The following Fedora 23 Security updates need testing:
Age URL
256
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
213
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
186
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
137
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
136
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
101
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
56
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7
optipng-0.7.6-1.fc23
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940
squid-3.5.10-4.fc23
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d9dbd6d339
openslp-2.0.0-8.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-396403ec02
roundcubemail-1.2.0-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d3fe9914b xen-4.5.3-6.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7a878ed298
GraphicsMagick-1.3.24-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea323bd6cf nginx-1.8.1-3.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d25ebba412 sudo-1.8.15-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a0d540088
docker-1.10.3-24.gitf476348.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
15
https://bodhi.fedoraproject.org/updates/FEDORA-2016-728a7def67
pungi-4.0.15-2.fc23
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d9dbd6d339
openslp-2.0.0-8.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad11727bf
gnome-software-3.20.3-1.fc23.1 json-glib-1.2.0-1.fc23 libappstream-glib-0.5.14-1.fc23
libgusb-0.2.9-1.fc23 PackageKit-1.1.1-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bd708869ef
gnome-terminal-3.18.3-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d25ebba412 sudo-1.8.15-2.fc23
The following builds have been pushed to Fedora 23 updates-testing
PackageKit-1.1.1-2.fc23
docker-1.10.3-24.gitf476348.fc23
gnome-software-3.20.3-1.fc23.1
gnome-terminal-3.18.3-2.fc23
json-glib-1.2.0-1.fc23
koji-containerbuild-0.6.3-1.1.fc23
libappstream-glib-0.5.14-1.fc23
libguestfs-1.32.5-1.fc23
libgusb-0.2.9-1.fc23
libmediainfo-0.7.86-1.fc23
mediainfo-0.7.86-1.fc23
mkdocs-basic-theme-1.0.1-3.fc23
mom-0.5.4-1.fc23
php-horde-Horde-Imap-Client-2.29.7-1.fc23
php-horde-Horde-Mime-2.9.5-1.fc23
php-pear-1.10.1-2.fc23
proftpd-1.3.5b-2.fc23
python-urllib3-1.15.1-2.fc23
python3-pytest-asyncio-0.4.0-1.gitb4a4bf8.fc23
rdma-2.0-22.fc23
scanmem-0.15.8-1.fc23
sudo-1.8.15-2.fc23
xfce4-power-manager-1.6.0-4.fc23
Details about builds:
================================================================================
PackageKit-1.1.1-2.fc23 (FEDORA-2016-fad11727bf)
Package management service
--------------------------------------------------------------------------------
Update Information:
gnome-software 3.20.3 release and its dependencies. Notably, this release adds
support for graphical system upgrades from Fedora 23 to 24. For details on how
to test this, please see
https://blogs.gnome.org/hughsie/2016/04/20/upgrading-
fedora-23-to-24-using-gnome-software/
--------------------------------------------------------------------------------
================================================================================
docker-1.10.3-24.gitf476348.fc23 (FEDORA-2016-6a0d540088)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker
@projectatomic/fedora-1.10.3 commit f476348 ---- built docker
@projectatomic/fedora-1.10.3 commit 4158ccc ---- Resolves: #1335649 - enable
Red Hat subscription use in Docker containers on Fedora ---- built docker
@projectatomic/fedora-1.10.3 commit 8ecd47f ---- built docker
@projectatomic/fedora-1.10.3 commit 8ecd47f ---- built docker
@projectatomic/fedora-1.10.3 commit 667d6d1 ---- built docker
@projectatomic/fedora-1.10.3 commit bba2d6d ---- built docker
@projectatomic/fedora-1.10.3 commit a41254f ---- built docker
@projectatomic/fedora-1.10.3 commit#964eda6 ---- built docker
@projectatomic/fedora-1.10.3 commit#ef2fa35 ---- docker package runtime
depends on docker-forward-journald ---- rebuilt to remove dockerroot user
creation ---- rebuilt to remove dockerroot user creation ---- rebuilt to
include dss_libdir directory ---- built docker @projectatomic/fedora-1.10.2
commit#86e59a5 ---- rebuilt with seccomp enabled ---- built docker
@projectatomic/fedora-1.10.1 commit#6c71d8f ---- built docker
@projectatomic/fedora-1.10.1 commit#6c71d8f ---- rebuilt, no change ----
built docker @projectatomic/fedora-1.10.2 commit#0f5ac89
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1335649 - Enable use of Red Hat subscriptions in docker containers on Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=1335649
[ 2 ] Bug #1289851 - Docker.service does not require docker.socket which can lead to
Docker crash when docker.sock is host mounted
https://bugzilla.redhat.com/show_bug.cgi?id=1289851
[ 3 ] Bug #1254694 - "man docker-login" incorrectly claims that you can
"docker login" to Docker Hub as non-root user
https://bugzilla.redhat.com/show_bug.cgi?id=1254694
[ 4 ] Bug #1269602 - Secrets patch does not work in Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=1269602
[ 5 ] Bug #1289963 - docker push not working in 1.9.1
https://bugzilla.redhat.com/show_bug.cgi?id=1289963
[ 6 ] Bug #1303105 - Docker does not own /usr/lib/docker-storage-setup
https://bugzilla.redhat.com/show_bug.cgi?id=1303105
[ 7 ] Bug #1326110 - Unable to create containers with Kubernetes master and Docker
1.9.1-9
https://bugzilla.redhat.com/show_bug.cgi?id=1326110
[ 8 ] Bug #1312934 - "docker images" command returns all the repositories
prepended with the "docker.io/" string
https://bugzilla.redhat.com/show_bug.cgi?id=1312934
[ 9 ] Bug #1329454 - CVE-2016-3697 docker: privilege escalation via confusion of
usernames and UIDs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1329454
[ 10 ] Bug #1340921 - "Failed to get pwuid struct: user: unknown userid " log
spam
https://bugzilla.redhat.com/show_bug.cgi?id=1340921
