The following Fedora 24 Security updates need testing: Age URL 173 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 70 https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24 39 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 32 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-19b0fe001d runc-1.0.0-3.rc2.gitc91b5be.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-08207fe48b python-crypto-2.6.1-13.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f8094477ee mapserver-6.2.4-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2e7217e2a irssi-0.8.21-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5a823376be percona-xtrabackup-2.3.6-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d7ef286d1 drupal7-title-1.0-0.7.alpha9.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-294c23bb1d phpMyAdmin-4.6.6-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6681f94e10 moodle-3.1.4-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5136456ce3 ghostscript-9.20-6.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6d6e2bfd1a libXpm-3.5.12-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6cc158c193 kernel-4.9.6-100.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-12c3b2fec3 firefox-51.0.1-2.fc24 firefox-51.0.1-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-338a3f27e5 wordpress-4.7.2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-484fae685d flatpak-0.8.2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f44f2b8c8 mariadb-10.1.21-1.fc24
The following Fedora 24 Critical Path updates have yet to be approved: Age URL 19 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7585703fbe selinux-policy-3.13.1-191.24.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6d6e2bfd1a libXpm-3.5.12-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6cc158c193 kernel-4.9.6-100.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-61698d771f perl-5.22.3-368.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2b2696b823 vim-8.0.238-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bfe67455ae libtiff-4.0.7-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a18a784b84 wpa_supplicant-2.5-6.fc24 wpa_supplicant-2.5-6.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-12c3b2fec3 firefox-51.0.1-2.fc24 firefox-51.0.1-2.fc24
The following builds have been pushed to Fedora 24 updates-testing
composer-1.3.2-1.fc24 corebird-1.4.2-1.fc24 elementary-icon-theme-4.0.2-2.fc24 euca2ools-3.4.1-1.fc24 firefox-51.0.1-2.fc24 flatpak-0.8.2-1.fc24 freefem++-3.51-1.fc24 iguanaIR-1.1.0-20.fc24 jblas-1.2.4-1.fc24 libappstream-glib-0.6.7-3.fc24 libidn2-0.16-1.fc24 libmicrohttpd-0.9.46-4.fc24 lxappearance-0.6.3-1.fc24 mame-0.182-1.fc24 mariadb-10.1.21-1.fc24 nfs-ganesha-2.4.2-1.fc24 perl-Text-CSV-1.91-4.fc24 php-PsrLog-1.0.2-2.fc24 python-httpretty-0.8.14-2.20161011git70af1f8.fc24 python-rosdep-0.11.4-6.fc24 qmc2-0.71-1.fc24 smuxi-1.0.6-1.fc24 storhaug-0.13-3.fc24 wordpress-4.7.2-1.fc24 wpa_supplicant-2.5-6.fc24
Details about builds:
================================================================================ composer-1.3.2-1.fc24 (FEDORA-2017-27d2a70c96) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information:
**Version 1.3.2** - 2017-01-27 * Added `COMPOSER_BINARY` env var that is defined within the scope of a Composer run automatically with the path to the phar file * Fixed create-project ending in a detached HEAD when installing aliased packages * Fixed composer show not returning non-zero exit code when the package does not exist * Fixed `@composer` handling in scripts when --working-dir is used together with it * Fixed private-GitLab handling of repos with dashes in them --------------------------------------------------------------------------------
================================================================================ corebird-1.4.2-1.fc24 (FEDORA-2017-2abc28f63e) Native GTK Twitter client -------------------------------------------------------------------------------- Update Information:
corebird 1.4.2 release. - Fix a crash when going back from a tweet with media to another tweet with media - Fix compilation with --disable-video - Decrease log level of UserStream output to debug when no internet connection is present -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1411091 - make corebird a bit more quiet in the log when network is off https://bugzilla.redhat.com/show_bug.cgi?id=1411091 --------------------------------------------------------------------------------
================================================================================ elementary-icon-theme-4.0.2-2.fc24 (FEDORA-2017-3cb43f061b) Icons from the Elementary Project -------------------------------------------------------------------------------- Update Information:
Fix .spec and adapt scriptlets to correctly create the icon theme cache file. ---- Update to version 4.0.2. This includes more than three years' worth of icon additions and polishing work, including support for 2x scaled icons on HiDPI screens. --------------------------------------------------------------------------------
================================================================================ euca2ools-3.4.1-1.fc24 (FEDORA-2017-6aa12dd12a) Eucalyptus/AWS-compatible command line tools -------------------------------------------------------------------------------- Update Information:
This update adds support for NAT gateways, CloudFormation template attributes, new AWS regions, and more. For a complete list of changes, see the [upstream release notes](https://docs.eucalyptus.com/eucalyptus/4.3.1/#euca2ools-release- notes/rn_index_3.4.0.html). --------------------------------------------------------------------------------
================================================================================ firefox-51.0.1-2.fc24 (FEDORA-2017-12c3b2fec3) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information:
Update to Firefox 51.0.1. ---- - new upstream version (51.0.1) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1412971 - Firefox does not send telemetry data https://bugzilla.redhat.com/show_bug.cgi?id=1412971 --------------------------------------------------------------------------------
