The following Fedora 25 Security updates need testing: Age URL 123 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-041473e742 drupal8-8.3.1-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4373306257 wireshark-2.2.6-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-511ebfa8a3 log4j-2.5-5.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f85c37ae3d squirrelmail-1.4.22-19.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cc029be02d tnef-1.4.14-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ede53aa845 roundcubemail-1.2.5-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-43b46cd2da batik-1.8-9.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-17d1c05236 kernel-4.10.13-200.fc25
The following Fedora 25 Critical Path updates have yet to be approved: Age URL 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-19451b76d6 highlight-3.36-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-22147aa22f perl-threads-shared-1.55-2.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fe1e7cb953 libgdata-0.17.8-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-08570bde44 flatpak-0.9.3-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-276cf84106 nss-3.30.2-1.0.fc25 nss-softokn-3.30.2-1.0.fc25 nss-util-3.30.2-1.0.fc25 nspr-4.14.0-2.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-14119c33d8 menu-cache-1.0.2-3.D20170419gitdffb1314ec.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-843c7681d7 osinfo-db-20170423-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-222f88dead json-c-0.12.1-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a75ebbeb51 cryptsetup-1.7.5-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-379de4a08d ca-certificates-2017.2.14-1.0.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0542841ec0 llvm-3.9.1-3.fc25 cargo-0.18.0-1.fc25 rust-1.17.0-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6efba58688 ostree-2017.5-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a9fd966808 coreutils-8.25-17.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-17d1c05236 kernel-4.10.13-200.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5646a0f74 libtdb-1.3.13-1.fc25
The following builds have been pushed to Fedora 25 updates-testing
batik-1.8-9.fc25 blivet-gui-2.0.2-2.fc25 cargo-0.18.0-1.fc25 certbot-0.13.0-2.fc25 copr-builder-0-13.fc25 coreutils-8.25-17.fc25 elementary-theme-5.0.4-1.fc25 execdb-0.0.9-1.fc25 fedora-arm-installer-1.99.14-1.fc25 glpi-9.1.3-1.fc25 gnome-calendar-3.22.5-1.fc25 gsequencer-0.8.0-1.fc25 kernel-4.10.13-200.fc25 libtdb-1.3.13-1.fc25 llvm-3.9.1-3.fc25 loopabull-0.0.6-1.fc25 origin-1.5.0-1.fc25 ostree-2017.5-2.fc25 perl-Plack-1.0044-1.fc25 perl-Test-TCP-2.18-1.fc25 php-cache-tag-interop-1.0.0-1.fc25 php-league-flysystem-1.0.40-1.fc25 php-psr-simple-cache-1.0.0-1.fc25 php-react-dns-0.4.8-1.fc25 php-react-event-loop-0.4.3-1.fc25 php-simplepie-1.5-1.fc25 publicsuffix-list-20170424-1.fc25 purple-hangouts-0-47.20170427hg0dc1213.fc25 purple-skypeweb-1.3-3.20170420git31222f4.fc25 python2-pyx-0.12.1-6.fc25 qt5-qtwebengine-5.8.0-11.fc25 roundcubemail-1.2.5-1.fc25 rpm-ostree-2017.5-2.fc25 rpmdeplint-1.3-1.fc25 rust-1.17.0-1.fc25 tnef-1.4.14-2.fc25 tuned-2.8.0-2.fc25 yad-0.39.0-1.fc25
Details about builds:
================================================================================ batik-1.8-9.fc25 (FEDORA-2017-43b46cd2da) Scalable Vector Graphics for Java -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2017-5662 ---- Add missing requires on xmlgraphics- commons -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1443592 - CVE-2017-5662 batik: XML external entity processing vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1443592 --------------------------------------------------------------------------------
================================================================================ blivet-gui-2.0.2-2.fc25 (FEDORA-2017-007df5684b) Tool for data storage configuration -------------------------------------------------------------------------------- Update Information:
New build with downstream patch fixing #1445815 backported from F26. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1445815 - [abrt] blivet-gui: Gtk.py:1164:__new__:TypeError: could not parse subscript '-1' as a tree path https://bugzilla.redhat.com/show_bug.cgi?id=1445815 --------------------------------------------------------------------------------
================================================================================ cargo-0.18.0-1.fc25 (FEDORA-2017-0542841ec0) Rust's package manager and build tool -------------------------------------------------------------------------------- Update Information:
New versions of Rust and Cargo -- see the release notes for [1.17](https://blog .rust-lang.org/2017/04/27/Rust-1.17.html). LLVM is included in this update to fix a bug with ARM codegen. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1438031 - File conflicts between rust-gdb and rust-lldb https://bugzilla.redhat.com/show_bug.cgi?id=1438031 --------------------------------------------------------------------------------
================================================================================ certbot-0.13.0-2.fc25 (FEDORA-2017-f1071b956e) A free, automated certificate authority client -------------------------------------------------------------------------------- Update Information:
