The following Fedora 23 Security updates need testing:
Age URL
376
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
333
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
306
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
257
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
257
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
222
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
97
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547
nodejs-0.10.46-1.fc23
76
https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05
ecryptfs-utils-111-1.fc23
63
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23
52
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23
45
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
43
https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f
firewalld-0.4.3.3-1.fc23
29
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14
dhcpcd-6.11.3-1.fc23
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1c402851
thunderbird-45.3.0-1.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-58f90ae3cc
mariadb-10.0.27-1.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0de0e0ee0c gd-2.1.1-10.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4cedbd4308
mongodb-3.0.12-2.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bc0e4e3f5a
community-mysql-5.6.33-1.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b331a099f3
chromium-53.0.2785.116-1.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-aa8275e843 links-2.13-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-97454404fe
openssl-1.0.2j-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0551065fe0
irssi-0.8.20-2.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e5105570
php-ZendFramework-1.12.20-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3795497354
python-django-1.8.15-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad1871cf02
openjpeg2-2.1.2-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe55f449e0
mingw-openjpeg2-2.1.2-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1
bind-9.10.4-2.P3.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cbef6c8619
bind99-9.9.9-2.P3.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b9d24c2b6
zathura-pdf-mupdf-0.3.0-2.fc23 mujs-0-5.20160921git5c337af.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
72
https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23
libreport-2.6.4-3.fc23
45
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1c402851
thunderbird-45.3.0-1.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0de0e0ee0c gd-2.1.1-10.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e
python-virtkey-0.63.0-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab35400bb1
poppler-0.34.0-4.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7aef55393a
polkit-qt-0.112.0-8.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-97454404fe
openssl-1.0.2j-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a3e81a5be
linux-firmware-20160923-68.git42ad5367.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cf2b06f96f
libass-0.13.3-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1
bind-9.10.4-2.P3.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a
koji-1.10.1-13.fc23
The following builds have been pushed to Fedora 23 updates-testing
bind-9.10.4-2.P3.fc23
bind99-9.9.9-2.P3.fc23
execdb-0.0.7-5.fc23
icecat-45.3.0-0.5.beta.fc23
koji-1.10.1-13.fc23
libfm-qt-0.11.1-2.fc23
liblxqt-0.11.0-1.fc23
libqtxdg-2.0.0-2.fc23
lximage-qt-0.5.0-1.fc23
lxqt-about-0.11.0-1.fc23
lxqt-common-0.11.0-1.fc23
lxqt-config-0.11.0-2.fc23
lxqt-globalkeys-0.11.0-2.fc23
lxqt-notificationd-0.11.0-1.fc23
lxqt-openssh-askpass-0.11.0-2.fc23
lxqt-panel-0.11.0-2.fc23
lxqt-policykit-0.11.0-2.fc23
lxqt-powermanagement-0.11.0-1.fc23
lxqt-qtplugin-0.11.0-1.fc23
lxqt-runner-0.11.0-7.fc23
lxqt-session-0.11.0-1.fc23
lxqt-sudo-0.11.0-1.fc23
mame-0.178-1.fc23
mujs-0-5.20160921git5c337af.fc23
pavucontrol-qt-0.1.0-2.fc23
pcmanfm-qt-0.11.1-1.fc23
perl-Authen-SASL-SASLprep-1.100-1.fc23
perl-Canary-Stability-2012-1.fc23
perl-PDF-Reuse-0.39-1.fc23
roundcubemail-1.2.2-1.fc23
supertux-0.5.0-1.fc23
tarantool-1.6.9.11-1.fc23
zathura-pdf-mupdf-0.3.0-2.fc23
Details about builds:
================================================================================
bind-9.10.4-2.P3.fc23 (FEDORA-2016-3af8b344f1)
The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version due to CVE-2016-2776
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1378380 - CVE-2016-2776 bind: assertion failure in buffer.c while building
responses to a specifically constructed request
https://bugzilla.redhat.com/show_bug.cgi?id=1378380
--------------------------------------------------------------------------------
================================================================================
bind99-9.9.9-2.P3.fc23 (FEDORA-2016-cbef6c8619)
The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) libraries
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream version due to CVE-2016-2776
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1378380 - CVE-2016-2776 bind: assertion failure in buffer.c while building
responses to a specifically constructed request
https://bugzilla.redhat.com/show_bug.cgi?id=1378380
--------------------------------------------------------------------------------
================================================================================
execdb-0.0.7-5.fc23 (FEDORA-2016-2a012e4d1a)
Execution status database for Taskotron
--------------------------------------------------------------------------------
Update Information:
using python2-flask-sqlalchemy breaks depcheck on f23 ---- new package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1346243 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1346243
--------------------------------------------------------------------------------
================================================================================
icecat-45.3.0-0.5.beta.fc23 (FEDORA-2016-3669ea6c2c)
GNU version of Firefox browser
--------------------------------------------------------------------------------
Update Information:
- Drop obsolete patch
--------------------------------------------------------------------------------
================================================================================
koji-1.10.1-13.fc23 (FEDORA-2016-d26923757a)
Build system tools
--------------------------------------------------------------------------------
Update Information:
Add --new-chroot option for runroot plugin, allowing mock inside koji to use
systemd-nspawn style chroot.
