The following Fedora 24 Security updates need testing:
Age URL
171
https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24
69
https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df
jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24
38
https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08
squid-3.5.23-1.fc24
31
https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24
15
https://bodhi.fedoraproject.org/updates/FEDORA-2017-19b0fe001d
runc-1.0.0-3.rc2.gitc91b5be.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-08207fe48b
python-crypto-2.6.1-13.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f8094477ee
mapserver-6.2.4-1.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2e7217e2a
irssi-0.8.21-1.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5a823376be
percona-xtrabackup-2.3.6-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d7ef286d1
drupal7-title-1.0-0.7.alpha9.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-294c23bb1d
phpMyAdmin-4.6.6-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6681f94e10
moodle-3.1.4-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5136456ce3
ghostscript-9.20-6.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6d6e2bfd1a
libXpm-3.5.12-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6cc158c193
kernel-4.9.6-100.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
17
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7585703fbe
selinux-policy-3.13.1-191.24.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6d6e2bfd1a
libXpm-3.5.12-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6cc158c193
kernel-4.9.6-100.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-61698d771f
perl-5.22.3-368.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2b2696b823 vim-8.0.238-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bfe67455ae
libtiff-4.0.7-2.fc24
The following builds have been pushed to Fedora 24 updates-testing
amanda-3.4.1-3.fc24
beakerlib-1.15-1.fc24
carbon-c-relay-2.6-1.fc24
configsnap-0.11-2.fc24
fedfind-3.4.0-1.fc24
ganglia-3.7.2-13.fc24
gofed-1.0.0-0.7.rc1.fc24
ibus-typing-booster-1.5.20-1.fc24
iguanaIR-1.1.0-19.fc24
kernel-4.9.6-100.fc24
libmicrohttpd-0.9.52-2.fc24
libtiff-4.0.7-2.fc24
pax-utils-1.2.2-1.fc24
perl-5.22.3-368.fc24
perl-Data-GUID-0.049-1.fc24
python-BTrees-4.4.1-1.fc24
python-backports-shutil_which-3.5.1-2.fc24
python-streamlink-0.3.0-1.fc24
systemtap-3.1-0.20170125gite81970274b46.fc24
texstudio-2.12.2-1.fc24
vim-8.0.238-1.fc24
wine-2.0-1.fc24
yad-0.38.2-1.fc24
Details about builds:
================================================================================
amanda-3.4.1-3.fc24 (FEDORA-2017-49ee10ce2c)
A network-capable tape backup solution
--------------------------------------------------------------------------------
Update Information:
Add small patches to enable the Amanda server to continue to back up RHEL5-era
clients.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413165 - amanda 3.4.1 cannot back up old (RHEL5) clients
https://bugzilla.redhat.com/show_bug.cgi?id=1413165
--------------------------------------------------------------------------------
================================================================================
beakerlib-1.15-1.fc24 (FEDORA-2017-41c37fc56e)
A shell-level integration testing library
--------------------------------------------------------------------------------
Update Information:
added rlIsCentOS similar to rlIsRHEL, bz1214190; added missing dependencies,
bz1391969; make rlRun use internal variables with more unique name, bz1285804;
fix rlRun exitcodes while using various switches, bz1303900; rlFileRestore now
better distinquish betwwen various errorneous situations, bz1370453; rlService*
won't be blocked be less(1) while systemctl redirection is in place, bz1383303;
variable <libPrefix\>LibraryDir variable is created for all imported libraries,
holding the path to the library source, bz1074487; all logging messages are now
printed to stderr, bz1171881; wildcard %doc inclusion in spec, bz1206173;
prevent unbound variables, bz1228264; new functions
rlServiceEnabled/rlServiceDisable for enabling/disabling services, bz1234804;
updated documentation for rlImport -all, bz1246061; rlAssertNotEquals now accept
empty argument, bz1303618; rlRun now uses better filename for output log,
bz1314700; fixed cosmetic discrepancy in log output, bz1374256; added
documentation reference for bkrdoc, bz843823; added documentation of the
testwatcher feature, bz1218169; rlServiceRestore can restore all saved services
in no parameter provided, bz494318; rlCheckMount take mount options (ro/rw) into
consideration, bz1191627; added documentation for LOG_LEVEL variable, bz581816
--------------------------------------------------------------------------------
================================================================================
carbon-c-relay-2.6-1.fc24 (FEDORA-2017-5e45f98471)
Enhanced C implementation of Carbon relay, aggregator and rewriter
--------------------------------------------------------------------------------
Update Information:
Update to 2.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1416785 - carbon-c-relay-v2.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1416785
--------------------------------------------------------------------------------
================================================================================
configsnap-0.11-2.fc24 (FEDORA-2017-4e3b8f8b55)
Record and compare system state
--------------------------------------------------------------------------------
Update Information:
Updated spec according to Fedora Guidelines
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1406786 - Review Request: configsnap - Record and compare system state
https://bugzilla.redhat.com/show_bug.cgi?id=1406786
--------------------------------------------------------------------------------
================================================================================
fedfind-3.4.0-1.fc24 (FEDORA-2017-eb562ccca1)
Fedora Finder finds Fedora
--------------------------------------------------------------------------------
Update Information:
This update provides a new version of fedfind with a new `get_current_stables`
helper that returns a list of current stable Fedora release numbers, `url` and
`direct_url` entries in the image dicts provided by `all_images`, and a couple
of fixes for the live respin release handling.
