The following Fedora 17 Security updates need testing:
Age URL
384
https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4....
196
https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-...
124
https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17
119
https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1...
116
https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2...
48
https://admin.fedoraproject.org/updates/FEDORA-2013-10121/subversion-1.7....
38
https://admin.fedoraproject.org/updates/FEDORA-2013-10940/tomcat6-6.0.37-...
6
https://admin.fedoraproject.org/updates/FEDORA-2013-13202/fdupes-1.51-1.fc17
6
https://admin.fedoraproject.org/updates/FEDORA-2013-13213/python-pip-1.3....
4
https://admin.fedoraproject.org/updates/FEDORA-2013-13252/moodle-2.2.11-1...
4
https://admin.fedoraproject.org/updates/FEDORA-2013-13231/rubygem-passeng...
1
https://admin.fedoraproject.org/updates/FEDORA-2013-13381/ghc-xmonad-cont...
0
https://admin.fedoraproject.org/updates/FEDORA-2013-13473/openttd-1.3.0-2...
0
https://admin.fedoraproject.org/updates/FEDORA-2013-13459/squid-3.2.13-1....
0
https://admin.fedoraproject.org/updates/FEDORA-2013-13499/analitza-4.10.5...
The following Fedora 17 Critical Path updates have yet to be approved:
Age URL
144
https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17
7
https://admin.fedoraproject.org/updates/FEDORA-2013-13129/livecd-tools-17...
7
https://admin.fedoraproject.org/updates/FEDORA-2013-13082/selinux-policy-...
6
https://admin.fedoraproject.org/updates/FEDORA-2013-13149/qtwebkit-2.3.2-...
0
https://admin.fedoraproject.org/updates/FEDORA-2013-13499/analitza-4.10.5...
The following builds have been pushed to Fedora 17 updates-testing
opendkim-2.8.4-1.fc17
openvpn-auth-ldap-2.0.3-12.fc17
squid-3.2.13-1.fc17
Details about builds:
================================================================================
opendkim-2.8.4-1.fc17 (FEDORA-2013-13552)
A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
--------------------------------------------------------------------------------
Update Information:
Updating to 2.8.4 upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 23 2013 Steve Jenkins <steve stevejenkins com> 2.8.4-1
- Updated to use newer upstream 2.8.4 source code
- Added libbsd build requirement
* Thu Jul 18 2013 Petr Pisar <ppisar(a)redhat.com> - 2.8.3-3
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
================================================================================
openvpn-auth-ldap-2.0.3-12.fc17 (FEDORA-2013-13579)
OpenVPN plugin for LDAP authentication
--------------------------------------------------------------------------------
Update Information:
Use the gnustep runtime
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 29 2013 Orion Poplawski <orion(a)cora.nwra.com> - 2.0.3-12
- Use gnustep runtime (bug #870988)
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0.3-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.0.3-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #870988 - Segfault of OpenVPN due to ldap authentication
https://bugzilla.redhat.com/show_bug.cgi?id=870988
--------------------------------------------------------------------------------
================================================================================
squid-3.2.13-1.fc17 (FEDORA-2013-13459)
The Squid proxy caching server
--------------------------------------------------------------------------------
Update Information:
This is security update that fixes CVE-2013-4123 and CVE-2013-4115.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 22 2013 Michal Luscon <mluscon(a)redhat.com> - 7:3.3.8-1
- Update to latest upstream version 3.2.13
- Fixed: CVE-2013-4123
* Fri May 3 2013 Michal Luscon <mluscon(a)redhat.com> - 7:3.2.11-1
- Update to latest upstream version 3.2.11
* Tue Apr 23 2013 Michal Luscon <mluscon(a)redhat.com> - 7:3.2.9-2
- Option '-k' is not stated in squidclient man
- Remove pid from service file(#913262)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #984632 - CVE-2013-4123 squid: Denial of service when processing
specially-crafted HTTP requests (SQUID-2013:3)
https://bugzilla.redhat.com/show_bug.cgi?id=984632
[ 2 ] Bug #983653 - CVE-2013-4115 squid: DoS (crash) due to a buffer overflow when
processing overly long DNS names
https://bugzilla.redhat.com/show_bug.cgi?id=983653
--------------------------------------------------------------------------------