--------------------------------------------------------------------------------
================================================================================
gnome-software-3.20.3-1.fc23.1 (FEDORA-2016-fad11727bf)
A software center for GNOME
--------------------------------------------------------------------------------
Update Information:
gnome-software 3.20.3 release and its dependencies. Notably, this release adds
support for graphical system upgrades from Fedora 23 to 24. For details on how
to test this, please see
https://blogs.gnome.org/hughsie/2016/04/20/upgrading-
fedora-23-to-24-using-gnome-software/
--------------------------------------------------------------------------------
================================================================================
gnome-terminal-3.18.3-2.fc23 (FEDORA-2016-bd708869ef)
Terminal emulator for GNOME
--------------------------------------------------------------------------------
Update Information:
Obsolete and replace nautilus-open-terminal.
--------------------------------------------------------------------------------
================================================================================
json-glib-1.2.0-1.fc23 (FEDORA-2016-fad11727bf)
Library for JavaScript Object Notation format
--------------------------------------------------------------------------------
Update Information:
gnome-software 3.20.3 release and its dependencies. Notably, this release adds
support for graphical system upgrades from Fedora 23 to 24. For details on how
to test this, please see
https://blogs.gnome.org/hughsie/2016/04/20/upgrading-
fedora-23-to-24-using-gnome-software/
--------------------------------------------------------------------------------
================================================================================
koji-containerbuild-0.6.3-1.1.fc23 (FEDORA-2016-fd721b2279)
Koji support for building layered container images
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream 0.6.3
--------------------------------------------------------------------------------
================================================================================
libappstream-glib-0.5.14-1.fc23 (FEDORA-2016-fad11727bf)
Library for AppStream metadata
--------------------------------------------------------------------------------
Update Information:
gnome-software 3.20.3 release and its dependencies. Notably, this release adds
support for graphical system upgrades from Fedora 23 to 24. For details on how
to test this, please see
https://blogs.gnome.org/hughsie/2016/04/20/upgrading-
fedora-23-to-24-using-gnome-software/
--------------------------------------------------------------------------------
================================================================================
libguestfs-1.32.5-1.fc23 (FEDORA-2016-9471861a5c)
Access and modify virtual machine disk images
--------------------------------------------------------------------------------
Update Information:
New upstream version 1.32.5.
--------------------------------------------------------------------------------
================================================================================
libgusb-0.2.9-1.fc23 (FEDORA-2016-fad11727bf)
GLib wrapper around libusb1
--------------------------------------------------------------------------------
Update Information:
gnome-software 3.20.3 release and its dependencies. Notably, this release adds
support for graphical system upgrades from Fedora 23 to 24. For details on how
to test this, please see
https://blogs.gnome.org/hughsie/2016/04/20/upgrading-
fedora-23-to-24-using-gnome-software/
--------------------------------------------------------------------------------
================================================================================
libmediainfo-0.7.86-1.fc23 (FEDORA-2016-329ac6574e)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.86.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1327542 - Incomplete package dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1327542
--------------------------------------------------------------------------------
================================================================================
mediainfo-0.7.86-1.fc23 (FEDORA-2016-329ac6574e)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.86.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1327542 - Incomplete package dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1327542
--------------------------------------------------------------------------------
================================================================================
mkdocs-basic-theme-1.0.1-3.fc23 (FEDORA-2016-d23e0609f1)
MkDocs Basic Theme
--------------------------------------------------------------------------------
Update Information:
Fix mkdocs version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333308 - mkdocs package required but none of the providers can be installed
https://bugzilla.redhat.com/show_bug.cgi?id=1333308
--------------------------------------------------------------------------------
================================================================================
mom-0.5.4-1.fc23 (FEDORA-2016-15de277a86)
Dynamically manage system resources on virtualization hosts
--------------------------------------------------------------------------------
Update Information:
This is a enhancement and patch release for mom. You might not need it unless
you are using the latest oVirt features.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Imap-Client-2.29.7-1.fc23 (FEDORA-2016-b830fd60d8)
Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:
**Horde_Imap_Client 2.29.7** * [mjr] Add sanity check for malformed offset in
Date header (Bug #14381). * [mjr] Fix fatal error in certain cases when
performing a BODY[HEADER.FIELDS] query. **Horde_Mime 2.9.5** * [mjr] Add
sanity check for malformed offset in Date header (Bug #14381).
