The following Fedora 22 Security updates need testing:
Age URL
439
https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878
echoping-6.1-0.beta.r434svn.1.fc22
388
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185
ceph-deploy-1.5.25-1.fc22
321
https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781
python-kdcproxy-0.3.2-1.fc22
275
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22
264
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf
openstack-swift-2.2.0-6.fc22
233
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d
miniupnpc-1.9-6.fc22
215
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
215
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
182
https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22
156
https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0
thttpd-2.25b-37.fc22
132
https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b
xdelta-3.0.7-7.fc22
121
https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494
mingw-nsis-2.50-1.fc22
109
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765
python-pygments-2.1.3-1.fc22
69
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc
poppler-0.30.0-4.fc22
40
https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a5867050
squid-3.5.10-4.fc22
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c3bd6a3496
ntp-4.2.6p5-41.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-95f1569a73
drupal7-7.44-1.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0fd6ca526a expat-2.1.1-2.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5c52dcfe47
python3-3.4.2-8.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e37f15a5f4
python-2.7.10-10.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fbb5a65729
squidGuard-1.4-26.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f597359bf2
setroubleshoot-3.2.27.1-1.fc22
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
314
https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22
233
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f
libgphoto2-2.5.8-1.fc22
215
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
215
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
69
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc
poppler-0.30.0-4.fc22
66
https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4
libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22
64
https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b
pygtk2-2.24.0-14.fc22
61
https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8
lldpad-1.0.1-4.git036e314.fc22
16
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2cdb5d5a7c
vim-7.4.1868-1.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-409af1ecfd lua-5.3.3-1.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4a2bc1983 mdadm-3.3.4-3.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab75c587f3
perl-5.20.3-331.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-babda1429a
thunderbird-45.1.1-2.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b1495a847
samba-4.2.12-1.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0fd6ca526a expat-2.1.1-2.fc22
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-18212502a4 pcre-8.39-2.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e37f15a5f4
python-2.7.10-10.fc22
The following builds have been pushed to Fedora 22 updates-testing
chkrootkit-0.50-8.fc22
clustershell-1.7.2-1.fc22
deja-dup-34.2-2.fc22
liveusb-creator-3.95.2-1.fc22
lyx-2.1.5-1.fc22
minimodem-0.24-1.fc22
open-vm-tools-10.0.5-3.fc22
perl-Module-CoreList-5.20160620-1.fc22
pyotherside-1.5.0-2.fc22
python-2.7.10-10.fc22
python-netdiff-0.4.7-2.fc22
python3-3.4.2-8.fc22
setroubleshoot-3.2.27.1-1.fc22
squidGuard-1.4-26.fc22
Details about builds:
================================================================================
chkrootkit-0.50-8.fc22 (FEDORA-2016-533e10ae24)
Tool to locally check for signs of a rootkit
--------------------------------------------------------------------------------
Update Information:
Fix l2cap false positive. ---- Fix Windigo false positive.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1234420 - chkrootkit warnings - l2cap
https://bugzilla.redhat.com/show_bug.cgi?id=1234420
[ 2 ] Bug #1234436 - Bogus Windigo reports
https://bugzilla.redhat.com/show_bug.cgi?id=1234436
--------------------------------------------------------------------------------
================================================================================
clustershell-1.7.2-1.fc22 (FEDORA-2016-ecc09efbf3)
Python framework for efficient cluster administration
--------------------------------------------------------------------------------
Update Information:
Minor release 1.7.2. Bugfix for tree mode and better error handling (like broken
pipe). The only new minor enhancement is the --pick option available with clush
and nodeset.
--------------------------------------------------------------------------------
================================================================================
deja-dup-34.2-2.fc22 (FEDORA-2016-5468ee7277)
Simple backup tool and frontend for duplicity
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
liveusb-creator-3.95.2-1.fc22 (FEDORA-2016-94b3079fbb)
Fedora Media Writer
--------------------------------------------------------------------------------
Update Information:
Bump to have F24 data included
--------------------------------------------------------------------------------
================================================================================
lyx-2.1.5-1.fc22 (FEDORA-2016-13f1ce3950)
WYSIWYM (What You See Is What You Mean) document processor
--------------------------------------------------------------------------------
Update Information:
LyX 2.1.5 is the the final release in the 2.1.x series. In this release were
fixed a number of bugs and made a number of improvements. Many of these were
minor, but there were a few crashes fixed. All these changes are detailed in the
announcement <
http://www.lyx.org/announce/2_1_5.txt>. One of the main features
of 2.1.5 is its ability to read and write files in the 2.2.x format. Since the
conversion process back and forth usually will not leave one with an identical
file, however, it is not recommend attempting to collaborate with users of
2.2.x. Since the end of support for Fedora 22 is near this will be the last
available LyX version. If you intend to use LyX 2.2 we encourage you to upgrade
to Fedora 23 or 24 where lyx-2.2.0 is available in the stable repositories.