Fix to timer target --------------------------------------------------------------------------------
================================================================================ copr-builder-0-13.fc25 (FEDORA-2017-3e35771c05) Build package from Copr dist-git -------------------------------------------------------------------------------- Update Information:
Build package from Copr dist-git -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1441588 - Review Request: copr-builder - build package from copr dist-git https://bugzilla.redhat.com/show_bug.cgi?id=1441588 --------------------------------------------------------------------------------
================================================================================ coreutils-8.25-17.fc25 (FEDORA-2017-a9fd966808) A set of basic GNU tools commonly used in shell scripts -------------------------------------------------------------------------------- Update Information:
- tail: revert to polling if a followed directory is replaced(#1283760) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1283760 - coreutils: tail: inotify support changes behavior of -F with subdirs https://bugzilla.redhat.com/show_bug.cgi?id=1283760 --------------------------------------------------------------------------------
================================================================================ elementary-theme-5.0.4-1.fc25 (FEDORA-2017-71c3098ff7) elementary GTK+ Stylesheet -------------------------------------------------------------------------------- Update Information:
Update to version 5.0.4. --------------------------------------------------------------------------------
================================================================================ execdb-0.0.9-1.fc25 (FEDORA-2017-0e8e8954ec) Execution status database for Taskotron -------------------------------------------------------------------------------- Update Information:
This adds a small fix to execdb where the headers like "progress, logs, details" are made into links instead of just text ---- New release of execdb changes the job.taskname column from a 20 char string to a variable width char --------------------------------------------------------------------------------
================================================================================ fedora-arm-installer-1.99.14-1.fc25 (FEDORA-2017-433aa7c3c1) Writes binary image files to any specified block device -------------------------------------------------------------------------------- Update Information:
Add support for numerous new devices, various bug fixes and improvements --------------------------------------------------------------------------------
================================================================================ glpi-9.1.3-1.fc25 (FEDORA-2017-7c1b9bb3d5) Free IT asset management software -------------------------------------------------------------------------------- Update Information:
Last upstream bugfixes release --------------------------------------------------------------------------------
================================================================================ gnome-calendar-3.22.5-1.fc25 (FEDORA-2017-58129acb00) Simple and beautiful calendar application designed to fit GNOME 3 -------------------------------------------------------------------------------- Update Information:
Update to 3.22.5, fixing a *really* annoying crash when adding calendar events -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1438177 - [abrt] gnome-calendar: gcal_manager_create_event(): gnome-calendar killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1438177 --------------------------------------------------------------------------------
================================================================================ gsequencer-0.8.0-1.fc25 (FEDORA-2017-fd00fac441) Advanced Gtk+ Sequencer audio processing engine -------------------------------------------------------------------------------- Update Information:
removed patch to fix missing type because upstream includes changes --------------------------------------------------------------------------------
================================================================================ kernel-4.10.13-200.fc25 (FEDORA-2017-17d1c05236) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 4.10.13 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1445207 - CVE-2017-7477 kernel: net: Heap overflow in skb_to_sgvec in macsec.c https://bugzilla.redhat.com/show_bug.cgi?id=1445207 [ 2 ] Bug #1389433 - CVE-2016-9604 kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user https://bugzilla.redhat.com/show_bug.cgi?id=1389433 --------------------------------------------------------------------------------
================================================================================ libtdb-1.3.13-1.fc25 (FEDORA-2017-e5646a0f74) The tdb library -------------------------------------------------------------------------------- Update Information:
New upstream release 1.3.13 --------------------------------------------------------------------------------
================================================================================ llvm-3.9.1-3.fc25 (FEDORA-2017-0542841ec0) The Low Level Virtual Machine -------------------------------------------------------------------------------- Update Information:
New versions of Rust and Cargo -- see the release notes for [1.17](https://blog .rust-lang.org/2017/04/27/Rust-1.17.html). LLVM is included in this update to fix a bug with ARM codegen. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1438031 - File conflicts between rust-gdb and rust-lldb https://bugzilla.redhat.com/show_bug.cgi?id=1438031 --------------------------------------------------------------------------------
================================================================================ loopabull-0.0.6-1.fc25 (FEDORA-2017-f21df08f36) Event loop driven Ansible playbook execution engine -------------------------------------------------------------------------------- Update Information:
Update to latest upstream - 0.0.6 --------------------------------------------------------------------------------
================================================================================ origin-1.5.0-1.fc25 (FEDORA-2017-c18c5ce30a) Open Source Container Management by Red Hat -------------------------------------------------------------------------------- Update Information:
Update to latest upstream - v1.5.0 --------------------------------------------------------------------------------
================================================================================ ostree-2017.5-2.fc25 (FEDORA-2017-6efba58688) Tool for managing bootable, immutable filesystem trees -------------------------------------------------------------------------------- Update Information:
New upstream version. v2017.4 adds new functionality. v2017.5 is a small bugfix release. See full changelogs at: - https://github.com/ostreedev/ostree/releases/tag/v2017.4 - https://github.com/ostreedev/ostree/releases/tag/v2017.5 --------------------------------------------------------------------------------
================================================================================ perl-Plack-1.0044-1.fc25 (FEDORA-2017-c45543985e) Perl Superglue for Web frameworks and Web Servers (PSGI toolkit) -------------------------------------------------------------------------------- Update Information:
--------------------------------------------------------------------------------
================================================================================ perl-Test-TCP-2.18-1.fc25 (FEDORA-2017-3878ed3ba4) Testing TCP program -------------------------------------------------------------------------------- Update Information:
--------------------------------------------------------------------------------
================================================================================ php-cache-tag-interop-1.0.0-1.fc25 (FEDORA-2017-a8e906acac) Framework interoperable interfaces for tags -------------------------------------------------------------------------------- Update Information:
This repository holds two interfaces for tagging. These interfaces will make their way into PHP Fig. Representatives from Symfony, PHP-cache and Drupal has worked together to agree on these interfaces. Autoloader: /usr/share/php/Cache/TagInterop/autoload.php -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1442470 - Review Request: php-cache-tag-interop - Framework interoperable interfaces for tags https://bugzilla.redhat.com/show_bug.cgi?id=1442470 --------------------------------------------------------------------------------
================================================================================ php-league-flysystem-1.0.40-1.fc25 (FEDORA-2017-5b7a89b840) Filesystem abstraction: Many filesystems, one API -------------------------------------------------------------------------------- Update Information:
**Version 1.0.40** - 2017-04-28 * Improved * Made it possible to indicate an adapter can ovewrite files using the write functions rather than the update ones. ---- **Version 1.0.39** - 2017-04-25 * Fixed * Some FTP servers return the `total` of 0 when a file doesn't exist instead of saying it doesn't exist. ---- **Version 1.0.38** - 2017-04-22 * Fixed * Pure-FTPd now escapes the first call to rawlist too. * Improved * You can now optionally put the FTP adapter in `utf8`-mode by setting the `utf8` setting to `true`. --------------------------------------------------------------------------------
================================================================================ php-psr-simple-cache-1.0.0-1.fc25 (FEDORA-2017-c759d8c881) Common interfaces for simple caching (PSR-16) -------------------------------------------------------------------------------- Update Information:
This repository holds all interfaces related to PSR-16. Note that this is not a cache implementation of its own. It is merely an interface that describes a cache implementation. See the specification [1] for more details. You can find implementations of the specification by looking for packages providing the psr /simple-cache-implementation [2] virtual package. Autoloader: /usr/share/php/Psr/SimpleCache/autoload.php [1] https://github.com/php-fig/fig- standards/blob/master/accepted/PSR-16-simple-cache.md [2] https://packagist.org/providers/psr/simple-cache-implementation -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1442469 - Review Request: php-psr-simple-cache - Common interfaces for simple caching (PSR-16) https://bugzilla.redhat.com/show_bug.cgi?id=1442469 --------------------------------------------------------------------------------
