The following Fedora 25 Security updates need testing:
Age URL
100
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25
20
https://bodhi.fedoraproject.org/updates/FEDORA-2017-06f4b88ceb
php-onelogin-php-saml-2.10.5-1.fc25
11
https://bodhi.fedoraproject.org/updates/FEDORA-2017-99ad80f109
python-sleekxmpp-1.3.2-1.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-674d306f51
icecat-52.0.1-5.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd002b77c
xorgxrdp-0.2.1-1.fc25 xrdp-0.9.2-3.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed4c9b605b
php-horde-Horde-Crypt-2.7.6-1.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf1944f480
libpng15-1.5.28-1.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bad9942e42
libpng12-1.2.57-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab3acddd21
libtiff-4.0.7-4.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-054729ab08 xen-4.7.2-5.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cc029be02d tnef-1.4.14-1.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea86a8123b
pungi-4.1.14-1.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a11057f70e
ca-certificates-2017.2.11-1.1.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-85b7d7129b
flatpak-0.9.2-1.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a40dca1e21
gtk3-3.22.11-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-aa46c8d9e0
tigervnc-1.7.1-4.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-37931b24eb cups-2.2.0-8.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5987ec3b8a
libdrm-2.4.77-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab3acddd21
libtiff-4.0.7-4.fc25
The following builds have been pushed to Fedora 25 updates-testing
GeoIP-GeoLite-data-2017.04-1.fc25
bugzilla-5.0.3-4.fc25
cacti-1.1.2-1.fc25
cups-2.2.0-8.fc25
dictd-1.12.1-14.fc25
dkms-2.3-4.20170313git974d838.fc25
dnfdragora-1.0.0-14.git20170405.cca9412.fc25
erlang-19.3.1-1.fc25
glibmm24-2.50.1-1.fc25
golang-github-calmh-du-1.0.1-1.fc25
golang-github-calmh-xdr-2.0.1-1.fc25
kompose-0.5.0-0.1.fc25
libdrm-2.4.77-1.fc25
libmediainfo-0.7.94-1.fc25
libtiff-4.0.7-4.fc25
libzen-0.4.35-1.fc25
lldpd-0.9.7-5.fc25
mediainfo-0.7.94-1.fc25
mod_lookup_identity-1.0.0-1.fc25
nfs-ganesha-2.4.5-1.fc25
nfs-utils-2.1.1-3.rc1.fc25
perl-Bot-BasicBot-0.90-1.fc25
perl-Test-Harness-3.39-1.fc25
perl-WWW-OrangeHRM-Client-0.10.3-1.fc25
python-faker-0.7.10-1.fc25
python-paho-mqtt-1.2.1-1.fc25
python-websockets-3.3-1.fc25
qemu-2.7.1-5.fc25
tigervnc-1.7.1-4.fc25
tnef-1.4.14-1.fc25
tripwire-2.4.3.5-1.fc25
xen-4.7.2-5.fc25
xonotic-0.8.2-2.fc25
Details about builds:
================================================================================
GeoIP-GeoLite-data-2017.04-1.fc25 (FEDORA-2017-9e084b541c)
Free GeoLite IP geolocation country database
--------------------------------------------------------------------------------
Update Information:
April 2017 database update.
