The following Fedora 24 Security updates need testing:
Age URL
162
https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08
squid-3.5.23-1.fc24
156
https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24
118
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba
runc-1.0.0-5.rc2.gitc91b5be.fc24
98
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24
54
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2
python-XStatic-jquery-ui-1.12.0.1-1.fc24
34
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0b6da97aa5
squirrelmail-1.4.22-19.fc24
26
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a0e2d58f8
thunderbird-52.1.0-1.fc24
19
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4de07172f4
postgresql-9.5.7-1.fc24
14
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7d698eba8b
chromium-58.0.3029.110-2.fc24
chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc24
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1f11501a9f
perltidy-20170521-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0a1b2d495a
systemd-229-20.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d39099ea6a
webkitgtk4-2.16.3-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b22de5c767
dropbear-2017.75-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f942f19ff4 picocom-2.2-2.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5c55ef46ee yara-3.6.0-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d6d0067f
oniguruma-5.9.6-4.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-486a536b62
mosquitto-1.4.12-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e6f5f6957
poppler-0.41.0-4.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3258a7e433
dolphin-emu-5.0-14.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-eadc5f410e
mingw-poppler-0.41.0-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-135429d732
sudo-1.8.20p1-1.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
41
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1905fd566 koji-1.12.0-2.fc24
26
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a0e2d58f8
thunderbird-52.1.0-1.fc24
14
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2c9e5e8fe
tigervnc-1.8.0-1.fc24
11
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f5c3ec36e
python-coverage-4.4.1-1.fc24
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3ca90a77bd
libtiff-4.0.8-1.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c54e3353b6
p11-kit-0.23.2-4.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d39099ea6a
webkitgtk4-2.16.3-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0a1b2d495a
systemd-229-20.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-dc75cff415
firefox-53.0.3-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-09ed8ebe2c sssd-1.15.2-5.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-135429d732
sudo-1.8.20p1-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-fabdb3303a testdisk-7.0-9.fc24
ntfs-3g-2017.3.23-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e6f5f6957
poppler-0.41.0-4.fc24
The following builds have been pushed to Fedora 24 updates-testing
dolphin-emu-5.0-14.fc24
klavaro-3.02-4.fc24
lizardfs-3.11.0-3.fc24
luksmeta-4-1.fc24
mingw-poppler-0.41.0-2.fc24
nordugrid-arc-5.3.1-1.fc24
nordugrid-arc-doc-2.0.15-1.fc24
nordugrid-arc-nagios-plugins-1.9.0-1.fc24
ntfs-3g-2017.3.23-1.fc24
pcsxr-1.9.94-11.fc24
perl-CPAN-Perl-Releases-3.20-1.fc24
perl-Inline-C-0.78-1.fc24
perl-Module-CoreList-5.20170530-1.fc24
perl-Ref-Util-0.203-1.fc24
perl-Ref-Util-XS-0.116-2.fc24
php-horde-Horde-Alarm-2.2.10-1.fc24
php-horde-Horde-Cli-2.2.3-1.fc24
php-horde-Horde-Core-2.29.0-1.fc24
php-horde-Horde-Date-2.4.0-1.fc24
php-robrichards-xmlseclibs-2.0.1-4.fc24
php-webmozart-path-util-2.3.0-3.fc24
plasma-pk-updates-0.3.1-1.fc24
poppler-0.41.0-4.fc24
python-m2r-0.1.6-1.git871d579.fc24
sssd-1.15.2-5.fc24
sudo-1.8.20p1-1.fc24
testdisk-7.0-9.fc24
varnish-modules-0.12.1-1.fc24
Details about builds:
================================================================================
dolphin-emu-5.0-14.fc24 (FEDORA-2017-3258a7e433)
GameCube / Wii / Triforce Emulator
--------------------------------------------------------------------------------
Update Information:
Rebuild with new bochs version
--------------------------------------------------------------------------------
================================================================================
klavaro-3.02-4.fc24 (FEDORA-2017-8747c54b3b)
Typing tutor
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1423817 - klavaro: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1423817
--------------------------------------------------------------------------------
================================================================================
lizardfs-3.11.0-3.fc24 (FEDORA-2017-6b3a4add9e)
Distributed, fault tolerant file system
--------------------------------------------------------------------------------
Update Information:
Fix a rare crash in master, plus other small fixes
--------------------------------------------------------------------------------
================================================================================
luksmeta-4-1.fc24 (FEDORA-2017-202623c06a)
Utility for storing small metadata in the LUKSv1 header
--------------------------------------------------------------------------------
Update Information:
New upstream release. Enhanced documentation.
