The following Fedora 24 Security updates need testing:
Age URL
101 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24
94 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24
57 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24
37 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24
15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-68cdc567e9 php-onelogin-php-saml-2.10.5-1.fc24
7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f5fe1913f sane-backends-1.0.25-7.fc24
7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7accc8010b pcs-0.9.156-2.fc24
7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-72323a442f ntp-4.2.6p5-44.fc24
6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97e65f13bb python-sleekxmpp-1.3.2-1.fc24
4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97d7758431 firebird-2.5.7.27050.0-1.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e6419b416d xen-4.6.5-4.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-712a186f5f icecat-52.0.1-5.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8eac23007d xorgxrdp-0.2.1-1.fc24 xrdp-0.9.2-1.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-461ce095b5 samba-4.4.13-0.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec01954fe9 chromium-57.0.2987.133-1.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3d7c3f66ae pcre-8.40-6.fc24
4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-47eb254e1c vim-8.0.514-1.fc24
2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-58d5521965 linux-firmware-20170313-72.git695f2d6d.fc24
2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6189eb6f22 gvfs-1.28.4-1.fc24
2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e50ea71b16 audit-2.7.4-1.fc24
2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2b5b9751fd firefox-52.0-7.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-461ce095b5 samba-4.4.13-0.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-af9f3f0102 cups-2.1.4-4.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-470e502a7d libdrm-2.4.76-1.fc24
The following builds have been pushed to Fedora 24 updates-testing
chromium-57.0.2987.133-1.fc24
groonga-7.0.1-1.fc24
groonga-normalizer-mysql-1.1.1-1.fc24
mame-0.184-1.fc24
os-autoinst-4.4-17.20170329gitd8f75d2.fc24
php-aws-sdk3-3.25.0-1.fc24
pluma-1.16.1-1.fc24
python-bugzilla-2.1.0-1.fc24
qcad-3.16.7.0-1.fc24
rpkg-1.49-2.fc24
samba-4.4.13-0.fc24
starcal-3.0.6-1.fc24
tomcat-8.0.42-1.fc24
xorgxrdp-0.2.1-1.fc24
xrdp-0.9.2-1.fc24
Details about builds:
================================================================================
chromium-57.0.2987.133-1.fc24 (FEDORA-2017-ec01954fe9)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-5055, CVE-2017-5054, CVE-2017-5052, CVE-2017-5056,
CVE-2017-5053
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437353 - CVE-2017-5053 chromium-browser: out of bounds memory access in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1437353
[ 2 ] Bug #1437352 - CVE-2017-5056 chromium-browser: use after free in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1437352
[ 3 ] Bug #1437351 - CVE-2017-5052 chromium-browser: bad cast in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1437351
[ 4 ] Bug #1437350 - CVE-2017-5054 chromium-browser: heap buffer overflow in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1437350
[ 5 ] Bug #1437348 - CVE-2017-5055 chromium-browser: use after free in printing
https://bugzilla.redhat.com/show_bug.cgi?id=1437348
--------------------------------------------------------------------------------
================================================================================
groonga-7.0.1-1.fc24 (FEDORA-2017-7e68693ffb)
An Embeddable Fulltext Search Engine
--------------------------------------------------------------------------------
Update Information:
See http://groonga.org/en/blog/2017/03/29/groonga-7.0.1.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1420563 - groonga-7.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1420563
[ 2 ] Bug #1415675 - groonga-6.1.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1415675
--------------------------------------------------------------------------------
================================================================================
groonga-normalizer-mysql-1.1.1-1.fc24 (FEDORA-2017-46feadb261)
MySQL compatible normalizer plugin for Groonga
--------------------------------------------------------------------------------
Update Information:
new upstream release.
--------------------------------------------------------------------------------
================================================================================
mame-0.184-1.fc24 (FEDORA-2017-f5d2a4a48a)
Multiple Arcade Machine Emulator
--------------------------------------------------------------------------------
Update Information:
An update to the latest mame release: * http://mamedev.org/?p=441
--------------------------------------------------------------------------------
================================================================================
os-autoinst-4.4-17.20170329gitd8f75d2.fc24 (FEDORA-2017-c14bc258ff)
OS-level test automation
--------------------------------------------------------------------------------
Update Information:
This update provides an updated git snapshot of os-autoinst, containing several
fixes that are useful for Fedora deployments. The openQA update fixes some
problems with tagging builds as 'important', one of which was preventing us
doing this for Fedora builds.
