The following Fedora 25 Security updates need testing:
Age URL
99
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25
19
https://bodhi.fedoraproject.org/updates/FEDORA-2017-06f4b88ceb
php-onelogin-php-saml-2.10.5-1.fc25
10
https://bodhi.fedoraproject.org/updates/FEDORA-2017-99ad80f109
python-sleekxmpp-1.3.2-1.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-674d306f51
icecat-52.0.1-5.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd002b77c
xorgxrdp-0.2.1-1.fc25 xrdp-0.9.2-3.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed4c9b605b
php-horde-Horde-Crypt-2.7.6-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf1944f480
libpng15-1.5.28-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bad9942e42
libpng12-1.2.57-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-51979161f4
tigervnc-1.7.1-3.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea86a8123b
pungi-4.1.14-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a11057f70e
ca-certificates-2017.2.11-1.1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-85b7d7129b
flatpak-0.9.2-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a40dca1e21
gtk3-3.22.11-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5a6a02391d file-5.29-4.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1b8a7c469 git-2.9.3-3.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-51979161f4
tigervnc-1.7.1-3.fc25
The following builds have been pushed to Fedora 25 updates-testing
a52dec-0.7.4-27.fc25
aide-0.16-2.fc25
ca-certificates-2017.2.11-1.1.fc25
chkrootkit-0.52-1.fc25
file-5.29-4.fc25
flatpak-0.9.2-1.fc25
gegl03-0.3.14-1.fc25
git-2.9.3-3.fc25
golang-github-cznic-fileutil-0-0.2.git90cf820.fc25
golang-github-cznic-sortutil-0-0.1.git4c73428.fc25
golang-github-cznic-strutil-0-0.1.git43a8959.fc25
gtk3-3.22.11-1.fc25
guacamole-server-0.9.12-1.fc25
mc-4.8.19-1.fc25
molequeue-0.8.0-2.20161222giteb397e.fc25
perl-LWP-UserAgent-DNS-Hosts-0.11-3.fc25
pkgconf-1.3.5-1.fc25
python-dbfread-2.0.7-3.git300b2d7.fc25
python-hglib-2.4-1.fc25
python-msrest-0.4.7-1.fc25
python-streamlink-0.5.0-1.fc25
rpmconf-1.0.19-1.fc25
snapd-2.23.6-4.fc25
snapd-glib-1.10-1.fc25
spacefm-1.0.5-4.fc25
tigervnc-1.7.1-3.fc25
unity-gtk-module-0.0.0+17.04.20170403-1.fc25
xonotic-0.8.2-1.fc25
xonotic-data-0.8.2-1.fc25
zathura-pdf-mupdf-0.3.1-1.fc25
zathura-pdf-poppler-0.2.7-1.fc25
Details about builds:
================================================================================
a52dec-0.7.4-27.fc25 (FEDORA-2017-6b4678f51e)
Small test program for liba52
--------------------------------------------------------------------------------
Update Information:
Fix upgrade path for 3rd part repos using a52dec-libs instead of liba52
--------------------------------------------------------------------------------
================================================================================
aide-0.16-2.fc25 (FEDORA-2017-5162abbf03)
Intrusion detection environment
--------------------------------------------------------------------------------
Update Information:
fixed upstream link
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1421355 - aide contrib directory is not readable
https://bugzilla.redhat.com/show_bug.cgi?id=1421355
[ 2 ] Bug #1421351 - /sbin/aide is not readable by non root
https://bugzilla.redhat.com/show_bug.cgi?id=1421351
--------------------------------------------------------------------------------
================================================================================
ca-certificates-2017.2.11-1.1.fc25 (FEDORA-2017-a11057f70e)
The Mozilla CA root certificate bundle
--------------------------------------------------------------------------------
Update Information:
This update supports a new PKCS#11 attribute CKA_NSS_MOZILLA_CA_POLICY. The
attribute has been defined by NSS version 3.30. The attribute is expected to be
set to true for CA certificates that have been added as part of the Mozilla CA
Policy process. The enhancement is required for compatibility with the future
Firefox 54 release, which will query this attribute when accessing root CA
certificates from the loaded CA trust module. On Fedora, Firefox is configured
to access the p11-kit-trust module, instead of the NSS CA trust module nssckbi.
