The following Fedora 24 Security updates need testing:
Age URL
77
https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08
squid-3.5.23-1.fc24
71
https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24
33
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba
runc-1.0.0-5.rc2.gitc91b5be.fc24
26
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a5b89363f
libwmf-0.2.8.4-50.fc24
13
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bcab179007
drupal7-views-3.15-1.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-25df1dbd02
munin-2.0.30-5.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-aaf92c483c
php-pear-PHP-CodeSniffer-2.8.1-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2bab54ac9
GraphicsMagick-1.3.25-6.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3b97b275da mupdf-1.10a-4.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b011e8c922
kdelibs-4.14.29-2.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-01eed6fe8c
kdelibs3-3.5.10-84.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-783e8fa63e
w3m-0.5.3-30.git20170102.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5b32a5782b
tor-0.2.9.10-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ce66f11df1
deluge-1.3.14-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2258cfb450
ettercap-0.8.2-4.1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-788129b61c
rpm-ostree-2017.3-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9298770ff8
qbittorrent-3.3.11-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-936a79ee30
tcpreplay-4.1.2-3.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e0b84ffad
wordpress-4.7.3-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e8460ebed6
icoutils-0.31.2-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f3484d64d2
firefox-52.0-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3bd0b2e2c0
libupnp-1.6.21-1.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a6183d9d27 lorax-24.22-1.fc24
10
https://bodhi.fedoraproject.org/updates/FEDORA-2017-efd3683a66 audit-2.7.3-1.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8a48514287 pcre-8.40-5.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b011e8c922
kdelibs-4.14.29-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f3484d64d2
firefox-52.0-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ca1228d688
hwdata-0.298-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7776280745 vim-8.0.425-1.fc24
The following builds have been pushed to Fedora 24 updates-testing
certbot-0.12.0-4.fc24
cryptlib-3.4.3.1-1.fc24
ddrescue-1.22-1.fc24
espresso-4.0-0.3.20170228git8a021f5.fc24
fedora-repos-24-6
firefox-52.0-1.fc24
flashrom-0.9.9-1.fc24
golang-github-bkaradzic-go-lz4-1.0.0-1.fc24
golang-github-circonus-labs-circonus-gometrics-0-0.1.gitd17a842.fc24
golang-github-circonus-labs-circonusllhist-0-0.1.git365d370.fc24
golang-github-hashicorp-go-retryablehttp-0-0.1.git6e85be8.fc24
golang-github-hashicorp-go-sockaddr-0-0.1.gitaf174a6.fc24
golang-github-hashicorp-hil-0-0.1.git1e86c6b.fc24
golang-github-mitchellh-copystructure-0-0.1.gitcdac825.fc24
golang-github-mitchellh-go-wordwrap-0-0.1.gitad45545.fc24
hwdata-0.298-1.fc24
icoutils-0.31.2-1.fc24
libupnp-1.6.21-1.fc24
perl-DateTime-Event-Recurrence-0.19-1.fc24
perl-Locale-SubCountry-2.02-1.fc24
php-zendframework-zend-ldap-2.8.0-1.fc24
pki-core-10.3.5-13.fc24
python-acme-0.12.0-3.fc24
python-certbot-apache-0.12.0-1.fc24
python-cornice-1.1.0-3.fc24
python-idna-2.5-1.fc24
python-msrest-0.4.6-1.fc24
python-volatility-2.6.0-2.fc24
qbittorrent-3.3.11-1.fc24
rpm-ostree-2017.3-1.fc24
tcpreplay-4.1.2-3.fc24
tint2-0.13-1.fc24
vulkan-1.0.42.0-1.fc24
watchdog-5.13-16.fc24
wordpress-4.7.3-1.fc24
Details about builds:
================================================================================
certbot-0.12.0-4.fc24 (FEDORA-2017-0b35be64b3)
A free, automated certificate authority client
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.0 Upstream state that this is not quite python3 ready so default
to py2 but allow a py3 based command for testing. This update also provides the
correct cert_t labelling for generated certificates and adds an optional systemd
timer to handle renewals automatically (see README.fedora for more details on
this).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1428618 - python-certbot-apache-0.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1428618
[ 2 ] Bug #1428617 - certbot-0.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1428617
[ 3 ] Bug #1423378 - Build against python3 for Fedora releases
https://bugzilla.redhat.com/show_bug.cgi?id=1423378
[ 4 ] Bug #1428615 - python-acme-0.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1428615
[ 5 ] Bug #1289778 - Let's Encrypt gets wrong selinux context on generated
certificates
https://bugzilla.redhat.com/show_bug.cgi?id=1289778
[ 6 ] Bug #1377312 - Certificate renewal automation
https://bugzilla.redhat.com/show_bug.cgi?id=1377312
--------------------------------------------------------------------------------
================================================================================
cryptlib-3.4.3.1-1.fc24 (FEDORA-2017-23abcd9fb7)
Security library and toolkit for encryption and authentication services
--------------------------------------------------------------------------------
Update Information:
This update reflects the latest version 3.4.3.1 of cryptlib.
