The following Fedora 24 Security updates need testing:
Age URL
23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95edf19d8a squid-3.5.19-2.fc24
18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dfa325d31b community-mysql-5.7.12-1.fc24
10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-50b0066b7f ntp-4.2.6p5-41.fc24
3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0f3fcd7df kernel-4.5.7-300.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-44821f9576 mxml-2.9-1.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a771d67ba0 nfdump-1.6.15-1.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d5917e939e python-2.7.11-5.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3d4c0d27b6 clementine-1.3.1-2.fc24 sqlite-3.12.2-1.fc24
10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41bde7479f lorax-24.19-1.fc24
8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3a7f36c0c1 vim-7.4.1868-1.fc24
6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bf01498e92 evolution-mapi-3.20.3-1.fc24 evolution-ews-3.20.3-1.fc24 evolution-3.20.3-1.fc24 evolution-data-server-3.20.3-1.fc24
3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0f3fcd7df kernel-4.5.7-300.fc24
3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-52fd6003b8 librsvg2-2.40.16-1.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d5917e939e python-2.7.11-5.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab6fa06b1c thunderbird-45.1.1-2.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3bbae10376 perl-5.22.2-360.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c80727621 util-linux-2.28-3.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5437995928 lvm2-2.02.150-2.fc24
The following builds have been pushed to Fedora 24 updates-testing
atomic-1.10.5-1.gitce09e40.fc24
copr-cli-1.51-1.fc24
fpaste-0.3.8.3-1.fc24
gnome-boxes-3.20.2-3.fc24
grub2-2.02-0.33.fc24
grub2-2.02-0.34.fc24
kde-workspace-4.11.22-16.fc24
keepassx-2.0.2-2.fc24
lvm2-2.02.150-2.fc24
mailnag-1.2.1-1.fc24
mod_gnutls-0.7.5-1.fc24
mozilla-fira-fonts-4.202-1.fc24
muffin-3.0.4-2.fc24
perl-5.22.2-360.fc24
perl-Image-ExifTool-10.20-1.fc24
php-goutte-2.0.4-1.fc24
php-nrk-Predis-1.1.0-1.fc24
php-zendframework-zend-form-2.9.0-1.fc24
php-zendframework-zend-i18n-2.7.3-1.fc24
php-zendframework-zend-inputfilter-2.7.2-1.fc24
pki-core-10.3.2-4.fc24
python-2.7.11-5.fc24
thunderbird-45.1.1-2.fc24
util-linux-2.28-3.fc24
Details about builds:
================================================================================
atomic-1.10.5-1.gitce09e40.fc24 (FEDORA-2016-7cd281f6f2)
Tool for managing ProjectAtomic systems and containers
--------------------------------------------------------------------------------
Update Information:
bump atomic v1.10.5 ---- build atomic 1.10 commit 1d6aecf ---- build atomic
1.9 commit#72cdbef
--------------------------------------------------------------------------------
================================================================================
copr-cli-1.51-1.fc24 (FEDORA-2016-2e96648256)
Command line interface for COPR
--------------------------------------------------------------------------------
Update Information:
Support for package manipulation as a main new feature.
--------------------------------------------------------------------------------
================================================================================
fpaste-0.3.8.3-1.fc24 (FEDORA-2016-449bccfaa8)
A simple tool for pasting info onto sticky notes instances
--------------------------------------------------------------------------------
Update Information:
* Migrate to pagure.io * Add `--rawurl` option * Use https
--------------------------------------------------------------------------------
================================================================================
gnome-boxes-3.20.2-3.fc24 (FEDORA-2016-e843d33009)
A simple GNOME 3 application to access remote or virtual systems
--------------------------------------------------------------------------------
Update Information:
Do not show priviledge escalation dialog each time Boxes starts up
--------------------------------------------------------------------------------
================================================================================
grub2-2.02-0.33.fc24 (FEDORA-2016-c4d43baacc)
Bootloader with support for Linux, Multiboot and more
--------------------------------------------------------------------------------
Update Information:
Reverts TPM patches, they break some x86 platforms and ppc64. Also fixes EFI
chainloading on x86_64.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1334075 - TPM prevents grub menu, drops to grub rescue; BIOS settings no help
https://bugzilla.redhat.com/show_bug.cgi?id=1334075
[ 2 ] Bug #1334672 - Beta-1.3 ppc64le ISO boot failure
https://bugzilla.redhat.com/show_bug.cgi?id=1334672
[ 3 ] Bug #1320273 - chainloading bootmgr.efi on UEFI results in error: out of memory
https://bugzilla.redhat.com/show_bug.cgi?id=1320273
[ 4 ] Bug #1344700 - Data Storage Exception from grub2-2.02-0.33.fc24.ppc64le
https://bugzilla.redhat.com/show_bug.cgi?id=1344700
[ 5 ] Bug #1344512 - [UEFI][DELL Precison M6800] unable to boot Windows 10 - no shim lock protocol
https://bugzilla.redhat.com/show_bug.cgi?id=1344512
--------------------------------------------------------------------------------
================================================================================
grub2-2.02-0.34.fc24 (FEDORA-2016-c4d43baacc)
Bootloader with support for Linux, Multiboot and more
--------------------------------------------------------------------------------
Update Information:
Reverts TPM patches, they break some x86 platforms and ppc64. Also fixes EFI
chainloading on x86_64.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1334075 - TPM prevents grub menu, drops to grub rescue; BIOS settings no help
https://bugzilla.redhat.com/show_bug.cgi?id=1334075
[ 2 ] Bug #1334672 - Beta-1.3 ppc64le ISO boot failure
https://bugzilla.redhat.com/show_bug.cgi?id=1334672
[ 3 ] Bug #1320273 - chainloading bootmgr.efi on UEFI results in error: out of memory
https://bugzilla.redhat.com/show_bug.cgi?id=1320273
[ 4 ] Bug #1344700 - Data Storage Exception from grub2-2.02-0.33.fc24.ppc64le
https://bugzilla.redhat.com/show_bug.cgi?id=1344700
[ 5 ] Bug #1344512 - [UEFI][DELL Precison M6800] unable to boot Windows 10 - no shim lock protocol