This change to the ca-certificates package will make the attribute available to
p11-kit-trust and Firefox. Support for this new attribute requires p11-kit-
trust version and build 0.23.2-3, which contains the relevant backported
functionality from upstream version 0.23.5. To enable the addition of this
attribute, the ca-certificates package has been changed to use p11-kit-trust's
flexible p11-kit-object-v1 file format for the internal packaging of the CA
certificates list. The update-ca-trust command has been changed to add comments
to extracted PEM format files. The changes in this package version shouldn't
affect any existing functionality or trust.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1418741 - Change the CA + trust input format given from ca-certificates to
p11-kit-trust
https://bugzilla.redhat.com/show_bug.cgi?id=1418741
[ 2 ] Bug #1418739 - ca-certificates must set the nss-mozilla-ca-policy pkcs#11
attribute for Mozilla CAs
https://bugzilla.redhat.com/show_bug.cgi?id=1418739
--------------------------------------------------------------------------------
================================================================================
chkrootkit-0.52-1.fc25 (FEDORA-2017-8df4d86cda)
Tool to locally check for signs of a rootkit
--------------------------------------------------------------------------------
Update Information:
0.52
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438910 - update 0.52
https://bugzilla.redhat.com/show_bug.cgi?id=1438910
[ 2 ] Bug #1411126 - Suspicious detections on fresh installed system
https://bugzilla.redhat.com/show_bug.cgi?id=1411126
--------------------------------------------------------------------------------
================================================================================
file-5.29-4.fc25 (FEDORA-2017-5a6a02391d)
A utility for determining file types
--------------------------------------------------------------------------------
Update Information:
- fix utf-8 conversion in Python 2 bindings (#1433364)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433364 - python bindings no longer working with Python 2.7
https://bugzilla.redhat.com/show_bug.cgi?id=1433364
--------------------------------------------------------------------------------
================================================================================
flatpak-0.9.2-1.fc25 (FEDORA-2017-85b7d7129b)
Application deployment framework for desktop apps
--------------------------------------------------------------------------------
Update Information:
flatpak 0.9.2 release. For details, see
https://github.com/flatpak/flatpak/releases/tag/0.9.2
--------------------------------------------------------------------------------
================================================================================
gegl03-0.3.14-1.fc25 (FEDORA-2017-994a121f66)
Graph based image processing framework
--------------------------------------------------------------------------------
Update Information:
Be more memory efficient when converting a GeglBuffer to a GdkPixbuf.
--------------------------------------------------------------------------------
================================================================================
git-2.9.3-3.fc25 (FEDORA-2017-b1b8a7c469)
Fast Version Control System
--------------------------------------------------------------------------------
Update Information:
Calling git blame on an untracked file resulted in a segfault. Apply the
upstream [
patch](https://github.com/git/git/commit/bc6b13a7d) which resolves
this [
issue](https://bugzilla.redhat.com/1438801).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438801 - [abrt] git-core: __strcmp_sse2_unaligned(): git killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1438801
--------------------------------------------------------------------------------
================================================================================
golang-github-cznic-fileutil-0-0.2.git90cf820.fc25 (FEDORA-2017-471057d7ad)
File utility functions for Go
--------------------------------------------------------------------------------
Update Information:
New package for fedora. This is one of the dependencies of syncthing.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431732 - Review Request: golang-github-cznic-fileutil - File utility
functions for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1431732
--------------------------------------------------------------------------------
================================================================================
golang-github-cznic-sortutil-0-0.1.git4c73428.fc25 (FEDORA-2017-ee335a33cd)
Supplemental utilities for Go's sort package
--------------------------------------------------------------------------------
Update Information:
New package for fedora. This is one of the dependencies of syncthing.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431735 - Review Request: golang-github-cznic-sortutil - Supplemental
utilities for Go's sort package
https://bugzilla.redhat.com/show_bug.cgi?id=1431735
--------------------------------------------------------------------------------
