The following Fedora 25 Security updates need testing:
Age URL
186
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25
85
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e
python-XStatic-jquery-ui-1.12.0.1-4.fc25
29
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dbbbafea6
runc-1.0.0-7.git6394544.fc25.2
24
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec3c82e64d
libstaroffice-0.0.3-3.fc25
24
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f
nodejs-brace-expansion-1.1.7-1.fc25
15
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bcfa3569d6
libmwaw-0.3.11-3.fc25
11
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f68c93aaac
kmail-16.12.3-2.fc25
11
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb1ecba1bc
kf5-messagelib-16.12.3-2.fc25
11
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a11f853361
kdepim4-4.14.10-31.fc25
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-708adeb9b6
libsndfile-1.0.28-3.fc25
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb xen-4.7.2-7.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-63aca509fb
zabbix-3.0.9-1.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7591a8e2c9
globus-xio-5.16-1.fc25 globus-net-manager-0.17-1.fc25 globus-gass-cache-program-6.7-1.fc25
globus-gass-copy-9.27-1.fc25 globus-gssapi-gsi-12.16-1.fc25
globus-gram-job-manager-14.36-1.fc25 globus-gridftp-server-12.2-1.fc25
globus-io-11.9-1.fc25 globus-xio-gsi-driver-3.11-1.fc25 globus-xio-pipe-driver-3.10-1.fc25
globus-xio-udt-driver-1.27-1.fc25 myproxy-6.1.28-1.fc25 globus-ftp-client-8.35-2.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-38113758e7
drupal7-7.56-1.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f7d6fbccc
php-horde-Horde-Image-2.5.1-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff1b87765
webkitgtk4-2.16.5-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c57da6642
libmtp-1.1.13-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-372bb1edb3
libdb-5.3.28-24.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-75c571778e irssi-1.0.3-1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-620085cede
httpd-2.4.26-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-03954b6dc4
jetty-test-helper-3.1-3.fc25 jetty-alpn-8.1.11-2.v20170118.fc25
jetty-9.4.6-1.v20170531.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d3bc944153 pius-2.2.4-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a348b32eb5
libgcrypt-1.7.8-1.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-58cde32413
qt5-qtwebengine-5.9.0-4.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d04f7ddd73
dnsperf-2.1.0.0-3.fc25 bind-dyndb-ldap-10.1-2.fc25 bind-9.10.5-2.P2.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-79886ea453
mosquitto-1.4.13-1.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
29
https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25
15
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a83e0e61d6 fwupd-0.9.4-1.fc25
12
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd92718a5a
pungi-4.1.16-3.fc25
11
https://bodhi.fedoraproject.org/updates/FEDORA-2017-82f4a3afee
storaged-2.6.2-6.fc25
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-708adeb9b6
libsndfile-1.0.28-3.fc25
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb xen-4.7.2-7.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d90aa59a73
libguestfs-1.36.5-1.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0187b2a605
selinux-policy-3.13.1-225.19.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-80862de14e
perl-Scalar-List-Utils-1.48-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-372bb1edb3
libdb-5.3.28-24.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff1b87765
webkitgtk4-2.16.5-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a348b32eb5
libgcrypt-1.7.8-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-92a040da1a rsync-3.1.2-4.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d8104c0ea6
hostname-3.15-8.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2a0a9f69f8
dbus-1.11.14-1.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-118505dd77
libsoup-2.56.0-3.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-de0dd8b845 gsm-1.0.17-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-82ed89323e
libsolv-0.6.28-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-caf28c1846
flatpak-0.9.7-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d137386ea
kernel-4.11.8-200.fc25
The following builds have been pushed to Fedora 25 updates-testing
LuxRender-1.6-16.fc25
bind-9.10.5-2.P2.fc25
bind-dyndb-ldap-10.1-2.fc25
dnscrypt-proxy-gui-1.11.10-1.fc25
dnsperf-2.1.0.0-3.fc25
edgar-1.27-1.fc25
embree-2.16.4-1.fc25
flacon-3.0.0-1.fc25
flatpak-0.9.7-1.fc25
gimagereader-3.2.3-1.fc25
groonga-7.0.4-1.fc25
kernel-4.11.8-200.fc25
libsolv-0.6.28-1.fc25
libtaskotron-0.4.21-1.fc25
mosquitto-1.4.13-1.fc25
ndctl-57.1-1.fc25
python-pydocstyle-2.0.0-1.fc25