https://bugzilla.redhat.com/show_bug.cgi?id=1344512
--------------------------------------------------------------------------------
================================================================================
kde-workspace-4.11.22-16.fc24 (FEDORA-2016-e8ad31da94)
KDE Workspace
--------------------------------------------------------------------------------
Update Information:
Use generic 'fedora' kdm theme (instead of f23-kde-theme)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1344920 - KDM uses f23-kdm-theme but not installed by default so KDM not working
https://bugzilla.redhat.com/show_bug.cgi?id=1344920
--------------------------------------------------------------------------------
================================================================================
keepassx-2.0.2-2.fc24 (FEDORA-2016-645a4b89a9)
Cross-platform password manager
--------------------------------------------------------------------------------
Update Information:
Add /usr/bin/keepassx symlink.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1338054 - Fedora 24 keepassx has a lower version number it wants to upgrade a higher version package from Fedora 23
https://bugzilla.redhat.com/show_bug.cgi?id=1338054
--------------------------------------------------------------------------------
================================================================================
lvm2-2.02.150-2.fc24 (FEDORA-2016-5437995928)
Userland logical volume management tools
--------------------------------------------------------------------------------
Update Information:
Fix possible segfault on error path while destroying device-mapper ioctl task in
lvm2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343115 - [abrt] [faf] lvm2: dm_task_destroy(): /usr/sbin/lvm killed by 11
https://bugzilla.redhat.com/show_bug.cgi?id=1343115
--------------------------------------------------------------------------------
================================================================================
mailnag-1.2.1-1.fc24 (FEDORA-2016-a683f7559f)
Mail notification daemon
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.1
--------------------------------------------------------------------------------
================================================================================
mod_gnutls-0.7.5-1.fc24 (FEDORA-2016-47d118a74b)
GnuTLS module for the Apache HTTP server
--------------------------------------------------------------------------------
Update Information:
rebase to 0.7.5 (rhbz#1339412)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1339412 - mod_gnutls causing apach to hang at 100 % CPU load
https://bugzilla.redhat.com/show_bug.cgi?id=1339412
--------------------------------------------------------------------------------
================================================================================
mozilla-fira-fonts-4.202-1.fc24 (FEDORA-2016-af48ef66dc)
Mozilla's Fira fonts
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream (among other things fixes problems with bad
hinting).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1273554 - Too high mono font; please, upgrade to the latest upstream
https://bugzilla.redhat.com/show_bug.cgi?id=1273554
--------------------------------------------------------------------------------
================================================================================
muffin-3.0.4-2.fc24 (FEDORA-2016-c71a7012c5)
Window and compositing manager based on Clutter
--------------------------------------------------------------------------------
Update Information:
Fix window size issue
--------------------------------------------------------------------------------
================================================================================
perl-5.22.2-360.fc24 (FEDORA-2016-3bbae10376)
Practical Extraction and Report Language
--------------------------------------------------------------------------------
Update Information:
This release prevents from crashing when when a thread is spawn after using a
PerlIO encoding pragma.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1345788 - perl segmentation fault when using PerlIO Layer :locale and threads
https://bugzilla.redhat.com/show_bug.cgi?id=1345788
--------------------------------------------------------------------------------
================================================================================
perl-Image-ExifTool-10.20-1.fc24 (FEDORA-2016-d49df80c98)
Utility for reading and writing image meta info
--------------------------------------------------------------------------------
Update Information:
Update to 10.20 (latest stable from upstream). For changes, see:
http://owl.phy.queensu.ca/~phil/exiftool/history.html
--------------------------------------------------------------------------------
================================================================================
php-goutte-2.0.4-1.fc24 (FEDORA-2016-768662c4ea)
A simple PHP web scraper
--------------------------------------------------------------------------------
Update Information:
Updated to version 2.
https://github.com/FriendsOfPHP/Goutte/compare/v1.0.7...v2.0.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1100719 - php-goutte-v3.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1100719
[ 2 ] Bug #1289798 - php-goutte-3.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1289798
--------------------------------------------------------------------------------
================================================================================
php-nrk-Predis-1.1.0-1.fc24 (FEDORA-2016-8d1e0ab408)
PHP client library for Redis
--------------------------------------------------------------------------------
Update Information:
**Predis v1.1.0** (2016-06-02) - The default server profile for the client now
targets Redis 3.2. - Responses to the following commands are not casted into
booleans anymore, the original integer value is returned: `SETNX`, `MSETNX`,
`SMOVE`, `SISMEMBER`, `HSET`, `HSETNX`, `HEXISTS`, `PFADD`, `EXISTS`, `MOVE`,
`PERSIST`, `EXPIRE`, `EXPIREAT`, `RENAMENX`. This change does not have a
significant impact unless when using strict comparisons (=== and !==) the
returned value. - Non-boolean string values passed to the `persistent`
connection parameter can be used to create different persistent connections.