================================================================================
golang-github-cznic-strutil-0-0.1.git43a8959.fc25 (FEDORA-2017-ba8291615d)
Supplemental utilities for Go's strings package
--------------------------------------------------------------------------------
Update Information:
New package for fedora. This is one of the dependencies of syncthing.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431736 - Review Request: golang-github-cznic-strutil - Supplemental
utilities for Go's strings package
https://bugzilla.redhat.com/show_bug.cgi?id=1431736
--------------------------------------------------------------------------------
================================================================================
gtk3-3.22.11-1.fc25 (FEDORA-2017-a40dca1e21)
The GIMP ToolKit (GTK+), a library for creating GUIs for X
--------------------------------------------------------------------------------
Update Information:
gtk+ 3.22.11 release. For details, see
https://mail.gnome.org/archives/ftp-
release-list/2017-March/msg00134.html
--------------------------------------------------------------------------------
================================================================================
guacamole-server-0.9.12-1.fc25 (FEDORA-2017-5465f87566)
Server-side native components that form the Guacamole proxy
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.12 release
--------------------------------------------------------------------------------
================================================================================
mc-4.8.19-1.fc25 (FEDORA-2017-34bd61b9fa)
User-friendly text console file manager and visual shell
--------------------------------------------------------------------------------
Update Information:
4.8.19
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1436394 - update to 4.8.19, switch from slang to ncurses, other cleanups
https://bugzilla.redhat.com/show_bug.cgi?id=1436394
[ 2 ] Bug #1429265 - mc-4.8.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1429265
--------------------------------------------------------------------------------
================================================================================
molequeue-0.8.0-2.20161222giteb397e.fc25 (FEDORA-2017-833b73f0b0)
Desktop integration of high performance computing resources
--------------------------------------------------------------------------------
Update Information:
- New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431444 - Review Request: molequeue - Desktop integration of high performance
computing resources
https://bugzilla.redhat.com/show_bug.cgi?id=1431444
--------------------------------------------------------------------------------
================================================================================
perl-LWP-UserAgent-DNS-Hosts-0.11-3.fc25 (FEDORA-2017-f1c5ba4a31)
Override LWP HTTP/HTTPS request's host like /etc/hosts
--------------------------------------------------------------------------------
Update Information:
- Latest upstream - Upstream switched to Module::Build::Tiny flow - Set minimum
version of Test::Fake::HTTPD to 0.08 - Remove deprecated Group tag - Fix typo
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429101 - perl-LWP-UserAgent-DNS-Hosts-0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1429101
--------------------------------------------------------------------------------
================================================================================
pkgconf-1.3.5-1.fc25 (FEDORA-2017-fa482d6f73)
Package compiler and linker metadata toolkit
--------------------------------------------------------------------------------
Update Information:
**Bug fixes**: - fix --variable output for compatibility some broken
configure scripts when they request the same variable from multiple packages
---- Update to 1.3.3, making behavior changes in 1.3.2 optional ---- -
**Features**: - implement `--short-errors` - **Bug fixes**: - only
consider a single package at a time with `--print-requires`, `--print-requires-
private`, `--print-provides`, `--modversion`, `--print-variable` and `--print-
variables` - rewrite handling of `--modversion`, `--print-variables` and
`--variable` to not require the dependency resolver - **Enhancements**: -
synchronized latest
freedesktop.org changes to pkg.m4 - improve error
reporting with legacy `--atleast-version` and similar flags
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1436463 - pkgconf-1.3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1436463
[ 2 ] Bug #1437101 - Pkgconf breaks golang
https://bugzilla.redhat.com/show_bug.cgi?id=1437101
--------------------------------------------------------------------------------
================================================================================
python-dbfread-2.0.7-3.git300b2d7.fc25 (FEDORA-2017-9996b7466a)
Read DBF Files with Python
--------------------------------------------------------------------------------
Update Information:
Fix shebang in examples
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431426 - Review Request: python-dbfread - Read DBF Files with Python
https://bugzilla.redhat.com/show_bug.cgi?id=1431426