--------------------------------------------------------------------------------
================================================================================
bugzilla-5.0.3-4.fc25 (FEDORA-2017-f2f561c439)
Bug tracking system
--------------------------------------------------------------------------------
Update Information:
This update of bugzilla fixes a number of small issues. The apache configuration
has been amended to allow .htaccess file in Bugzilla's filetree, dependencies
have been added and a fix has been backported from upstream to make bugzilla
stop emitting warnings.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403588 - /usr/share/bugzilla/assets/.htaccess: Require not allowed here
https://bugzilla.redhat.com/show_bug.cgi?id=1403588
[ 2 ] Bug #1425077 - Deprecated use of Slurp
https://bugzilla.redhat.com/show_bug.cgi?id=1425077
[ 3 ] Bug #1423283 - bugzilla: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1423283
--------------------------------------------------------------------------------
================================================================================
cacti-1.1.2-1.fc25 (FEDORA-2017-90a0f034ad)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 1.1.2 Release notes:
http://www.cacti.net/release_notes_1_1_2.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438425 - cacti-1.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1438425
--------------------------------------------------------------------------------
================================================================================
cups-2.2.0-8.fc25 (FEDORA-2017-37931b24eb)
CUPS printing system
--------------------------------------------------------------------------------
Update Information:
Updated cups-resolv_reload.patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437065 - CUPS does not recognize changes to /etc/resolv.conf until CUPS
restart
https://bugzilla.redhat.com/show_bug.cgi?id=1437065
--------------------------------------------------------------------------------
================================================================================
dictd-1.12.1-14.fc25 (FEDORA-2017-91c3605490)
DICT protocol (RFC 2229) server and command-line client
--------------------------------------------------------------------------------
Update Information:
Unify SPEC file to one version for all distributions.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1116553 - Make available for EPEL-6
https://bugzilla.redhat.com/show_bug.cgi?id=1116553
--------------------------------------------------------------------------------
================================================================================
dkms-2.3-4.20170313git974d838.fc25 (FEDORA-2017-479d0d652a)
Dynamic Kernel Module Support Framework
--------------------------------------------------------------------------------
Update Information:
Do not attempt to always install the "base" kernel-devel package even if the
correct variant is already installed.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1421106 - Switch from Requires kernel-devel to kernel-devel-uname-r
https://bugzilla.redhat.com/show_bug.cgi?id=1421106
[ 2 ] Bug #1436840 - on i386, dkms specifically requires kernel-devel and not
kernel-PAE-devel
https://bugzilla.redhat.com/show_bug.cgi?id=1436840
--------------------------------------------------------------------------------
================================================================================
dnfdragora-1.0.0-14.git20170405.cca9412.fc25 (FEDORA-2017-790958037b)
DNF package-manager based on libYui abstraction
--------------------------------------------------------------------------------
Update Information:
* Updated to snapshot fixing maximum recursion depth exceeded * Updated to
snapshot fixing several translations * Updated to snapshot with improved icons
and some fixed translations
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1436451 - maximum recursion depth exceeded while updating
https://bugzilla.redhat.com/show_bug.cgi?id=1436451
--------------------------------------------------------------------------------
================================================================================
erlang-19.3.1-1.fc25 (FEDORA-2017-9330b0c270)
General-purpose programming language and runtime environment
--------------------------------------------------------------------------------
Update Information:
* Ver. 19.3.1
--------------------------------------------------------------------------------
================================================================================
glibmm24-2.50.1-1.fc25 (FEDORA-2017-b8a057f824)
C++ interface for the GLib library
--------------------------------------------------------------------------------
Update Information:
glibmm 2.50.1 release. For details, see
https://mail.gnome.org/archives/ftp-
release-list/2017-April/msg00003.html
--------------------------------------------------------------------------------
================================================================================
golang-github-calmh-du-1.0.1-1.fc25 (FEDORA-2017-9345fbbe3b)
Disk Usage Information library for Go
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1439413 - golang-github-calmh-du-v1.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1439413
--------------------------------------------------------------------------------
================================================================================
golang-github-calmh-xdr-2.0.1-1.fc25 (FEDORA-2017-39b2f0be1f)
XDR enc/decoder for Go
--------------------------------------------------------------------------------
Update Information:
Update to version 2.0.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1439422 - golang-github-calmh-xdr-v2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1439422
--------------------------------------------------------------------------------
================================================================================
kompose-0.5.0-0.1.fc25 (FEDORA-2017-f75505a9f3)
Tool to move from 'docker-compose' to Kubernetes
--------------------------------------------------------------------------------
Update Information:
Update to kompose version 0.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1435032 - kompose-v0.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1435032
--------------------------------------------------------------------------------
================================================================================
libdrm-2.4.77-1.fc25 (FEDORA-2017-5987ec3b8a)
Direct Rendering Manager runtime library
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.77
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438788 - libdrm-2.4.77 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1438788
--------------------------------------------------------------------------------
================================================================================
libmediainfo-0.7.94-1.fc25 (FEDORA-2017-acf906d16f)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Updae to last MediaInfo release.