Note that this feature was already present in Predis but required both
`persistent` and `path` to be set as illustrated by
[#139](https://github.com/nrk/predis/pull/139). This change is needed to
prevent confusion with how `path` is used to select a database when using the
`redis` scheme. - The client throws exceptions when Redis returns any kind of
error response to initialization commands (the ones being automatically sent
when a connection is established, such as `SELECT` and `AUTH` when database
and password are set in connection parameters) regardless of the value of the
exception option. - Using `unix:///path/to/socket` in URI strings to specify a
UNIX domain socket file is now deprecated in favor of the format
`unix:/path/to/socket` (note the lack of the double slash after the scheme)
and will not be supported starting with the next major release. - Implemented
full support for redis-sentinel. - Implemented the ability to specify default
connection parameters for aggregate connections with the new `parameters`
client option. These parameters augment the usual user-supplied connection
parameters (but do not take the precedence over them) when creating new
connections and they are mostly useful when the client is using aggregate
connections such as redis-cluster and redis-sentinel as these backends can
create new connections on the fly based on responses and redirections from
Redis. - Redis servers protected by SSL-encrypted connections can be accessed
by using the `tls` or `rediss` scheme in connection parameters along with SSL-
specific options in the `ssl` parameter (see
http://php.net/manual/context.ssl.php). - `Predis\Client` implements
`IteratorAggregate` making it possible to iterate over traversable aggregate
connections and get a new client instance for each Redis node. - Iterating
over an instance of `Predis\Connection\Aggregate\RedisCluster` will return all
the connections mapped in the slots map instead of just the ones in the pool.
This change makes it possible, when the slots map is retrieved from Redis, to
iterate over all of the master nodes in the cluster. When the use of `CLUSTER
SLOTS` is disabled via the `useClusterSlots()` method, the iteration returns
only the connections with slots ranges associated in their parameters or the
ones initialized by `-MOVED` responses in order to make the behaviour of the
iteration consistent between the two modes of operation. - Various improvements
to `Predis\Connection\Aggregate\MasterSlaveReplication` (the "basic"
replication backend, not the new one based on redis-sentinel): - When the
client is not able to send a read-only command to a slave because the
current connection fails or the slave is resyncing (`-LOADING` response
returned by Redis), the backend discards the failed connection and performs
a new attempt on the next slave. When no other slave is available the master
server is used for read-only commands as last resort. - It is possible to
discover the current replication configuration on the fly by invoking the
`discover()` method which internally relies on the output of the command
`INFO REPLICATION` executed against the master server or one of the slaves.
The backend can also be configured to do this automatically when it fails to
reach one of the servers. - Implemented the `switchToMaster()` and
`switchToSlave()` methods to make it easier to force a switch to the master
server or a random slave when needed.
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-form-2.9.0-1.fc24 (FEDORA-2016-6088dd70cc)
Zend Framework Form component
--------------------------------------------------------------------------------
Update Information:
**zend-form 2.9.0** - 2016-06-07 - [#57](https://github.com/zendframework/zend-
form/pull/57) adds new elements, `FormSearch` and `FormTel`, which map to the
`FormSearch` and `FormTel` view helpers. - Updates the composer suggestions
list to remove those that were redundant, and to add explicit constraints and
reasons for each listed (e.g., zend-code is required for annotations support).
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-i18n-2.7.3-1.fc24 (FEDORA-2016-31100d5a69)
Zend Framework I18n component
--------------------------------------------------------------------------------
Update Information:
**zend-i18n 2.7.3** - 2016-06-07 - [#42](https://github.com/zendframework/zend-
i18n/pull/42) fixes the behavior of the `PhoneNumber` validator to store the
country using the casing provided, but validate based on the uppercased
country value. This ensures the same validation behavior, and prevents the
value from being transformed, potentially breaking later retrieval. -
[#47](https://github.com/zendframework/zend-i18n/pull/47) provides a
performance improvement to the `Zend\I18n\View\HelperConfig` implementation
when operating under zend-servicemanager v3.
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-inputfilter-2.7.2-1.fc24 (FEDORA-2016-b552cedca6)
Zend Framework InputFilter component
--------------------------------------------------------------------------------
Update Information:
**zend-inputfilter 2.7.2** - 2016-06-11 -
[#105](https://github.com/zendframework/zend-inputfilter/pull/105) adds and
publishes the documentation to https://zendframework.github.io/zend-inputfilter
- [#110](https://github.com/zendframework/zend-inputfilter/pull/110) fixes an
issue with `InputFilterAbstractServiceFactory` whereby it was not working when
the provided container is not a plugin manager, but rather the application
container.
--------------------------------------------------------------------------------
================================================================================
pki-core-10.3.2-4.fc24 (FEDORA-2016-e8c5c05281)
Certificate System - PKI Core Components
--------------------------------------------------------------------------------
Update Information:
Updated tomcatjss versions ---- Updated 'java', 'java-headless', and 'java-
devel' dependencies to 1:1.8.0. ---- PKI TRAC Ticket #2330 - Release Dogtag
10.3.2 ---- PKI TRAC Ticket #2330 - Release Dogtag 10.3.2
--------------------------------------------------------------------------------
================================================================================
python-2.7.11-5.fc24 (FEDORA-2016-d5917e939e)
An interpreted, interactive, object-oriented programming language
--------------------------------------------------------------------------------
Update Information:
Added patch for fixing possible integer overflow and heap corruption in
zipimporter.get_data()
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1345858 - python: Heap overflow in zipimporter module [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1345858
--------------------------------------------------------------------------------
================================================================================
thunderbird-45.1.1-2.fc24 (FEDORA-2016-ab6fa06b1c)
Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:
Fixed problems with wrong version of thunderbird-lightning-gdata subpackage.
