The following Fedora 25 Security updates need testing:
Age URL
98
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25
18
https://bodhi.fedoraproject.org/updates/FEDORA-2017-06f4b88ceb
php-onelogin-php-saml-2.10.5-1.fc25
10
https://bodhi.fedoraproject.org/updates/FEDORA-2017-99ad80f109
python-sleekxmpp-1.3.2-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e5b5201e7 xen-4.7.2-4.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-674d306f51
icecat-52.0.1-5.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd002b77c
xorgxrdp-0.2.1-1.fc25 xrdp-0.9.2-3.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed4c9b605b
php-horde-Horde-Crypt-2.7.6-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf1944f480
libpng15-1.5.28-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bad9942e42
libpng12-1.2.57-1.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea86a8123b
pungi-4.1.14-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-707045e260 cups-2.2.0-7.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb919b7642
nss-pem-1.0.3-3.fc25 curl-7.51.0-5.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-859f058eda
firefox-52.0.2-2.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5067c05bad
firewalld-0.4.4.4-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a14aa819ff
freetype-2.6.5-4.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0e8a306df1
at-spi2-core-2.22.1-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0dc6f0c054
p11-kit-0.23.2-3.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-433b2a46f7 pcre2-10.23-5.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-68626b63de
gdk-pixbuf2-2.36.6-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e992252aa
openldap-2.4.44-10.fc25
The following builds have been pushed to Fedora 25 updates-testing
cups-2.2.0-7.fc25
curl-7.51.0-5.fc25
firefox-52.0.2-2.fc25
firewalld-0.4.4.4-1.fc25
freerdp-2.0.0-24.20170317git8c68761.fc25
freetype-2.6.5-4.fc25
kicad-4.0.6-1.fc25.1
libglvnd-0.2.999-14.20170308git8e6e102.fc25
libpng12-1.2.57-1.fc25
libpng15-1.5.28-1.fc25
lirc-0.9.4c-8.fc25
notmuch-0.24.1-1.fc25
nss-pem-1.0.3-3.fc25
perl-Dist-Zilla-6.009-1.fc25
php-composer-spdx-licenses-1.1.6-1.fc25
php-horde-Horde-Crypt-2.7.6-1.fc25
python-pyaes-1.6.0-1.fc25
python-pygatt-3.1.1-1.fc25
python-xml2rfc-2.5.2-1.fc25
remmina-1.2.0-0.33.20170317git4d8d257.fc25
sway-0.12.2-1.fc25
xorgxrdp-0.2.1-1.fc25
xrdp-0.9.2-3.fc25
yakuake-3.0.4-1.fc25
zbar-0.10-29.fc25
zsh-5.2-6.fc25
Details about builds:
================================================================================
cups-2.2.0-7.fc25 (FEDORA-2017-707045e260)
CUPS printing system
--------------------------------------------------------------------------------
Update Information:
Temporarily removing resolv_reload patch.
--------------------------------------------------------------------------------
================================================================================
curl-7.51.0-5.fc25 (FEDORA-2017-bb919b7642)
A utility for getting files from remote servers (FTP, HTTP, and others)
--------------------------------------------------------------------------------
Update Information:
- make the dependency on nss-pem arch-specific (#1428550)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431347 - libcurl-7.53.1-3.fc26.i686 requires non-existent nss-pem.fc26.i686
package
https://bugzilla.redhat.com/show_bug.cgi?id=1431347
[ 2 ] Bug #1428550 - nss-pem.i686 not available on x86_64 platform
https://bugzilla.redhat.com/show_bug.cgi?id=1428550
--------------------------------------------------------------------------------
================================================================================
firefox-52.0.2-2.fc25 (FEDORA-2017-859f058eda)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
- New upstream (52.0.2) - mozbz#1348576 - enable e10s for selected users -
mozbz#1158076 - enable dark theme by pref
--------------------------------------------------------------------------------
================================================================================
firewalld-0.4.4.4-1.fc25 (FEDORA-2017-5067c05bad)
A firewall daemon with D-Bus interface providing a dynamic firewall
--------------------------------------------------------------------------------
Update Information:
The new firewalld version 0.4.4.4 is available as a bug fix release for
firewalld version 0.4.4.3
http://www.firewalld.org/2017/03/firewalld-0-4-4-4-release - Drop all
references to
fedorahosted.org - Fix inconsistent order of source bindings - Fix
ipset overloading from /etc/firewalld/ipsets - Fix permanent rich rules using
icmp-type elements - Check if ICMP types are supported by kernel - Show
icmptypes and ipsets with type errors in permanent environment - firewall-
config: Show invalid ipset types - firewall-config: Deactivate modify buttons if
there are no items
--------------------------------------------------------------------------------
================================================================================
freerdp-2.0.0-24.20170317git8c68761.fc25 (FEDORA-2017-0a8fb73c20)
Free implementation of the Remote Desktop Protocol (RDP)
--------------------------------------------------------------------------------
Update Information:
Update to latest snapshot.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438154 - [abrt] remmina: remmina_rdp_cliprdr_request_data(): remmina killed
by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1438154
[ 2 ] Bug #1363834 - [abrt] remmina: setChannelError(): remmina killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1363834
[ 3 ] Bug #1370421 - [abrt] remmina: g_realloc(): remmina killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1370421
[ 4 ] Bug #1380189 - [abrt] remmina: update_free(): remmina killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1380189
[ 5 ] Bug #1403452 - [abrt] remmina: do_validate_rows(): remmina killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1403452
[ 6 ] Bug #1432258 - [abrt] remmina: HashTable_GetItemValue(): remmina killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1432258
--------------------------------------------------------------------------------
================================================================================
freetype-2.6.5-4.fc25 (FEDORA-2017-a14aa819ff)
A free and portable font rendering engine
--------------------------------------------------------------------------------
Update Information:
This update allows linear scaling for unhinted rendering of TrueType fonts.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437999 - FreeType bug causes Chromium misrendering of PDF
https://bugzilla.redhat.com/show_bug.cgi?id=1437999
--------------------------------------------------------------------------------
================================================================================
kicad-4.0.6-1.fc25.1 (FEDORA-2017-274268f6f7)
EDA software suite for creation of schematic diagrams and PCBs
--------------------------------------------------------------------------------
Update Information:
Update to 4.0.6.