--------------------------------------------------------------------------------
================================================================================
ganglia-3.7.2-13.fc24 (FEDORA-2017-fd7f92b12d)
Distributed Monitoring System
--------------------------------------------------------------------------------
Update Information:
There was a mismatch between default config files and file locations. Files
holding state of Ganglia Web are now located in /var/lib/ganglia-web
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1238325 - Overview default graphs do not show in cluster reports
https://bugzilla.redhat.com/show_bug.cgi?id=1238325
--------------------------------------------------------------------------------
================================================================================
gofed-1.0.0-0.7.rc1.fc24 (FEDORA-2017-d2e0328505)
Tool for development of golang devel packages
--------------------------------------------------------------------------------
Update Information:
Bump to a7766e5587800fc3b49c46149605cd95a98eb31b
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1416407 - Bump gofed to the latest commit
https://bugzilla.redhat.com/show_bug.cgi?id=1416407
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-1.5.20-1.fc24 (FEDORA-2017-33dd06fb5b)
A completion input method
--------------------------------------------------------------------------------
Update Information:
update to 1.5.20
--------------------------------------------------------------------------------
================================================================================
iguanaIR-1.1.0-19.fc24 (FEDORA-2017-db9c1f3d91)
Driver for Iguanaworks USB IR transceiver
--------------------------------------------------------------------------------
Update Information:
No upstream changes, just packaging. Builds the new lirc plugin, fixes some
glitches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1156648 - Library is packaged twice as libiguanaIR.so.0 and
libiguanaIR.so.0.3
https://bugzilla.redhat.com/show_bug.cgi?id=1156648
[ 2 ] Bug #1409065 - File instead of symlink to .so file in iguanaIR
https://bugzilla.redhat.com/show_bug.cgi?id=1409065
[ 3 ] Bug #1413263 - Move tmpfiles.d config to %{_tmpfilesdir}, install license files as
%license
https://bugzilla.redhat.com/show_bug.cgi?id=1413263
--------------------------------------------------------------------------------
================================================================================
kernel-4.9.6-100.fc24 (FEDORA-2017-6cc158c193)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.9.6 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1416437 - CVE-2017-5577 kernel: vc4: Heap-buffer overflow due to failing
checks
https://bugzilla.redhat.com/show_bug.cgi?id=1416437
[ 2 ] Bug #1416436 - CVE-2017-5576 kernel: vc4: Integer overflow in temporary allocation
layout
https://bugzilla.redhat.com/show_bug.cgi?id=1416436
[ 3 ] Bug #1416126 - CVE-2017-5551 kernel: S_ISGD is not cleared when setting posix ACLs
in tmpfs (CVE-2016-7097 incomplete fix)
https://bugzilla.redhat.com/show_bug.cgi?id=1416126
[ 4 ] Bug #1416110 - CVE-2017-5548 kernel: Using stack for buffers in ieee802154
https://bugzilla.redhat.com/show_bug.cgi?id=1416110
[ 5 ] Bug #1416101 - CVE-2016-10153 kernel: introduce ceph_crypt() for in-place
en/decryption
https://bugzilla.redhat.com/show_bug.cgi?id=1416101
[ 6 ] Bug #1416096 - CVE-2017-5547 kernel: DMA buffers on stack
https://bugzilla.redhat.com/show_bug.cgi?id=1416096
--------------------------------------------------------------------------------
================================================================================
libmicrohttpd-0.9.52-2.fc24 (FEDORA-2017-eb8164f53f)
Lightweight library for embedding a webserver in applications
--------------------------------------------------------------------------------
Update Information:
Dropped gnutls-utilize-system-crypto-policy.patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1416196 - MHD_start_daemon fails with errno=2. works with 0.9.46 fails with
0.9.52
https://bugzilla.redhat.com/show_bug.cgi?id=1416196
[ 2 ] Bug #1416034 - libmicrohttpd-0.9.52-1.fc24.x86_64 breaks
openvas-gsa-6.0.11-3.fc24.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1416034
--------------------------------------------------------------------------------
================================================================================
libtiff-4.0.7-2.fc24 (FEDORA-2017-bfe67455ae)
Library of functions for manipulating TIFF format image files
--------------------------------------------------------------------------------
Update Information:
Fix Hylafax breakage (#1416042)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1416042 - libtiff-4.0.7 breaks hylafax
https://bugzilla.redhat.com/show_bug.cgi?id=1416042
--------------------------------------------------------------------------------
================================================================================
pax-utils-1.2.2-1.fc24 (FEDORA-2017-ddd0d3deee)
ELF utils that can check files for security relevant properties
--------------------------------------------------------------------------------