--------------------------------------------------------------------------------
================================================================================
util-linux-2.28-3.fc24 (FEDORA-2016-4c80727621)
A collection of basic system utilities
--------------------------------------------------------------------------------
Update Information:
libblkid update to fix filesystems detection on CDROMs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1234317 - CD / DVD are rarely automounted
https://bugzilla.redhat.com/show_bug.cgi?id=1234317
--------------------------------------------------------------------------------
Join us on irc.freenode.net in #fedora-meeting-2 for this important
meeting, wherein we shall determine the readiness of the Fedora 24.
The meeting is scheduled at 17:00 UTC. Please follow the [FedoCal]
link to find the time of the meeting in your time-zone.
[FedoCal] https://apps.fedoraproject.org/calendar/meeting/4328/
"Before each public release Development, QA and Release Engineering
meet to determine if the release criteria are met for a particular
release. This meeting is called the Go/No-Go Meeting."
"Verifying that the Release criteria are met is the responsibility of
the QA Team."
For more details about this meeting see:
https://fedoraproject.org/wiki/Go_No_Go_Meeting
In the meantime, keep an eye on the Fedora 24 Final Blocker list:
https://qa.fedoraproject.org/blockerbugs/milestone/24/final/buglist
Thanks for attending,
Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
test-announce mailing list
test-announce(a)lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/test-announce@lists.fedoraproje…
The following Fedora 22 Security updates need testing:
Age URL
430 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22
379 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22
312 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22
266 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22
254 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22
224 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22
206 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22
206 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22
173 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22
147 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22
123 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22
112 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22
99 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22
60 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22
31 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a5867050 squid-3.5.10-4.fc22
17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5107c318e webkitgtk4-2.12.3-1.fc22
11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-363d307082 gd-2.1.1-4.fc22
11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-40ccaff4d1 GraphicsMagick-1.3.24-1.fc22
10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe9112a9ff sudo-1.8.15-2.fc22
9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c3bd6a3496 ntp-4.2.6p5-41.fc22
2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-45402a6f3b iperf3-3.1.3-1.fc22
2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3daf782dfa kernel-4.4.13-200.fc22
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b49c9aa49 nfdump-1.6.15-1.fc22
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-03c0ed3127 php-zendframework-zendxml-1.0.2-2.fc22 php-ZendFramework2-2.4.10-1.fc22
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
305 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22
224 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22
206 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22
206 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22
60 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22
57 https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4 libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22
55 https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b pygtk2-2.24.0-14.fc22
51 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8 lldpad-1.0.1-4.git036e314.fc22
11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-363d307082 gd-2.1.1-4.fc22
10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe9112a9ff sudo-1.8.15-2.fc22
7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2cdb5d5a7c vim-7.4.1868-1.fc22
4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-409af1ecfd lua-5.3.3-1.fc22
2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-22cdb97bb4 thunderbird-45.1.1-1.fc22
2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4a2bc1983 mdadm-3.3.4-3.fc22
2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3daf782dfa kernel-4.4.13-200.fc22
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26df5bf249 nss-util-3.24.0-1.0.fc22 nss-softokn-3.24.0-1.0.fc22 nss-3.24.0-1.0.fc22
The following builds have been pushed to Fedora 22 updates-testing
fuse-emulator-1.2.0-2.fc22
fuse-emulator-utils-1.2.0-3.fc22
glibc-arm-linux-gnu-2.23-4.fc22
libspectrum-1.2.0-2.fc22
lilypond-2.19.43-1.fc22
lilypond-doc-2.19.43-1.fc22
nfdump-1.6.15-1.fc22
nss-3.24.0-1.2.fc22
nss-softokn-3.24.0-1.0.fc22
nss-util-3.24.0-1.0.fc22
php-ZendFramework2-2.4.10-1.fc22
php-libvirt-0.5.2-1.fc22
php-zendframework-zendxml-1.0.2-2.fc22
Details about builds:
================================================================================
fuse-emulator-1.2.0-2.fc22 (FEDORA-2016-519e1fbbf9)
The Free UNIX Spectrum Emulator
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream. Use correct libspectrum version. ---- Updated to
latest upstream. ---- Update to the latest upstream.
--------------------------------------------------------------------------------
================================================================================
fuse-emulator-utils-1.2.0-3.fc22 (FEDORA-2016-519e1fbbf9)
Additional utils for the Fuse spectrum emulator
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream. Use correct libspectrum version. ---- Updated to
latest upstream. ---- Update to the latest upstream.
--------------------------------------------------------------------------------
================================================================================
glibc-arm-linux-gnu-2.23-4.fc22 (FEDORA-2016-19fabfc432)
Cross Compiled GNU C Library targeted at arm-linux-gnu
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312963 - Review Request: glibc-arm-linux-gnu - Cross Compiled GNU C Library targeted at arm-linux-gnu
https://bugzilla.redhat.com/show_bug.cgi?id=1312963
--------------------------------------------------------------------------------
================================================================================
libspectrum-1.2.0-2.fc22 (FEDORA-2016-519e1fbbf9)
A library for reading spectrum emulator file formats
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream. Use correct libspectrum version. ---- Updated to
latest upstream. ---- Update to the latest upstream.