--------------------------------------------------------------------------------
================================================================================
python-hglib-2.4-1.fc25 (FEDORA-2017-613477d23f)
Mercurial Python library
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release python-hglib 2.4.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438627 - python-hglib-2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1438627
--------------------------------------------------------------------------------
================================================================================
python-msrest-0.4.7-1.fc25 (FEDORA-2017-0470464858)
AutoRest swagger generator Python client runtime
--------------------------------------------------------------------------------
Update Information:
BugFixes * Refactor paging #22: * "next" is renamed
"advance_page" and
"next" returns only 1 element (Python 2 expected behavior) * paging
objects are now real generator and support the "next()" built-in function
without need for "iter()" * Raise accurate DeserialisationError on incorrect
RestAPI discriminator usage #27 * Fix discriminator usage of the base class
name #27 * Remove default mutable arguments in Clients #20 * Fix object
comparison in some scenarios #24
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1439197 - python-msrest-v0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1439197
--------------------------------------------------------------------------------
================================================================================
python-streamlink-0.5.0-1.fc25 (FEDORA-2017-c08f2a193e)
Python library for extracting streams from various websites
--------------------------------------------------------------------------------
Update Information:
Lot's of contributions since the last release. As always, lot's of updating to
plugins! One of the new features is the addition of Google Drive / Google Docs,
you can now stream videos stored on Google Docs. We've also gone ahead and
removed dead plugins (sites which have gone down) as well as added pycrypto as a
dependency for future plugins. See
https://github.com/streamlink/streamlink/releases/latest for more.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438991 - python-streamlink-0.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1438991
--------------------------------------------------------------------------------
================================================================================
rpmconf-1.0.19-1.fc25 (FEDORA-2017-0ce35fa95e)
Tool to handle rpmnew and rpmsave files
--------------------------------------------------------------------------------
Update Information:
* bugfix * new option --test
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1350249 - rpmconf tracebacks if one of the files is a broken symlink
https://bugzilla.redhat.com/show_bug.cgi?id=1350249
--------------------------------------------------------------------------------
================================================================================
snapd-2.23.6-4.fc25 (FEDORA-2017-37a7331620)
A transactional software package manager
--------------------------------------------------------------------------------
Update Information:
`snapd` 2.23.6 and `snapd-glib` 1.10 introduce support for using Snaps in
Fedora. `snapd` provides the Snappy system functionality, while `snapd-glib`
enables various applications to interact and integrate with `snapd`. See
https://snapcraft.io/ for more information on Snappy.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390616 - Review Request: snapd-glib - Library providing a GLib interface to
snapd
https://bugzilla.redhat.com/show_bug.cgi?id=1390616
[ 2 ] Bug #1367825 - Review Request: snapd - The snapd and snap tools enable systems to
work with .snap files
https://bugzilla.redhat.com/show_bug.cgi?id=1367825
[ 3 ] Bug #1421274 - Is this ever going to be built?
https://bugzilla.redhat.com/show_bug.cgi?id=1421274
[ 4 ] Bug #1438790 - snapd-glib-1.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1438790
--------------------------------------------------------------------------------
================================================================================
snapd-glib-1.10-1.fc25 (FEDORA-2017-37a7331620)
Library providing a GLib interface to snapd
--------------------------------------------------------------------------------
Update Information:
`snapd` 2.23.6 and `snapd-glib` 1.10 introduce support for using Snaps in
Fedora. `snapd` provides the Snappy system functionality, while `snapd-glib`
enables various applications to interact and integrate with `snapd`. See
https://snapcraft.io/ for more information on Snappy.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390616 - Review Request: snapd-glib - Library providing a GLib interface to
snapd
https://bugzilla.redhat.com/show_bug.cgi?id=1390616
[ 2 ] Bug #1367825 - Review Request: snapd - The snapd and snap tools enable systems to
work with .snap files
https://bugzilla.redhat.com/show_bug.cgi?id=1367825
[ 3 ] Bug #1421274 - Is this ever going to be built?