================================================================================ php-react-dns-0.4.8-1.fc25 (FEDORA-2017-c3c04efc21) Async DNS resolver -------------------------------------------------------------------------------- Update Information:
## 0.4.8 (2017-04-16) * Feature: Add support for the AAAA record type to the protocol parser (#58 by @othillo) * Feature: Add support for the PTR record type to the protocol parser (#59 by @othillo) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1443522 - php-react-dns-0.4.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1443522 --------------------------------------------------------------------------------
================================================================================ php-react-event-loop-0.4.3-1.fc25 (FEDORA-2017-55d1564bf5) Event loop abstraction layer that libraries can use for evented I/O -------------------------------------------------------------------------------- Update Information:
## 0.4.3 (2017-04-27) * Bug fix: Bugfix in the usage sample code #57 (@dandelionred) * Improvement: Remove branch-alias definition #53 (@WyriHaximus) * Improvement: StreamSelectLoop: Use fresh time so Timers added during stream events are accurate #51 (@andrewminerd) * Improvement: Avoid deprecation warnings in test suite due to deprecation of getMock() in PHPUnit #68 (@martinschroeder) * Improvement: Add PHPUnit 4.8 to require-dev #69 (@shaunbramley) * Improvement: Increase test timeouts for HHVM and unify timeout handling #70 (@clue) * Improvement: Travis improvements (backported from #74) #75 (@clue) * Improvement: Test suite now uses socket pairs instead of memory streams #66 (@martinschroeder) * Improvement: StreamSelectLoop: Test suite uses signal constant names in data provider #67 (@martinschroeder) * Improvement: ExtEventLoop: No longer suppress all errors #65 (@mamciek) * Improvement: Readme cleanup #89 (@jsor) * Improvement: Restructure and improve README #90 (@jsor) * Bug fix: StreamSelectLoop: Fix erroneous zero-time sleep (backport to 0.4) #94 (@jsor) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1446188 - php-react-event-loop-0.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1446188 --------------------------------------------------------------------------------
================================================================================ php-simplepie-1.5-1.fc25 (FEDORA-2017-9bf17d5874) A simple Atom/RSS parsing library for PHP -------------------------------------------------------------------------------- Update Information:
Last upstream release --------------------------------------------------------------------------------
================================================================================ publicsuffix-list-20170424-1.fc25 (FEDORA-2017-c5d0951ff2) Cross-vendor public domain suffix database -------------------------------------------------------------------------------- Update Information:
Recent revision - 20170424 --------------------------------------------------------------------------------
================================================================================ purple-hangouts-0-47.20170427hg0dc1213.fc25 (FEDORA-2017-0d7b71118d) Hangouts plugin for libpurple -------------------------------------------------------------------------------- Update Information:
Updated plugins to latest snapshots. --------------------------------------------------------------------------------
================================================================================ purple-skypeweb-1.3-3.20170420git31222f4.fc25 (FEDORA-2017-0d7b71118d) Adds support for Skype to Pidgin -------------------------------------------------------------------------------- Update Information:
Updated plugins to latest snapshots. --------------------------------------------------------------------------------
================================================================================ python2-pyx-0.12.1-6.fc25 (FEDORA-2017-1365d500f2) Legacy Python graphics package for python2 -------------------------------------------------------------------------------- Update Information:
New package. The legacy version of pyx needed by the scapy and some other packages. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1387873 - Review Request: python2-pyx - Python graphics package https://bugzilla.redhat.com/show_bug.cgi?id=1387873 --------------------------------------------------------------------------------
================================================================================ qt5-qtwebengine-5.8.0-11.fc25 (FEDORA-2017-a961ff386d) Qt5 - QtWebEngine components -------------------------------------------------------------------------------- Update Information:
This update fixes 2 regressions in QtWebEngine 5.8.0: * https://bugreports.qt.io/browse/QTBUG-58381 ��� "Active tab gets gray when background tab is closed" / https://bugreports.qt.io/browse/QTBUG-58634 ��� "Only grey background when closing parent tab of opened links". If a link was opened in a new tab (either at the website's or at the user's request) and then the parent tab (the one the link was in) was closed, the new tab became blank. (A workaround was to right-click and "duplicate tab".) This update fixes that issue. * https://bugreports.qt.io/browse/QTBUG-58362 ��� "can���t use Chinese or Japanese IME to input any word into webengine" / https://bugreports.qt.io/browse/QTBUG-58635 ��� "Can't type dead keys". Using input methods or dead keys in text fields in QtWebEngine did not work. (At least for dead keys, clicking into the QupZilla address bar and then back in the text field worked around it.) This update fixes that issue. In addition, `qt5 -qtwebengine-devel` now defines some RPM macros so that dependent packages can more easily require the version of QtWebEngine they were built against. --------------------------------------------------------------------------------
================================================================================ roundcubemail-1.2.5-1.fc25 (FEDORA-2017-ede53aa845) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information:
**Roundcube Webmail 1.2.5** This is a security update to the stable version 1.2. It primarily fixes a recently discovered vulnerability in the virtualmin and sasl drivers of the password plugin plus adds a few cherry-picked bug fixes from upstream versions. A detailed list of changes is shown below. It's considered stable and we recommend to update all productive installations of Roundcube with this version. Please do backup your data before updating! CHANGELOG * Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114] * Fix re-positioning of the fixed header of messages list in Chrome when using minimal mode toggle and About dialog (#5711) * Fix so settings/upload.inc could not be used by plugins (#5694) * Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713) * Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695) * Fix bug where base_dn setting was ignored inside group_filters (#5720) --------------------------------------------------------------------------------
================================================================================ rpm-ostree-2017.5-2.fc25 (FEDORA-2017-2fa9ff86ba) Hybrid image/package system -------------------------------------------------------------------------------- Update Information:
New usptream version. See full release notes at https://github.com/projectatomic /rpm-ostree/releases/tag/v2017.5. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1381357 - rpm-ostree fails to allocate 2147483648 bytes of ram sometimes https://bugzilla.redhat.com/show_bug.cgi?id=1381357 --------------------------------------------------------------------------------
================================================================================ rpmdeplint-1.3-1.fc25 (FEDORA-2017-f729454b46) Tool to find errors in RPM packages in the context of their dependency graph -------------------------------------------------------------------------------- Update Information:
Upstream bug fix release 1.3: https://rpmdeplint.readthedocs.io/en/latest/CHANGES.html --------------------------------------------------------------------------------
================================================================================ rust-1.17.0-1.fc25 (FEDORA-2017-0542841ec0) The Rust Programming Language -------------------------------------------------------------------------------- Update Information:
New versions of Rust and Cargo -- see the release notes for [1.17](https://blog .rust-lang.org/2017/04/27/Rust-1.17.html). LLVM is included in this update to fix a bug with ARM codegen. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1438031 - File conflicts between rust-gdb and rust-lldb https://bugzilla.redhat.com/show_bug.cgi?id=1438031 --------------------------------------------------------------------------------
================================================================================ tnef-1.4.14-2.fc25 (FEDORA-2017-cc029be02d) Extract files from email attachments like WINMAIL.DAT -------------------------------------------------------------------------------- Update Information:
Release 1.4.14 includes security bug fixes introduced in 1.4.13 and a further bug fix. The tnef-dolphin file manager integration is updated to suit the kf5/qt5 base. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1427434 - CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1427434 --------------------------------------------------------------------------------
================================================================================ tuned-2.8.0-2.fc25 (FEDORA-2017-b17b7347d6) A dynamic adaptive system tuning daemon -------------------------------------------------------------------------------- Update Information:
This is an update making qemu-kvm-tools-rhev weak dependency. --------------------------------------------------------------------------------
================================================================================ yad-0.39.0-1.fc25 (FEDORA-2017-73379c433a) Display graphical dialogs from shell scripts or command line -------------------------------------------------------------------------------- Update Information:
update yad to version 0.39.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1446197 - yad-0.39.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1446197 --------------------------------------------------------------------------------