--------------------------------------------------------------------------------
================================================================================
ddrescue-1.22-1.fc24 (FEDORA-2017-c589414afc)
Data recovery tool trying hard to rescue data in case of read errors
--------------------------------------------------------------------------------
Update Information:
Update to bugfix release 1.22 of ddrescue
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1419216 - ddrescue-1.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1419216
--------------------------------------------------------------------------------
================================================================================
espresso-4.0-0.3.20170228git8a021f5.fc24 (FEDORA-2017-f07edb8cb5)
Extensible Simulation Package for Research on Soft matter
--------------------------------------------------------------------------------
Update Information:
Fixes problems with missing libs.
--------------------------------------------------------------------------------
================================================================================
fedora-repos-24-6 (FEDORA-2017-f02ab0ac67)
Fedora package repositories
--------------------------------------------------------------------------------
Update Information:
Fix for gpg key of Fedora 26
--------------------------------------------------------------------------------
================================================================================
firefox-52.0-1.fc24 (FEDORA-2017-f3484d64d2)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
- new upstream version (52.0)
--------------------------------------------------------------------------------
================================================================================
flashrom-0.9.9-1.fc24 (FEDORA-2017-4b615bb464)
Simple program for reading/writing flash chips content
--------------------------------------------------------------------------------
Update Information:
* Ver. 0.9.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1322046 - update to flashrom-0.9.9
https://bugzilla.redhat.com/show_bug.cgi?id=1322046
[ 2 ] Bug #1423567 - flashrom: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1423567
[ 3 ] Bug #1276518 - It would be nice if "flashrom" is built w/ ft2232_spi
https://bugzilla.redhat.com/show_bug.cgi?id=1276518
[ 4 ] Bug #1228855 - flashrom does not support FT2232 232H
https://bugzilla.redhat.com/show_bug.cgi?id=1228855
--------------------------------------------------------------------------------
================================================================================
golang-github-bkaradzic-go-lz4-1.0.0-1.fc24 (FEDORA-2017-2e516c276d)
Port of LZ4 lossless compression algorithm to Go
--------------------------------------------------------------------------------
Update Information:
New package for fedora. This go library is one of the dependencies of syncthing.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1428437 - Review Request: golang-github-bkaradzic-go-lz4 - Port of LZ4
lossless compression algorithm to Go
https://bugzilla.redhat.com/show_bug.cgi?id=1428437
--------------------------------------------------------------------------------
================================================================================
golang-github-circonus-labs-circonus-gometrics-0-0.1.gitd17a842.fc24
(FEDORA-2017-dba0d488be)
A go implementation of metrics reporting for Circonus
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410408 - Review Request: golang-github-circonus-labs-circonus-gometrics - A
go implementation of metrics reporting for Circonus
https://bugzilla.redhat.com/show_bug.cgi?id=1410408
--------------------------------------------------------------------------------
================================================================================
golang-github-circonus-labs-circonusllhist-0-0.1.git365d370.fc24
(FEDORA-2017-c1a6f3b19a)
A go implementation of Circonus log-linear histograms
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410356 - Review Request: golang-github-circonus-labs-circonusllhist - A go
implementation of Circonus log-linear histograms
https://bugzilla.redhat.com/show_bug.cgi?id=1410356
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-go-retryablehttp-0-0.1.git6e85be8.fc24 (FEDORA-2017-336e26bc33)
Retryable HTTP client in Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410392 - Review Request: golang-github-hashicorp-go-retryablehttp -
Retryable HTTP client in Go
https://bugzilla.redhat.com/show_bug.cgi?id=1410392
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-go-sockaddr-0-0.1.gitaf174a6.fc24 (FEDORA-2017-6ff1d9be31)
IP Address/UNIX Socket convenience functions for Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410393 - Review Request: golang-github-hashicorp-go-sockaddr - IP
Address/UNIX Socket convenience functions for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1410393
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-hil-0-0.1.git1e86c6b.fc24 (FEDORA-2017-4a22c8b3de)
HIL is a small embedded language for string interpolations
