The following Fedora 23 Security updates need testing: Age URL 376 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 333 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 306 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 257 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 257 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 222 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 97 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 76 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05 ecryptfs-utils-111-1.fc23 63 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23 52 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23 45 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 43 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f firewalld-0.4.3.3-1.fc23 29 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14 dhcpcd-6.11.3-1.fc23 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1c402851 thunderbird-45.3.0-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-58f90ae3cc mariadb-10.0.27-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0de0e0ee0c gd-2.1.1-10.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4cedbd4308 mongodb-3.0.12-2.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bc0e4e3f5a community-mysql-5.6.33-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b331a099f3 chromium-53.0.2785.116-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-aa8275e843 links-2.13-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97454404fe openssl-1.0.2j-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0551065fe0 irssi-0.8.20-2.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e5105570 php-ZendFramework-1.12.20-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3795497354 python-django-1.8.15-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad1871cf02 openjpeg2-2.1.2-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe55f449e0 mingw-openjpeg2-2.1.2-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cbef6c8619 bind99-9.9.9-2.P3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b9d24c2b6 zathura-pdf-mupdf-0.3.0-2.fc23 mujs-0-5.20160921git5c337af.fc23
The following Fedora 23 Critical Path updates have yet to be approved: Age URL 72 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23 libreport-2.6.4-3.fc23 45 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1c402851 thunderbird-45.3.0-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0de0e0ee0c gd-2.1.1-10.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e python-virtkey-0.63.0-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab35400bb1 poppler-0.34.0-4.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7aef55393a polkit-qt-0.112.0-8.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97454404fe openssl-1.0.2j-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a3e81a5be linux-firmware-20160923-68.git42ad5367.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cf2b06f96f libass-0.13.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a koji-1.10.1-13.fc23
The following builds have been pushed to Fedora 23 updates-testing
bind-9.10.4-2.P3.fc23 bind99-9.9.9-2.P3.fc23 execdb-0.0.7-5.fc23 icecat-45.3.0-0.5.beta.fc23 koji-1.10.1-13.fc23 libfm-qt-0.11.1-2.fc23 liblxqt-0.11.0-1.fc23 libqtxdg-2.0.0-2.fc23 lximage-qt-0.5.0-1.fc23 lxqt-about-0.11.0-1.fc23 lxqt-common-0.11.0-1.fc23 lxqt-config-0.11.0-2.fc23 lxqt-globalkeys-0.11.0-2.fc23 lxqt-notificationd-0.11.0-1.fc23 lxqt-openssh-askpass-0.11.0-2.fc23 lxqt-panel-0.11.0-2.fc23 lxqt-policykit-0.11.0-2.fc23 lxqt-powermanagement-0.11.0-1.fc23 lxqt-qtplugin-0.11.0-1.fc23 lxqt-runner-0.11.0-7.fc23 lxqt-session-0.11.0-1.fc23 lxqt-sudo-0.11.0-1.fc23 mame-0.178-1.fc23 mujs-0-5.20160921git5c337af.fc23 pavucontrol-qt-0.1.0-2.fc23 pcmanfm-qt-0.11.1-1.fc23 perl-Authen-SASL-SASLprep-1.100-1.fc23 perl-Canary-Stability-2012-1.fc23 perl-PDF-Reuse-0.39-1.fc23 roundcubemail-1.2.2-1.fc23 supertux-0.5.0-1.fc23 tarantool-1.6.9.11-1.fc23 zathura-pdf-mupdf-0.3.0-2.fc23
Details about builds:
================================================================================ bind-9.10.4-2.P3.fc23 (FEDORA-2016-3af8b344f1) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information:
Update to latest upstream version due to CVE-2016-2776 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1378380 - CVE-2016-2776 bind: assertion failure in buffer.c while building responses to a specifically constructed request https://bugzilla.redhat.com/show_bug.cgi?id=1378380 --------------------------------------------------------------------------------
================================================================================ bind99-9.9.9-2.P3.fc23 (FEDORA-2016-cbef6c8619) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) libraries -------------------------------------------------------------------------------- Update Information:
Update to the latest upstream version due to CVE-2016-2776 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1378380 - CVE-2016-2776 bind: assertion failure in buffer.c while building responses to a specifically constructed request https://bugzilla.redhat.com/show_bug.cgi?id=1378380 --------------------------------------------------------------------------------