--------------------------------------------------------------------------------
================================================================================
lilypond-2.19.43-1.fc22 (FEDORA-2016-f52724ba1f)
A typesetting system for music notation
--------------------------------------------------------------------------------
Update Information:
2.19.43
--------------------------------------------------------------------------------
================================================================================
lilypond-doc-2.19.43-1.fc22 (FEDORA-2016-f52724ba1f)
HTML documentation for LilyPond
--------------------------------------------------------------------------------
Update Information:
2.19.43
--------------------------------------------------------------------------------
================================================================================
nfdump-1.6.15-1.fc22 (FEDORA-2016-3b49c9aa49)
NetFlow collecting and processing tools
--------------------------------------------------------------------------------
Update Information:
nfdump 1.6.15 released. --- - Fix Security issue http://www.security-assessmen
t.com/files/documents/advisory/Nfdump%20nfcapd%201.6.14%20-%20Multiple%20Vulnera
bilities.pdf - Fix obyte, opps and obps output records - Fix wrong bps type case
in cvs output. Fix opbs ipbs typos nfdump 1.6.14 released. --- - Create
libnfdump for dynamic linking - Add -R to ModifyCompression - Add std sampler ID
4 Bytes and allow random sampler (tag 50) - Add BZ2 compression along existing
LZ0 - Add direct write to flowtools converter ft2nfdump - Fix CentOS compile
issues with flow-tools converter - Fix FreeBSD,OpenBSD build problems - Fix
timestamp overflow in sflow.c - Fix IP Fragmentation in sflow collector - Fix
compile errors on other platforms - Fix zero alignment bug, if only half of an
extension is sent - Fix nfanon time window bug in subsequent files in -R list -
Fix CommonRecordV0Type conversion bug - Fix nfexport bug, if only one single map
exists
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1335204 - nfdump: multiple remote denial of service vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1335204
--------------------------------------------------------------------------------
================================================================================
nss-3.24.0-1.2.fc22 (FEDORA-2016-26df5bf249)
Network Security Services
--------------------------------------------------------------------------------
Update Information:
Updates the nss family of packages to upstream NSS 3.24. For details about new
functionality and a list of bugs fixed in this release please see the upstream
releases notes https://developer.mozilla.org/en-
US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes
--------------------------------------------------------------------------------
================================================================================
nss-softokn-3.24.0-1.0.fc22 (FEDORA-2016-26df5bf249)
Network Security Services Softoken Module
--------------------------------------------------------------------------------
Update Information:
Updates the nss family of packages to upstream NSS 3.24. For details about new
functionality and a list of bugs fixed in this release please see the upstream
releases notes https://developer.mozilla.org/en-
US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes
--------------------------------------------------------------------------------
================================================================================
nss-util-3.24.0-1.0.fc22 (FEDORA-2016-26df5bf249)
Network Security Services Utilities Library
--------------------------------------------------------------------------------
Update Information:
Updates the nss family of packages to upstream NSS 3.24. For details about new
functionality and a list of bugs fixed in this release please see the upstream
releases notes https://developer.mozilla.org/en-
US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework2-2.4.10-1.fc22 (FEDORA-2016-03c0ed3127)
Zend Framework 2
--------------------------------------------------------------------------------
Update Information:
## 2.4.10 (2016-05-09) - Fix HeaderValue throwing an exception on legal
characters ## 2.4.9 (2015-11-23) ### SECURITY UPDATES - **ZF2015-09**:
`Zend\Captcha\Word` generates a "word" for a CAPTCHA challenge by selecting a
sequence of random letters from a character set. Prior to this vulnerability
announcement, the selection was performed using PHP's internal `array_rand()`
function. This function does not generate sufficient entropy due to its usage
of `rand()` instead of more cryptographically secure methods such as
`openssl_pseudo_random_bytes()`. This could potentially lead to information
disclosure should an attacker be able to brute force the random number
generation. This release contains a patch that replaces the `array_rand()`
calls to use `Zend\Math\Rand::getInteger()`, which provides better RNG. -
**ZF2015-10**: `Zend\Crypt\PublicKey\Rsa\PublicKey` has a call to
`openssl_public_encrypt()` which used PHP's default `$padding` argument, which
specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This
padding has a known vulnerability, the [Bleichenbacher's chosen-ciphertext
attack](http://crypto.stackexchange.com/questions/12688/can-you-explain-
bleichenbachers-cca-attack-on-pkcs1-v1-5), which can be used to recover an RSA
private key. This release contains a patch that changes the padding argument
to use `OPENSSL_PKCS1_OAEP_PADDING`. Users upgrading to this version may have
issues decrypting previously stored values, due to the change in padding. If
this occurs, you can pass the constant `OPENSSL_PKCS1_PADDING` to a new
`$padding` argument in `Zend\Crypt\PublicKey\Rsa::encrypt()` and `decrypt()`
(though typically this should only apply to the latter): ```php
$decrypted = $rsa->decrypt($data, $key, $mode, OPENSSL_PKCS1_PADDING); ```
where `$rsa` is an instance of `Zend\Crypt\PublicKey\Rsa`. (The `$key` and
`$mode` argument defaults are `null` and
`Zend\Crypt\PublicKey\Rsa::MODE_AUTO`, if you were not using them previously.)
