78305, 78309, 78310, 78326, 78333, 78378, 78416, 78419, 78426, 78429, 78443, 78465, 78472, 78482, 78490, 78500, 78540, 78542, 78546, 78550, 78551, 78593, 78646, 78649, 78701, 78731, 78761, 78796 --------------------------------------------------------------------------------
================================================================================ gcc-python-plugin-0.15-8.1.fc24 (FEDORA-2016-b938403605) GCC plugin that embeds Python -------------------------------------------------------------------------------- Update Information:
Fixed bugs (http://gcc.gnu.org/PRNNNNN): 41922, 48863, 51960, 57438, 57728, 58001, 58991, 58992, 59874, 60774, 61318, 61420, 66227, 66343, 67219, 67335, 67631, 67710, 68323, 68377, 69183, 69514, 69544, 69741, 69867, 69962, 70006, 70101, 70184, 70564, 70975, 71067, 71115, 71274, 71337, 71496, 71515, 71575, 71709, 71730, 71762, 71767, 71799, 71848, 71859, 71862, 71891, 71895, 71902, 71912, 71979, 72717, 72747, 72808, 72820, 72827, 72832, 77260, 77285, 77288, 77309, 77322, 77326, 77349, 77351, 77372, 77375, 77380, 77391, 77406, 77411, 77420, 77429, 77436, 77450, 77459, 77460, 77467, 77478, 77482, 77483, 77506, 77507, 77514, 77519, 77544, 77550, 77558, 77587, 77591, 77605, 77612, 77621, 77624, 77637, 77638, 77645, 77646, 77648, 77665, 77666, 77670, 77673, 77679, 77686, 77694, 77707, 77722, 77727, 77739, 77745, 77748, 77756, 77759, 77763, 77767, 77768, 77773, 77794, 77795, 77801, 77804, 77822, 77834, 77839, 77855, 77864, 77874, 77879, 77904, 77905, 77907, 77915, 77916, 77919, 77933, 77937, 77942, 77943, 77957, 77973, 77978, 77987, 77990, 77991, 77994, 77995, 78013, 78021, 78025, 78037, 78038, 78039, 78047, 78052, 78057, 78064, 78089, 78092, 78101, 78108, 78111, 78123, 78128, 78129, 78166, 78178, 78185, 78188, 78189, 78206, 78221, 78224, 78227, 78228, 78229, 78252, 78262, 78279, 78294, 78297, 78298, 78299, 78305, 78309, 78310, 78326, 78333, 78378, 78416, 78419, 78426, 78429, 78443, 78465, 78472, 78482, 78490, 78500, 78540, 78542, 78546, 78550, 78551, 78593, 78646, 78649, 78701, 78731, 78761, 78796 --------------------------------------------------------------------------------
================================================================================ groonga-6.1.1-1.fc24 (FEDORA-2016-e5421ceea9) An Embeddable Fulltext Search Engine -------------------------------------------------------------------------------- Update Information:
http://groonga.org/en/blog/2016/11/29/groonga-6.1.1.html -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1400156 - groonga-6.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400156 --------------------------------------------------------------------------------
================================================================================ httpd-2.4.25-1.fc24 (FEDORA-2016-d22f50d985) Apache HTTP Server -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2016-8743, CVE-2016-2161, CVE-2016-0736 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto https://bugzilla.redhat.com/show_bug.cgi?id=1406744 [ 2 ] Bug #1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest https://bugzilla.redhat.com/show_bug.cgi?id=1406753 [ 3 ] Bug #1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects https://bugzilla.redhat.com/show_bug.cgi?id=1406822 --------------------------------------------------------------------------------
================================================================================ ipxe-20160622-1.git0418631.fc24 (FEDORA-2016-52009974ab) A network boot loader -------------------------------------------------------------------------------- Update Information:
* Fix WDS booting (bz #1376429) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1376429 - iPXE cannot boot WDS (Windows Deployment Service) for automatic VM provisioning https://bugzilla.redhat.com/show_bug.cgi?id=1376429 --------------------------------------------------------------------------------
================================================================================ libbsd-0.8.3-1.fc24 (FEDORA-2016-5c3d057783) Library providing BSD-compatible functions for portability -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2016-2090 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1302622 - CVE-2016-2090 libbsd: heap buffer overflow in fgetwln function https://bugzilla.redhat.com/show_bug.cgi?id=1302622 --------------------------------------------------------------------------------
================================================================================ libtool-2.4.6-13.fc24 (FEDORA-2016-b938403605) The GNU Portable Library Tool -------------------------------------------------------------------------------- Update Information:
Fixed bugs (http://gcc.gnu.org/PRNNNNN): 41922, 48863, 51960, 57438, 57728, 58001, 58991, 58992, 59874, 60774, 61318, 61420, 66227, 66343, 67219, 67335, 67631, 67710, 68323, 68377, 69183, 69514, 69544, 69741, 69867, 69962, 70006, 70101, 70184, 70564, 70975, 71067, 71115, 71274, 71337, 71496, 71515, 71575, 71709, 71730, 71762, 71767, 71799, 71848, 71859, 71862, 71891, 71895, 71902, 71912, 71979, 72717, 72747, 72808, 72820, 72827, 72832, 77260, 77285, 77288, 77309, 77322, 77326, 77349, 77351, 77372, 77375, 77380, 77391, 77406, 77411, 77420, 77429, 77436, 77450, 77459, 77460, 77467, 77478, 77482, 77483, 77506, 77507, 77514, 77519, 77544, 77550, 77558, 77587, 77591, 77605, 77612, 77621, 77624, 77637, 77638, 77645, 77646, 77648, 77665, 77666, 77670, 77673, 77679, 77686, 77694, 77707, 77722, 77727, 77739, 77745, 77748, 77756, 77759, 77763, 77767, 77768, 77773, 77794, 77795, 77801, 77804, 77822, 77834, 77839, 77855, 77864, 77874, 77879, 77904, 77905, 77907, 77915, 77916, 77919, 77933, 77937, 77942, 77943, 77957, 77973, 77978, 77987, 77990, 77991, 77994, 77995, 78013, 78021, 78025, 78037, 78038, 78039, 78047, 78052, 78057, 78064, 78089, 78092, 78101, 78108, 78111, 78123, 78128, 78129, 78166, 78178, 78185, 78188, 78189, 78206, 78221, 78224, 78227, 78228, 78229, 78252, 78262, 78279, 78294, 78297, 78298, 78299, 78305, 78309, 78310, 78326, 78333, 78378, 78416, 78419, 78426, 78429, 78443, 78465, 78472, 78482, 78490, 78500, 78540, 78542, 78546, 78550, 78551, 78593, 78646, 78649, 78701, 78731, 78761, 78796 --------------------------------------------------------------------------------
================================================================================ photocollage-1.4.3-1.fc24 (FEDORA-2016-a28897ba1f) Graphical tool to make photo collage posters -------------------------------------------------------------------------------- Update Information:
- Update to new upstream version - Add missing 'python3-six' dependency --------------------------------------------------------------------------------
================================================================================ php-justinrainbow-json-schema4-4.1.0-1.fc24 (FEDORA-2016-8c84d412a2) A library to validate a json schema -------------------------------------------------------------------------------- Update Information:
A PHP Implementation for validating JSON Structures against a given Schema. * This package provides the library version 4. * The php-JsonSchema package provides the library version 1. * The php-justinrainbow-json-schema package provides the library version 2. See http://json-schema.org/ Autoloader: /usr/share/php/JsonSchema4/autoload.php -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1403724 - Review Request: php-justinrainbow-json-schema4 - A library to validate a json schema https://bugzilla.redhat.com/show_bug.cgi?id=1403724 --------------------------------------------------------------------------------
================================================================================ php-pear-phing-2.16.0-1.fc24 (FEDORA-2016-d2992cacc0) A project build system based on Apache Ant -------------------------------------------------------------------------------- Update Information:
Dec. 22, 2016 - **Phing 2.16.0** This release contains the following new or improved functionality: * Append, Property, Sleep, Sonar and Truncate tasks * Improved PHP 7.1 compatibility * Various typo and bug fixes, documentation updates This release will most likely be the last minor update in the 2.x series. Phing 3.x will drop support for PHP < 5.6. The following issues were closed in this release: * phing should get a strict mode (Trac #918) [#554](https://github.com/phingofficial/phing/issues/554) * Can not delete git folders on windows (Trac #956) [#556](https://github.com/phingofficial/phing/issues/556) * Relative symlinks (Trac #1124) [#567](https://github.com/phingofficial/phing/issues/567) * Tests fail under windows (Trac #1215) [#578](https://github.com/phingofficial/phing/issues/578) * stripphpcomments matches links in html (Trac #1219) [#579](https://github.com/phingofficial/phing/issues/579) * OS detection fails on OSX (Trac #1227) [#581](https://github.com/phingofficial/phing/issues/581) * JsHintTask fails when reporter attribute is not set (Trac #1230) [#582](https://github.com/phingofficial/phing/issues/582) * An issue with 'file' attribute of 'append' task (v2.15.1) [#595](https://github.com/phingofficial/phing/issues/595) * An issue with 'append' task when adding a list of files in a directory (v2.15.1) [#597](https://github.com/phingofficial/phing/issues/597) * Git auto modified file with phing vendor [#613](https://github.com/phingofficial/phing/issues/613) * phar file not working - \Symfony\Component\Yaml\Parser' not found [#614](https://github.com/phingofficial/phing/issues/614) * JSHint ��� Support of specific config file path [#615](https://github.com/phingofficial/phing/issues/615) * PHP notice on 7.1: A non well formed numeric value encountered [#622](https://github.com/phingofficial/phing/issues/622) * Sass task fails when PEAR is not installed [#624](https://github.com/phingofficial/phing/issues/624) * sha-512 hash for phing-latest.phar [#629](https://github.com/phingofficial/phing/issues/629) --------------------------------------------------------------------------------