python-pytoml-0.1.14-1.git7dea353.fc25
qcad-3.17.3.0-1.fc25
radicale-1.1.2-2.fc25
rkhunter-1.4.4-1.fc25
sugar-measure-101-1.fc25
thermald-1.6-6.fc25
wingpanel-indicator-datetime-2.0.2-1.fc25
xplayer-1.4.3-1.fc25
Details about builds:
================================================================================
LuxRender-1.6-16.fc25 (FEDORA-2017-9d612e19f0)
Lux Renderer, an unbiased rendering system
--------------------------------------------------------------------------------
Update Information:
Rebuild with embree 2.16.4. Release note ----------------- Bugfix in the
ribbon intersector for hair primitives. Non-normalized rays caused wrong
intersection distance to be reported.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1459537 - embree-2.16.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1459537
[ 2 ] Bug #1434810 - embree-2.16.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1434810
[ 3 ] Bug #1466767 - embree-2.16.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1466767
--------------------------------------------------------------------------------
================================================================================
bind-9.10.5-2.P2.fc25 (FEDORA-2017-d04f7ddd73)
The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
--------------------------------------------------------------------------------
Update Information:
Update back to ISC supported version. Security fix for CVE-2017-3143,
CVE-2017-3142, CVE-2017-3140 ---- Update to 10.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1466189 - CVE-2017-3142 bind: An error in TSIG authentication can permit
unauthorized zone transfers
https://bugzilla.redhat.com/show_bug.cgi?id=1466189
[ 2 ] Bug #1461302 - CVE-2017-3140 bind: Error processing RPZ rules leads to endless
loop while handling query
https://bugzilla.redhat.com/show_bug.cgi?id=1461302
[ 3 ] Bug #1466193 - CVE-2017-3143 bind: An error in TSIG authentication can permit
unauthorized dynamic updates
https://bugzilla.redhat.com/show_bug.cgi?id=1466193
--------------------------------------------------------------------------------
================================================================================
bind-dyndb-ldap-10.1-2.fc25 (FEDORA-2017-d04f7ddd73)
LDAP back-end plug-in for BIND
--------------------------------------------------------------------------------
Update Information:
Update back to ISC supported version. Security fix for CVE-2017-3143,
CVE-2017-3142, CVE-2017-3140 ---- Update to 10.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1466189 - CVE-2017-3142 bind: An error in TSIG authentication can permit
unauthorized zone transfers
https://bugzilla.redhat.com/show_bug.cgi?id=1466189
[ 2 ] Bug #1461302 - CVE-2017-3140 bind: Error processing RPZ rules leads to endless
loop while handling query
https://bugzilla.redhat.com/show_bug.cgi?id=1461302
[ 3 ] Bug #1466193 - CVE-2017-3143 bind: An error in TSIG authentication can permit
unauthorized dynamic updates
https://bugzilla.redhat.com/show_bug.cgi?id=1466193
--------------------------------------------------------------------------------
================================================================================
dnscrypt-proxy-gui-1.11.10-1.fc25 (FEDORA-2017-83c4275946)
GUI wrapper for dnscrypt-proxy
--------------------------------------------------------------------------------
Update Information:
enhancements;
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1464281 - dnscrypt-proxy-gui-1.11.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1464281
--------------------------------------------------------------------------------
================================================================================
dnsperf-2.1.0.0-3.fc25 (FEDORA-2017-d04f7ddd73)
Benchmarking authorative and recursing DNS servers
--------------------------------------------------------------------------------
Update Information:
Update back to ISC supported version. Security fix for CVE-2017-3143,
CVE-2017-3142, CVE-2017-3140 ---- Update to 10.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1466189 - CVE-2017-3142 bind: An error in TSIG authentication can permit
unauthorized zone transfers
https://bugzilla.redhat.com/show_bug.cgi?id=1466189
[ 2 ] Bug #1461302 - CVE-2017-3140 bind: Error processing RPZ rules leads to endless
loop while handling query
https://bugzilla.redhat.com/show_bug.cgi?id=1461302
[ 3 ] Bug #1466193 - CVE-2017-3143 bind: An error in TSIG authentication can permit
unauthorized dynamic updates
https://bugzilla.redhat.com/show_bug.cgi?id=1466193
--------------------------------------------------------------------------------
================================================================================
edgar-1.27-1.fc25 (FEDORA-2017-02b25dd600)
A platform game
--------------------------------------------------------------------------------
Update Information:
* Added new music for the Laboratory * Updated German translation * Fixed a
problem where Evil Edgar could get blocked by monsters during his first cutscene
* Increased the size of the safe dial image * Health potions now restore 5
health points * Boulders spin more realistically * The Gargoyle now hovers lower
down during his second phase attack * Fixed a memory leak when saving PNG images
--------------------------------------------------------------------------------
================================================================================
embree-2.16.4-1.fc25 (FEDORA-2017-9d612e19f0)
Collection of high-performance ray tracing kernels developed at Intel
--------------------------------------------------------------------------------
Update Information:
Rebuild with embree 2.16.4. Release note ----------------- Bugfix in the
ribbon intersector for hair primitives. Non-normalized rays caused wrong
intersection distance to be reported.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1459537 - embree-2.16.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1459537
[ 2 ] Bug #1434810 - embree-2.16.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1434810
[ 3 ] Bug #1466767 - embree-2.16.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1466767
--------------------------------------------------------------------------------
================================================================================
flacon-3.0.0-1.fc25 (FEDORA-2017-b2cd696648)
Audio File Encoder
--------------------------------------------------------------------------------
Update Information:
new version 3.0.0
--------------------------------------------------------------------------------
================================================================================
flatpak-0.9.7-1.fc25 (FEDORA-2017-caf28c1846)
Application deployment framework for desktop apps
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1466970 - flatpak-0.9.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1466970
--------------------------------------------------------------------------------
================================================================================
gimagereader-3.2.3-1.fc25 (FEDORA-2017-d87c19c4d9)
A front-end to tesseract-ocr
--------------------------------------------------------------------------------
Update Information:
Update to version 3.2.3, see
https://github.com/manisandro/gImageReader/releases/tag/v3.2.3 for details.
---- Update to version 3.2.2, see
https://github.com/manisandro/gImageReader/releases/tag/v3.2.2 for details.
--------------------------------------------------------------------------------
================================================================================
groonga-7.0.4-1.fc25 (FEDORA-2017-f24b73cb74)
An Embeddable Fulltext Search Engine
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
================================================================================
kernel-4.11.8-200.fc25 (FEDORA-2017-0d137386ea)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.11.8 update contains a number of important fixes across the tree
--------------------------------------------------------------------------------
================================================================================
libsolv-0.6.28-1.fc25 (FEDORA-2017-82ed89323e)
Package dependency solver
--------------------------------------------------------------------------------
Update Information:
- make peace with newer perl versions - fix memory leak in bindings - add
`pool_best_solvables()` function - fix 64bit integer parsing from RPM headers
--------------------------------------------------------------------------------
================================================================================
libtaskotron-0.4.21-1.fc25 (FEDORA-2017-ff47530b6a)
Taskotron Support Library
--------------------------------------------------------------------------------
Update Information:
- documentation improvements - DNF_REPO item type removed - default task
artifact now points to artifacts root dir instead of task log - fix rpm deps
handling via dnf on Fedora 26 (but only support package names and filepaths as
deps in task formulas)
--------------------------------------------------------------------------------
================================================================================
mosquitto-1.4.13-1.fc25 (FEDORA-2017-79886ea453)
An Open Source MQTT v3.1/v3.1.1 Broker
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2017-9868 (rhbz#1464946)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1464946 - CVE-2017-9868 mosquitto: World-readable persistence file possibly
leaking sensitive information
https://bugzilla.redhat.com/show_bug.cgi?id=1464946
--------------------------------------------------------------------------------
================================================================================
ndctl-57.1-1.fc25 (FEDORA-2017-34bf8d7ed9)