--------------------------------------------------------------------------------
================================================================================
php-aws-sdk3-3.25.0-1.fc24 (FEDORA-2017-cf986e793e)
Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:
## 3.25.0 - 2017-03-31 * `Aws\CloudFormation` - Adding paginators for
ListExports and ListImports * `Aws\CloudFront` - Amazon CloudFront now supports
user configurable HTTP Read and Keep-Alive Idle Timeouts for your Custom Origin
Servers * `Aws\ResourceGroupsTaggingAPI` - Resource Groups Tagging APIs can help
you organize your resources and enable you to simplify resource management,
access management, and cost allocation. * `Aws\StorageGateway` - File gateway
mode in AWS Storage gateway provides access to objects in S3 as files on a
Network File System (NFS) mount point. Once a file share is created, any changes
made externally to the S3 bucket will not be reflected by the gateway. Using the
cache refresh feature in this update, the customer can trigger an on-demand scan
of the keys in their S3 bucket and refresh the file namespace cached on the
gateway. It takes as an input the fileShare ARN and refreshes the cache for only
that file share. Additionally there is new functionality on file gateway that
allows you configure what squash options they would like on their file share,
this allows a customer to configure their gateway to not squash root
permissions. This can be done by setting options in NfsOptions for
CreateNfsFileShare and UpdateNfsFileShare APIs. ## 3.24.9 - 2017-03-28 *
`Aws\Batch` - Customers can now provide a retryStrategy as part of the
RegisterJobDefinition and SubmitJob API calls. The retryStrategy object has a
number value for attempts. This is the number of non successful executions
before a job is considered FAILED. In addition, the JobDetail object now has an
attempts field and shows all execution attempts. * `Aws\EC2` - Customers can now
tag their Amazon EC2 Instances and Amazon EBS Volumes at the time of their
creation. You can do this from the EC2 Instance launch wizard or through the
RunInstances or CreateVolume APIs. By tagging resources at the time of creation,
you can eliminate the need to run custom tagging scripts after resource
creation. In addition, you can now set resource-level permissions on the
CreateVolume, CreateTags, DeleteTags, and the RunInstances APIs. This allows you
to implement stronger security policies by giving you more granular control over
which users and groups have access to these APIs. You can also enforce the use
of tagging and control what tag keys and values are set on your resources. When
you combine tag usage and resource-level IAM policies together, you can ensure
your instances and volumes are properly secured upon creation and achieve more
accurate cost allocation reporting. These new features are provided at no
additional cost. ## 3.24.8 - 2017-03-27 * `Aws\SSM` - Updated validation
rules for SendCommand and RegisterTaskWithMaintenanceWindow APIs ## 3.24.7 -
2017-03-23 * `Aws\ApplicationAutoScaling` - Application AutoScaling is
launching support for a new target resource (AppStream 2.0 Fleets) as a scalable
target. ## 3.24.6 - 2017-03-22 * `Aws\ApplicationDiscoveryService` - Adds
export configuration options to the AWS Discovery Service API. *
`Aws\ElasticLoadBalancingv2` - Adding waiters for Elastic Load Balancing V2 *
`Aws\Lambda` - Adds support for new runtime Node.js v6.10 for AWS Lambda service
## 3.24.5 - 2017-03-21 * `Aws\DirectConnect` - Deprecated
DescribeConnectionLoa, DescribeInterconnectLoa, AllocateConnectionOnInterconnect
and DescribeConnectionsOnInterconnect operations in favor of DescribeLoa,
DescribeLoa, AllocateHostedConnection and DescribeHostedConnections
respectively. * `Aws\MarketplaceCommerceAnalytics` - This update adds a new data
set, us_sales_and_use_tax_records, which enables AWS Marketplace sellers to
programmatically access to their U.S. Sales and Use Tax report data. *
`Aws\Pinpoint` - Added support for segment endpoints by user attributes in
addition to endpoint attributes, publishing raw app analytics and campaign
events as events streams to Kinesis and Kinesis Firehose ## 3.24.4 - 2017-03-14
* `Aws\CloudWatchEvents` - Update documentation ## 3.24.3 - 2017-03-13 *
`Aws\CloudWatchEvents` - This update extends Target Data Type for configuring
Target behavior during invocation. * `Aws\DeviceFarm` - Network shaping allows
users to simulate network connections and conditions while testing their
Android, iOS, and web apps with AWS Device Farm. ## 3.24.2 - 2017-03-10 *
`Aws\CodeDeploy` - Add paginators for Codedeploy * `Aws\EMR` - This release
includes support for instance fleets in Amazon EMR.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431302 - php-aws-sdk3-3.25.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1431302
--------------------------------------------------------------------------------
================================================================================
pluma-1.16.1-1.fc24 (FEDORA-2017-8554734b1e)
Text editor for the MATE desktop
--------------------------------------------------------------------------------
Update Information:
- update to 1.16.1
--------------------------------------------------------------------------------
================================================================================
python-bugzilla-2.1.0-1.fc24 (FEDORA-2017-6c31addab4)
python2 library for interacting with Bugzilla
--------------------------------------------------------------------------------
Update Information:
* Rebased to version 2.1.0 * Support for bugzilla 5 API Keys (Dustin J.