https://bugzilla.redhat.com/show_bug.cgi?id=1421274
[ 4 ] Bug #1438790 - snapd-glib-1.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1438790
--------------------------------------------------------------------------------
================================================================================
spacefm-1.0.5-4.fc25 (FEDORA-2017-ead5f9f02e)
Multi-panel tabbed file and desktop manager
--------------------------------------------------------------------------------
Update Information:
A bug was reported that opening preferences causes segv on wayland session. This
new rpm should fix this issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438277 - [abrt] spacefm: XRootWindowOfScreen(): spacefm killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1438277
--------------------------------------------------------------------------------
================================================================================
tigervnc-1.7.1-3.fc25 (FEDORA-2017-51979161f4)
A TigerVNC remote display system
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395
CVE-2017-7396.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438703 - CVE-2017-7396 tigervnc: SecurityServer and ClientServer memory
leaks
https://bugzilla.redhat.com/show_bug.cgi?id=1438703
[ 2 ] Bug #1438701 - CVE-2017-7395 tigervnc: Integer overflow in
SMsgReader::readClientCutText
https://bugzilla.redhat.com/show_bug.cgi?id=1438701
[ 3 ] Bug #1438700 - CVE-2017-7394 tigervnc: Server crash via long usernames
https://bugzilla.redhat.com/show_bug.cgi?id=1438700
[ 4 ] Bug #1438697 - CVE-2017-7393 tigervnc: Double free via crafted fences
https://bugzilla.redhat.com/show_bug.cgi?id=1438697
[ 5 ] Bug #1438694 - CVE-2017-7392 tigervnc: SSecurityVeNCrypt memory leak
https://bugzilla.redhat.com/show_bug.cgi?id=1438694
--------------------------------------------------------------------------------
================================================================================
unity-gtk-module-0.0.0+17.04.20170403-1.fc25 (FEDORA-2017-a0deba7ab0)
GTK+ module for exporting old-style menus as GMenuModels
--------------------------------------------------------------------------------
Update Information:
* New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438992 - unity-gtk-module-0.0.0+17.04.20170403 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1438992
--------------------------------------------------------------------------------
================================================================================
xonotic-0.8.2-1.fc25 (FEDORA-2017-e08d325224)
Multiplayer, deathmatch oriented first person shooter
--------------------------------------------------------------------------------
Update Information:
xonotic 0.8.2 release. For details, see
http://xonotic.org/posts/2017/xonotic-0-8-2-release/
--------------------------------------------------------------------------------
================================================================================
xonotic-data-0.8.2-1.fc25 (FEDORA-2017-e08d325224)
Game data for the Xonotic first person shooter
--------------------------------------------------------------------------------
Update Information:
xonotic 0.8.2 release. For details, see
http://xonotic.org/posts/2017/xonotic-0-8-2-release/
--------------------------------------------------------------------------------
================================================================================
zathura-pdf-mupdf-0.3.1-1.fc25 (FEDORA-2017-61cb9568a7)
PDF support for zathura via mupdf
--------------------------------------------------------------------------------
Update Information:
A new version of the Zathura mupdf-based PDF plugin is available. This build is
based on mupdf 1.10a. See
https://pwmt.org/news/zathura-pdf-mupdf-0-3-1/ for the
summary of changes in this release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1428927 - Update to 0.3.1 and rebuild against mupdf 1.10a
https://bugzilla.redhat.com/show_bug.cgi?id=1428927
--------------------------------------------------------------------------------
================================================================================
zathura-pdf-poppler-0.2.7-1.fc25 (FEDORA-2017-01907f180b)
PDF support for zathura via poppler
--------------------------------------------------------------------------------
Update Information:
A new version of the Zathura poppler-based PDF plugin is available. Refer to
https://pwmt.org/news/zathura-pdf-poppler-0-2-7/ for the summary of changes in
this release.
--------------------------------------------------------------------------------