The following Fedora 24 Security updates need testing: Age URL 53 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e339a7779 optipng-0.7.6-1.fc24 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a4d504509 obs-signd-2.2.1-8.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95edf19d8a squid-3.5.19-2.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b86ae2068d openslp-2.0.0-9.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dfa325d31b community-mysql-5.7.12-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b967ac1a74 php-5.6.22-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e21eeb4202 docker-1.10.3-11.git8ecd47f.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e3240782ec phpMyAdmin-4.6.2-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d23d2712de roundcubemail-1.2.0-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cfea37952b xen-4.6.1-10.fc24
The following Fedora 24 Critical Path updates have yet to be approved: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-aa49938267 pungi-4.0.15-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3d4c0d27b6 sqlite-3.12.2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c36f610022 krb5-1.14.1-6.fc24
The following builds have been pushed to Fedora 24 updates-testing
atoum-2.7.0-1.fc24 chck-0-1.20160408git5275403.fc24 edgar-1.24-1.fc24 gnome-software-3.20.3-1.fc24 knot-2.2.0-3.fc24 kubernetes-1.2.0-0.22.git4a3f9c5.fc24 ndctl-53.1-1.fc24 nvml-1.0-2.fc24 pcsc-cyberjack-3.99.5final.SP09-1.fc24 perl-MCE-1.708-1.fc24 php-bartlett-php-compatinfo-db-1.9.0-1.fc24 php-phpunit-git-2.1.2-1.fc24 python-hypothesis-3.4.0-1.fc24 python-shapely-1.5.16-1.fc24 python-werkzeug-0.11.10-1.fc24 xemacs-21.5.34-16.20160507hgd5b51c618ef8.fc24 xen-4.6.1-10.fc24
Details about builds:
================================================================================ atoum-2.7.0-1.fc24 (FEDORA-2016-72c43f8365) PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information:
**Version 2.7.0** - 2016-06-20 * [#594](https://github.com/atoum/atoum/pull/594) Add telemtry report to CI builds ([jubianchi]) * [#600](https://github.com/atoum/atoum/pull/600) Reports override correctly when using -ulr/-utr ([jubianchi]) * [#593](https://github.com/atoum/atoum/pull/593) Assertions on PHP 7 exceptions/throwables/errors are now working correctly ([jubianchi]) --------------------------------------------------------------------------------
================================================================================ chck-0-1.20160408git5275403.fc24 (FEDORA-2016-c1c4dd94aa) Collection of C utilities -------------------------------------------------------------------------------- Update Information:
Update to more recent git commit --------------------------------------------------------------------------------
================================================================================ edgar-1.24-1.fc24 (FEDORA-2016-9458a607e5) A platform game -------------------------------------------------------------------------------- Update Information:
* Updated Brazilian Portuguese and German translations * The ice blocks dropped by the large blue book's third form now shatter if they land on lifts --------------------------------------------------------------------------------
================================================================================ gnome-software-3.20.3-1.fc24 (FEDORA-2016-2be09c9861) A software center for GNOME -------------------------------------------------------------------------------- Update Information:
gnome-software 3.20.3. This stable release fixes the following bugs: * Fix several issues with system upgrades * Fix several issues with the Ubuntu reviews dialog * Fix an issue that caused incorrect package versions to be shown in the update panel * Fix an issue that caused offline updates to not start under certain conditions This release also updates translations. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1337336 - gnome-software shows updates but "Restart & Install" button doesn't install them https://bugzilla.redhat.com/show_bug.cgi?id=1337336 [ 2 ] Bug #1336482 - Change label "Installing" to "Downloading" https://bugzilla.redhat.com/show_bug.cgi?id=1336482 [ 3 ] Bug #1335414 - Graphical upgrade failed with error with no details https://bugzilla.redhat.com/show_bug.cgi?id=1335414 [ 4 ] Bug #1336459 - installing a package between Download and Install actions of graphical upgrade breaks graphical upgrade https://bugzilla.redhat.com/show_bug.cgi?id=1336459 --------------------------------------------------------------------------------
================================================================================ knot-2.2.0-3.fc24 (FEDORA-2016-13d3faa3f0) High-performance authoritative DNS server -------------------------------------------------------------------------------- Update Information:
Fix default configuration file. --------------------------------------------------------------------------------
================================================================================ kubernetes-1.2.0-0.22.git4a3f9c5.fc24 (FEDORA-2016-d79a8ed83c) Container cluster management -------------------------------------------------------------------------------- Update Information:
Bump to origin v1.2.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1340643 - Update to origin v1.2.0 https://bugzilla.redhat.com/show_bug.cgi?id=1340643 --------------------------------------------------------------------------------
================================================================================ ndctl-53.1-1.fc24 (FEDORA-2016-8505baabe1) Manage "libnvdimm" subsystem devices (Non-volatile Memory) -------------------------------------------------------------------------------- Update Information:
- Fix up tag format vs source url confusion - add daxctl-libs + daxctl-devel packages - add bash completion --------------------------------------------------------------------------------
================================================================================ nvml-1.0-2.fc24 (FEDORA-2016-1ba843f879) Non-Volatile Memory Library -------------------------------------------------------------------------------- Update Information:
Exclude PPC architecture --------------------------------------------------------------------------------
================================================================================ pcsc-cyberjack-3.99.5final.SP09-1.fc24 (FEDORA-2016-e672c38dd8) PC/SC driver for REINER SCT cyberjack USB chip card reader -------------------------------------------------------------------------------- Update Information:
New upstream, which fixes an usb-bug. Gui finally removed by upstream, was not build/packaged anyway. The cyberjack binary, used for troubleshooting the install, was also removed upstream. --------------------------------------------------------------------------------
================================================================================ perl-MCE-1.708-1.fc24 (FEDORA-2016-ff73f4e786) Many-core Engine for Perl providing parallel processing capabilities -------------------------------------------------------------------------------- Update Information:
Current upstream maintenance release. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1339851 - perl-MCE-1.707 is available https://bugzilla.redhat.com/show_bug.cgi?id=1339851 --------------------------------------------------------------------------------
================================================================================ php-bartlett-php-compatinfo-db-1.9.0-1.fc24 (FEDORA-2016-8b44a1f34e) Reference Database to be used with php-compatinfo library -------------------------------------------------------------------------------- Update Information:
**Version 1.9.0** - 2016-05-27 - Support to PHP 7.0.7 - Support to PHP 5.6.22 - Support to PHP 5.5.36 --------------------------------------------------------------------------------
================================================================================ php-phpunit-git-2.1.2-1.fc24 (FEDORA-2016-7055fb1db1) Simple wrapper for Git -------------------------------------------------------------------------------- Update Information:
**Version 2.1.2** * Fix getCurrentBranch() to support branches with slashes --------------------------------------------------------------------------------
================================================================================ python-hypothesis-3.4.0-1.fc24 (FEDORA-2016-e14755683c) A library for property based testing -------------------------------------------------------------------------------- Update Information:
Latest release, see https://hypothesis.readthedocs.io/en/latest/changes.html for changelog --------------------------------------------------------------------------------
================================================================================ python-shapely-1.5.16-1.fc24 (FEDORA-2016-6763413e23) Manipulation and analysis of geometric objects in the Cartesian plane -------------------------------------------------------------------------------- Update Information:
- Bug fix: eliminate memory leak when unpickling geometry objects (#384, #385). - Bug fix: prevent crashes when attempting to pickle a prepared geometry, raising ``PicklingError`` instead (#386). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1340577 - python-shapely-1.5.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1340577 --------------------------------------------------------------------------------
================================================================================ python-werkzeug-0.11.10-1.fc24 (FEDORA-2016-d8698f4a8d) The Swiss Army knife of Python web development -------------------------------------------------------------------------------- Update Information:
Upstream 0.11.10 ---- Upstream 0.11.6 (upstream #822) --------------------------------------------------------------------------------
================================================================================ xemacs-21.5.34-16.20160507hgd5b51c618ef8.fc24 (FEDORA-2016-d104d3608c) Different version of Emacs -------------------------------------------------------------------------------- Update Information:
This update fixes a problem that prevents M-x shell from working under tcsh. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1222897 - Warning: no access to tty (Inappropriate ioctl for device). When opening a shell https://bugzilla.redhat.com/show_bug.cgi?id=1222897 [ 2 ] Bug #1260785 - TCSH shells have process control problems in Xemacs https://bugzilla.redhat.com/show_bug.cgi?id=1260785 --------------------------------------------------------------------------------
================================================================================ xen-4.6.1-10.fc24 (FEDORA-2016-cfea37952b) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information:
cleaner way to set kernel module load list Unrestricted qemu logging [XSA-180, CVE-2014-3672] (#1339125) Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write [CVE-2016-4439] (#1337502) Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in get_cmd [CVE-2016-4441] (#1337505) Qemu: scsi: megasas: out-of-bounds write while setting controller properties [CVE-2016-5106] (#1339578) Qemu: scsi: megasas: stack information leakage while reading configuration [CVE-2016-5105] (#1339583) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1337502 - CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write https://bugzilla.redhat.com/show_bug.cgi?id=1337502 [ 2 ] Bug #1337505 - CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in get_cmd https://bugzilla.redhat.com/show_bug.cgi?id=1337505 [ 3 ] Bug #1339578 - CVE-2016-5106 Qemu: scsi: megasas: out-of-bounds write while setting controller properties https://bugzilla.redhat.com/show_bug.cgi?id=1339578 [ 4 ] Bug #1339583 - CVE-2016-5105 Qemu: scsi: megasas: stack information leakage while reading configuration https://bugzilla.redhat.com/show_bug.cgi?id=1339583 [ 5 ] Bug #1339123 - CVE-2014-3672 xen: Unrestricted qemu logging https://bugzilla.redhat.com/show_bug.cgi?id=1339123 --------------------------------------------------------------------------------