The following Fedora 22 Security updates need testing:
Age URL
389
https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878
echoping-6.1-0.beta.r434svn.1.fc22
338
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185
ceph-deploy-1.5.25-1.fc22
271
https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781
python-kdcproxy-0.3.2-1.fc22
225
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22
214
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf
openstack-swift-2.2.0-6.fc22
183
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d
miniupnpc-1.9-6.fc22
165
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
165
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
147
https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105
ImageMagick-6.9.2.7-1.fc22
132
https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22
106
https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0
thttpd-2.25b-37.fc22
82
https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b
xdelta-3.0.7-7.fc22
71
https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494
mingw-nsis-2.50-1.fc22
63
https://bodhi.fedoraproject.org/updates/FEDORA-2016-338a7e9925
graphite2-1.3.6-1.fc22
59
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765
python-pygments-2.1.3-1.fc22
54
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b40eb9e29
libecap-1.0.0-1.fc22 squid-3.5.10-1.fc22
27
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d4b68e412
imlib2-1.4.8-1.fc22
25
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d19ed2f80d
squid-3.5.10-2.fc22
20
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc
poppler-0.30.0-4.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-373c063e79
kernel-4.4.8-200.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5a9313e4b4
perl-5.20.3-330.fc22
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bad2b755
thunderbird-45.0-2.fc22
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1aaf308de4
community-mysql-5.6.30-1.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a5ce6a6c0
cacti-0.8.8g-1.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c
rpm-4.12.0.1-17.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6fd7a31d36
pgpdump-0.30-1.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e205218629 php-5.6.21-1.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9851b69dbb
openvas-cli-1.4.4-1.fc22 openvas-gsa-6.0.10-3.fc22 openvas-libraries-8.0.7-2.fc22
openvas-manager-6.0.8-2.fc22 openvas-scanner-5.0.5-3.fc22
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe0d8f126a
botan-1.10.13-1.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-777d838c1b
ntp-4.2.6p5-40.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
265
https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22
183
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f
libgphoto2-2.5.8-1.fc22
165
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
165
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
89
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64
mobile-broadband-provider-info-1.20151214-1.fc22
71
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab
selinux-policy-3.13.1-128.28.fc22
60
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22
47
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c
upower-0.99.3-2.fc22
27
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d4b68e412
imlib2-1.4.8-1.fc22
20
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc
poppler-0.30.0-4.fc22
16
https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4
libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22
15
https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b
pygtk2-2.24.0-14.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1122e53c5a expat-2.1.1-1.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-89e3334638
gnome-shell-3.16.4-2.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5a9313e4b4
perl-5.20.3-330.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-83b47a28ce
wavpack-4.80.0-1.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-373c063e79
kernel-4.4.8-200.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8
lldpad-1.0.1-4.git036e314.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-476f32d4ec
evolution-ews-3.16.5-2.fc22 libsoup-2.50.0-2.fc22
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bad2b755
thunderbird-45.0-2.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c
rpm-4.12.0.1-17.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc848e483a
xulrunner-44.0-6.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad6926a3c8
firefox-46.0-5.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e99389f35d
openssh-6.9p1-12.fc22
The following builds have been pushed to Fedora 22 updates-testing
argus-3.0.8-6.fc22
dhcp-4.3.2-8.fc22
gmic-1.7.1-1.fc22
kshutdown-3.99.1-0.1.beta.fc22
mutt-1.6.1-1.fc22
ntp-4.2.6p5-40.fc22
openssh-6.9p1-12.fc22
owncloud-8.2.3-6.fc22
perl-Module-CoreList-5.20160429-1.fc22
perl-PerlIO-eol-0.16-1.fc22
perl-Thread-Queue-3.09-1.fc22
php-myclabs-deep-copy-1.5.1-1.fc22
php-owncloud-tarstreamer-0.1.0-1.fc22
php-swiftmailer-5.4.2-1.fc22
php-symfony-2.7.12-2.fc22
python-justbytes-0.7-1.fc22
Details about builds:
================================================================================
argus-3.0.8-6.fc22 (FEDORA-2016-41153ed93e)
Network transaction audit tool
--------------------------------------------------------------------------------
Update Information:
Logrotate fix.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1332098 - /etc/logrotate.d/argus from argus-3.0.8-4.fc23.x86_64 causes global