--------------------------------------------------------------------------------
================================================================================
mingw-poppler-0.41.0-2.fc24 (FEDORA-2017-eadc5f410e)
MinGW Windows Poppler library
--------------------------------------------------------------------------------
Update Information:
This update fixes CVEs 2017-7511 and 2017-9083.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456829 - CVE-2017-7511 mingw-poppler: poppler: Null pointer dereference in
pdfunite via crafted documents [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1456829
[ 2 ] Bug #1453200 - CVE-2017-9083 mingw-poppler: poppler: Null pointer dereference in
the JPXStream::readUByte function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1453200
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-5.3.1-1.fc24 (FEDORA-2017-5fb4ee7077)
Advanced Resource Connector Grid Middleware
--------------------------------------------------------------------------------
Update Information:
http://www.nordugrid.org/arc/releases/15.03u14/release_notes_15.03u14.html
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-doc-2.0.15-1.fc24 (FEDORA-2017-5fb4ee7077)
Advanced Resource Connector Documentation
--------------------------------------------------------------------------------
Update Information:
http://www.nordugrid.org/arc/releases/15.03u14/release_notes_15.03u14.html
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-nagios-plugins-1.9.0-1.fc24 (FEDORA-2017-5fb4ee7077)
Nagios plugins for ARC
--------------------------------------------------------------------------------
Update Information:
http://www.nordugrid.org/arc/releases/15.03u14/release_notes_15.03u14.html
--------------------------------------------------------------------------------
================================================================================
ntfs-3g-2017.3.23-1.fc24 (FEDORA-2017-fabdb3303a)
Linux NTFS userspace driver
--------------------------------------------------------------------------------
Update Information:
Update to ntfs-3g 2017.3.23.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1436894 - ntfs-3g-2017.3.23 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1436894
--------------------------------------------------------------------------------
================================================================================
pcsxr-1.9.94-11.fc24 (FEDORA-2017-f40328432d)
A plugin based PlayStation (PSX) emulator with high compatibility
--------------------------------------------------------------------------------
Update Information:
Back-port an overflow crash fix with the input plugin using SDL.
--------------------------------------------------------------------------------
================================================================================
perl-CPAN-Perl-Releases-3.20-1.fc24 (FEDORA-2017-82a3503b61)
Mapping Perl releases on CPAN to the location of the tarballs
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version ---- Updated to the latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1457003 - perl-CPAN-Perl-Releases-3.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1457003
[ 2 ] Bug #1454970 - perl-CPAN-Perl-Releases-3.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1454970
--------------------------------------------------------------------------------
================================================================================
perl-Inline-C-0.78-1.fc24 (FEDORA-2017-f9788c6315)
Write Perl subroutines in C
--------------------------------------------------------------------------------
Update Information:
This release fixes tests.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1457006 - perl-Inline-C-0.78 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1457006
--------------------------------------------------------------------------------
================================================================================
perl-Module-CoreList-5.20170530-1.fc24 (FEDORA-2017-723abb5863)
What modules are shipped with versions of perl
--------------------------------------------------------------------------------
Update Information:
This release provides data for Perl 5.26.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1457010 - perl-Module-CoreList-5.20170530 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1457010
--------------------------------------------------------------------------------
================================================================================
perl-Ref-Util-0.203-1.fc24 (FEDORA-2017-8abd97d73c)
Utility functions for checking references
--------------------------------------------------------------------------------
Update Information:
This update reflects upstream's split into pure-perl and XS parts.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450440 - Review Request: perl-Ref-Util-XS - Utility functions for checking
references
https://bugzilla.redhat.com/show_bug.cgi?id=1450440
--------------------------------------------------------------------------------
================================================================================
perl-Ref-Util-XS-0.116-2.fc24 (FEDORA-2017-8abd97d73c)
Utility functions for checking references
--------------------------------------------------------------------------------
Update Information:
This update reflects upstream's split into pure-perl and XS parts.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450440 - Review Request: perl-Ref-Util-XS - Utility functions for checking
references
https://bugzilla.redhat.com/show_bug.cgi?id=1450440
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Alarm-2.2.10-1.fc24 (FEDORA-2017-9313d1f0ea)
Horde Alarm Libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Alarm 2.2.10** * [jan] Fix catching database backend exceptions.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Cli-2.2.3-1.fc24 (FEDORA-2017-beafbf881f)
Horde Command Line Interface API
--------------------------------------------------------------------------------
Update Information:
**Horde_Cli 2.2.3** * [jan] Fix fatal error screen for PHP 7 error objects. *
[jan] Fix header() method to print, not return the header.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Core-2.29.0-1.fc24 (FEDORA-2017-37ee3ef2e7)
Horde Core Framework libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Core 2.29.0** * [jan] Add Horde_Registry_Application#backup(),
restore(), and restoreDependencies(). * [mjr] Fix calculating ActiveSync
SOFTDELETE times for calendar collections (Bug #14631).