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Mime-2.9.5-1.fc23 (FEDORA-2016-b830fd60d8)
Horde MIME Library
--------------------------------------------------------------------------------
Update Information:
**Horde_Imap_Client 2.29.7** * [mjr] Add sanity check for malformed offset in
Date header (Bug #14381). * [mjr] Fix fatal error in certain cases when
performing a BODY[HEADER.FIELDS] query. **Horde_Mime 2.9.5** * [mjr] Add
sanity check for malformed offset in Date header (Bug #14381).
--------------------------------------------------------------------------------
================================================================================
php-pear-1.10.1-2.fc23 (FEDORA-2016-1a0ef2a09a)
PHP Extension and Application Repository framework
--------------------------------------------------------------------------------
Update Information:
**Archive_Tar 1.4.2** * Fix reading of archives with files > 8GB * Performance
optimizations * Do not try to call require_once on PEAR.php if it has already
been loaded by the autoloader
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.5b-2.fc23 (FEDORA-2016-33cdb2311c)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update contains a couple of bug fixes: * Handle client/server version
skew in mod_sql_mysql (
https://forums.proftpd.org/smf/index.php?topic=11887.0)
* Fix segfaults in mod_sftp (
http://bugzilla.redhat.com/1337880,
http://bugs.proftpd.org/show_bug.cgi?id=4203)
--------------------------------------------------------------------------------
================================================================================
python-urllib3-1.15.1-2.fc23 (FEDORA-2016-d76350d8c5)
Python HTTP library with thread-safe connection pooling and file post
--------------------------------------------------------------------------------
Update Information:
Remove broken symlinks.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295015 - Many Packages create broken symbolic links - in this case Python34
https://bugzilla.redhat.com/show_bug.cgi?id=1295015
--------------------------------------------------------------------------------
================================================================================
python3-pytest-asyncio-0.4.0-1.gitb4a4bf8.fc23 (FEDORA-2016-7cd8b4998f)
Pytest support for asyncio
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1341426 - python3-pytest-asyncio-0.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1341426
--------------------------------------------------------------------------------
================================================================================
rdma-2.0-22.fc23 (FEDORA-2016-f5c8ff167b)
RDMA Kernel Stack Initializer
--------------------------------------------------------------------------------
Update Information:
It fixes a module load bug.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1341617 - $CMDLINE_OPTS must come after the module name
https://bugzilla.redhat.com/show_bug.cgi?id=1341617
--------------------------------------------------------------------------------
================================================================================
scanmem-0.15.8-1.fc23 (FEDORA-2016-33d60eedf0)
Memory scanner
--------------------------------------------------------------------------------
Update Information:
Update t 0.15.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1341438 - scanmem-v0.15.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1341438
--------------------------------------------------------------------------------
================================================================================
sudo-1.8.15-2.fc23 (FEDORA-2016-d25ebba412)
Allows restricted root access for specified users
--------------------------------------------------------------------------------
Update Information:
* removed INPUTRC from env_keep to prevent a possible info leak
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1339935 - readline: Possible info leak via INPUTRC
https://bugzilla.redhat.com/show_bug.cgi?id=1339935
--------------------------------------------------------------------------------
================================================================================
xfce4-power-manager-1.6.0-4.fc23 (FEDORA-2016-463239c374)
Power management for the Xfce desktop environment
--------------------------------------------------------------------------------
Update Information:
Fix issues with slow start and slow right click menu. ---- Have the desktop
file not show xfce4-power-manager when using the MATE desktop env. It has it's
own power manager. ---- Update to 1.6.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1318642 - Please add MATE to NotShowIn in desktop file
https://bugzilla.redhat.com/show_bug.cgi?id=1318642
[ 2 ] Bug #1339335 - Update xfce4-power-manager to current upstream release
https://bugzilla.redhat.com/show_bug.cgi?id=1339335
[ 3 ] Bug #1241899 - PM plugin leaks memory
https://bugzilla.redhat.com/show_bug.cgi?id=1241899
--------------------------------------------------------------------------------