The following Fedora 23 Security updates need testing: Age URL 231 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 188 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 161 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 112 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 111 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 76 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 31 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7c48036d73 community-mysql-5.6.30-1.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5733ad20f5 pgpdump-0.30-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2aae0dbc5 botan-1.10.13-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5b2eb0bf9c ntp-4.2.6p5-40.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-78ad11154f ocaml-4.02.2-5.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6f479decc6 owncloud-8.2.4-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7edf033fd8 squid-3.5.10-3.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d900003e6 kernel-4.4.9-300.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2e2b178ea jackson-dataformat-xml-2.5.0-3.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff070e8faa imlib2-1.4.9-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-609627f8f5 ioprocess-0.15.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-68abc0be35 glibc-2.22-15.fc23
The following Fedora 23 Critical Path updates have yet to be approved: Age URL 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-88778482ea lorax-23.21-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0a2ca2016e xulrunner-44.0-6.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-afa56613ca lxsession-0.5.2-9.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-035c5cc546 taglib-1.11-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-66b78d4812 pulseaudio-7.1-1.fc23.1 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff070e8faa imlib2-1.4.9-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-edcdaedcc0 livecd-tools-23.3-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d900003e6 kernel-4.4.9-300.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b23268e0fc xdg-utils-1.1.1-4.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-68abc0be35 glibc-2.22-15.fc23
The following builds have been pushed to Fedora 23 updates-testing
R-zoo-1.7.13-3.fc23 armadillo-6.700.6-1.fc23 drush-6.7.0-1.fc23 glibc-2.22-15.fc23 glogg-1.1.1-1.fc23 gnome-chemistry-utils-0.14.12-2.fc23 gnumeric-1.12.29-1.fc23 goffice-0.10.29-1.fc23 guitarix-0.35.0-2.fc23 kf5-knotifications-5.21.0-3.fc23 kf5-knotifyconfig-5.21.0-2.fc23 libchewing-0.5.0-1.fc23 lshell-0.9.18-1.fc23 medusa-2.2-1.fc23 perl-Net-Twitter-4.01020-1.fc23
Details about builds:
================================================================================ R-zoo-1.7.13-3.fc23 (FEDORA-2016-a6212824bb) Z's ordered observations for irregular time series -------------------------------------------------------------------------------- Update Information:
Update to the latest stable release with following list of fixes: * The window() method erroneously dropped the dimension in case of 1-column zoo series; * Bug fix in NA handling of `rollmax()`; * A few `as.yearmon/as.yearqtr` methods were not registered in the NAMESPACE but are now; * If there are less then two non-NAs in `na.approx()` then `approx()` cannot be applied. Instead of throwing an error (as up to version 1.7-12) simply no NAs are replaced now; * Bug fix for `lag(z, k = k, na.pad = TRUE)` which ignored `na.pad = TRUE` if 'k' was a vector of lags. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1332743 - R-zoo-1.7-13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1332743 --------------------------------------------------------------------------------
================================================================================ armadillo-6.700.6-1.fc23 (FEDORA-2016-88714cade1) Fast C++ matrix library with interfaces to LAPACK and ATLAS -------------------------------------------------------------------------------- Update Information:
Update to the latest stable release. * fix for handling empty matrices by `kron()` * fix for clang warning in advanced matrix constructors * fix for false deprecated warning in `trunc_log()` and `trunc_exp()` * fix for gcc-6.1 warning about misleading indentation * corrected documentation for the `solve()` function -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1329890 - armadillo-6.700.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1329890 --------------------------------------------------------------------------------
================================================================================ drush-6.7.0-1.fc23 (FEDORA-2016-e56e2e2811) Command line shell and scripting interface for Drupal -------------------------------------------------------------------------------- Update Information:
### NOTE: This package replaces the 6.2.0 version PEAR package `php-drush-drush` which was installed at `/usr/share/pear/drush/`. This package installs at `/usr/share/drush/` instead. ### For release information, see: https://github.com/drush-ops/drush/releases Drush is a command line shell and Unix scripting interface for Drupal. If you are unfamiliar with shell scripting, reviewing the documentation for your shell (e.g. man bash) or reading an online tutorial (e.g. search for "bash tutorial") will help you get the most out of Drush. Drush core ships with lots of useful commands for interacting with code like modules/themes/profiles. Similarly, it runs update.php, executes sql queries and DB migrations, and misc utilities like run cron or clear cache. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1244571 - Review Request: drush - Command line shell and scripting interface for Drupal https://bugzilla.redhat.com/show_bug.cgi?id=1244571 --------------------------------------------------------------------------------
================================================================================ glibc-2.22-15.fc23 (FEDORA-2016-68abc0be35) The GNU libc libraries -------------------------------------------------------------------------------- Update Information:
This update contains minor security fixes (for CVE-2016-3075, CVE-2016-1234, CVE-2015-8778, CVE-2015-8776, CVE-2014-9761, CVE-2015-8779) and collects fixes for bugs encountered by Fedora users. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1316972 - glibc: NULL pointer dereference in stub resolver with unconnectable name server addresses https://bugzilla.redhat.com/show_bug.cgi?id=1316972 [ 2 ] Bug #1321861 - glibc: "getent group" listing using nss_db fails when entries are long https://bugzilla.redhat.com/show_bug.cgi?id=1321861 [ 3 ] Bug #1313404 - Test suite failure: elf/tst-audit10 and elf/tst-audit4 https://bugzilla.redhat.com/show_bug.cgi?id=1313404 [ 4 ] Bug #1332914 - glibc: Backport nss_dns hardening patches https://bugzilla.redhat.com/show_bug.cgi?id=1332914 [ 5 ] Bug #1321954 - CVE-2016-3075 glibc: Stack overflow in nss_dns_getnetbyname_r [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1321954 [ 6 ] Bug #1332912 - glibc: nss_hesiod: Heap overflow in get_txt_records https://bugzilla.redhat.com/show_bug.cgi?id=1332912 [ 7 ] Bug #1333940 - glibc: Avoid build failure in TZ tests https://bugzilla.redhat.com/show_bug.cgi?id=1333940 [ 8 ] Bug #1332917 - glibc: Deadlock between fflush, getdelim, and fork https://bugzilla.redhat.com/show_bug.cgi?id=1332917 [ 9 ] Bug #1333945 - glibc: dlerror () returns NULL after dlsym (RTLD_NEXT) of a non-existent symbol https://bugzilla.redhat.com/show_bug.cgi?id=1333945 [ 10 ] Bug #1315648 - CVE-2016-1234 glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1315648 [ 11 ] Bug #1333901 - glibc: getnameinfo: fix memory leak and incorrect truncation checks https://bugzilla.redhat.com/show_bug.cgi?id=1333901 [ 12 ] Bug #1288740 - glibc: tst-makecontext fails on armhfp https://bugzilla.redhat.com/show_bug.cgi?id=1288740 [ 13 ] Bug #1307234 - strfmon_l does not group digits. https://bugzilla.redhat.com/show_bug.cgi?id=1307234 [ 14 ] Bug #1300304 - CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300304 [ 15 ] Bug #1300300 - CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300300 [ 16 ] Bug #1293139 - Invalid memory access in getmntent_r() https://bugzilla.redhat.com/show_bug.cgi?id=1293139 [ 17 ] Bug #1300311 - CVE-2014-9761 glibc: Unbounded stack allocation in nan* functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300311 [ 18 ] Bug #1300314 - CVE-2015-8779 glibc: Unbounded stack allocation in catopen function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300314 [ 19 ] Bug #1321372 - Incorrect first day of the week for es_CL locale https://bugzilla.redhat.com/show_bug.cgi?id=1321372 --------------------------------------------------------------------------------
================================================================================ glogg-1.1.1-1.fc23 (FEDORA-2016-495632bedf) Smart interactive log explorer -------------------------------------------------------------------------------- Update Information:
New upstream release 1.1.1, rhbz#1329862 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1329862 - glogg-1.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1329862 --------------------------------------------------------------------------------
================================================================================ gnome-chemistry-utils-0.14.12-2.fc23 (FEDORA-2016-8c0532c389) A set of chemical utilities -------------------------------------------------------------------------------- Update Information:
This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.29.html --------------------------------------------------------------------------------
================================================================================ gnumeric-1.12.29-1.fc23 (FEDORA-2016-8c0532c389) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information:
This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.29.html --------------------------------------------------------------------------------
