The following Fedora 24 Security updates need testing: Age URL 119 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 102 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f chicken-4.11.0-3.fc24 54 https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea compat-guile18-1.8.8-14.fc24 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c198d15316 ntp-4.2.6p5-43.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2424eeca35 phpMyAdmin-4.6.5.1-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2460f713a1 php-php-gettext-1.0.12-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-302f840ecf perl-DBD-MySQL-4.039-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c52762efb1 gstreamer-plugins-bad-free-0.10.23-33.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-30f68ec06b mcabber-1.0.4-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad6fc78dd golang-1.6.4-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-60753c3dcd roundcubemail-1.2.3-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a98c560116 tomcat-8.0.39-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3618d9ef6 python-tornado-4.4.2-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b000091725 php-simplesamlphp-saml2-2.3.3-1.fc24 php-simplesamlphp-saml2_1-1.10.3-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b465090499 ipsilon-2.0.2-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4dd1db1e7 lxc-2.0.6-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f kernel-4.8.12-200.fc24
The following Fedora 24 Critical Path updates have yet to be approved: Age URL 57 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9 pungi-4.1.10-1.fc24 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cddf0ec383 nss-3.27.0-1.3.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0006447a5 colord-1.3.4-1.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-71f117dc02 pyxdg-0.25-10.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9b731e067 libimobiledevice-1.2.0-8.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e191e610 evolution-data-server-3.20.6-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41ce1a19af libbluray-0.9.3-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f kernel-4.8.12-200.fc24
The following builds have been pushed to Fedora 24 updates-testing
COPASI-4.18.136-1.fc24 appstream-data-24-11.fc24 bibus-1.5.2-1.fc24 cpuid-20161201-1.fc24 ibus-typing-booster-1.5.14-1.fc24 ipsilon-2.0.2-2.fc24 kernel-4.8.12-200.fc24 libabigail-1.0-0.8.rc6.3.fc24 libvmi-0.11.0-1.20161202gitb9b020c.fc24 lxc-2.0.6-2.fc24 mariadb-10.1.19-6.fc24 mozjs45-45.5.1-1.fc24 mup-6.5-1.fc24 netpbm-10.76.00-2.fc24 ocl-icd-2.2.10-1.fc24 perl-Net-GitHub-0.86-1.fc24 php-cs-fixer-2.0.0-1.fc24 php-horde-Horde-Auth-2.2.1-1.fc24 php-horde-Horde-Core-2.27.4-1.fc24 php-horde-Horde-Crypt-2.7.4-1.fc24 php-horde-Horde-Imap-Client-2.29.11-1.fc24 php-horde-Horde-Vfs-2.3.4-1.fc24 picojson-1.3.0-1.fc24 purple-hangouts-0-41.20161128hg4c2de0f.fc24 python-adal-0.4.3-1.fc24 python-pkgconfig-1.2.2-1.fc24 python-pyvo-0.4.1-2.20161020git823b14a.fc24 tcsh-6.19.00-12.fc24 terminator-1.90-5.fc24 vdr-epg-daemon-1.1.66-1.fc24 xosview-1.19-1.fc24
Details about builds:
================================================================================ COPASI-4.18.136-1.fc24 (FEDORA-2016-f41a3f985e) Biochemical network simulator -------------------------------------------------------------------------------- Update Information:
- Update to build-136 (stable release) --------------------------------------------------------------------------------
================================================================================ appstream-data-24-11.fc24 (FEDORA-2016-272a13f93f) Fedora AppStream metadata -------------------------------------------------------------------------------- Update Information:
New metadata version --------------------------------------------------------------------------------
================================================================================ bibus-1.5.2-1.fc24 (FEDORA-2016-3312806090) Bibliographic and reference management software -------------------------------------------------------------------------------- Update Information:
- Rebuilt for new upstream release 1.5.2, fixes rhbz #757675 - Added patch to fixes rhbz #1190916 (thanks to Scott Talbert) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #757675 - bibus-1.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=757675 [ 2 ] Bug #1190916 - bibus: deprecation warning with wxPython 3.0 https://bugzilla.redhat.com/show_bug.cgi?id=1190916 --------------------------------------------------------------------------------
