The following Fedora 22 Security updates need testing:
Age URL
397
https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878
echoping-6.1-0.beta.r434svn.1.fc22
346
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185
ceph-deploy-1.5.25-1.fc22
278
https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781
python-kdcproxy-0.3.2-1.fc22
233
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22
221
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf
openstack-swift-2.2.0-6.fc22
190
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d
miniupnpc-1.9-6.fc22
173
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
173
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
154
https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105
ImageMagick-6.9.2.7-1.fc22
140
https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22
114
https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0
thttpd-2.25b-37.fc22
90
https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b
xdelta-3.0.7-7.fc22
79
https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494
mingw-nsis-2.50-1.fc22
66
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765
python-pygments-2.1.3-1.fc22
27
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc
poppler-0.30.0-4.fc22
16
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1aaf308de4
community-mysql-5.6.30-1.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c
rpm-4.12.0.1-17.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e205218629 php-5.6.21-1.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe0d8f126a
botan-1.10.13-1.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-377b1a015c
owncloud-8.2.4-1.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d708261ce2
jackson-dataformat-xml-2.5.0-3.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4212484d5
imlib2-1.4.9-1.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d049ad1118
ioprocess-0.15.1-1.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2a1389f3e
pgpdump-0.31-1.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a159c484e4
kernel-4.4.9-200.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3f597b76b8 xen-4.5.3-3.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-01198b9f9d
cacti-0.8.8h-1.fc22
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
272
https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22
190
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f
libgphoto2-2.5.8-1.fc22
173
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
173
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
96
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64
mobile-broadband-provider-info-1.20151214-1.fc22
67
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22
55
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c
upower-0.99.3-2.fc22
27
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc
poppler-0.30.0-4.fc22
24
https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4
libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22
22
https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b
pygtk2-2.24.0-14.fc22
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-83b47a28ce
wavpack-4.80.0-1.fc22
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8
lldpad-1.0.1-4.git036e314.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c
rpm-4.12.0.1-17.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc848e483a
xulrunner-44.0-6.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e99389f35d
openssh-6.9p1-12.fc22
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-828f77de70
samba-4.2.12-0.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4212484d5
imlib2-1.4.9-1.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a159c484e4
kernel-4.4.9-200.fc22
The following builds have been pushed to Fedora 22 updates-testing
R-multcomp-1.4.5-2.fc22
ansible-inventory-grapher-2.1.0-2.fc22
atril-1.12.2-3.fc22
cacti-0.8.8h-1.fc22
check_postgres-2.22.0-1.fc22
dpm-contrib-admintools-0.2.2-1.fc22
fllog-1.2.3-1.fc22
geomorph-0.62-1.fc22
help2man-1.47.4-1.fc22
kernel-4.4.9-200.fc22
mingw-gtk2-2.24.30-1.fc22
nudoku-0.2.4-2.fc22
perl-Module-CoreList-5.20160507-1.fc22
perl-Params-Validate-1.24-1.fc22
perl-RPC-XML-0.80-1.fc22
pgpdump-0.31-1.fc22
pngquant-2.7.0-1.fc22
pyparsing-2.1.1-1.fc22
python-pysocks-1.5.6-3.fc22
xen-4.5.3-3.fc22
Details about builds:
================================================================================
R-multcomp-1.4.5-2.fc22 (FEDORA-2016-7109316b26)
Simultaneous inference for general linear hypotheses R Package
--------------------------------------------------------------------------------
Update Information:
Update to latest stable release. The following fixes are included: * fix bug in
linfct specified as a character (aka expression). Coefficients of main effects
may have been incorrect in the presence of interaction terms; * make cftest() a
little more flexible with parm and test arguments.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300121 - R-multcomp-1.4-5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1300121