================================================================================ goffice-0.10.29-1.fc23 (FEDORA-2016-8c0532c389) G Office support libraries -------------------------------------------------------------------------------- Update Information:
This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.29.html --------------------------------------------------------------------------------
================================================================================ guitarix-0.35.0-2.fc23 (FEDORA-2016-ec38ed6a0c) Mono amplifier to JACK -------------------------------------------------------------------------------- Update Information:
Ensure roboto condensed font is pulled in as a dependency ---- * New UI design/style * disable Gtk warnings in non debug build * add option to enable LSF support in guitarix * add new MultiBand Clipper * patch waf to use stdout as default output and write only error messages to stderr. * add format .w64 to recorder * add configure flag to disable installation of the MOD stuff * add MXR Distortion and Boss DS1 as LV2 plugins * add new plugin emulated Boss DS1 distortion * apply patches from V��ctor Cuadrado (Debian Multimedia team) * add new comandline option -F (set tuner reference pitch at startup) * add comandline option -t (set tuner temperament) * disable Fixrate resampler when jack sample rate is higher then the fixed rate * use 96kHz internal samplerate for main amp simulation * use fixed samplerate (41000Hz) in Pitchtracker to fix tracking of low frequencys at high samplerate * use the new Musical Artifacts Interface for Online Presets * Add MXR Distortion plus guitarix plugin * add BigMuffPi guitarix and LV2 plugin * add gx_aclipper.lv2 (RAT) * add bypass mode for jack insert ports * fix Guitarix starts with 19-tet tuner, while stating 12-tet * add new configure option group style with option --install-roboto-font * add check if roboto condensed is installed * add warning when roboto condensed isn't installed and --install-roboto-font isn't choosen * use <Control S> to save changes to current preset, use <Alt s> for show/hide values. * fix detune for inplace processing * add new distortion gx plugin "RAT" * new French translation by Fr��d��ric Rech (many thanks fred) * Add new modgui artwork data (even bigger commit) * Add new modgui ttl files (big commit) * Add references to new modgui files * fix guitarix crash when plugin fail to instantiate --------------------------------------------------------------------------------
================================================================================ kf5-knotifications-5.21.0-3.fc23 (FEDORA-2016-b785febb27) KDE Frameworks 5 Tier 2 solution with abstraction for system notifications -------------------------------------------------------------------------------- Update Information:
Pull in phonon-related path fixes. --------------------------------------------------------------------------------
================================================================================ kf5-knotifyconfig-5.21.0-2.fc23 (FEDORA-2016-b785febb27) KDE Frameworks 5 Tier 3 module for KNotify configuration -------------------------------------------------------------------------------- Update Information:
Pull in phonon-related path fixes. --------------------------------------------------------------------------------
================================================================================ libchewing-0.5.0-1.fc23 (FEDORA-2016-a6cc646e5d) Intelligent phonetic input method library for Traditional Chinese -------------------------------------------------------------------------------- Update Information:
- Upstream update to 0.5.0 --------------------------------------------------------------------------------
================================================================================ lshell-0.9.18-1.fc23 (FEDORA-2016-5f046ca688) A Python-based limited shell -------------------------------------------------------------------------------- Update Information:
Updated to new upstream version 0.9.18 (rhbz#1323254) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1323254 - lshell: Provide a Python 3 subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1323254 --------------------------------------------------------------------------------
================================================================================ medusa-2.2-1.fc23 (FEDORA-2016-10885379ea) Parallel brute forcing password cracker -------------------------------------------------------------------------------- Update Information:
Upstream official release of 2.2 --------------------------------------------------------------------------------
================================================================================ perl-Net-Twitter-4.01020-1.fc23 (FEDORA-2016-59dde4bfcf) Perl interface to the Twitter API -------------------------------------------------------------------------------- Update Information:
Upgrade to 4.01020 (bz#1323532) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1323532 - perl-Net-Twitter-4.01020 is available https://bugzilla.redhat.com/show_bug.cgi?id=1323532 --------------------------------------------------------------------------------