The following Fedora 25 Security updates need testing:
Age URL
305
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25
203
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e
python-XStatic-jquery-ui-1.12.0.1-4.fc25
143
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f
nodejs-brace-expansion-1.1.7-1.fc25
97
https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c
memcached-1.4.39-1.fc25
93
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4
docker-distribution-2.6.2-1.git48294d9.fc25
36
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11
gnome-shell-3.22.3-2.fc25
31
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0f24bb2a9
chromium-61.0.3163.100-1.fc25
22
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d345f250a
nagios-4.3.4-3.fc25
16
https://bodhi.fedoraproject.org/updates/FEDORA-2017-805d9423f8
poppler-0.45.0-9.fc25
14
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6967efb3f0
thunderbird-52.4.0-2.fc25
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7089c6e789
suricata-3.2.4-1.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8cca61e2fa
libextractor-1.6-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e2071419d
seamonkey-2.49.1-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-38830f1443 lame-3.100-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8258f76154
modulemd-1.3.2-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-150762f6be
glusterfs-3.10.6-4.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f499ee7b12
tomcat-8.0.47-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1492e4844
java-1.8.0-openjdk-1.8.0.151-1.b12.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd6659d4d4
systemd-231-19.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c582c1e728
nodejs-6.11.5-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-51f49ebbce apr-1.6.3-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f563b201ba
apr-util-1.5.4-4.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-45ed341e61
httpd-2.4.29-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-de8a421dcd wget-1.19.2-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-95327e44ec
community-mysql-5.7.20-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdaaf6ea12 php-7.0.25-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4aa57d753 xen-4.7.3-8.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
147
https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25
37
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2803ce4f5
linux-firmware-20170828-77.gitb78acc9.fc25
36
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11
gnome-shell-3.22.3-2.fc25
26
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3fc5429e7e
iproute-4.12.0-1.fc25
17
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d00e4db6a
selinux-policy-3.13.1-225.23.fc25
16
https://bodhi.fedoraproject.org/updates/FEDORA-2017-805d9423f8
poppler-0.45.0-9.fc25
14
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6967efb3f0
thunderbird-52.4.0-2.fc25
14
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b005e95422 audit-2.8.1-1.fc25
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-038e288658
libguestfs-1.36.10-1.fc25
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4dc8e5a70f kobo-0.7.0-3.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c20585902
livecd-tools-25.0-1.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-577896c07b
corosync-2.4.3-1.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-dda3824566
webkitgtk4-2.18.1-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-150762f6be
glusterfs-3.10.6-4.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c07be0d13d
libdrm-2.4.85-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c0d71e8998
nss-softokn-3.33.0-1.1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c140fb767
gnome-online-accounts-3.22.7-2.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c7e6d7da2b
gnome-software-3.22.7-4.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-af9174446e
kernel-4.13.9-100.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4aa57d753 xen-4.7.3-8.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd6659d4d4
systemd-231-19.fc25
The following builds have been pushed to Fedora 25 updates-testing
R-3.4.2-1.fc25
community-mysql-5.7.20-1.fc25
fedfind-3.7.1-1.fc25
golang-github-tjfoc-gmsm-1.0.1-1.20171023.git9d99fac.fc25
mate-session-manager-1.18.2-1.fc25
php-7.0.25-1.fc25
rkward-0.6.5-10.fc25
rpy-2.8.6-4.fc25
wget-1.19.2-1.fc25
xen-4.7.3-8.fc25
Details about builds:
================================================================================
R-3.4.2-1.fc25 (FEDORA-2017-9c9aaab6db)
A language for data analysis and graphics
--------------------------------------------------------------------------------
Update Information:
Update R to 3.4.2, rebuild rpy and rkward to sync.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1497191 - R-3.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1497191
--------------------------------------------------------------------------------
================================================================================
community-mysql-5.7.20-1.fc25 (FEDORA-2017-95327e44ec)
MySQL client programs and shared libraries
--------------------------------------------------------------------------------
Update Information:
A quarter year regular dose of fixed CVE's.
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html .
rhbz#1497694: Fix owner and perms on log file in post script CVE fixes:
rhbz#1503701 CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276
CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10314
CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 Others: Move all test
binaries to -test package Dont ship unneeded man pages on systemd platforms
Remove mysql_config_editor from -devel package, shipped in client
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1503701 - CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276
CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10314 CVE-2017-10378
CVE-2017-10379 CVE-2017-10384 community-mysql: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1503701
[ 2 ] Bug #1497694 - mysqld service not working by default after bd72127
https://bugzilla.redhat.com/show_bug.cgi?id=1497694
[ 3 ] Bug #1503357 - community-mysql-5.7.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1503357
--------------------------------------------------------------------------------
================================================================================
fedfind-3.7.1-1.fc25 (FEDORA-2017-dc8ebfd6c0)
Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:
This new version of fedfind improves handling of various new compose types
introduced by release engineering. The new nightly modular composes from master
branch, now versioned `Bikeshed` rather than `Rawhide`, are handled with a new
`BikeshedModularNightly` class. 'updates' and 'updates-testing' composes
are
explicitly not supported (`get_release` will raise a `ValueError` with a
specific text for these) as they do not contain images and so fedfind can't do
much with them. Note that the `fedfind.helpers.parse_cid` function is entirely
rewritten in support of this; the new version is much more capable and accurate
and should handle all compose IDs the previous version handled correctly, but
please report any issues you find.