--------------------------------------------------------------------------------
================================================================================
ansible-inventory-grapher-2.1.0-2.fc22 (FEDORA-2016-7d01e09b22)
Creates graphs representing ansible inventory
--------------------------------------------------------------------------------
Update Information:
Use github source that provided license and test files ---- Update to 2.1.0
--------------------------------------------------------------------------------
================================================================================
atril-1.12.2-3.fc22 (FEDORA-2016-e2dd43cc56)
Document viewer
--------------------------------------------------------------------------------
Update Information:
- revert fix for rhbz (#1303999), which introduced regressions - use right
dependencies for dvi backend, fix libjpeg dependency
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333811 - [abrt] atril: ev_web_view_disconnect_handlers(): atril killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1333811
--------------------------------------------------------------------------------
================================================================================
cacti-0.8.8h-1.fc22 (FEDORA-2016-01198b9f9d)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 0.8.8h - CVE-2016-3659
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1334330 - cacti-0.8.8h is available
https://bugzilla.redhat.com/show_bug.cgi?id=1334330
--------------------------------------------------------------------------------
================================================================================
check_postgres-2.22.0-1.fc22 (FEDORA-2016-fc6c9cb3ad)
PostgreSQL monitoring script
--------------------------------------------------------------------------------
Update Information:
Update to 2.22.0
--------------------------------------------------------------------------------
================================================================================
dpm-contrib-admintools-0.2.2-1.fc22 (FEDORA-2016-ca98fd696c)
DPM administration toolkit (contrib from GridPP)
--------------------------------------------------------------------------------
Update Information:
- new upstream release
--------------------------------------------------------------------------------
================================================================================
fllog-1.2.3-1.fc22 (FEDORA-2016-4615adbb43)
Amateur Radio Log Program
--------------------------------------------------------------------------------
Update Information:
Corrects table display issue when number of log entries occupy less than height
of the table.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1309836 - fllog-1.2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1309836
--------------------------------------------------------------------------------
================================================================================
geomorph-0.62-1.fc22 (FEDORA-2016-9940240ebb)
A height field editor for Linux
--------------------------------------------------------------------------------
Update Information:
New upstream version ---- Fix Gdk-ERROR: The program 'geomorph' received an X
Window System error.
--------------------------------------------------------------------------------
================================================================================
help2man-1.47.4-1.fc22 (FEDORA-2016-cbf01ef798)
Create simple man pages from --help output
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1334338 - help2man-1.47.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1334338
--------------------------------------------------------------------------------
================================================================================
kernel-4.4.9-200.fc22 (FEDORA-2016-a159c484e4)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.4.9 update contains an number of important fixes across the tree
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333712 - kernel: Slave being first propagated copy causes oops in
propagate_mnt
https://bugzilla.redhat.com/show_bug.cgi?id=1333712
[ 2 ] Bug #1333309 - CVE-2016-4485 kernel: Information leak in llc module
https://bugzilla.redhat.com/show_bug.cgi?id=1333309
[ 3 ] Bug #1333316 - CVE-2016-4486 kernel: Information leak in rtnetlink
https://bugzilla.redhat.com/show_bug.cgi?id=1333316
[ 4 ] Bug #1332931 - CVE-2016-4482 kernel: information leak in devio.c
https://bugzilla.redhat.com/show_bug.cgi?id=1332931
--------------------------------------------------------------------------------
================================================================================
mingw-gtk2-2.24.30-1.fc22 (FEDORA-2016-bb4cbb6b1a)
MinGW Windows Gtk2 library
--------------------------------------------------------------------------------
Update Information:
MinGW cross compiled gtk+ 2.24.30 release.