================================================================================ purple-hangouts-0-42.20161222hg7c0a620.fc24 (FEDORA-2016-0b66bd442c) Hangouts plugin for libpurple -------------------------------------------------------------------------------- Update Information:
Updated to latest snapshots. --------------------------------------------------------------------------------
================================================================================ purple-skypeweb-1.2.2-6.20161220gitfa888e0.fc24 (FEDORA-2016-0b66bd442c) Adds support for Skype to Pidgin -------------------------------------------------------------------------------- Update Information:
Updated to latest snapshots. --------------------------------------------------------------------------------
================================================================================ python-egenix-mx-base-3.2.9-1.fc24 (FEDORA-2016-86b52df607) A collection of Python software tools -------------------------------------------------------------------------------- Update Information:
Update to the latest upstream and bug fixes. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1375592 - package owns /etc/bash_completion.d but it should not own it https://bugzilla.redhat.com/show_bug.cgi?id=1375592 --------------------------------------------------------------------------------
================================================================================ python-ladon-0.9.38-1.fc24 (FEDORA-2016-7cebe9c1c5) Multiprotocol approach to creating a webservice -------------------------------------------------------------------------------- Update Information:
The packages are now depends on python3 only. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1219035 - python-ladon-0.9.38 is available https://bugzilla.redhat.com/show_bug.cgi?id=1219035 [ 2 ] Bug #1309783 - python-ladon: Provide a Python 3 subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1309783 --------------------------------------------------------------------------------
================================================================================ python-linux-procfs-0.4.10-1.fc24 (FEDORA-2016-8a695bff5e) Linux /proc abstraction classes -------------------------------------------------------------------------------- Update Information:
update to latest release --------------------------------------------------------------------------------
================================================================================ python-schedutils-0.5-1.fc24 (FEDORA-2016-e1e45c5a1b) Linux scheduler python bindings -------------------------------------------------------------------------------- Update Information:
new upstream release --------------------------------------------------------------------------------
================================================================================ qcad-3.16.2.0-2.fc24 (FEDORA-2016-4700215a37) Powerful 2D CAD system -------------------------------------------------------------------------------- Update Information:
- Main directory moved under libdir directory - Filtering of private libraries - Return to QT4 (see comment) - Update to 3.16.2.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1401967 - Review Request: qcad - Powerful 2D CAD system https://bugzilla.redhat.com/show_bug.cgi?id=1401967 --------------------------------------------------------------------------------
================================================================================ xen-4.6.4-5.fc24 (FEDORA-2016-bc02bff7f5) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information:
two security flaws (#1406840) x86 PV guests may be able to mask interrupts [XSA-202, CVE-2016-10024] x86: missing NULL pointer check in VMFUNC emulation [XSA-203, CVE-2016-10025] x86: Mishandling of SYSCALL singlestep during emulation [XSA-204, CVE-2016-10013] (#1406260) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402759 - CVE-2016-10025 xsa203 xen: x86: missing NULL pointer check in VMFUNC emulation (XSA-203) https://bugzilla.redhat.com/show_bug.cgi?id=1402759 [ 2 ] Bug #1402758 - CVE-2016-10024 xsa202 xen: x86 PV guests may be able to mask interrupts (XSA-202) https://bugzilla.redhat.com/show_bug.cgi?id=1402758 [ 3 ] Bug #1406259 - CVE-2016-10013 xen: x86: Mishandling of SYSCALL singlestep during emulation (XSA-204) https://bugzilla.redhat.com/show_bug.cgi?id=1406259 --------------------------------------------------------------------------------