default log compression for all logs handled by logrotate and not just the argus log
https://bugzilla.redhat.com/show_bug.cgi?id=1332098
--------------------------------------------------------------------------------
================================================================================
dhcp-4.3.2-8.fc22 (FEDORA-2016-3e64b32a91)
Dynamic host configuration protocol software
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-2774
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1315259 - CVE-2016-2774 dhcp: unclosed TCP connections to OMAPI or failover
ports can cause DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1315259
--------------------------------------------------------------------------------
================================================================================
gmic-1.7.1-1.fc22 (FEDORA-2016-078df266cf)
GREYC's Magic for Image Computing
--------------------------------------------------------------------------------
Update Information:
bump version ---- bump version ---- bump version ---- bump version
--------------------------------------------------------------------------------
================================================================================
kshutdown-3.99.1-0.1.beta.fc22 (FEDORA-2016-2b306dadc1)
Graphical shutdown utility for Plasma 5
--------------------------------------------------------------------------------
Update Information:
KShutdown 3.99.1 beta release. For more information visit
http://kshutdown.sourceforge.net/releases/3.99.1beta.html.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331948 - kshutdown-3.99.1beta is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331948
--------------------------------------------------------------------------------
================================================================================
mutt-1.6.1-1.fc22 (FEDORA-2016-261a6b80b2)
A text mode mail user agent
--------------------------------------------------------------------------------
Update Information:
Bugfix release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1332105 - mutt-1.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1332105
--------------------------------------------------------------------------------
================================================================================
ntp-4.2.6p5-40.fc22 (FEDORA-2016-777d838c1b)
The NTP daemon and utilities
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-1548, CVE-2016-2516, CVE-2016-2518, CVE-2016-1550
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed
packets
https://bugzilla.redhat.com/show_bug.cgi?id=1331462
[ 2 ] Bug #1331466 - CVE-2016-2516 ntp: assertion failure in ntpd on duplicate IPs on
unconfig directives
https://bugzilla.redhat.com/show_bug.cgi?id=1331466
[ 3 ] Bug #1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet
https://bugzilla.redhat.com/show_bug.cgi?id=1331468
[ 4 ] Bug #1331464 - CVE-2016-1550 ntp: libntp message digest disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=1331464
--------------------------------------------------------------------------------
================================================================================
openssh-6.9p1-12.fc22 (FEDORA-2016-e99389f35d)
An open source implementation of SSH protocol versions 1 and 2
--------------------------------------------------------------------------------
Update Information:
Fix DH GEX against non-default group sizes (openssh-7.2) (#1332082)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1332082 - server host key signature fails after update to 7.2p2
https://bugzilla.redhat.com/show_bug.cgi?id=1332082
--------------------------------------------------------------------------------
================================================================================
owncloud-8.2.3-6.fc22 (FEDORA-2016-377b1a015c)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
Owncloud now follows the PHP SIG direction of using a fedora autoloader to
directly call the autoloaders of the PHP libraries used. In addition a %check
has been added to ensure the autoloader works correctly and new dependency
versions bumped to match more closely with upstream.
--------------------------------------------------------------------------------
================================================================================
perl-Module-CoreList-5.20160429-1.fc22 (FEDORA-2016-28b86e4922)
What modules are shipped with versions of perl
--------------------------------------------------------------------------------
Update Information:
This release brings data for perl 5.22.2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331902 - perl-Module-CoreList-5.20160429 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331902
--------------------------------------------------------------------------------
================================================================================
perl-PerlIO-eol-0.16-1.fc22 (FEDORA-2016-34683649de)
PerlIO layer for normalizing line endings
--------------------------------------------------------------------------------
Update Information:
This release corrects build-time warnings. ---- This release improves
documentation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331951 - perl-PerlIO-eol-0.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331951
[ 2 ] Bug #1330787 - perl-PerlIO-eol-0.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1330787
--------------------------------------------------------------------------------