--------------------------------------------------------------------------------
================================================================================
libglvnd-0.2.999-14.20170308git8e6e102.fc25 (FEDORA-2017-ce3f26ba8a)
The GL Vendor-Neutral Dispatch library
--------------------------------------------------------------------------------
Update Information:
* Fix conditionals for _without_mesa_glvnd_default * Fix other RHEL-
conditionals, too * Update RPM filters for private libraries (includes GLX,
fixes RHEL 6). * Update to latest snapshot, remove upstreamed patches. * Update
release to packaging guidelines format. * Make sure that for Fedora 24 and RHEL
the libraries are always private.
--------------------------------------------------------------------------------
================================================================================
libpng12-1.2.57-1.fc25 (FEDORA-2017-bad9942e42)
Old version of libpng, needed to run old binaries
--------------------------------------------------------------------------------
Update Information:
* Update to upstream release **1.2.57**. * Fixes **CVE-2016-10087**.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409617 - CVE-2016-10087 libpng: NULL pointer dereference in
png_set_text_2()
https://bugzilla.redhat.com/show_bug.cgi?id=1409617
--------------------------------------------------------------------------------
================================================================================
libpng15-1.5.28-1.fc25 (FEDORA-2017-cf1944f480)
Old version of libpng, needed to run old binaries
--------------------------------------------------------------------------------
Update Information:
* Update to upstream release **1.5.28**. * Fixes **CVE-2016-10087**.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409617 - CVE-2016-10087 libpng: NULL pointer dereference in
png_set_text_2()
https://bugzilla.redhat.com/show_bug.cgi?id=1409617
--------------------------------------------------------------------------------
================================================================================
lirc-0.9.4c-8.fc25 (FEDORA-2017-e134d6805f)
The Linux Infrared Remote Control package
--------------------------------------------------------------------------------
Update Information:
Fix for missing systemd socket activation giving subtle boot errors.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438702 - systemd socket-activation support is not available
https://bugzilla.redhat.com/show_bug.cgi?id=1438702
--------------------------------------------------------------------------------
================================================================================
notmuch-0.24.1-1.fc25 (FEDORA-2017-490a8860f3)
System for indexing, searching, and tagging email
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438206 - notmuch-0.24.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1438206
--------------------------------------------------------------------------------
================================================================================
nss-pem-1.0.3-3.fc25 (FEDORA-2017-bb919b7642)
PEM file reader for Network Security Services (NSS)
--------------------------------------------------------------------------------
Update Information:
- make the dependency on nss-pem arch-specific (#1428550)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431347 - libcurl-7.53.1-3.fc26.i686 requires non-existent nss-pem.fc26.i686
package
https://bugzilla.redhat.com/show_bug.cgi?id=1431347
[ 2 ] Bug #1428550 - nss-pem.i686 not available on x86_64 platform
https://bugzilla.redhat.com/show_bug.cgi?id=1428550
--------------------------------------------------------------------------------
================================================================================
perl-Dist-Zilla-6.009-1.fc25 (FEDORA-2017-3d3434d0fa)
Distribution builder; installer not included!
--------------------------------------------------------------------------------
Update Information:
A new version of Dist-ZIlla is available. Refer to
http://cpansearch.perl.org/src/RJBS/Dist-Zilla-6.009/Changes for the summary of
changes in this release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429144 - perl-Dist-Zilla-6.009 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1429144
--------------------------------------------------------------------------------
================================================================================
php-composer-spdx-licenses-1.1.6-1.fc25 (FEDORA-2017-e4ecdc1272)
SPDX licenses list and validation library
--------------------------------------------------------------------------------
Update Information:
**Version 1.1.6** - 2017-04-03 * Changed: updated licenses list.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Crypt-2.7.6-1.fc25 (FEDORA-2017-ed4c9b605b)
Horde Cryptography API
--------------------------------------------------------------------------------
Update Information:
**Horde_Crypt 2.7.6** * [mjr] SECURITY: Fix remote code execution vulnerability
(**CVE-2017-7413**, and **CVE-2017-7414**).