Manage "libnvdimm" subsystem devices (Non-volatile Memory)
--------------------------------------------------------------------------------
Update Information:
Release v57.1
--------------------------------------------------------------------------------
================================================================================
python-pydocstyle-2.0.0-1.fc25 (FEDORA-2017-4db0e57f0b)
Python docstring style checker
--------------------------------------------------------------------------------
Update Information:
Initial release in Fedora 25+
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409654 - Review Request: python-pydocstyle - Python docstring style checker
https://bugzilla.redhat.com/show_bug.cgi?id=1409654
--------------------------------------------------------------------------------
================================================================================
python-pytoml-0.1.14-1.git7dea353.fc25 (FEDORA-2017-a84ddb9830)
Parser for TOML
--------------------------------------------------------------------------------
Update Information:
Update to 0.1.14
--------------------------------------------------------------------------------
================================================================================
qcad-3.17.3.0-1.fc25 (FEDORA-2017-a5ee1d8df7)
Powerful 2D CAD system
--------------------------------------------------------------------------------
Update Information:
- Update to 3.17.3.0
--------------------------------------------------------------------------------
================================================================================
radicale-1.1.2-2.fc25 (FEDORA-2017-7bc73f2219)
A simple CalDAV (calendar) and CardDAV (contact) server
--------------------------------------------------------------------------------
Update Information:
Remove PrivateDevices=true (RHBZ#1452328)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1452328 - SELinux prevents from start radicale.service
https://bugzilla.redhat.com/show_bug.cgi?id=1452328
--------------------------------------------------------------------------------
================================================================================
rkhunter-1.4.4-1.fc25 (FEDORA-2017-f5e8476376)
A host-based tool to scan for rootkits, backdoors and local exploits
--------------------------------------------------------------------------------
Update Information:
New upstream release with various fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1284403 - Logger is not being used correctly in /usr/bin/rkhunter
https://bugzilla.redhat.com/show_bug.cgi?id=1284403
[ 2 ] Bug #1466318 - rkhunter-1.4.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1466318
--------------------------------------------------------------------------------
================================================================================
sugar-measure-101-1.fc25 (FEDORA-2017-d9665bcc81)
Measure for Sugar
--------------------------------------------------------------------------------
Update Information:
Release version 101
--------------------------------------------------------------------------------
================================================================================
thermald-1.6-6.fc25 (FEDORA-2017-bf62c5555b)
Thermal Management daemon
--------------------------------------------------------------------------------
Update Information:
* Replace fix for rhbz#1464548 from upstream commit * Add upstream patch to fix
README * Add upstreamed patch to silence compiler warnings ---- * Add upstream
patch to fix ThermalMonitor * Add several fixes from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1464548 - [abrt] thermald-monitor:
ThermaldInterface::getLowestValidTripTempForZone(): ThermalMonitor killed by signal 11
https://bugzilla.redhat.com/show_bug.cgi?id=1464548
--------------------------------------------------------------------------------
================================================================================
wingpanel-indicator-datetime-2.0.2-1.fc25 (FEDORA-2017-e551b7c146)
Datetime Indicator for wingpanel
--------------------------------------------------------------------------------
Update Information:
Update to version 2.0.2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1466780 - wingpanel-indicator-datetime-2.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1466780
--------------------------------------------------------------------------------
================================================================================
xplayer-1.4.3-1.fc25 (FEDORA-2017-38e91ecec3)
A generic Media Player
--------------------------------------------------------------------------------
Update Information:
* New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1467001 - xplayer-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1467001
--------------------------------------------------------------------------------