================================================================================
perl-Thread-Queue-3.09-1.fc22 (FEDORA-2016-986f5d9b83)
Thread-safe queues
--------------------------------------------------------------------------------
Update Information:
This release updates documentation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331991 - perl-Thread-Queue-3.09 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331991
--------------------------------------------------------------------------------
================================================================================
php-myclabs-deep-copy-1.5.1-1.fc22 (FEDORA-2016-4ee30b1a5d)
Create deep copies (clones) of your objects
--------------------------------------------------------------------------------
Update Information:
**Version 1.5.1** * fix for exception
--------------------------------------------------------------------------------
================================================================================
php-owncloud-tarstreamer-0.1.0-1.fc22 (FEDORA-2016-4f1b200e56)
Streaming dynamic tar files
--------------------------------------------------------------------------------
Update Information:
**Version 0.1.0** * Use UTF-8 filenames for any browser except Internet
Explorer
--------------------------------------------------------------------------------
================================================================================
php-swiftmailer-5.4.2-1.fc22 (FEDORA-2016-eb8932fefc)
Free Feature-rich PHP Mailer
--------------------------------------------------------------------------------
Update Information:
**Version 5.4.2** (2016-05-01) * fixed support for IPv6 sockets * added auto-
retry when sending messages from the memory spool * fixed consecutive read
calls in Swift_ByteStream_FileByteStream * added support for iso-8859-15
encoding * fixed PHP mail extra params on missing reversePath * added methods
to set custom stream context options * fixed charset changes in
QpContentEncoderProxy * added return-path header to the ignoredHeaders list of
DKIMSigner * fixed crlf for subject using mail * fixed add soft line break
only when necessary * fixed escaping command-line args to Sendmail
--------------------------------------------------------------------------------
================================================================================
php-symfony-2.7.12-2.fc22 (FEDORA-2016-bef87ba099)
PHP framework for web projects
--------------------------------------------------------------------------------
Update Information:
**Version 2.7.12** (2016-04-29) * bug #18180 [Form] fixed BC break with pre
selection of choices with `ChoiceType` and its children (HeahDude) * bug #18562
[WebProfilerBunde] Give an absolute url in case the request occured from another
domain (romainneutron) * bug #18603 [PropertyAccess] ->getValue() should be
read-only (nicolas-grekas) * bug #18593 [VarDumper] Fix dumping type hints for
non-existing parent classes (nicolas-grekas) * bug #18581 [Console]
[TableHelper] make it work with SymfonyStyle. (aitboudad) * bug #18280
[Routing] add query param if value is different from default (Tobion) * bug
#18496 [Console] use ANSI escape sequences in ProgressBar overwrite method
(alekitto) * bug #18491 [DependencyInjection] anonymous services are always
private (xabbuh) * bug #18515 [Filesystem] Better error handling in remove()
(nicolas-grekas) * bug #18449 [PropertyAccess] Fix regression (nicolas-grekas)
* bug #18429 [Console] Correct time formatting. (camporter) * bug #18467
[DependencyInjection] Resolve aliases before removing abstract services + add
tests (nicolas-grekas) * bug #18460 [DomCrawler] Fix select option with empty
value (Matt Wells) * bug #18425 [Security] Fixed SwitchUserListener when
exiting an impersonation with AnonymousToken (lyrixx) * bug #18317 [Form] fix
"prototype" not required when parent form is not required (HeahDude) * bug
#18439 [Logging] Add support for Firefox (43+) in ChromePhpHandler (arjenm) *
bug #18385 Detect CLI color support for Windows 10 build 10586 (mlocati) * bug
#18426 [EventDispatcher] Try first if the event is Stopped (lyrixx) * bug
#18394 [FrameworkBundle] Return the invokable service if its name is the class
name (dunglas) * bug #18265 Optimize ReplaceAliasByActualDefinitionPass (ajb-
in) * bug #18349 [Process] Fix stream_select priority when writing to stdin
(nicolas-grekas) * bug #18358 [Form] NumberToLocalizedStringTransformer should
return floats when possible (nicolas-grekas) * bug #17926 [DependencyInjection]
Enable alias for service_container (hason) * bug #18352 [Debug] Fix case
sensitivity checks (nicolas-grekas) * bug #18336 [Debug] Fix handling of php7
throwables (nicolas-grekas) * bug #18354 [FrameworkBundle][TwigBridge] fix high
deps tests (xabbuh) * bug #18312 [ClassLoader] Fix storing not-found classes in
APC cache (nicolas-grekas) * bug #18298 [Validator] do not treat payload as
callback (xabbuh)
--------------------------------------------------------------------------------
================================================================================
python-justbytes-0.7-1.fc22 (FEDORA-2016-09ecd64414)
A library for handling computation with address ranges in bytes
--------------------------------------------------------------------------------
Update Information:
New upstream version. Significant API changes. But this should be no problem as
no clients yet in Fedora.
--------------------------------------------------------------------------------