================================================================================ flatpak-0.8.2-1.fc24 (FEDORA-2017-484fae685d) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information:
flatpak 0.8.2 release, fixing a security issue that could lead to sandbox escaping. For details, see https://github.com/flatpak/flatpak/releases/tag/0.8.2 --------------------------------------------------------------------------------
================================================================================ freefem++-3.51-1.fc24 (FEDORA-2017-c79a9e81f2) PDE solving tool -------------------------------------------------------------------------------- Update Information:
Upstream update ---- Upstream update. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1398779 - freefem++-3.50 is available https://bugzilla.redhat.com/show_bug.cgi?id=1398779 [ 2 ] Bug #1416591 - freefem++-3.51 is available https://bugzilla.redhat.com/show_bug.cgi?id=1416591 --------------------------------------------------------------------------------
================================================================================ iguanaIR-1.1.0-20.fc24 (FEDORA-2017-7166b398c9) Driver for Iguanaworks USB IR transceiver -------------------------------------------------------------------------------- Update Information:
- Dropped the python package, doesn't build. - Add new lirc-drv-iguanair plugin which used to be part of lird - Various packaging bugs and hacks removed/fixed -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1409065 - File instead of symlink to .so file in iguanaIR https://bugzilla.redhat.com/show_bug.cgi?id=1409065 [ 2 ] Bug #1156648 - Library is packaged twice as libiguanaIR.so.0 and libiguanaIR.so.0.3 https://bugzilla.redhat.com/show_bug.cgi?id=1156648 [ 3 ] Bug #1413263 - Move tmpfiles.d config to %{_tmpfilesdir}, install license files as %license https://bugzilla.redhat.com/show_bug.cgi?id=1413263 --------------------------------------------------------------------------------
================================================================================ jblas-1.2.4-1.fc24 (FEDORA-2017-44706ff283) Java bindings for BLAS -------------------------------------------------------------------------------- Update Information:
Fix for a resource leak and some small documentation updates. --------------------------------------------------------------------------------
================================================================================ libappstream-glib-0.6.7-3.fc24 (FEDORA-2017-e3fd411df2) Library for AppStream metadata -------------------------------------------------------------------------------- Update Information:
This update fixes two use-after-free bugs that can lead to gnome-software crashes. --------------------------------------------------------------------------------
================================================================================ libidn2-0.16-1.fc24 (FEDORA-2017-b8ea539734) Library to support IDNA2008 internationalized domain names -------------------------------------------------------------------------------- Update Information:
Libidn2 0.16 (released 2017-01-16) ================================== * build: Fix idn2_cmd.h build rule * API and ABI is backwards compatible with the previous version Libidn2 0.15 (released 2017-01-14) ================================== * Fix out-of-bounds read * Fix NFC input conversion (regression) * Shrink TR46 static mapping data * API and ABI is backwards compatible with the previous version Libidn2 0.14 (released 2016-12-30) ================================== * build: Fix gentr46map build * API and ABI is backwards compatible with the previous version Libidn2 0.13 (released 2016-12-29) ================================== * build: Doesn't download external files during build * doc: Clarify license * build: Generate ChangeLog file properly * doc: API documentation related to TR46 flags * API and ABI is backwards compatible with the previous version Libidn2 0.12 (released 2016-12-26) ================================== * All changes by Tim R��hsen tim.ruehsen@gmx.de except stated otherwise * Builds/links with libunistring * Fix two possible crashes with unchecked NULL pointers * Memleak fix, reported by Hanno B��ck hanno@hboeck.de * Binary search for codepoints in tables * Do not taint output variable on error in idn2_register_u8() * Do not taint output variable on error in idn2_lookup_u8() * Update to Unicode 6.3.0 IDNA tables * Add TR46 / UTS#46 support to API and idn2 utility * Add NFC quick check * Add make target 'check-coverage' for test coverage report * Add tests to increase test code coverage * API and ABI is backwards compatible with the previous version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416643 - libidn2: update to 0.16 or later version https://bugzilla.redhat.com/show_bug.cgi?id=1416643 [ 2 ] Bug #1416642 - libidn2-0.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1416642 --------------------------------------------------------------------------------
================================================================================ libmicrohttpd-0.9.46-4.fc24 (FEDORA-2017-6fd73da46d) Lightweight library for embedding a webserver in applications -------------------------------------------------------------------------------- Update Information:
roolback to release 0.9.46 again, because 0.9.52 does not work --------------------------------------------------------------------------------
================================================================================ lxappearance-0.6.3-1.fc24 (FEDORA-2017-62b6101add) Feature-rich GTK+ theme switcher for LXDE -------------------------------------------------------------------------------- Update Information:
LXDE utility package bug fix update. --------------------------------------------------------------------------------
================================================================================ mame-0.182-1.fc24 (FEDORA-2017-86b3f71507) Multiple Arcade Machine Emulator -------------------------------------------------------------------------------- Update Information:
An update to the latest mame release: * http://mamedev.org/?p=436 --------------------------------------------------------------------------------