================================================================================ cpuid-20161201-1.fc24 (FEDORA-2016-546b7aae31) Dumps information about the CPU(s) -------------------------------------------------------------------------------- Update Information:
Update to new upstream version 20161201 (rhbz#1400731) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1400731 - cpuid-20161201.src is available https://bugzilla.redhat.com/show_bug.cgi?id=1400731 --------------------------------------------------------------------------------
================================================================================ ibus-typing-booster-1.5.14-1.fc24 (FEDORA-2016-f798173d42) A typing booster engine for the IBus platform -------------------------------------------------------------------------------- Update Information:
update to 1.5.14; Fix "delete whitespace when committing punctuation" problem in firefox -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1399192 - Problem using ibus-typing-booster in firefox: When typing "word . " the space between "word" and ". " is not deleted and the cursor ends up after "word " https://bugzilla.redhat.com/show_bug.cgi?id=1399192 --------------------------------------------------------------------------------
================================================================================ ipsilon-2.0.2-2.fc24 (FEDORA-2016-b465090499) An Identity Provider Server -------------------------------------------------------------------------------- Update Information:
New Ipsilon 2.0 release. ---- Main changes since 1.2: Security fix for ���CVE-2016-8638 OpenID Connect 2.0 OAuth 2 User portal with consent management Authorization plugin support Support for adding an instance to the web root Lots of bugfixes -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1348585 - Ipsilon form config contains wrong PAM service file https://bugzilla.redhat.com/show_bug.cgi?id=1348585 [ 2 ] Bug #1346336 - New ipsilon-idp.conf doesn't work with mod_nss installed https://bugzilla.redhat.com/show_bug.cgi?id=1346336 [ 3 ] Bug #1396973 - CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1396973 [ 4 ] Bug #1391445 - Using ipsilon-client-install --saml-auth produces Alias /protected /usr/share/ipsilon/ui/saml2sp https://bugzilla.redhat.com/show_bug.cgi?id=1391445 --------------------------------------------------------------------------------
================================================================================ kernel-4.8.12-200.fc24 (FEDORA-2016-5ec2475e3f) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 4.8.12 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1400804 - CVE-2016-9777 Kernel: kvm: out of bounds memory access via vcpu_id https://bugzilla.redhat.com/show_bug.cgi?id=1400804 [ 2 ] Bug #1400468 - CVE-2016-9756 Kernel: kvm: stack memory information leakage https://bugzilla.redhat.com/show_bug.cgi?id=1400468 [ 3 ] Bug #1400904 - CVE-2016-9755 kernel: netfilter: Out-of-bounds write due to a signedness issue when defragmenting ipv6 packets https://bugzilla.redhat.com/show_bug.cgi?id=1400904 --------------------------------------------------------------------------------
================================================================================ libabigail-1.0-0.8.rc6.3.fc24 (FEDORA-2016-f9c3004560) Set of ABI analysis tools -------------------------------------------------------------------------------- Update Information:
Fix upstream Bug 20927 - Segfault when abidiff is invoked with $HOME empty ---- Fix an issue where some suppressed diff nodes are still visible in change reports ---- Update to upstream 1.0.rc6 tarball -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1352547 - Missing pyxdg as Requires in libabigail-1.0-0.8.rc5.3.fc24 https://bugzilla.redhat.com/show_bug.cgi?id=1352547 [ 2 ] Bug #19658 - None https://bugzilla.redhat.com/show_bug.cgi?id=19658 --------------------------------------------------------------------------------
================================================================================ libvmi-0.11.0-1.20161202gitb9b020c.fc24 (FEDORA-2016-89e8cb8ae0) A library for performing virtual-machine introspection -------------------------------------------------------------------------------- Update Information:
New upstream release --------------------------------------------------------------------------------
================================================================================ lxc-2.0.6-2.fc24 (FEDORA-2016-b4dd1db1e7) Linux Resource Containers -------------------------------------------------------------------------------- Update Information:
Update LXC to the latest stable version. See [here](https://linuxcontainers.org/lxc/news/) for the list of changes. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1398242 - CVE-2016-8649 lxc: lxc-attach to malicious container allows access to host https://bugzilla.redhat.com/show_bug.cgi?id=1398242 --------------------------------------------------------------------------------
================================================================================ mariadb-10.1.19-6.fc24 (FEDORA-2016-96c333c654) A community developed branch of MySQL -------------------------------------------------------------------------------- Update Information:
Related: 1382988 1400233 1399847 1396945 --------------------------------------------------------------------------------
================================================================================ mozjs45-45.5.1-1.fc24 (FEDORA-2016-1f8c89fc81) JavaScript interpreter and libraries -------------------------------------------------------------------------------- Update Information:
Update to latest minor version. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1400598 - mozjs45-45.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400598 --------------------------------------------------------------------------------
================================================================================ mup-6.5-1.fc24 (FEDORA-2016-062f3e6246) A music notation program that can also generate MIDI files -------------------------------------------------------------------------------- Update Information:
Update to Mup 6.5 --------------------------------------------------------------------------------
================================================================================ netpbm-10.76.00-2.fc24 (FEDORA-2016-ec2eae2554) A library for handling different graphics file formats -------------------------------------------------------------------------------- Update Information:
add missing directives about bundled libraries jasper and jbigkit ---- New version of netpbm is available (10.76.00) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1395716 - netpbm sources contains bunndled jbigkit and jasper libraries https://bugzilla.redhat.com/show_bug.cgi?id=1395716 [ 2 ] Bug #1393713 - netpbm-10.76.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=1393713 --------------------------------------------------------------------------------
================================================================================ ocl-icd-2.2.10-1.fc24 (FEDORA-2016-a97196bed3) OpenCL ICD Bindings -------------------------------------------------------------------------------- Update Information:
Update to 2.2.10 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1401270 - ocl-icd-2.2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1401270 --------------------------------------------------------------------------------
================================================================================ perl-Net-GitHub-0.86-1.fc24 (FEDORA-2016-9a8d470105) Perl interface for github.com -------------------------------------------------------------------------------- Update Information:
Rebase to upstream version 0.86. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1401295 - perl-Net-GitHub-0.86 is available https://bugzilla.redhat.com/show_bug.cgi?id=1401295 --------------------------------------------------------------------------------
================================================================================ php-cs-fixer-2.0.0-1.fc24 (FEDORA-2016-eff2120f31) A tool to automatically fix PHP code style -------------------------------------------------------------------------------- Update Information:
The PHP Coding Standards Fixer tool fixes most issues in your code when you want to follow the PHP coding standards as defined in the PSR-1 and PSR-2 documents and many more. If you are already using a linter to identify coding standards problems in your code, you know that fixing them by hand is tedious, especially on large projects. This tool does not only detect them, but also fixes them for you. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1391951 - Review Request: php-cs-fixer - A tool to automatically fix PHP code style https://bugzilla.redhat.com/show_bug.cgi?id=1391951 --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Auth-2.2.1-1.fc24 (FEDORA-2016-8177e2f7e6) Horde Authentication API -------------------------------------------------------------------------------- Update Information:
**Horde_Auth 2.2.1** * [jan] Use more efficient database access in SQL backend. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Core-2.27.4-1.fc24 (FEDORA-2016-fd50a3e144) Horde Core Framework libraries -------------------------------------------------------------------------------- Update Information:
**Horde_Core 2.27.4** * [mjr] Fix Google Map API warnings (Bug #14525, arjen+horde). * [jan] Catch errors from NoSQL preference backend. * [jan] Make 'hostspec' parameter for MongoDB configuration optional again on PHP 7. * [jan] Fix session preference driver. * [jan] Don't pollute DB DSN with unknown parameters when using Cyrsql authentication driver. * [mjr] Refresh mailbox list when retrieving for ActiveSync. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Crypt-2.7.4-1.fc24 (FEDORA-2016-71d1c3ee11) Horde Cryptography API -------------------------------------------------------------------------------- Update Information:
**Horde_Crypt 2.7.4** * [mjr] Ensure version information is output in ASCII armored output. * [jan] Fix parsing inline signed PGP messages with PHP 7+ (Bug #14352). --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Imap-Client-2.29.11-1.fc24 (FEDORA-2016-1a6a2e09c5) Horde IMAP abstraction interface -------------------------------------------------------------------------------- Update Information:
**Horde_Imap_Client 2.29.11** * [mjr] Fix failed connections when using unix sockets (Thomas Jarosch). --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Vfs-2.3.4-1.fc24 (FEDORA-2016-2a743ca7f0) Virtual File System API -------------------------------------------------------------------------------- Update Information:
**Horde_Vfs 2.3.4** * [jan] Use more efficient database access in SQL backend. --------------------------------------------------------------------------------
================================================================================ picojson-1.3.0-1.fc24 (FEDORA-2016-fc70ad2cda) A header-file-only, JSON parser / serializer in C++ -------------------------------------------------------------------------------- Update Information:
- Rebuilt for new release 1.3.0 + spec clean updisabled empty debuginfo - Fixes rhbz #1114328 rhbz #1175221 and rhbz #1307862 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1307862 - picojson: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307862 [ 2 ] Bug #1114328 - picojson-debuginfo is empty https://bugzilla.redhat.com/show_bug.cgi?id=1114328 [ 3 ] Bug #1175221 - picojson-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1175221 --------------------------------------------------------------------------------
================================================================================ purple-hangouts-0-41.20161128hg4c2de0f.fc24 (FEDORA-2016-42ab93d743) Hangouts plugin for libpurple -------------------------------------------------------------------------------- Update Information:
Updated to latest snapshot. --------------------------------------------------------------------------------
================================================================================ python-adal-0.4.3-1.fc24 (FEDORA-2016-9bfe9babc1) ADAL for Python -------------------------------------------------------------------------------- Update Information:
###ADAL for Python 0.4.3 * Fixes logger bug to ensure proper logging * Updates dependency to exclude the requests package 2.12.* * Introduces a new switch to override the default behavior ###ADAL for Python 0.4.2 * Fix decoding exception when decoding id_token with non-ASCII characters on Python 2.x * Minor adjustment on version string handling ###ADAL for Python 0.4.1 * Fix encoding exceptions on formatting error text * Minor typo fixes in sample code ###ADAL for Python 0.4.0 * Support login using federated credentials through protocols of wstrust 1.3 or 2005 * Support http tracing through proxies by exposing the environment variable of ADAL_PYTHON_SSL_NO_VERIFY ###ADAL for Python 0.3.0 * Support device code flow, required for accounts with 2FA enforced, or MSA accounts such as live id * Support service principal with certificate. * Support token cache. * Remove all JS style of callbacks for better code readability and maintainability. * Improve 'AuthenticationContext' class to be consistent with ADAL node and C# versions. * Add samples showing how to use the ADAL in correct ways. Convenient methods in init.py were removed as it has no integrations with cache and used client id belonging to other client app. * Update readme with common authentication flows and smooth package installations. * Update for US Government and German Government Authority. --------------------------------------------------------------------------------
================================================================================ python-pkgconfig-1.2.2-1.fc24 (FEDORA-2016-e4caaeb429) A Python interface to the pkg-config command line tool -------------------------------------------------------------------------------- Update Information:
Update to 1.2.2 --------------------------------------------------------------------------------
================================================================================ python-pyvo-0.4.1-2.20161020git823b14a.fc24 (FEDORA-2016-3bd565d35e) Access to remote data and services of the Virtual observatory (VO) using Python -------------------------------------------------------------------------------- Update Information:
Added missing requirement for requests, added subpackage for documentation --------------------------------------------------------------------------------
================================================================================ tcsh-6.19.00-12.fc24 (FEDORA-2016-ba395af532) An enhanced version of csh, the C shell -------------------------------------------------------------------------------- Update Information:
Pre-emptive fix for an issue that is currently being investigated as possible security flaw. ---- Previously, using command 'rm *' while the tcsh option 'rmstar' was set resulted in tcsh getting stuck and not doing anything. This bug has been been fixed. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1386129 - RM command with star argument to remove all does not work https://bugzilla.redhat.com/show_bug.cgi?id=1386129 --------------------------------------------------------------------------------
================================================================================ terminator-1.90-5.fc24 (FEDORA-2016-77620715b6) Store and run multiple GNOME terminals in one window -------------------------------------------------------------------------------- Update Information:
add python-gobject to requires and clean up old gtk2 requires. ---- This update brings the new Terminator release in version 1.90 to your box. The most significant change is, that this release is now ported to GTK3 and uses libvte3. A detailed changelog is available here: http://bazaar.launchpad.net/~gnome- terminator/terminator/gtk3/view/head:/ChangeLog -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1400474 - [abrt] terminator: __init__.py:122:require_version:ValueError: Namespace Vte not available for version 2.91 https://bugzilla.redhat.com/show_bug.cgi?id=1400474 [ 2 ] Bug #1363792 - ncurses: 'tput reset' outputs ' ^[]104' after terminal is cleared https://bugzilla.redhat.com/show_bug.cgi?id=1363792 [ 3 ] Bug #1363928 - terminator shows duplicated key in in group terminals https://bugzilla.redhat.com/show_bug.cgi?id=1363928 [ 4 ] Bug #1322052 - [abrt] terminator: paned.py:280:wrapcloseterm:AttributeError: 'NoneType' object has no attribute 'grab_focus' https://bugzilla.redhat.com/show_bug.cgi?id=1322052 [ 5 ] Bug #1304583 - [abrt] terminator: invalid syntax (terminator, line 125) https://bugzilla.redhat.com/show_bug.cgi?id=1304583 [ 6 ] Bug #1301382 - Terminator does not use KDE's default browser setting https://bugzilla.redhat.com/show_bug.cgi?id=1301382 [ 7 ] Bug #1290183 - [abrt] terminator: terminal.py:1143:ensure_visible_and_focussed:AttributeError: 'Terminal' object has no attribute 'get_child' https://bugzilla.redhat.com/show_bug.cgi?id=1290183 [ 8 ] Bug #1397825 - terminator-1.90 is available https://bugzilla.redhat.com/show_bug.cgi?id=1397825 --------------------------------------------------------------------------------
================================================================================ vdr-epg-daemon-1.1.66-1.fc24 (FEDORA-2016-75599d888f) A daemon to download EPG data from internet and manage it in a mysql database -------------------------------------------------------------------------------- Update Information:
Update 1.1.66 ---- Update 1.1.65 ---- Update to 1.1.64 ---- Update to 1.1.63 ---- Update to 1.1.61 ---- Update to 1.1.54 ---- Update to 1.1.53 ---- Update to 1.1.52 ---- Update to 1.1.48 ---- Update to 1.1.47 ---- Update to 1.1.46 ---- Update to 1.1.44 ---- Update to 1.1.42 ---- Update to 1.1.58 ---- Update to 1.1.55 ---- Update to 1.1.62 --------------------------------------------------------------------------------
================================================================================ xosview-1.19-1.fc24 (FEDORA-2016-f32296f646) An X Window System utility for monitoring system resources -------------------------------------------------------------------------------- Update Information:
- Rebuilt for new upstream release 1.19, fixes rhbz #1401149 - Do not use upstreamed patches (already in latest release) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1401149 - xosview-1.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1401149 --------------------------------------------------------------------------------