--------------------------------------------------------------------------------
================================================================================
libfm-qt-0.11.1-2.fc23 (FEDORA-2016-a7ca13a8df)
Companion library for PCManFM
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
liblxqt-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df)
Core shared library for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
libqtxdg-2.0.0-2.fc23 (FEDORA-2016-a7ca13a8df)
QtXdg, a Qt5 implementation of XDG standards
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lximage-qt-0.5.0-1.fc23 (FEDORA-2016-a7ca13a8df)
The image viewer and screenshot tool for LXQt
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-about-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df)
About application for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-common-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df)
Common resources for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-config-0.11.0-2.fc23 (FEDORA-2016-a7ca13a8df)
Config tools for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-globalkeys-0.11.0-2.fc23 (FEDORA-2016-a7ca13a8df)
Global keys utility for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-notificationd-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df)
Notification daemon for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-openssh-askpass-0.11.0-2.fc23 (FEDORA-2016-a7ca13a8df)
Askpass openssh transition dialog for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-panel-0.11.0-2.fc23 (FEDORA-2016-a7ca13a8df)
Main panel bar for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-policykit-0.11.0-2.fc23 (FEDORA-2016-a7ca13a8df)
PolicyKit agent for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-powermanagement-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df)
Powermanagement daemon for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-qtplugin-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df)
Qt plugin framework for LXQt Desktop Suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-runner-0.11.0-7.fc23 (FEDORA-2016-a7ca13a8df)
Application runner agent for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-session-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df)
Main session for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
lxqt-sudo-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df)
GUI frontend for sudo/su
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
mame-0.178-1.fc23 (FEDORA-2016-284a27c4c6)
Multiple Arcade Machine Emulator
--------------------------------------------------------------------------------
Update Information:
An update to the latest mame release: *
http://mamedev.org/?p=431
--------------------------------------------------------------------------------
================================================================================
mujs-0-5.20160921git5c337af.fc23 (FEDORA-2016-1b9d24c2b6)
An embeddable Javascript interpreter
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-7563, CVE-2016-7564
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1380323 - CVE-2016-7563 CVE-2016-7564 mujs: Multiple issues fixed in latest
version
https://bugzilla.redhat.com/show_bug.cgi?id=1380323
--------------------------------------------------------------------------------
================================================================================
pavucontrol-qt-0.1.0-2.fc23 (FEDORA-2016-a7ca13a8df)
Qt port of volume control pavucontrol
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
pcmanfm-qt-0.11.1-1.fc23 (FEDORA-2016-a7ca13a8df)
LxQt file manager PCManFM
--------------------------------------------------------------------------------
Update Information:
New upstream lxqt package set 0.11.0
--------------------------------------------------------------------------------
================================================================================
perl-Authen-SASL-SASLprep-1.100-1.fc23 (FEDORA-2016-aca2a6d794)
Stringprep profile for user names and passwords (RFC 4013)
--------------------------------------------------------------------------------
Update Information:
This release adds "stored strings" capability to saslprep() routine.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1380044 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1380044
--------------------------------------------------------------------------------
================================================================================
perl-Canary-Stability-2012-1.fc23 (FEDORA-2016-27f10dec70)
Canary to check perl compatibility for Schmorp's modules
--------------------------------------------------------------------------------
Update Information:
This release removes coloring of an introduction text.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1379997 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1379997