================================================================================ mariadb-10.1.21-1.fc24 (FEDORA-2017-0f44f2b8c8) A community developed branch of MySQL -------------------------------------------------------------------------------- Update Information:
Important change: * most of the utilities were move to the new sub-package "server-utils" Other enhancements: (see changelog) * CVE fixes, SPECfile fixes, patches revision, tests blacklist revisions * Preparation and testing of the Cracklib plugin to be added -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1205082 - Split perl utilities out to a sub package https://bugzilla.redhat.com/show_bug.cgi?id=1205082 [ 2 ] Bug #1260821 - mysql_secure_installation ignores custom config https://bugzilla.redhat.com/show_bug.cgi?id=1260821 [ 3 ] Bug #1414387 - CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 mariadb: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1414387 --------------------------------------------------------------------------------
================================================================================ nfs-ganesha-2.4.2-1.fc24 (FEDORA-2017-8222b3403b) NFS-Ganesha is a NFS Server running in user space -------------------------------------------------------------------------------- Update Information:
nfs-ganesha 2.4.2 GA --------------------------------------------------------------------------------
================================================================================ perl-Text-CSV-1.91-4.fc24 (FEDORA-2017-804a858b6c) Comma-separated values manipulator -------------------------------------------------------------------------------- Update Information:
Upgrade to upstream 1.91. --------------------------------------------------------------------------------
================================================================================ php-PsrLog-1.0.2-2.fc24 (FEDORA-2017-c5fb9fdcf0) Common interface for logging libraries -------------------------------------------------------------------------------- Update Information:
### 1.0.2 * Fixed test suite fix in 1.0.1 to use a more appropriate phpunit method * Fixed return types to be void instead of null -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416878 - package does not require autoloader https://bugzilla.redhat.com/show_bug.cgi?id=1416878 --------------------------------------------------------------------------------
================================================================================ python-httpretty-0.8.14-2.20161011git70af1f8.fc24 (FEDORA-2017-89d97ad758) HTTP request mock tool for Python -------------------------------------------------------------------------------- Update Information:
This update fixes a bug Garrett Holmstrom noticed in the previous update, whereby the `setUp` and `tearDown` methods do not call `reset`. This could cause problems for some test suites. Thanks to Garrett for the report. --------------------------------------------------------------------------------
================================================================================ python-rosdep-0.11.4-6.fc24 (FEDORA-2017-7c53daa8af) ROS System Dependency Installer -------------------------------------------------------------------------------- Update Information:
This update brings python-rosdep in line with the python packaging requirements with python2-rosdep and python3-rosdep subpackages. These should fix an issue with the python2-bloom package requiring python2-rosdep, which was not available until this update. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416195 - python(2)-bloom seems to have a broken dependency https://bugzilla.redhat.com/show_bug.cgi?id=1416195 --------------------------------------------------------------------------------
================================================================================ qmc2-0.71-1.fc24 (FEDORA-2017-e421cd7988) M.A.M.E. Catalog / Launcher II -------------------------------------------------------------------------------- Update Information:
An update to the latest qmc2 release: * http://qmc2.batcom- it.net/index.php/2017/01/26/qmc2-0-71-released/ --------------------------------------------------------------------------------
================================================================================ smuxi-1.0.6-1.fc24 (FEDORA-2017-65ee3567db) Powerful, flexible, user-friendly chat client -------------------------------------------------------------------------------- Update Information:
- Disable parallel make - Update to 1.0.6 --------------------------------------------------------------------------------
================================================================================ storhaug-0.13-3.fc24 (FEDORA-2017-550419d322) High-Availability Add-on for NFS-Ganesha and Samba -------------------------------------------------------------------------------- Update Information:
storhaug 0.13 GA with .fc25 --------------------------------------------------------------------------------
================================================================================ wordpress-4.7.2-1.fc24 (FEDORA-2017-338a3f27e5) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
**WordPress 4.7.2 Security Release** WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues: * The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive. * WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we���ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo). * A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1417158 - wordpress: Multiple security fixes in 4.7.2 https://bugzilla.redhat.com/show_bug.cgi?id=1417158 --------------------------------------------------------------------------------
================================================================================ wpa_supplicant-2.5-6.fc24 (FEDORA-2017-a18a784b84) WPA/WPA2/IEEE 802.1X Supplicant -------------------------------------------------------------------------------- Update Information:
This update enables CONFIG_WIFI_DISPLAY option. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1395682 - RFE: Enable CONFIG_WIFI_DISPLAY https://bugzilla.redhat.com/show_bug.cgi?id=1395682 --------------------------------------------------------------------------------