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410378 - Review Request: golang-github-hashicorp-hil - HIL is a small
embedded language for string interpolations
https://bugzilla.redhat.com/show_bug.cgi?id=1410378
--------------------------------------------------------------------------------
================================================================================
golang-github-mitchellh-copystructure-0-0.1.gitcdac825.fc24 (FEDORA-2017-6eaf99e621)
Go library for deep copying values in Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410401 - Review Request: golang-github-mitchellh-copystructure - Go library
for deep copying values in Go
https://bugzilla.redhat.com/show_bug.cgi?id=1410401
--------------------------------------------------------------------------------
================================================================================
golang-github-mitchellh-go-wordwrap-0-0.1.gitad45545.fc24 (FEDORA-2017-ebb338ff74)
A Go library for wrapping words in a string
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410394 - Review Request: golang-github-mitchellh-go-wordwrap - A Go library
for wrapping words in a string
https://bugzilla.redhat.com/show_bug.cgi?id=1410394
--------------------------------------------------------------------------------
================================================================================
hwdata-0.298-1.fc24 (FEDORA-2017-ca1228d688)
Hardware identification and configuration data
--------------------------------------------------------------------------------
Update Information:
Updated pci, usb and vendor ids.
--------------------------------------------------------------------------------
================================================================================
icoutils-0.31.2-1.fc24 (FEDORA-2017-e8460ebed6)
Utility for extracting and converting Microsoft icon and cursor files
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-6009, CVE-2017-6010, CVE-2017-6011.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422908 - CVE-2017-6011 icoutils: Buffer overflow in the simple_vec function
https://bugzilla.redhat.com/show_bug.cgi?id=1422908
[ 2 ] Bug #1422907 - CVE-2017-6010 icoutils: Buffer overflow in the extract_icons
function
https://bugzilla.redhat.com/show_bug.cgi?id=1422907
[ 3 ] Bug #1422906 - CVE-2017-6009 icoutils: Buffer overflow in the
decode_ne_resource_id function
https://bugzilla.redhat.com/show_bug.cgi?id=1422906
--------------------------------------------------------------------------------
================================================================================
libupnp-1.6.21-1.fc24 (FEDORA-2017-3bd0b2e2c0)
Universal Plug and Play (UPnP) SDK
--------------------------------------------------------------------------------
Update Information:
- miniserver: fix binding to ipv6 link-local addresses - Fix out-of-bound access
in create_url_list() (CVE-2016-8863) - If the error or info log files can not be
created, use stderr and stdout instead. - SF Bug Tracker #132 CVE-2016-6255:
write files via POST
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405617 - VLC does not see upnp resources
https://bugzilla.redhat.com/show_bug.cgi?id=1405617
[ 2 ] Bug #1388773 - CVE-2016-8863 libupnp: Heap buffer overflow in the create_url_list
function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1388773
[ 3 ] Bug #1358613 - CVE-2016-6255 libupnp: Unhandled POSTs can write to the filesystem
by default [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1358613
[ 4 ] Bug #1358351 - libupnp: Upload arbitrary file via POST [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1358351
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-Event-Recurrence-0.19-1.fc24 (FEDORA-2017-aecd4d6fe0)
DateTime::Set extension for create basic recurrence sets
--------------------------------------------------------------------------------
Update Information:
This release improves documentation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1430157 - perl-DateTime-Event-Recurrence-0.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1430157
--------------------------------------------------------------------------------
================================================================================
perl-Locale-SubCountry-2.02-1.fc24 (FEDORA-2017-133abca4a6)
ISO 3166-2 two letter subcountry codes
--------------------------------------------------------------------------------
Update Information:
This release stops poluting a global name space. It also provides updates
subcountry codes database.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429903 - perl-Locale-SubCountry-2.02 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1429903
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-ldap-2.8.0-1.fc24 (FEDORA-2017-8d53926627)
Zend Framework Ldap component
--------------------------------------------------------------------------------
Update Information:
**Version 2.8.0** - 2017-03-06 - [#53](https://github.com/zendframework/zend-
ldap/pull/53) Adds addAttribute-method to Ldap-class -
[#57](https://github.com/zendframework/zend-ldap/pull/57) adds support for new
coding-standards.