--------------------------------------------------------------------------------
================================================================================
perl-PDF-Reuse-0.39-1.fc23 (FEDORA-2016-2508e032f2)
Reuse and mass produce PDF documents
--------------------------------------------------------------------------------
Update Information:
This release removes unneeded files form source tar ball. We deliver it only to
provide recent version string. ---- This release closes TTF file handles,
fixes warnings in prStrWidth() and prText(), handling bookmarks, reading PDF 1.5
version, CPU excessive usage when parsing bad PDF, handling zero coordinates in
prMbox(). It also adds support for file handles, IO::String, and in-memory
files.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1380054 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1380054
[ 2 ] Bug #1379025 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1379025
--------------------------------------------------------------------------------
================================================================================
roundcubemail-1.2.2-1.fc23 (FEDORA-2016-47f39341b9)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
**Version 1.2.2** * Enigma: Add possibility to configure gpg-agent binary
location (enigma_pgp_agent) * Enigma: Fix signature verification with some
IMAP servers, e.g. Gmail, DBMail (#5371) * Enigma: Make recipient key
searches case-insensitive (#5434) * Fix regression in resizing JPEG images
with Imagick (#5376) * Managesieve: Fix parsing of vacation date-time with
non-default date_format (#5372) * Use SymLinksIfOwnerMatch in .htaccess
instead of FollowSymLinks disabled on some hosts for security reasons (#5370) *
Wash position:fixed style in HTML mail for better security (#5264) * Fix bug
where memcache_debug didn't work for session operations * Fix bug where
Message-ID domain part was tied to username instead of current identity (#5385)
* Fix bug where blocked.gif couldn't be attached to reply/forward with
insecure content * Fix E_DEPRECATED warning when using Auth_SASL::factory()
(#5401) * Fix bug where names of downloaded files could be malformed when
derived from the message subject (#5404) * Fix so "All" messages selection
is
resetted on search reset (#5413) * Fix bug where folder creation could fail
if personal namespace contained more than one entry (#5403) * Fix error
causing empty INBOX listing in Firefox when using an URL with user:password
specified (#5400) * Fix PHP warning when handling shared namespace with empty
prefix (#5420) * Fix so folders list is scrolled to the selected folder on
page load (#5424) * Fix so when moving to Trash we make sure the folder
exists (#5192) * Fix displaying size of attachments with zero size * Fix
so "Action disabled" error uses more appropriate 404 code (#5440)
--------------------------------------------------------------------------------
================================================================================
supertux-0.5.0-1.fc23 (FEDORA-2016-ceb2c27cff)
Jump'n run like game
--------------------------------------------------------------------------------
Update Information:
Update to 0.5.0 (#1380088) * In-game level editor * Improved levels in
Antarctica and Forest Island * Language packs are fixed * Engine performance
improvements * Extended the scripting API: gradients are now scriptable * Added
a few more tiles and music * New console commands and command line options
(related to the editor) * Various other bugfixes of issues reported since the
v0.4.0 release * And more (minor) improvements and changes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1380088 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1380088
--------------------------------------------------------------------------------
================================================================================
tarantool-1.6.9.11-1.fc23 (FEDORA-2016-a6cd03f108)
In-memory database and Lua application server
--------------------------------------------------------------------------------
Update Information:
A new bugfix release from upstream.
https://github.com/tarantool/tarantool/releases/tag/1.6.9
--------------------------------------------------------------------------------
================================================================================
zathura-pdf-mupdf-0.3.0-2.fc23 (FEDORA-2016-1b9d24c2b6)
PDF support for zathura via mupdf
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-7563, CVE-2016-7564
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1380323 - CVE-2016-7563 CVE-2016-7564 mujs: Multiple issues fixed in latest
version
https://bugzilla.redhat.com/show_bug.cgi?id=1380323
--------------------------------------------------------------------------------