================================================================================ execdb-0.0.7-5.fc23 (FEDORA-2016-2a012e4d1a) Execution status database for Taskotron -------------------------------------------------------------------------------- Update Information:
using python2-flask-sqlalchemy breaks depcheck on f23 ---- new package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1346243 - None https://bugzilla.redhat.com/show_bug.cgi?id=1346243 --------------------------------------------------------------------------------
================================================================================ icecat-45.3.0-0.5.beta.fc23 (FEDORA-2016-3669ea6c2c) GNU version of Firefox browser -------------------------------------------------------------------------------- Update Information:
- Drop obsolete patch --------------------------------------------------------------------------------
================================================================================ koji-1.10.1-13.fc23 (FEDORA-2016-d26923757a) Build system tools -------------------------------------------------------------------------------- Update Information:
Add --new-chroot option for runroot plugin, allowing mock inside koji to use systemd-nspawn style chroot. --------------------------------------------------------------------------------
================================================================================ libfm-qt-0.11.1-2.fc23 (FEDORA-2016-a7ca13a8df) Companion library for PCManFM -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ liblxqt-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df) Core shared library for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ libqtxdg-2.0.0-2.fc23 (FEDORA-2016-a7ca13a8df) QtXdg, a Qt5 implementation of XDG standards -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lximage-qt-0.5.0-1.fc23 (FEDORA-2016-a7ca13a8df) The image viewer and screenshot tool for LXQt -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-about-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df) About application for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-common-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df) Common resources for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-config-0.11.0-2.fc23 (FEDORA-2016-a7ca13a8df) Config tools for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-globalkeys-0.11.0-2.fc23 (FEDORA-2016-a7ca13a8df) Global keys utility for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-notificationd-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df) Notification daemon for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-openssh-askpass-0.11.0-2.fc23 (FEDORA-2016-a7ca13a8df) Askpass openssh transition dialog for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-panel-0.11.0-2.fc23 (FEDORA-2016-a7ca13a8df) Main panel bar for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-policykit-0.11.0-2.fc23 (FEDORA-2016-a7ca13a8df) PolicyKit agent for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-powermanagement-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df) Powermanagement daemon for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-qtplugin-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df) Qt plugin framework for LXQt Desktop Suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-runner-0.11.0-7.fc23 (FEDORA-2016-a7ca13a8df) Application runner agent for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-session-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df) Main session for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ lxqt-sudo-0.11.0-1.fc23 (FEDORA-2016-a7ca13a8df) GUI frontend for sudo/su -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ mame-0.178-1.fc23 (FEDORA-2016-284a27c4c6) Multiple Arcade Machine Emulator -------------------------------------------------------------------------------- Update Information:
An update to the latest mame release: * http://mamedev.org/?p=431 --------------------------------------------------------------------------------
================================================================================ mujs-0-5.20160921git5c337af.fc23 (FEDORA-2016-1b9d24c2b6) An embeddable Javascript interpreter -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2016-7563, CVE-2016-7564 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1380323 - CVE-2016-7563 CVE-2016-7564 mujs: Multiple issues fixed in latest version https://bugzilla.redhat.com/show_bug.cgi?id=1380323 --------------------------------------------------------------------------------
================================================================================ pavucontrol-qt-0.1.0-2.fc23 (FEDORA-2016-a7ca13a8df) Qt port of volume control pavucontrol -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ pcmanfm-qt-0.11.1-1.fc23 (FEDORA-2016-a7ca13a8df) LxQt file manager PCManFM -------------------------------------------------------------------------------- Update Information:
New upstream lxqt package set 0.11.0 --------------------------------------------------------------------------------
================================================================================ perl-Authen-SASL-SASLprep-1.100-1.fc23 (FEDORA-2016-aca2a6d794) Stringprep profile for user names and passwords (RFC 4013) -------------------------------------------------------------------------------- Update Information:
This release adds "stored strings" capability to saslprep() routine. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1380044 - None https://bugzilla.redhat.com/show_bug.cgi?id=1380044 --------------------------------------------------------------------------------
================================================================================ perl-Canary-Stability-2012-1.fc23 (FEDORA-2016-27f10dec70) Canary to check perl compatibility for Schmorp's modules -------------------------------------------------------------------------------- Update Information:
This release removes coloring of an introduction text. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1379997 - None https://bugzilla.redhat.com/show_bug.cgi?id=1379997 --------------------------------------------------------------------------------
================================================================================ perl-PDF-Reuse-0.39-1.fc23 (FEDORA-2016-2508e032f2) Reuse and mass produce PDF documents -------------------------------------------------------------------------------- Update Information:
This release removes unneeded files form source tar ball. We deliver it only to provide recent version string. ---- This release closes TTF file handles, fixes warnings in prStrWidth() and prText(), handling bookmarks, reading PDF 1.5 version, CPU excessive usage when parsing bad PDF, handling zero coordinates in prMbox(). It also adds support for file handles, IO::String, and in-memory files. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1380054 - None https://bugzilla.redhat.com/show_bug.cgi?id=1380054 [ 2 ] Bug #1379025 - None https://bugzilla.redhat.com/show_bug.cgi?id=1379025 --------------------------------------------------------------------------------
================================================================================ roundcubemail-1.2.2-1.fc23 (FEDORA-2016-47f39341b9) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information:
**Version 1.2.2** * Enigma: Add possibility to configure gpg-agent binary location (enigma_pgp_agent) * Enigma: Fix signature verification with some IMAP servers, e.g. Gmail, DBMail (#5371) * Enigma: Make recipient key searches case-insensitive (#5434) * Fix regression in resizing JPEG images with Imagick (#5376) * Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372) * Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370) * Wash position:fixed style in HTML mail for better security (#5264) * Fix bug where memcache_debug didn't work for session operations * Fix bug where Message-ID domain part was tied to username instead of current identity (#5385) * Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content * Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401) * Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404) * Fix so "All" messages selection is resetted on search reset (#5413) * Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403) * Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400) * Fix PHP warning when handling shared namespace with empty prefix (#5420) * Fix so folders list is scrolled to the selected folder on page load (#5424) * Fix so when moving to Trash we make sure the folder exists (#5192) * Fix displaying size of attachments with zero size * Fix so "Action disabled" error uses more appropriate 404 code (#5440) --------------------------------------------------------------------------------
================================================================================ supertux-0.5.0-1.fc23 (FEDORA-2016-ceb2c27cff) Jump'n run like game -------------------------------------------------------------------------------- Update Information:
Update to 0.5.0 (#1380088) * In-game level editor * Improved levels in Antarctica and Forest Island * Language packs are fixed * Engine performance improvements * Extended the scripting API: gradients are now scriptable * Added a few more tiles and music * New console commands and command line options (related to the editor) * Various other bugfixes of issues reported since the v0.4.0 release * And more (minor) improvements and changes -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1380088 - None https://bugzilla.redhat.com/show_bug.cgi?id=1380088 --------------------------------------------------------------------------------
================================================================================ tarantool-1.6.9.11-1.fc23 (FEDORA-2016-a6cd03f108) In-memory database and Lua application server -------------------------------------------------------------------------------- Update Information:
A new bugfix release from upstream. https://github.com/tarantool/tarantool/releases/tag/1.6.9 --------------------------------------------------------------------------------
================================================================================ zathura-pdf-mupdf-0.3.0-2.fc23 (FEDORA-2016-1b9d24c2b6) PDF support for zathura via mupdf -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2016-7563, CVE-2016-7564 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1380323 - CVE-2016-7563 CVE-2016-7564 mujs: Multiple issues fixed in latest version https://bugzilla.redhat.com/show_bug.cgi?id=1380323 --------------------------------------------------------------------------------