--------------------------------------------------------------------------------
================================================================================
libtiff-4.0.7-4.fc25 (FEDORA-2017-ab3acddd21)
Library of functions for manipulating TIFF format image files
--------------------------------------------------------------------------------
Update Information:
Security fix for: * **CVE-2016-10266** * **CVE-2016-10267** *
**CVE-2016-10268** * **CVE-2016-10269** * **CVE-2016-10270** *
**CVE-2016-10271** * **CVE-2016-10272**
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438472 - CVE-2016-10266 libtiff: Divide-by-zero in tif_read.c
https://bugzilla.redhat.com/show_bug.cgi?id=1438472
[ 2 ] Bug #1438458 - CVE-2016-10272 libtiff: Heap-based buffer overflow in tif_next.c
https://bugzilla.redhat.com/show_bug.cgi?id=1438458
[ 3 ] Bug #1438453 - CVE-2016-10271 libtiff: Heap-based buffer overflow in tif_fax3.c
https://bugzilla.redhat.com/show_bug.cgi?id=1438453
[ 4 ] Bug #1438449 - CVE-2016-10267 libtiff: Divide-by-zero in tif_ojpeg.c
https://bugzilla.redhat.com/show_bug.cgi?id=1438449
[ 5 ] Bug #1438447 - CVE-2016-10268 libtiff: Integer underflow in tiffcp.c
https://bugzilla.redhat.com/show_bug.cgi?id=1438447
[ 6 ] Bug #1438443 - CVE-2016-10269 libtiff: Heap-based buffer overflow in tiff_unix.c
https://bugzilla.redhat.com/show_bug.cgi?id=1438443
[ 7 ] Bug #1438441 - CVE-2016-10270 libtiff: Heap-based buffer overflow in tiff_read.c
https://bugzilla.redhat.com/show_bug.cgi?id=1438441
--------------------------------------------------------------------------------
================================================================================
libzen-0.4.35-1.fc25 (FEDORA-2017-acf906d16f)
Shared library for libmediainfo and medianfo*
--------------------------------------------------------------------------------
Update Information:
Updae to last MediaInfo release.
--------------------------------------------------------------------------------
================================================================================
lldpd-0.9.7-5.fc25 (FEDORA-2017-77fac90af3)
ISC-licensed implementation of LLDP
--------------------------------------------------------------------------------
Update Information:
New package for the LLDP daemon
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438853 - Review Request: lldpd - an ISC-licensed implementation of LLDP
https://bugzilla.redhat.com/show_bug.cgi?id=1438853
--------------------------------------------------------------------------------
================================================================================
mediainfo-0.7.94-1.fc25 (FEDORA-2017-acf906d16f)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Updae to last MediaInfo release.
--------------------------------------------------------------------------------
================================================================================
mod_lookup_identity-1.0.0-1.fc25 (FEDORA-2017-2bcf178aad)
Apache module to retrieve additional information about the authenticated user
--------------------------------------------------------------------------------
Update Information:
Rebase to new upstream version 1.0.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1439711 - mod_lookup_identity-1.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1439711
--------------------------------------------------------------------------------
================================================================================
nfs-ganesha-2.4.5-1.fc25 (FEDORA-2017-b1c73f9b1c)
NFS-Ganesha is a NFS Server running in user space
--------------------------------------------------------------------------------
Update Information:
nfs-ganesha 2.4.5 GA
--------------------------------------------------------------------------------
================================================================================
nfs-utils-2.1.1-3.rc1.fc25 (FEDORA-2017-2174db6c24)
NFS utilities and supporting clients and daemons for the kernel NFS server
--------------------------------------------------------------------------------
Update Information:
Added gssproxy server config file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431272 - Please ship gssproxy configuration snippet with NFS server
https://bugzilla.redhat.com/show_bug.cgi?id=1431272
--------------------------------------------------------------------------------
================================================================================
perl-Bot-BasicBot-0.90-1.fc25 (FEDORA-2017-5919906eae)
Simple IRC bot base class
--------------------------------------------------------------------------------
Update Information:
This release fixes setting raw_nick on chainjoin. It also updates the
documentation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1439415 - perl-Bot-BasicBot-0.90 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1439415
--------------------------------------------------------------------------------
================================================================================
perl-Test-Harness-3.39-1.fc25 (FEDORA-2017-61a688bf80)
Run Perl standard test scripts with statistics
--------------------------------------------------------------------------------
Update Information:
This release fixes internal tests wheb builing on Perl without "." in @INC
path.