--------------------------------------------------------------------------------
================================================================================
nudoku-0.2.4-2.fc22 (FEDORA-2016-beaf1b0a49)
Ncurses based Sudoku game
--------------------------------------------------------------------------------
Update Information:
Add nudoku to repositories
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1315486 - Review Request: nudoku - Ncurses based sudoku game
https://bugzilla.redhat.com/show_bug.cgi?id=1315486
--------------------------------------------------------------------------------
================================================================================
perl-Module-CoreList-5.20160507-1.fc22 (FEDORA-2016-2cad151020)
What modules are shipped with versions of perl
--------------------------------------------------------------------------------
Update Information:
This release fixes a warning about too deep recursion. It also provides data for
perl 5.24.0 and 5.25.0. ---- This release brings data for perl 5.22.2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1334542 - perl-Module-CoreList-5.20160507 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1334542
[ 2 ] Bug #1331902 - perl-Module-CoreList-5.20160429 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331902
--------------------------------------------------------------------------------
================================================================================
perl-Params-Validate-1.24-1.fc22 (FEDORA-2016-475b157231)
Params-Validate Perl module
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1334352 - perl-Params-Validate-1.24 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1334352
--------------------------------------------------------------------------------
================================================================================
perl-RPC-XML-0.80-1.fc22 (FEDORA-2016-de6e64b9cc)
Set of classes for core data, message and XML handling
--------------------------------------------------------------------------------
Update Information:
This release fixes a leak with Expat parser, it avoids deprecated
IO::Socket::INET option, it fixes processing elements with numeric names. It
also makes tests more portable.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1334357 - perl-RPC-XML-0.80 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1334357
--------------------------------------------------------------------------------
================================================================================
pgpdump-0.31-1.fc22 (FEDORA-2016-f2a1389f3e)
PGP packet visualizer
--------------------------------------------------------------------------------
Update Information:
fix possible buffer overflow
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1334350 - pgpdump-0.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1334350
--------------------------------------------------------------------------------
================================================================================
pngquant-2.7.0-1.fc22 (FEDORA-2016-b7c56c0638)
PNG quantization tool for reducing image file size
--------------------------------------------------------------------------------
Update Information:
Update to 2.7.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1334353 - pngquant-2.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1334353
--------------------------------------------------------------------------------
================================================================================
pyparsing-2.1.1-1.fc22 (FEDORA-2016-72e3f66f56)
Python package with an object-oriented approach to text processing
--------------------------------------------------------------------------------
Update Information:
Update to latest stable release with the following list of changes: - Fixed bug
in `ParseResults.toDict()`, in which `dict` values were always converted to
dicts, even if they were just unkeyed lists of tokens. - Fixed bug in `SkipTo`
when using `failOn`. - Fixed bug in `Each` introduced in 2.1.0. - Removed use
of `functools.partial` in `replaceWith`, as this creates an ambiguous
signature for the generated parse action, which fails in PyPy. - Added
support for assigning to `ParseResults` using slices. - Added default behavior
to `QuotedString` to convert embedded '\t', '\n', etc. characters to
their
whitespace counterparts.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1320353 - pyparsing-2.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1320353
--------------------------------------------------------------------------------
================================================================================
python-pysocks-1.5.6-3.fc22 (FEDORA-2016-e27b942ad0)
A Python SOCKS client module
--------------------------------------------------------------------------------
Update Information:
Fix typo in explicit Conflicts with python-SocksiPy.
--------------------------------------------------------------------------------
================================================================================
xen-4.5.3-3.fc22 (FEDORA-2016-3f597b76b8)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
qemu-kvm: Integer overflow in SDL when creating too wide screen QEMU: Banked
access to VGA memory (VBE) uses inconsistent bounds checks [XSA-179,
CVE-2016-3710, CVE-2016-3712]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1318727 - qemu-kvm: Integer overflow in SDL when creating too wide screen
https://bugzilla.redhat.com/show_bug.cgi?id=1318727
[ 2 ] Bug #1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga
module
https://bugzilla.redhat.com/show_bug.cgi?id=1331401
[ 3 ] Bug #1318712 - CVE-2016-3712 qemu-kvm: Out-of-bounds read when creating weird vga
screen surface
https://bugzilla.redhat.com/show_bug.cgi?id=1318712
--------------------------------------------------------------------------------