We recommend re-encrypting any such values using the new defaults.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343990 - [epel7][security] php-ZendFramework2-2.4.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1343990
[ 2 ] Bug #1289318 - CVE-2015-7503 php-ZendFramework2: Usage of vulnerable PKCS#1 v1.5 padding allows to recover RSA private key [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1289318
[ 3 ] Bug #1343995 - [f23][f22][security] php-ZendFramework2-2.4.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1343995
[ 4 ] Bug #1289317 - CVE-2015-7503 php-ZendFramework2: Usage of vulnerable PKCS#1 v1.5 padding allows to recover RSA private key [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1289317
--------------------------------------------------------------------------------
================================================================================
php-libvirt-0.5.2-1.fc22 (FEDORA-2016-466d863873)
PHP language bindings for Libvirt
--------------------------------------------------------------------------------
Update Information:
Upgrade to 0.5.2 to support newer libvirt capabilities
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zendxml-1.0.2-2.fc22 (FEDORA-2016-03c0ed3127)
Zend Framework ZendXml component
--------------------------------------------------------------------------------
Update Information:
## 2.4.10 (2016-05-09) - Fix HeaderValue throwing an exception on legal
characters ## 2.4.9 (2015-11-23) ### SECURITY UPDATES - **ZF2015-09**:
`Zend\Captcha\Word` generates a "word" for a CAPTCHA challenge by selecting a
sequence of random letters from a character set. Prior to this vulnerability
announcement, the selection was performed using PHP's internal `array_rand()`
function. This function does not generate sufficient entropy due to its usage
of `rand()` instead of more cryptographically secure methods such as
`openssl_pseudo_random_bytes()`. This could potentially lead to information
disclosure should an attacker be able to brute force the random number
generation. This release contains a patch that replaces the `array_rand()`
calls to use `Zend\Math\Rand::getInteger()`, which provides better RNG. -
**ZF2015-10**: `Zend\Crypt\PublicKey\Rsa\PublicKey` has a call to
`openssl_public_encrypt()` which used PHP's default `$padding` argument, which
specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This
padding has a known vulnerability, the [Bleichenbacher's chosen-ciphertext
attack](http://crypto.stackexchange.com/questions/12688/can-you-explain-
bleichenbachers-cca-attack-on-pkcs1-v1-5), which can be used to recover an RSA
private key. This release contains a patch that changes the padding argument
to use `OPENSSL_PKCS1_OAEP_PADDING`. Users upgrading to this version may have
issues decrypting previously stored values, due to the change in padding. If
this occurs, you can pass the constant `OPENSSL_PKCS1_PADDING` to a new
`$padding` argument in `Zend\Crypt\PublicKey\Rsa::encrypt()` and `decrypt()`
(though typically this should only apply to the latter): ```php
$decrypted = $rsa->decrypt($data, $key, $mode, OPENSSL_PKCS1_PADDING); ```
where `$rsa` is an instance of `Zend\Crypt\PublicKey\Rsa`. (The `$key` and
`$mode` argument defaults are `null` and
`Zend\Crypt\PublicKey\Rsa::MODE_AUTO`, if you were not using them previously.)
We recommend re-encrypting any such values using the new defaults.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343990 - [epel7][security] php-ZendFramework2-2.4.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1343990
[ 2 ] Bug #1289318 - CVE-2015-7503 php-ZendFramework2: Usage of vulnerable PKCS#1 v1.5 padding allows to recover RSA private key [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1289318
[ 3 ] Bug #1343995 - [f23][f22][security] php-ZendFramework2-2.4.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1343995
[ 4 ] Bug #1289317 - CVE-2015-7503 php-ZendFramework2: Usage of vulnerable PKCS#1 v1.5 padding allows to recover RSA private key [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1289317
--------------------------------------------------------------------------------
The following Fedora 23 Security updates need testing:
Age URL
266 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
224 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23
197 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23
147 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23
147 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23
112 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23
67 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23
31 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940 squid-3.5.10-4.fc23
11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7a878ed298 GraphicsMagick-1.3.24-1.fc23
9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-89e0874533 ntp-4.2.6p5-41.fc23
7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0f550603a5 xen-4.5.3-7.fc23
2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9693e82a25 iperf3-3.1.3-1.fc23
2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-80edb9d511 kernel-4.5.7-200.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-54dfd21f15 nfdump-1.6.15-1.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8952105d59 php-zendframework-zendxml-1.0.2-2.fc23 php-ZendFramework2-2.4.10-1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-28873e4832 vim-7.4.1868-1.fc23
7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad11727bf PackageKit-1.1.1-2.fc23 appstream-data-23-11.fc23 fwupd-0.7.1-1.fc23 gnome-software-3.20.3-1.fc23.1 json-glib-1.2.0-1.fc23 libappstream-glib-0.5.14-1.fc23 libgusb-0.2.9-1.fc23
2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-80edb9d511 kernel-4.5.7-200.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-342d89590d nss-3.24.0-1.3.fc23
The following builds have been pushed to Fedora 23 updates-testing
docker-1.10.3-32.gitee81b72.fc23
fuse-emulator-1.2.0-2.fc23
fuse-emulator-utils-1.2.0-3.fc23
glibc-arm-linux-gnu-2.23-4.fc23
libmtp-1.1.11-1.fc23
libspectrum-1.2.0-2.fc23
lilypond-2.19.43-1.fc23
lilypond-doc-2.19.43-1.fc23
nfdump-1.6.15-1.fc23
nitroshare-0.3.1-3.20160612git930c9b7.fc23
nss-3.24.0-1.3.fc23
openslide-python-1.1.1-1.fc23
php-ZendFramework2-2.4.10-1.fc23
php-libvirt-0.5.2-1.fc23
php-zendframework-zendxml-1.0.2-2.fc23
Details about builds:
================================================================================
docker-1.10.3-32.gitee81b72.fc23 (FEDORA-2016-0db55e627c)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
remove MountFlags=slave from docker.service
--------------------------------------------------------------------------------
================================================================================
fuse-emulator-1.2.0-2.fc23 (FEDORA-2016-7ecfe10490)
The Free UNIX Spectrum Emulator
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream. Use correct libspectrum version. ---- Updated to
latest upstream. ---- Update to the latest upstream.