Update Information:
Selected changes from upstream changelog: * dumpelf: add support for prelink
sections * dumpelf: add support for dumping notes * scanelf: fix offset checking
when looking up symbols via hash * scanmacho: fix 126 byte limit on -E option
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1415526 - pax-utils-1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1415526
--------------------------------------------------------------------------------
================================================================================
perl-5.22.3-368.fc24 (FEDORA-2017-61698d771f)
Practical Extraction and Report Language
--------------------------------------------------------------------------------
Update Information:
This release fixes UTF-8 string handling in & operator, recreation of *:: glob,
parsing goto statements in multicalled subroutines, and a heap overlow in
parsing source code with $# variable.
--------------------------------------------------------------------------------
================================================================================
perl-Data-GUID-0.049-1.fc24 (FEDORA-2017-da9870432c)
Globally unique identifiers
--------------------------------------------------------------------------------
Update Information:
Minor upstream bugfix update
--------------------------------------------------------------------------------
================================================================================
python-BTrees-4.4.1-1.fc24 (FEDORA-2017-b4d8e33d45)
Scalable persistent object containers
--------------------------------------------------------------------------------
Update Information:
This update fixes some packaging problems with release 4.4.0.
--------------------------------------------------------------------------------
================================================================================
python-backports-shutil_which-3.5.1-2.fc24 (FEDORA-2017-3359f1d100)
Backport of shutil.which from Python 3
--------------------------------------------------------------------------------
Update Information:
Backport of shutil.which from Python 3
(
https://docs.python.org/3/library/shutil.html#shutil.which).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1411028 - Review Request: python-backports-shutil_which - Backport of
shutil.which from Python 3
https://bugzilla.redhat.com/show_bug.cgi?id=1411028
--------------------------------------------------------------------------------
================================================================================
python-streamlink-0.3.0-1.fc24 (FEDORA-2017-01646bbbf7)
Python library for extracting streams from various websites
--------------------------------------------------------------------------------
Update Information:
Release 0.3.0 of Streamlink. Main features are: * Lot's of maintaining /
updates to plugins * General bug and doc fixes
--------------------------------------------------------------------------------
================================================================================
systemtap-3.1-0.20170125gite81970274b46.fc24 (FEDORA-2017-2ae6235dab)
Programmable system-wide instrumentation system
--------------------------------------------------------------------------------
Update Information:
Automated weekly rawhide release
--------------------------------------------------------------------------------
================================================================================
texstudio-2.12.2-1.fc24 (FEDORA-2017-83a19918a1)
A feature-rich editor for LaTeX documents
--------------------------------------------------------------------------------
Update Information:
- update to 2.12.2 -
http://texstudio.sourceforge.net/manual/current/CHANGELOG.txt
--------------------------------------------------------------------------------
================================================================================
vim-8.0.238-1.fc24 (FEDORA-2017-2b2696b823)
The VIM editor
--------------------------------------------------------------------------------
Update Information:
The newest upstream commit
--------------------------------------------------------------------------------
================================================================================
wine-2.0-1.fc24 (FEDORA-2017-76781d765d)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
https://www.winehq.org/news/2017012401 https://www.winehq.org/announce/2.0
https://wine-staging.com/news/2017-01-25-release-2.0.html
--------------------------------------------------------------------------------
================================================================================
yad-0.38.2-1.fc24 (FEDORA-2017-a41f0b2233)
Display graphical dialogs from shell scripts or command line
--------------------------------------------------------------------------------
Update Information:
update to yad 0.38.2 ---- update to yad-0.38.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403631 - yad-0.38.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403631
--------------------------------------------------------------------------------