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Date-2.4.0-1.fc24 (FEDORA-2017-12d6653360)
Horde Date package
--------------------------------------------------------------------------------
Update Information:
**Horde_Date 2.4.0** * [jan] Add Horde_Date_Recurrence::fromHash() and
toHash().
--------------------------------------------------------------------------------
================================================================================
php-robrichards-xmlseclibs-2.0.1-4.fc24 (FEDORA-2017-4b78d93a7d)
A PHP library for XML Security
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-webmozart-path-util-2.3.0-3.fc24 (FEDORA-2017-4b78d93a7d)
Cross-platform utilities for file paths
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
plasma-pk-updates-0.3.1-1.fc24 (FEDORA-2017-c6b42b3fe2)
Plasma applet for system updates using PackageKit
--------------------------------------------------------------------------------
Update Information:
Plasma-pk-updates 0.3.1 release.
--------------------------------------------------------------------------------
================================================================================
poppler-0.41.0-4.fc24 (FEDORA-2017-7e6f5f6957)
PDF rendering library
--------------------------------------------------------------------------------
Update Information:
CVE-2017-7511 poppler: Null pointer dereference in pdfunite via crafted
documents
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456828 - CVE-2017-7511 poppler: Null pointer dereference in pdfunite via
crafted documents [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1456828
--------------------------------------------------------------------------------
================================================================================
python-m2r-0.1.6-1.git871d579.fc24 (FEDORA-2017-82163acc0c)
Markdown to reStructuredText converter
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version **0.1.6**. ---- Packaging
[
m2r](https://github.com/miyakogi/m2r/) in Fedora.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1457165 - python-m2r-0.1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1457165
[ 2 ] Bug #1452126 - Review Request: python-m2r - Markdown to reStructuredText
converter
https://bugzilla.redhat.com/show_bug.cgi?id=1452126
--------------------------------------------------------------------------------
================================================================================
sssd-1.15.2-5.fc24 (FEDORA-2017-09ed8ebe2c)
System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:
Resolves upstream#3382 - SSSD should use memberOf, not originalMemberOf to
--------------------------------------------------------------------------------
================================================================================
sudo-1.8.20p1-1.fc24 (FEDORA-2017-135429d732)
Allows restricted root access for specified users
--------------------------------------------------------------------------------
Update Information:
- update to 1.8.20p1 - fixes CVE-2017-1000367
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1453074 - CVE-2017-1000367 sudo: Privilege escalation in via improper
get_process_ttyname() parsing
https://bugzilla.redhat.com/show_bug.cgi?id=1453074
--------------------------------------------------------------------------------
================================================================================
testdisk-7.0-9.fc24 (FEDORA-2017-fabdb3303a)
Tool to check and undelete partition, PhotoRec recovers lost files
--------------------------------------------------------------------------------
Update Information:
Update to ntfs-3g 2017.3.23.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1436894 - ntfs-3g-2017.3.23 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1436894
--------------------------------------------------------------------------------
================================================================================
varnish-modules-0.12.1-1.fc24 (FEDORA-2017-1ea38b76e1)
A collection of modules ("vmods") extending Varnish VCL
--------------------------------------------------------------------------------
Update Information:
New package: varnish-modules --------------------------------------------- This
is a collection of modules ("vmods") extending Varnish VCL used for describing
HTTP request/response policies with additional capabilities. This collection
contains the following vmods (previously kept individually): cookie, vsthrottle,
header, saintmode, softpurge, tcp, var, xkey
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1324863 - Review Request: varnish-modules - A collection of modules extending
varnish VCL
https://bugzilla.redhat.com/show_bug.cgi?id=1324863
--------------------------------------------------------------------------------