--------------------------------------------------------------------------------
================================================================================
golang-github-tjfoc-gmsm-1.0.1-1.20171023.git9d99fac.fc25 (FEDORA-2017-20c0d32691)
GM SM2/3/4 library based on Golang
--------------------------------------------------------------------------------
Update Information:
Initial package for fedora.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1506331 - Review Request: golang-github-tjfoc-gmsm - GM SM2/3/4 library based
on Golang
https://bugzilla.redhat.com/show_bug.cgi?id=1506331
--------------------------------------------------------------------------------
================================================================================
mate-session-manager-1.18.2-1.fc25 (FEDORA-2017-f6c8fc312c)
MATE Desktop session manager
--------------------------------------------------------------------------------
Update Information:
- update to 1.18.2
--------------------------------------------------------------------------------
================================================================================
php-7.0.25-1.fc25 (FEDORA-2017-cdaaf6ea12)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
**PHP version 7.0.25** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null
pointer dereference in zend_mm_alloc_small()). (Laruence) * Fixed bug php#75236
(infinite loop when printing an error-message). (Andrea) * Fixed bug php#75252
(Incorrect token formatting on two parse errors in one request). (Nikita) *
Fixed bug php#75220 (Segfault when calling is_callable on parent).
(andrewnester) * Fixed bug php#75290 (debug info of Closures of internal
functions contain garbage argument names). (Andrea) **Apache2Handler:** *
Fixed bug php#75311 (error: 'zend_hash_key' has no member named 'arKey'
in
apache2handler). (mcarbonneaux) **Date:** * Fixed bug php#75055 (Out-Of-Bounds
Read in timelib_meridian()). (Derick) **Intl:** * Fixed bug php#75318 (The
parameter of UConverter::getAliases() is not optional). (cmb) **mcrypt:** *
Fixed bug php#72535 (arcfour encryption stream filter crashes php). (Leigh)
**PCRE:** * Fixed bug php#75207 (applied upstream patch for CVE-2016-1283).
(Anatol) **litespeed:** * Fixed bug php#75248 (Binary directory doesn't get
created when building only litespeed SAPI). (petk) * Fixed bug php#75251
(Missing program prefix and suffix). (petk) **SPL:** * Fixed bug php#73629
(SplDoublyLinkedList::setIteratorMode masks intern flags). (J. Jeising, cmb)
--------------------------------------------------------------------------------
================================================================================
rkward-0.6.5-10.fc25 (FEDORA-2017-9c9aaab6db)
Graphical frontend for R language
--------------------------------------------------------------------------------
Update Information:
Update R to 3.4.2, rebuild rpy and rkward to sync.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1497191 - R-3.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1497191
--------------------------------------------------------------------------------
================================================================================
rpy-2.8.6-4.fc25 (FEDORA-2017-9c9aaab6db)
Python interface to the R language
--------------------------------------------------------------------------------
Update Information:
Update R to 3.4.2, rebuild rpy and rkward to sync.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1497191 - R-3.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1497191
--------------------------------------------------------------------------------
================================================================================
wget-1.19.2-1.fc25 (FEDORA-2017-de8a421dcd)
A utility for retrieving files using the HTTP or FTP protocols
--------------------------------------------------------------------------------
Update Information:
new upstream release with CVE fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1505445 - CVE-2017-13090 wget: Heap-based buffer overflow in HTTP protocol
handling
https://bugzilla.redhat.com/show_bug.cgi?id=1505445
[ 2 ] Bug #1505444 - CVE-2017-13089 wget: Stack-based buffer overflow in HTTP protocol
handling
https://bugzilla.redhat.com/show_bug.cgi?id=1505444
--------------------------------------------------------------------------------
================================================================================
xen-4.7.3-8.fc25 (FEDORA-2017-c4aa57d753)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
pin count / page reference race in grant table code [XSA-236, CVE-2017-15597]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1499815 - CVE-2017-15597 xsa236 xen: pin count / page reference race in grant
table code (XSA-236)
https://bugzilla.redhat.com/show_bug.cgi?id=1499815
--------------------------------------------------------------------------------