--------------------------------------------------------------------------------
================================================================================
pki-core-10.3.5-13.fc24 (FEDORA-2017-9ded483357)
Certificate System - PKI Core Components
--------------------------------------------------------------------------------
Update Information:
PKI TRAC Ticket #1710 - Add profile component that copies CN to SAN
--------------------------------------------------------------------------------
================================================================================
python-acme-0.12.0-3.fc24 (FEDORA-2017-0b35be64b3)
Python library for the ACME protocol
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.0 Upstream state that this is not quite python3 ready so default
to py2 but allow a py3 based command for testing. This update also provides the
correct cert_t labelling for generated certificates and adds an optional systemd
timer to handle renewals automatically (see README.fedora for more details on
this).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1428618 - python-certbot-apache-0.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1428618
[ 2 ] Bug #1428617 - certbot-0.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1428617
[ 3 ] Bug #1423378 - Build against python3 for Fedora releases
https://bugzilla.redhat.com/show_bug.cgi?id=1423378
[ 4 ] Bug #1428615 - python-acme-0.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1428615
[ 5 ] Bug #1289778 - Let's Encrypt gets wrong selinux context on generated
certificates
https://bugzilla.redhat.com/show_bug.cgi?id=1289778
[ 6 ] Bug #1377312 - Certificate renewal automation
https://bugzilla.redhat.com/show_bug.cgi?id=1377312
--------------------------------------------------------------------------------
================================================================================
python-certbot-apache-0.12.0-1.fc24 (FEDORA-2017-0b35be64b3)
The apache plugin for certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.0 Upstream state that this is not quite python3 ready so default
to py2 but allow a py3 based command for testing. This update also provides the
correct cert_t labelling for generated certificates and adds an optional systemd
timer to handle renewals automatically (see README.fedora for more details on
this).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1428618 - python-certbot-apache-0.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1428618
[ 2 ] Bug #1428617 - certbot-0.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1428617
[ 3 ] Bug #1423378 - Build against python3 for Fedora releases
https://bugzilla.redhat.com/show_bug.cgi?id=1423378
[ 4 ] Bug #1428615 - python-acme-0.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1428615
[ 5 ] Bug #1289778 - Let's Encrypt gets wrong selinux context on generated
certificates
https://bugzilla.redhat.com/show_bug.cgi?id=1289778
[ 6 ] Bug #1377312 - Certificate renewal automation
https://bugzilla.redhat.com/show_bug.cgi?id=1377312
--------------------------------------------------------------------------------
================================================================================
python-cornice-1.1.0-3.fc24 (FEDORA-2017-b9f5f2578d)
Define Web Services in Pyramid
--------------------------------------------------------------------------------
Update Information:
This update fixes autodoc generation. See related bugzilla links.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1430185 - Incompatible with docutils-1.13
https://bugzilla.redhat.com/show_bug.cgi?id=1430185
[ 2 ] Bug #1430186 - AttributeError: 'Env' object has no attribute
'ref_context'
https://bugzilla.redhat.com/show_bug.cgi?id=1430186
--------------------------------------------------------------------------------
================================================================================
python-idna-2.5-1.fc24 (FEDORA-2017-bbb484c4d6)
Internationalized Domain Names in Applications (IDNA)
--------------------------------------------------------------------------------
Update Information:
- Fix bug with Katakana middle dot context-rule (Thanks, Greg Shikhman.) ----
2.4 (2017-03-01): - Restore IDNAError to be a subclass of UnicodeError, as some
users of this library are only looking for the latter to catch invalid strings.
2.3 (2017-02-28): - Fix bugs relating to deriving IDNAError from UnicodeError.
