The following Fedora 22 Security updates need testing: Age URL 356 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 305 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 237 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 192 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 180 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 149 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 132 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 132 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 114 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 99 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 73 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 61 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 49 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 38 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 29 https://bodhi.fedoraproject.org/updates/FEDORA-2016-338a7e9925 graphite2-1.3.6-1.fc22 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b40eb9e29 libecap-1.0.0-1.fc22 squid-3.5.10-1.fc22 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f44e89fe0 python-tgcaptcha2-0.3.1-1.fc22 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-161b73fc2c bind99-9.9.8-4.P4.fc22 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-364c0a9df4 bind-9.10.3-9.P4.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47c0adc816 webkitgtk3-2.4.10-1.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bfaf6a133b qemu-2.3.1-13.fc22 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed99cb602e krb5-1.13.2-14.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-06e4c327b7 vtun-3.0.3-15.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dc3740c56e apache-commons-collections-3.2.2-3.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-15fb7deba0 python-rsa-3.4.1-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c14cf5e34a libmaxminddb-1.2.0-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-de92146106 xen-4.5.2-10.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79604dde9f mercurial-3.5.2-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-250042b8a6 xstream-1.4.9-1.fc22
The following Fedora 22 Critical Path updates have yet to be approved: Age URL 231 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 149 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 146 https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22 132 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 132 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 61 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 56 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 38 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab selinux-policy-3.13.1-128.28.fc22 29 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b03252507 rpm-4.12.0.1-16.fc22 27 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-364c0a9df4 bind-9.10.3-9.P4.fc22 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4072c51267 dracut-041-15.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c upower-0.99.3-2.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dbc09943ac ca-certificates-2016.2.7-1.0.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4e719508d2 pcre-8.38-4.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47c0adc816 webkitgtk3-2.4.10-1.fc22 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed99cb602e krb5-1.13.2-14.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe22f37fba hwdata-0.287-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-33be675c57 firefox-45.0.1-2.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-18d1833265 thunderbird-38.7.1-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-881765e99c systemtap-3.0-2.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5078f60f9 ntfs-3g-2016.2.22-1.fc22 testdisk-7.0-7.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dedd49a5b7 lorax-22.14-1.fc22
The following builds have been pushed to Fedora 22 updates-testing
2048-cli-0.9.1-1.fc22 caja-1.12.7-1.fc22 carbon-c-relay-1.11-1.fc22 ccsm-0.8.12.3.0-1.fc22 cherrytree-0.36.9-1.fc22 clamav-0.99.1-1.fc22 compiz-plugins-experimental-0.8.12-3.fc22 eclipse-dltk-5.4.0-4.fc22 eclipse-linuxtools-4.2.2-1.fc22 fastd-18-1.fc22 geany-1.27-1.fc22 geany-plugins-1.27-1.fc22 geany-themes-1.27-1.fc22 grub-customizer-5.0.5-2.fc22 libuecc-7-1.fc22 lorax-22.14-1.fc22 mercurial-3.5.2-1.fc22 nml-0.4.4-1.fc22 openscap-daemon-0.1.4-1.fc22 openttd-opengfx-0.5.4-1.fc22 perl-File-Remove-1.56-1.fc22 perl-Parallel-ForkManager-1.18-1.fc22 perl-Params-Validate-1.23-1.fc22 perl-Qt-0.96.0-16.fc22 php-horde-Horde-Autoloader-2.1.2-1.fc22 php-horde-Horde-Dav-1.1.2-3.fc22 python-prompt_toolkit-0.60-1.fc22 rubygem-domain_name-0.5.20160310-1.fc22 sslh-1.18-1.fc22 whois-5.2.12-1.fc22 xen-4.5.2-10.fc22 xstream-1.4.9-1.fc22
Details about builds:
================================================================================ 2048-cli-0.9.1-1.fc22 (FEDORA-2016-3e9109746b) The game 2048 for your Linux terminal -------------------------------------------------------------------------------- Update Information:
* new upstream release * introduce 2048-cli-sdl --------------------------------------------------------------------------------
================================================================================ caja-1.12.7-1.fc22 (FEDORA-2016-03dea5a0df) File manager for MATE -------------------------------------------------------------------------------- Update Information:
- update to 1.12.7 release - fix long out standing fg color issue with dark themes - https://github.com/mate-desktop/caja/issues/81 --------------------------------------------------------------------------------
================================================================================ carbon-c-relay-1.11-1.fc22 (FEDORA-2016-bbc3bda807) Enhanced C implementation of Carbon relay, aggregator and rewriter -------------------------------------------------------------------------------- Update Information:
Update to upstream 1.11 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1320521 - carbon-c-relay-v1.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1320521 --------------------------------------------------------------------------------
================================================================================ ccsm-0.8.12.3.0-1.fc22 (FEDORA-2016-608220f87f) Plugin and configuration tool - Compiz Fusion Project -------------------------------------------------------------------------------- Update Information:
- update to 0.8.12.3.0 release - switch to gtk3 for > f23 --------------------------------------------------------------------------------
================================================================================ cherrytree-0.36.9-1.fc22 (FEDORA-2016-aaa1d2c48c) Hierarchical note taking application -------------------------------------------------------------------------------- Update Information:
update to 0.36.9 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1322179 - cherrytree-0.36.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1322179 --------------------------------------------------------------------------------
================================================================================ clamav-0.99.1-1.fc22 (FEDORA-2016-897e2e3fd1) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information:
ClamAV 0.99.1 ============= ClamAV 0.99.1 contains a new feature for parsing Hancom Office files including extracting and scanning embedded objects. ClamAV 0.99.1 also contains important bug fixes. Please see ChangeLog for details. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1321173 - no haredened build https://bugzilla.redhat.com/show_bug.cgi?id=1321173 [ 2 ] Bug #1295473 - Clamav complains about an obsolete boolean not being set https://bugzilla.redhat.com/show_bug.cgi?id=1295473 [ 3 ] Bug #1314115 - clamav-0.99.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1314115 --------------------------------------------------------------------------------
================================================================================ compiz-plugins-experimental-0.8.12-3.fc22 (FEDORA-2016-6784cbbf6a) Additional plugins for Compiz -------------------------------------------------------------------------------- Update Information:
- rename compiz-plugins-unsupported to compiz-plugins-experimental --------------------------------------------------------------------------------
================================================================================ eclipse-dltk-5.4.0-4.fc22 (FEDORA-2016-0b95d933d6) Dynamic Languages Toolkit (DLTK) Eclipse plug-in -------------------------------------------------------------------------------- Update Information:
This update fixes a problem with the Ruby tooling where the "Variables" view can be empty when debugging a Ruby script. --------------------------------------------------------------------------------
================================================================================ eclipse-linuxtools-4.2.2-1.fc22 (FEDORA-2016-1ac9894818) Linux specific Eclipse plugins -------------------------------------------------------------------------------- Update Information:
This update fixes some important issues with the Docker tooling. --------------------------------------------------------------------------------
================================================================================ fastd-18-1.fc22 (FEDORA-2016-67e40879f3) Fast and secure tunneling daemon -------------------------------------------------------------------------------- Update Information:
Update fastd to Version 18 --------------------------------------------------------------------------------
================================================================================ geany-1.27-1.fc22 (FEDORA-2016-05d6cd1d0c) A fast and lightweight IDE using GTK2 -------------------------------------------------------------------------------- Update Information:
geany update to 1.27 ---- geany-1.26-1.fc22 - New upstream release: Geany 1.26 geany-1.26-1.fc23 - New upstream release: Geany 1.26 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1317318 - geany-1.27.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1317318 [ 2 ] Bug #1282195 - geany-1.26.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1282195 --------------------------------------------------------------------------------
================================================================================ geany-plugins-1.27-1.fc22 (FEDORA-2016-097e6ba147) Plugins for Geany -------------------------------------------------------------------------------- Update Information:
geany-plugins update to 1.27 ---- New upstream release: Geany-Plugins 1.26 --------------------------------------------------------------------------------
================================================================================ geany-themes-1.27-1.fc22 (FEDORA-2016-cbd238d48e) A collection of syntax highlighting color schemes for Geany -------------------------------------------------------------------------------- Update Information:
geany-themes update to 1.27 --------------------------------------------------------------------------------
================================================================================ grub-customizer-5.0.5-2.fc22 (FEDORA-2016-4f660a1a6a) Graphical GRUB2 settings manager -------------------------------------------------------------------------------- Update Information:
Update to 5.0.5. Correct EFI systems support. ---- Update to 5.0.4. Add EFI systems support. ---- Update to 5.0.3. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1270361 - Changes are not applied on EFI systems https://bugzilla.redhat.com/show_bug.cgi?id=1270361 --------------------------------------------------------------------------------
================================================================================ libuecc-7-1.fc22 (FEDORA-2016-67e40879f3) Very small Elliptic Curve Cryptography library -------------------------------------------------------------------------------- Update Information:
Update fastd to Version 18 --------------------------------------------------------------------------------
================================================================================ lorax-22.14-1.fc22 (FEDORA-2016-dedd49a5b7) Tool for creating the anaconda install images -------------------------------------------------------------------------------- Update Information:
- don't build upgrade.img anymore (wwoods@redhat.com) - templates: On 32 bit systems limit the amount of memory xz uses (bcl@redhat.com) - ltmpl: Add compressor selection and argument passing to installimg (bcl@redhat.com) --------------------------------------------------------------------------------
================================================================================ mercurial-3.5.2-1.fc22 (FEDORA-2016-79604dde9f) Mercurial -- a distributed SCM -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2016-3630, CVE-2016-3068, CVE-2016-3069 and minor upgrade -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1322267 - CVE-2016-3069 mercurial: arbitrary code execution when converting Git repos https://bugzilla.redhat.com/show_bug.cgi?id=1322267 [ 2 ] Bug #1322266 - CVE-2016-3068 mercurial: arbitrary code execution with Git subrepos https://bugzilla.redhat.com/show_bug.cgi?id=1322266 [ 3 ] Bug #1322264 - CVE-2016-3630 mercurial: remote code execution in binary delta decoding https://bugzilla.redhat.com/show_bug.cgi?id=1322264 --------------------------------------------------------------------------------
================================================================================ nml-0.4.4-1.fc22 (FEDORA-2016-fbc453ed26) NewGRF Meta Language compiler -------------------------------------------------------------------------------- Update Information:
Update OpenGFX to version 0.4.4 --------------------------------------------------------------------------------
================================================================================ openscap-daemon-0.1.4-1.fc22 (FEDORA-2016-990ab8f219) Manages continuous SCAP scans of your infrastructure -------------------------------------------------------------------------------- Update Information:
upgrade to the latest upstream release --------------------------------------------------------------------------------
================================================================================ openttd-opengfx-0.5.4-1.fc22 (FEDORA-2016-fbc453ed26) OpenGFX replacement graphics for OpenTTD -------------------------------------------------------------------------------- Update Information:
Update OpenGFX to version 0.4.4 --------------------------------------------------------------------------------
================================================================================ perl-File-Remove-1.56-1.fc22 (FEDORA-2016-b26a951e59) Convenience module for removing files and directories -------------------------------------------------------------------------------- Update Information:
--------------------------------------------------------------------------------
================================================================================ perl-Parallel-ForkManager-1.18-1.fc22 (FEDORA-2016-f729ccf366) Simple parallel processing fork manager -------------------------------------------------------------------------------- Update Information:
Update to the latest Parallel::ForkManager version, which fixes a few minor bugs. See http://cpansearch.perl.org/src/YANICK/Parallel- ForkManager-1.18/Changes --------------------------------------------------------------------------------
================================================================================ perl-Params-Validate-1.23-1.fc22 (FEDORA-2016-3333feb515) Params-Validate Perl module -------------------------------------------------------------------------------- Update Information:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1322446 - perl-Params-Validate-1.23 is available https://bugzilla.redhat.com/show_bug.cgi?id=1322446 --------------------------------------------------------------------------------
================================================================================ perl-Qt-0.96.0-16.fc22 (FEDORA-2016-481f17ba6e) Perl bindings for Qt -------------------------------------------------------------------------------- Update Information:
This release disables a newly enabled test failing on s390 and s390x platforms. ---- It fixes tests on big-endian 64-bit PowerPC. ---- This release fixes code generation with "puic4 -x" command. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1118240 - puic4 is broken: fix provided https://bugzilla.redhat.com/show_bug.cgi?id=1118240 --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Autoloader-2.1.2-1.fc22 (FEDORA-2016-14decc4b98) Horde Autoloader -------------------------------------------------------------------------------- Update Information:
Switch to bundled sabre-dav version 1.8 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1322197 - recent php-sabre-dav update broke Horde-DAV https://bugzilla.redhat.com/show_bug.cgi?id=1322197 --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Dav-1.1.2-3.fc22 (FEDORA-2016-14decc4b98) Horde library for WebDAV, CalDAV, CardDAV -------------------------------------------------------------------------------- Update Information:
Switch to bundled sabre-dav version 1.8 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1322197 - recent php-sabre-dav update broke Horde-DAV https://bugzilla.redhat.com/show_bug.cgi?id=1322197 --------------------------------------------------------------------------------
================================================================================ python-prompt_toolkit-0.60-1.fc22 (FEDORA-2016-f804fcc278) Library for building powerful interactive command lines in Python -------------------------------------------------------------------------------- Update Information:
Update from upstream -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1321469 - Update to verison 0.60 https://bugzilla.redhat.com/show_bug.cgi?id=1321469 --------------------------------------------------------------------------------
================================================================================ rubygem-domain_name-0.5.20160310-1.fc22 (FEDORA-2016-b6e96921d9) Domain Name manipulation library for Ruby -------------------------------------------------------------------------------- Update Information:
New version 0.5.20160310 is released. --------------------------------------------------------------------------------
================================================================================ sslh-1.18-1.fc22 (FEDORA-2016-c7bf91b740) Applicative protocol(SSL/SSH) multiplexer -------------------------------------------------------------------------------- Update Information:
Update to upstream sslh 1.18 This includes an optional sslh systemd socket activation template - check the readme on the override details needed to enable this functionality. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1322188 - sslh-v1.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1322188 --------------------------------------------------------------------------------
================================================================================ whois-5.2.12-1.fc22 (FEDORA-2016-11ac173e6d) Improved WHOIS client -------------------------------------------------------------------------------- Update Information:
This release fixes parsing whois.iana.org response. It also updates allocated IPv4 ranges, it adds recoreds for domains adac., alibaba., alipay., ally., analytics., avianca., aws., baidu., barefoot., bcg., bosch., chase., clinique., compare., contact., coupon., dealer., deloitte., dubai., edeka., extraspace., flickr., ford., fox., fresenius., frontier., gallo., gallup., gmbh., hdfcbank., health., helsinki., iselect., jmp., jpmorgan., kerryhotels., kerrylogistics., kerryproperties., kfh., kpn., kuokgroup., lamer., lanxess., lifeinsurance., lincoln., living., locus., makeup., mobily., natura., nikon., origins., pamperedchef., pars., passagens., pid., promo., pwc., quest., redumbrella., rexroth., safety., sas., schaeffler., select., shaw., shell., skin., softbank., song., spot., star., statefarm., storage., storage., stream., talk., taobao., telecity., tiffany., tmall., total., travelersinsurance., trv., tube., tunes., tushu., tvs., unicom., viking., volkswagen., vuelos., wanggou., watches., weather., weatherchannel., weber., wolterskluwer., yahoo., you., ���������., ������., ������������������., ���������., ������������., ������., ������., ������������., ���������., ������., ������., ��������������., ����������., ��������., ������., ������., ���������������., ����., and ������. It also updates records for domains cat., jobs., pro., gi., kn., lc., mo., sc., and vc. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1321942 - whois-5.2.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1321942 --------------------------------------------------------------------------------
================================================================================ xen-4.5.2-10.fc22 (FEDORA-2016-de92146106) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information:
broken AMD FPU FIP/FDP/FOP leak workaround [XSA-172, CVE-2016-3158, CVE-2016-3159] -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1317969 - CVE-2016-3158 CVE-2016-3159 xen: AMD FPU FIP/FDP/FOP leak workaround broken (XSA-172) https://bugzilla.redhat.com/show_bug.cgi?id=1317969 --------------------------------------------------------------------------------
================================================================================ xstream-1.4.9-1.fc22 (FEDORA-2016-250042b8a6) Java XML serialization library -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2016-3674 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1321789 - CVE-2016-3674 XStream: enabled processing of external entities https://bugzilla.redhat.com/show_bug.cgi?id=1321789 --------------------------------------------------------------------------------