We deliver it only to provide an up-to-date version string.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1439716 - perl-Test-Harness-3.39 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1439716
--------------------------------------------------------------------------------
================================================================================
perl-WWW-OrangeHRM-Client-0.10.3-1.fc25 (FEDORA-2017-fa46b4c0df)
Client for OrangeHRM
--------------------------------------------------------------------------------
Update Information:
This release fixes dispaying a time sheet status.
--------------------------------------------------------------------------------
================================================================================
python-faker-0.7.10-1.fc25 (FEDORA-2017-9876e71eaf)
Faker is a Python package that generates fake data for you
--------------------------------------------------------------------------------
Update Information:
Version 0.7.10 and remove huge man page
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438776 - manpage faker.1.gz is huge
https://bugzilla.redhat.com/show_bug.cgi?id=1438776
--------------------------------------------------------------------------------
================================================================================
python-paho-mqtt-1.2.1-1.fc25 (FEDORA-2017-1368a69b54)
A Python MQTT version 3.1/3.1.1 client class
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version 1.2.1
--------------------------------------------------------------------------------
================================================================================
python-websockets-3.3-1.fc25 (FEDORA-2017-d437c207c8)
An implementation of the WebSocket Protocol for python with asyncio
--------------------------------------------------------------------------------
Update Information:
Update to 3.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437285 - python-websockets-3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1437285
--------------------------------------------------------------------------------
================================================================================
qemu-2.7.1-5.fc25 (FEDORA-2017-96a7189749)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
Worka round hangs with recent glib (bz #1435432)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1435432 - Emulated ISA serial port hangs randomly when sending lots of data
from guest -> host
https://bugzilla.redhat.com/show_bug.cgi?id=1435432
[ 2 ] Bug #761102 - Improve man page
https://bugzilla.redhat.com/show_bug.cgi?id=761102
--------------------------------------------------------------------------------
================================================================================
tigervnc-1.7.1-4.fc25 (FEDORA-2017-aa46c8d9e0)
A TigerVNC remote display system
--------------------------------------------------------------------------------
Update Information:
Add systemd unit file for Xvnc.
--------------------------------------------------------------------------------
================================================================================
tnef-1.4.14-1.fc25 (FEDORA-2017-cc029be02d)
Extract files from email attachments like WINMAIL.DAT
--------------------------------------------------------------------------------
Update Information:
Release 1.4.14 includes security bug fixes introduced in 1.4.13 and a further
bug fix.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1427434 - CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef:
Multiple vulnerabilities fixed in 1.4.13 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1427434
--------------------------------------------------------------------------------
================================================================================
tripwire-2.4.3.5-1.fc25 (FEDORA-2017-f6038624d1)
IDS (Intrusion Detection System)
--------------------------------------------------------------------------------
Update Information:
update to 2.4.3.5
--------------------------------------------------------------------------------
================================================================================
xen-4.7.2-5.fc25 (FEDORA-2017-054729ab08)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
Qemu: 9pfs: host memory leakage via v9fs_create [CVE-2017-7377] (#1437873) x86:
broken check in memory_exchange() permits PV guest breakout [XSA-212,
CVE-2017-7228] (#1438804)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437871 - CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create
https://bugzilla.redhat.com/show_bug.cgi?id=1437871
[ 2 ] Bug #1434741 - CVE-2017-7228 xsa212 xen: x86: broken check in memory_exchange()
permits PV guest breakout (XSA-212)
https://bugzilla.redhat.com/show_bug.cgi?id=1434741
--------------------------------------------------------------------------------
================================================================================
xonotic-0.8.2-2.fc25 (FEDORA-2017-f2d32dbc45)
Multiplayer, deathmatch oriented first person shooter
--------------------------------------------------------------------------------
Update Information:
Build dedicated server.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1203793 - xonotic-dedicated fails to build
https://bugzilla.redhat.com/show_bug.cgi?id=1203793
--------------------------------------------------------------------------------