--------------------------------------------------------------------------------
================================================================================
fuse-emulator-utils-1.2.0-3.fc23 (FEDORA-2016-7ecfe10490)
Additional utils for the Fuse spectrum emulator
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream. Use correct libspectrum version. ---- Updated to
latest upstream. ---- Update to the latest upstream.
--------------------------------------------------------------------------------
================================================================================
glibc-arm-linux-gnu-2.23-4.fc23 (FEDORA-2016-91e8c1cf59)
Cross Compiled GNU C Library targeted at arm-linux-gnu
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312963 - Review Request: glibc-arm-linux-gnu - Cross Compiled GNU C Library targeted at arm-linux-gnu
https://bugzilla.redhat.com/show_bug.cgi?id=1312963
--------------------------------------------------------------------------------
================================================================================
libmtp-1.1.11-1.fc23 (FEDORA-2016-e292660489)
A software library for MTP media players
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.11
--------------------------------------------------------------------------------
================================================================================
libspectrum-1.2.0-2.fc23 (FEDORA-2016-7ecfe10490)
A library for reading spectrum emulator file formats
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream. Use correct libspectrum version. ---- Updated to
latest upstream. ---- Update to the latest upstream.
--------------------------------------------------------------------------------
================================================================================
lilypond-2.19.43-1.fc23 (FEDORA-2016-524b697689)
A typesetting system for music notation
--------------------------------------------------------------------------------
Update Information:
2.19.43
--------------------------------------------------------------------------------
================================================================================
lilypond-doc-2.19.43-1.fc23 (FEDORA-2016-524b697689)
HTML documentation for LilyPond
--------------------------------------------------------------------------------
Update Information:
2.19.43
--------------------------------------------------------------------------------
================================================================================
nfdump-1.6.15-1.fc23 (FEDORA-2016-54dfd21f15)
NetFlow collecting and processing tools
--------------------------------------------------------------------------------
Update Information:
nfdump 1.6.15 released. --- - Fix Security issue http://www.security-assessmen
t.com/files/documents/advisory/Nfdump%20nfcapd%201.6.14%20-%20Multiple%20Vulnera
bilities.pdf - Fix obyte, opps and obps output records - Fix wrong bps type case
in cvs output. Fix opbs ipbs typos nfdump 1.6.14 released. --- - Create
libnfdump for dynamic linking - Add -R to ModifyCompression - Add std sampler ID
4 Bytes and allow random sampler (tag 50) - Add BZ2 compression along existing
LZ0 - Add direct write to flowtools converter ft2nfdump - Fix CentOS compile
issues with flow-tools converter - Fix FreeBSD,OpenBSD build problems - Fix
timestamp overflow in sflow.c - Fix IP Fragmentation in sflow collector - Fix
compile errors on other platforms - Fix zero alignment bug, if only half of an
extension is sent - Fix nfanon time window bug in subsequent files in -R list -
Fix CommonRecordV0Type conversion bug - Fix nfexport bug, if only one single map
exists
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1335204 - nfdump: multiple remote denial of service vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1335204
--------------------------------------------------------------------------------
================================================================================
nitroshare-0.3.1-3.20160612git930c9b7.fc23 (FEDORA-2016-62f9ce37df)
Transfer files from one device to another made extremely simple
--------------------------------------------------------------------------------
Update Information:
initial package, rhbz#1338553 - use git snapshot with several bugfixes - add
Qt5Svg as dependency ---- initial package, rhzb#1338553
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1338553 - Review Request: nitroshare - Transfer files from one device to another made extremely simple
https://bugzilla.redhat.com/show_bug.cgi?id=1338553
--------------------------------------------------------------------------------
================================================================================
nss-3.24.0-1.3.fc23 (FEDORA-2016-342d89590d)
Network Security Services
--------------------------------------------------------------------------------
Update Information:
Restore support for sslkeylog file in optimized builds. This was lost with the
rebase to nss-3.24 which removed the support that allows to analyze TLS traffic.
The NSS_ALLOW_SSLKEYLOGFILE was introduced and set to zero by default and users
had to explicitly set it. With this update sslkeylog support is restored as it
was in nss-3.23.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343239 - Update to nss 3.24.0 removes sslkeylogfile file support
https://bugzilla.redhat.com/show_bug.cgi?id=1343239
--------------------------------------------------------------------------------
================================================================================
openslide-python-1.1.1-1.fc23 (FEDORA-2016-ec27c04532)
Python bindings for the OpenSlide library
--------------------------------------------------------------------------------
Update Information:
* Change default Deep Zoom tile size to 254 pixels to improve viewer
performance * Fix some "unclosed file" ResourceWarnings on Python 3 * Improve
object reprs
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework2-2.4.10-1.fc23 (FEDORA-2016-8952105d59)
Zend Framework 2
--------------------------------------------------------------------------------
Update Information:
## 2.4.10 (2016-05-09) - Fix HeaderValue throwing an exception on legal
characters ## 2.4.9 (2015-11-23) ### SECURITY UPDATES - **ZF2015-09**:
`Zend\Captcha\Word` generates a "word" for a CAPTCHA challenge by selecting a
sequence of random letters from a character set. Prior to this vulnerability
announcement, the selection was performed using PHP's internal `array_rand()`
function. This function does not generate sufficient entropy due to its usage
of `rand()` instead of more cryptographically secure methods such as
`openssl_pseudo_random_bytes()`. This could potentially lead to information
disclosure should an attacker be able to brute force the random number
generation. This release contains a patch that replaces the `array_rand()`
calls to use `Zend\Math\Rand::getInteger()`, which provides better RNG. -
**ZF2015-10**: `Zend\Crypt\PublicKey\Rsa\PublicKey` has a call to
`openssl_public_encrypt()` which used PHP's default `$padding` argument, which
specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This
padding has a known vulnerability, the [Bleichenbacher's chosen-ciphertext
attack](http://crypto.stackexchange.com/questions/12688/can-you-explain-
bleichenbachers-cca-attack-on-pkcs1-v1-5), which can be used to recover an RSA
private key. This release contains a patch that changes the padding argument
to use `OPENSSL_PKCS1_OAEP_PADDING`. Users upgrading to this version may have
issues decrypting previously stored values, due to the change in padding. If
this occurs, you can pass the constant `OPENSSL_PKCS1_PADDING` to a new
`$padding` argument in `Zend\Crypt\PublicKey\Rsa::encrypt()` and `decrypt()`
(though typically this should only apply to the latter): ```php
$decrypted = $rsa->decrypt($data, $key, $mode, OPENSSL_PKCS1_PADDING); ```
where `$rsa` is an instance of `Zend\Crypt\PublicKey\Rsa`. (The `$key` and
`$mode` argument defaults are `null` and
`Zend\Crypt\PublicKey\Rsa::MODE_AUTO`, if you were not using them previously.)