- More memory footprint improvements (Thanks, Alex Gaynor)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429896 - python-idna-2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1429896
[ 2 ] Bug #1427850 - python-idna-2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1427850
--------------------------------------------------------------------------------
================================================================================
python-msrest-0.4.6-1.fc24 (FEDORA-2017-198f679d48)
AutoRest swagger generator Python client runtime
--------------------------------------------------------------------------------
Update Information:
* Allow Model sub-classes to be serialized if type is ���object���
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429904 - python-msrest-v0.4.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1429904
--------------------------------------------------------------------------------
================================================================================
python-volatility-2.6.0-2.fc24 (FEDORA-2017-6e19900da8)
Volatile memory extraction utility framework
--------------------------------------------------------------------------------
Update Information:
Update to bugfix release 2.6 of volatility framework.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409170 - python-volatility-2.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1409170
--------------------------------------------------------------------------------
================================================================================
qbittorrent-3.3.11-1.fc24 (FEDORA-2017-9298770ff8)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2017-6503 and CVE-2017-6504
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429530 - CVE-2017-6504 CVE-2017-6503 qbittorrent: Multiple security issues
https://bugzilla.redhat.com/show_bug.cgi?id=1429530
--------------------------------------------------------------------------------
================================================================================
rpm-ostree-2017.3-1.fc24 (FEDORA-2017-788129b61c)
Client side upgrade program and server side compose tool
--------------------------------------------------------------------------------
Update Information:
https://github.com/projectatomic/rpm-ostree/releases/tag/v2017.3 This release
includes a fix for
[
CVE-2017-2623](https://bugzilla.redhat.com/show_bug.cgi?id=1422157). There are
a few new features, such as `systemctl reload rpm-ostreed` now being supported.
Some bugfixes such as memory leak fixes. Besides that, there's a lot of internal
refactoring going on in preparation for work on local RPM installation.
--------------------------------------------------------------------------------
================================================================================
tcpreplay-4.1.2-3.fc24 (FEDORA-2017-936a79ee30)
Replay captured network traffic
--------------------------------------------------------------------------------
Update Information:
Patch CVE-2017-6429. Tcpcapinfo utility of Tcpreplay has a buffer overflow
vulnerability associated with parsing a crafted pcap file. This occurs in the
src/tcpcapinfo.c file when capture has a packet that is too large to handle.
References:
http://seclists.org/bugtraq/2017/Mar/22 Upstream bug:
https://github.com/appneta/tcpreplay/issues/278
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429521 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1429521
[ 2 ] Bug #1429522 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1429522
--------------------------------------------------------------------------------
================================================================================
tint2-0.13-1.fc24 (FEDORA-2017-3d50149afa)
A lightweight X11 desktop panel and task manager
--------------------------------------------------------------------------------
Update Information:
Update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429149 - tint2-v0.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1429149
--------------------------------------------------------------------------------
================================================================================
vulkan-1.0.42.0-1.fc24 (FEDORA-2017-03c244f9bb)
Vulkan loader and validation layers
--------------------------------------------------------------------------------
Update Information:
Update
--------------------------------------------------------------------------------
================================================================================
watchdog-5.13-16.fc24 (FEDORA-2017-3e800ded37)
Software and/or Hardware watchdog daemon
--------------------------------------------------------------------------------
Update Information:
Update spec file with new systemd-rpm macros
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #850364 - Introduce new systemd-rpm macros in watchdog spec file
https://bugzilla.redhat.com/show_bug.cgi?id=850364
--------------------------------------------------------------------------------
================================================================================
wordpress-4.7.3-1.fc24 (FEDORA-2017-7e0b84ffad)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.7.3 is now available**. This is a security release for all
previous versions and we strongly encourage you to update your sites
immediately. WordPress versions 4.7.2 and earlier are affected by six security
issues: * Cross-site scripting (XSS) via media file metadata. Reported by
Chris Andr�� Dale, Yorick Koster, and Simon P. Briggs. * Control characters
can trick redirect URL validation. Reported by Daniel Chatfield. *
Unintended files can be deleted by administrators using the plugin deletion
functionality. Reported by xuliang. * Cross-site scripting (XSS) via video
URL in YouTube embeds. Reported by Marc Montpas. * Cross-site scripting
(XSS) via taxonomy term names. Reported by Delta. * Cross-site request
forgery (CSRF) in Press This leading to excessive use of server resources.
Reported by Sipke Mellema. Thank you to the reporters for practicing
responsible disclosure. In addition to the security issues above, WordPress
4.7.3 contains 39 maintenance fixes to the 4.7 release series. For more
information, see the [release
notes](https://codex.wordpress.org/Version_4.7.3)
or consult the [list of
changes](https://core.trac.wordpress.org/query?status=cl
osed&milestone=4.7.3&group=component&col=id&col=summary&col=component&col=status
&col=owner&col=type&col=priority&col=keywords&order=priority).
--------------------------------------------------------------------------------