--------------------------------------------------------------------------------
================================================================================
python-pyaes-1.6.0-1.fc25 (FEDORA-2017-df3a65f201)
Pure-Python implementation of AES block-cipher and common modes of operation
--------------------------------------------------------------------------------
Update Information:
* Initial build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437986 - Review Request: python-pyaes - Pure-Python implementation of AES
block-cipher and common modes of operation
https://bugzilla.redhat.com/show_bug.cgi?id=1437986
--------------------------------------------------------------------------------
================================================================================
python-pygatt-3.1.1-1.fc25 (FEDORA-2017-9efc8492e8)
A Python Module for Bluetooth LE Generic Attribute Profile
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 3.1.1
--------------------------------------------------------------------------------
================================================================================
python-xml2rfc-2.5.2-1.fc25 (FEDORA-2017-167b3244c8)
Convert IETF RFC-2629 XML into txt format
--------------------------------------------------------------------------------
Update Information:
Updated to 2.5.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438375 - xml2rfc: incorrect dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1438375
[ 2 ] Bug #1323171 - python-xml2rfc: Provide a Python 3 subpackage
https://bugzilla.redhat.com/show_bug.cgi?id=1323171
--------------------------------------------------------------------------------
================================================================================
remmina-1.2.0-0.33.20170317git4d8d257.fc25 (FEDORA-2017-0a8fb73c20)
Remote Desktop Client
--------------------------------------------------------------------------------
Update Information:
Update to latest snapshot.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438154 - [abrt] remmina: remmina_rdp_cliprdr_request_data(): remmina killed
by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1438154
[ 2 ] Bug #1363834 - [abrt] remmina: setChannelError(): remmina killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1363834
[ 3 ] Bug #1370421 - [abrt] remmina: g_realloc(): remmina killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1370421
[ 4 ] Bug #1380189 - [abrt] remmina: update_free(): remmina killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1380189
[ 5 ] Bug #1403452 - [abrt] remmina: do_validate_rows(): remmina killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1403452
[ 6 ] Bug #1432258 - [abrt] remmina: HashTable_GetItemValue(): remmina killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1432258
--------------------------------------------------------------------------------
================================================================================
sway-0.12.2-1.fc25 (FEDORA-2017-4627244140)
i3-compatible window manager for Wayland
--------------------------------------------------------------------------------
Update Information:
update ---- update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1432455 - sway-0.12.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1432455
--------------------------------------------------------------------------------
================================================================================
xorgxrdp-0.2.1-1.fc25 (FEDORA-2017-7bd002b77c)
Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:
New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX
codec support is now enabled by default. - Bitmap updates support is now enabled
by default. - TLS ciphers suites and version is now logged. - Connected computer
name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. -
Miscellaneous RemoteFX codec mode improvements. - Socket directory is
configurable at the compile time. Bugfixes in xrdp: - Parallels client for
MacOS / iOS can now connect (audio redirection must be disabled on client or
xrdp server though). - MS RDP client for iOS can now connect using TLS security
layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions
(4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened
throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars
anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored
and rdp security layer could be used instead. - Kill disconnected sessions
feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup
and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc-
minimal. VNC is still the default.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session()
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1433959
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.2-3.fc25 (FEDORA-2017-7bd002b77c)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX
codec support is now enabled by default. - Bitmap updates support is now enabled
by default. - TLS ciphers suites and version is now logged. - Connected computer
name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. -
Miscellaneous RemoteFX codec mode improvements. - Socket directory is
configurable at the compile time. Bugfixes in xrdp: - Parallels client for
MacOS / iOS can now connect (audio redirection must be disabled on client or
xrdp server though). - MS RDP client for iOS can now connect using TLS security
layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions
(4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened
throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars
anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored
and rdp security layer could be used instead. - Kill disconnected sessions
feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup
and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc-
minimal. VNC is still the default.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session()
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1433959
--------------------------------------------------------------------------------
================================================================================
yakuake-3.0.4-1.fc25 (FEDORA-2017-8351331fde)
A drop-down terminal emulator
--------------------------------------------------------------------------------
Update Information:
Latest upstream bugfix release.
--------------------------------------------------------------------------------
================================================================================
zbar-0.10-29.fc25 (FEDORA-2017-fef3d3fb38)
Bar code reader
--------------------------------------------------------------------------------
Update Information:
Update it to use Qt5 instead of Qt4 (whose package is currently orphaned on
Fedora)
--------------------------------------------------------------------------------
================================================================================
zsh-5.2-6.fc25 (FEDORA-2017-aaf65ae1c0)
Powerful interactive shell
--------------------------------------------------------------------------------
Update Information:
Included two additional zsh modules: pcre and db/gdbm, which are needed by some
completion functions.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438009 - zsh package is missing some modules
https://bugzilla.redhat.com/show_bug.cgi?id=1438009
--------------------------------------------------------------------------------