We recommend re-encrypting any such values using the new defaults.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343990 - [epel7][security] php-ZendFramework2-2.4.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1343990
[ 2 ] Bug #1289318 - CVE-2015-7503 php-ZendFramework2: Usage of vulnerable PKCS#1 v1.5 padding allows to recover RSA private key [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1289318
[ 3 ] Bug #1343995 - [f23][f22][security] php-ZendFramework2-2.4.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1343995
[ 4 ] Bug #1289317 - CVE-2015-7503 php-ZendFramework2: Usage of vulnerable PKCS#1 v1.5 padding allows to recover RSA private key [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1289317
--------------------------------------------------------------------------------
================================================================================
php-libvirt-0.5.2-1.fc23 (FEDORA-2016-78932b5bee)
PHP language bindings for Libvirt
--------------------------------------------------------------------------------
Update Information:
Upgrade to 0.5.2 to support newer libvirt capabilities
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zendxml-1.0.2-2.fc23 (FEDORA-2016-8952105d59)
Zend Framework ZendXml component
--------------------------------------------------------------------------------
Update Information:
## 2.4.10 (2016-05-09) - Fix HeaderValue throwing an exception on legal
characters ## 2.4.9 (2015-11-23) ### SECURITY UPDATES - **ZF2015-09**:
`Zend\Captcha\Word` generates a "word" for a CAPTCHA challenge by selecting a
sequence of random letters from a character set. Prior to this vulnerability
announcement, the selection was performed using PHP's internal `array_rand()`
function. This function does not generate sufficient entropy due to its usage
of `rand()` instead of more cryptographically secure methods such as
`openssl_pseudo_random_bytes()`. This could potentially lead to information
disclosure should an attacker be able to brute force the random number
generation. This release contains a patch that replaces the `array_rand()`
calls to use `Zend\Math\Rand::getInteger()`, which provides better RNG. -
**ZF2015-10**: `Zend\Crypt\PublicKey\Rsa\PublicKey` has a call to
`openssl_public_encrypt()` which used PHP's default `$padding` argument, which
specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This
padding has a known vulnerability, the [Bleichenbacher's chosen-ciphertext
attack](http://crypto.stackexchange.com/questions/12688/can-you-explain-
bleichenbachers-cca-attack-on-pkcs1-v1-5), which can be used to recover an RSA
private key. This release contains a patch that changes the padding argument
to use `OPENSSL_PKCS1_OAEP_PADDING`. Users upgrading to this version may have
issues decrypting previously stored values, due to the change in padding. If
this occurs, you can pass the constant `OPENSSL_PKCS1_PADDING` to a new
`$padding` argument in `Zend\Crypt\PublicKey\Rsa::encrypt()` and `decrypt()`
(though typically this should only apply to the latter): ```php
$decrypted = $rsa->decrypt($data, $key, $mode, OPENSSL_PKCS1_PADDING); ```
where `$rsa` is an instance of `Zend\Crypt\PublicKey\Rsa`. (The `$key` and
`$mode` argument defaults are `null` and
`Zend\Crypt\PublicKey\Rsa::MODE_AUTO`, if you were not using them previously.)
We recommend re-encrypting any such values using the new defaults.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343990 - [epel7][security] php-ZendFramework2-2.4.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1343990
[ 2 ] Bug #1289318 - CVE-2015-7503 php-ZendFramework2: Usage of vulnerable PKCS#1 v1.5 padding allows to recover RSA private key [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1289318
[ 3 ] Bug #1343995 - [f23][f22][security] php-ZendFramework2-2.4.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1343995
[ 4 ] Bug #1289317 - CVE-2015-7503 php-ZendFramework2: Usage of vulnerable PKCS#1 v1.5 padding allows to recover RSA private key [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1289317
--------------------------------------------------------------------------------
On current Fedora Rawhide It seems that GDM starts but then hangs as
there is no Xorg and no Xwayland. Is this other people's situation or
am I alone in seeing this problem?
--
Russel.
=============================================================================
Dr Russel Winder t: +44 20 7585 2200 voip: sip:russel.winder@ekiga.net
41 Buckmaster Road m: +44 7770 465 077 xmpp: russel(a)winder.org.uk
London SW11 1EN, UK w: www.russel.org.uk skype: russel_winder