Mitchell) * bugzillarc can be used to set default URL for the cli tool * Revive
update_flags wrapper * Bug fixes and minor improvements ---- * Rebased to
version 2.0.0 * Several fixes for use with bugzilla 5 * This release contains
several smallish API breaks: * Bugzilla.bug_autorefresh now defaults to False *
Credentials are now cached in ~/.cache/python-bugzilla/ * bin/bugzilla was
converted to argparse * bugzilla query --boolean_chart option is removed * Unify
command line flags across sub commands
--------------------------------------------------------------------------------
================================================================================
qcad-3.16.7.0-1.fc24 (FEDORA-2017-15d8599020)
Powerful 2D CAD system
--------------------------------------------------------------------------------
Update Information:
- Update to 3.16.7.0 - Fix detection of QCAD modules
--------------------------------------------------------------------------------
================================================================================
rpkg-1.49-2.fc24 (FEDORA-2017-266738a3db)
Python library for interacting with rpm+git
--------------------------------------------------------------------------------
Update Information:
Rename pyrpkg to python2-rpkg. Currently, only Python 2 package is available.
Test cases: - installing ``python2-rpkg`` will replace ``pyrpkg`` with
``python2-rpkg`` - installing ``fedpkg`` should select ``python2-rpkg`` -
original package ``rpkg``, which contains example CLI, is moved to
``%{_datadir}/rpkg/examples/cli``
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400592 - Rename subpackage pyrpkg to python2-rpkg
https://bugzilla.redhat.com/show_bug.cgi?id=1400592
--------------------------------------------------------------------------------
================================================================================
samba-4.4.13-0.fc24 (FEDORA-2017-461ce095b5)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-2619
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429472 - CVE-2017-2619 samba: symlink race permits opening files outside share directory
https://bugzilla.redhat.com/show_bug.cgi?id=1429472
--------------------------------------------------------------------------------
================================================================================
starcal-3.0.6-1.fc24 (FEDORA-2017-90350253fd)
A full-featured international calendar written in Python
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431416 - starcal-3.0.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1431416
--------------------------------------------------------------------------------
================================================================================
tomcat-8.0.42-1.fc24 (FEDORA-2017-0d463794cb)
Apache Servlet/JSP Engine, RI for Servlet 3.1/JSP 2.3 API
--------------------------------------------------------------------------------
Update Information:
This updates includes a rebase from tomcat 8.0.41 up to 8.0.42.
--------------------------------------------------------------------------------
================================================================================
xorgxrdp-0.2.1-1.fc24 (FEDORA-2017-8eac23007d)
Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:
New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX
codec support is now enabled by default. - Bitmap updates support is now enabled
by default. - TLS ciphers suites and version is now logged. - Connected computer
name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. -
Miscellaneous RemoteFX codec mode improvements. - Socket directory is
configurable at the compile time. Bugfixes in xrdp: - Parallels client for
MacOS / iOS can now connect (audio redirection must be disabled on client or
xrdp server though). - MS RDP client for iOS can now connect using TLS security
layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions
(4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened
throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars
anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored
and rdp security layer could be used instead. - Kill disconnected sessions
feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup
and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc-
minimal. VNC is still the default.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1433959
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.2-1.fc24 (FEDORA-2017-8eac23007d)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX
codec support is now enabled by default. - Bitmap updates support is now enabled
by default. - TLS ciphers suites and version is now logged. - Connected computer
name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. -
Miscellaneous RemoteFX codec mode improvements. - Socket directory is
configurable at the compile time. Bugfixes in xrdp: - Parallels client for
MacOS / iOS can now connect (audio redirection must be disabled on client or
xrdp server though). - MS RDP client for iOS can now connect using TLS security
layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions
(4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened
throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars
anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored
and rdp security layer could be used instead. - Kill disconnected sessions
feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup
and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc-
minimal. VNC is still the default.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1433959
--------------------------------------------------------------------------------