--------------------------------------------------------------------------------
================================================================================
minimodem-0.24-1.fc22 (FEDORA-2016-e14c397baa)
General-purpose software audio FSK modem
--------------------------------------------------------------------------------
Update Information:
Latest upstream release. ---- Latest upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1310279 - minimodem-0.24 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1310279
[ 2 ] Bug #1164134 - minimodem-0.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1164134
--------------------------------------------------------------------------------
================================================================================
open-vm-tools-10.0.5-3.fc22 (FEDORA-2016-f2b2eb3aca)
Open Virtual Machine Tools for virtual machines hosted on VMware
--------------------------------------------------------------------------------
Update Information:
Use systemd-detect-virt to detect VMware platform (RHBZ#1251656).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1251656 - vmtoolsd load 1 core of cpu 100% in Virtualbox environment
https://bugzilla.redhat.com/show_bug.cgi?id=1251656
--------------------------------------------------------------------------------
================================================================================
perl-Module-CoreList-5.20160620-1.fc22 (FEDORA-2016-dc5c8b0711)
What modules are shipped with versions of perl
--------------------------------------------------------------------------------
Update Information:
This release provides data for perl 5.25.2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1348367 - perl-Module-CoreList-5.20160620 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1348367
--------------------------------------------------------------------------------
================================================================================
pyotherside-1.5.0-2.fc22 (FEDORA-2016-c816d8b04d)
Asynchronous Python 3 Bindings for Qt 5
--------------------------------------------------------------------------------
Update Information:
New upstream release 1.5.0 - brings new APIs while keeping backwards
compatibility. What's new:
http://pyotherside.readthedocs.io/en/latest/#io-thp-
pyotherside-1-5
--------------------------------------------------------------------------------
================================================================================
python-2.7.10-10.fc22 (FEDORA-2016-e37f15a5f4)
An interpreted, interactive, object-oriented programming language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-0772 ---- Added patch for fixing possible integer
overflow and heap corruption in zipimporter.get_data()
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1303647 - CVE-2016-0772 python: smtplib StartTLS stripping attack
https://bugzilla.redhat.com/show_bug.cgi?id=1303647
--------------------------------------------------------------------------------
================================================================================
python-netdiff-0.4.7-2.fc22 (FEDORA-2016-0d58782dc0)
Python library for parsing network topology data and detect changes
--------------------------------------------------------------------------------
Update Information:
First F22 release
--------------------------------------------------------------------------------
================================================================================
python3-3.4.2-8.fc22 (FEDORA-2016-5c52dcfe47)
Version 3 of the Python programming language aka Python 3000
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-0772 ---- Added patch for fixing possible integer
overflow and heap corruption in zipimporter.get_data()
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1303647 - CVE-2016-0772 python: smtplib StartTLS stripping attack
https://bugzilla.redhat.com/show_bug.cgi?id=1303647
--------------------------------------------------------------------------------
================================================================================
setroubleshoot-3.2.27.1-1.fc22 (FEDORA-2016-f597359bf2)
Helps troubleshoot SELinux problems
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-4446
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1339250 - CVE-2016-4446 setroubleshoot-plugins: insecure commands.getoutput
use in the allow_execstack plugin
https://bugzilla.redhat.com/show_bug.cgi?id=1339250
--------------------------------------------------------------------------------
================================================================================
squidGuard-1.4-26.fc22 (FEDORA-2016-fbb5a65729)
Filter, redirector and access controller plugin for squid
--------------------------------------------------------------------------------
Update Information:
Unit file fix. ----
http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1177012 - ExecStop syntax error in squidGuard.service
https://bugzilla.redhat.com/show_bug.cgi?id=1177012
[ 2 ] Bug #1323211 - "squidGuard" doesn't guard - no errormessages when
failing
https://bugzilla.redhat.com/show_bug.cgi?id=1323211
[ 3 ] Bug #1348459 - squidGuard: Reflected cross site scripting vulnerability in
squidGuard.cgi [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1348459
[ 4 ] Bug #1253636 - error: squidGuard:7 error verifying olddir path
/var/log/squidGuard/old: No such file or directory
https://bugzilla.redhat.com/show_bug.cgi?id=1253636
[ 5 ] Bug #1253633 - /var/log/squidGuard permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1253633
[ 6 ] Bug #1348458 - squidGuard: Reflected cross site scripting vulnerability in
squidGuard.cgi [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1348458
--------------------------------------------------------------------------------