The following Fedora 24 Security updates need testing:
Age URL
104
https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08
squid-3.5.23-1.fc24
97
https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24
60
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba
runc-1.0.0-5.rc2.gitc91b5be.fc24
40
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24
18
https://bodhi.fedoraproject.org/updates/FEDORA-2017-68cdc567e9
php-onelogin-php-saml-2.10.5-1.fc24
10
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f5fe1913f
sane-backends-1.0.25-7.fc24
10
https://bodhi.fedoraproject.org/updates/FEDORA-2017-72323a442f
ntp-4.2.6p5-44.fc24
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-97e65f13bb
python-sleekxmpp-1.3.2-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-97d7758431
firebird-2.5.7.27050.0-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e6419b416d xen-4.6.5-4.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-712a186f5f
icecat-52.0.1-5.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-461ce095b5
samba-4.4.13-0.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec01954fe9
chromium-57.0.2987.133-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8eac23007d
xorgxrdp-0.2.1-1.fc24 xrdp-0.9.2-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-174cb400d7
flatpak-0.8.5-1.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3d7c3f66ae pcre-8.40-6.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-47eb254e1c vim-8.0.514-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-58d5521965
linux-firmware-20170313-72.git695f2d6d.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6189eb6f22 gvfs-1.28.4-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e50ea71b16 audit-2.7.4-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-470e502a7d
libdrm-2.4.76-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-461ce095b5
samba-4.4.13-0.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-579411a8a3 nss-3.29.3-1.1.fc24
nss-util-3.29.3-1.1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c372fa4dbc
sudo-1.8.19p2-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3e90bdded7
p11-kit-0.23.2-3.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1739c0ed1b
hwdata-0.299-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-af9f3f0102 cups-2.1.4-4.fc24
The following builds have been pushed to Fedora 24 updates-testing
cups-2.1.4-4.fc24
distribution-gpg-keys-1.11-1.fc24
engauge-digitizer-10.0-1.fc24
flatpak-0.8.5-1.fc24
gfal2-2.13.3-1.fc24
gfal2-python-1.9.2-1.fc24
gnome-shell-extension-media-player-indicator-0-0.9.20170401git2be196b.fc24
hwdata-0.299-1.fc24
ibus-typing-booster-1.5.30-1.fc24
mate-icon-theme-1.16.1-1.fc24
nss-3.29.3-1.1.fc24
nss-util-3.29.3-1.1.fc24
p11-kit-0.23.2-3.fc24
pcre2-10.21-17.fc24
perl-Test-Dir-1.15-1.fc24
php-container-interop-1.2.0-3.fc24
php-di-5.4.2-1.fc24
php-firebase-php-jwt-4.0.0-1.fc24
php-horde-Horde-Form-2.0.17-1.fc24
php-phpunit-PHP-CodeCoverage-4.0.8-1.fc24
php-phpunit-PHPUnit-5.7.19-1.fc24
php-react-dns-0.4.7-1.fc24
php-zendframework-zend-feed-2.8.0-2.fc24
pidgin-2.12.0-1.fc24
python-astroquery-0.3.5-1.fc24
sudo-1.8.19p2-1.fc24
xorgxrdp-0.2.1-1.fc24
xrdp-0.9.2-2.fc24
Details about builds:
================================================================================
cups-2.1.4-4.fc24 (FEDORA-2017-af9f3f0102)
CUPS printing system
--------------------------------------------------------------------------------
Update Information:
1437065 - CUPS does not recognize changes to /etc/resolv.conf until CUPS restart
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437065 - CUPS does not recognize changes to /etc/resolv.conf until CUPS
restart
https://bugzilla.redhat.com/show_bug.cgi?id=1437065
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.11-1.fc24 (FEDORA-2017-a56eafab38)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
Updated Copr keys and rpmfusion keys.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438302 - distribution-gpg-keys please add rpmfusion keys for f26/f27 for
free and nonfree sections
https://bugzilla.redhat.com/show_bug.cgi?id=1438302
--------------------------------------------------------------------------------
================================================================================
engauge-digitizer-10.0-1.fc24 (FEDORA-2017-905174cbe4)
Convert graphs or map files into numbers
--------------------------------------------------------------------------------
Update Information:
- Update to 10.0
--------------------------------------------------------------------------------
================================================================================
flatpak-0.8.5-1.fc24 (FEDORA-2017-174cb400d7)
Application deployment framework for desktop apps
--------------------------------------------------------------------------------
Update Information:
flatpak 0.8.5 release. For details, see
https://github.com/flatpak/flatpak/releases/tag/0.8.5
--------------------------------------------------------------------------------
================================================================================
gfal2-2.13.3-1.fc24 (FEDORA-2017-3e4a34b5a9)
Grid file access library 2.0
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
================================================================================
gfal2-python-1.9.2-1.fc24 (FEDORA-2017-9ee2b46609)
Python bindings for gfal 2
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-media-player-indicator-0-0.9.20170401git2be196b.fc24
(FEDORA-2017-43b97c5d20)
Control MPRIS2 capable media players: Rhythmbox, Banshee, Clementine and more
--------------------------------------------------------------------------------
Update Information:
Update to 0-0.9.20170401git2be196b
--------------------------------------------------------------------------------
================================================================================
hwdata-0.299-1.fc24 (FEDORA-2017-1739c0ed1b)
Hardware identification and configuration data
--------------------------------------------------------------------------------
Update Information:
Updated pci, usb and vendor ids.
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-1.5.30-1.fc24 (FEDORA-2017-8b99588768)
A completion input method
--------------------------------------------------------------------------------
Update Information:
update to 1.5.30
--------------------------------------------------------------------------------
================================================================================
mate-icon-theme-1.16.1-1.fc24 (FEDORA-2017-22b8a2af31)
Icon theme for MATE Desktop
--------------------------------------------------------------------------------
Update Information:
- update to 1.18.1 release - added nation iso flags
--------------------------------------------------------------------------------
================================================================================
nss-3.29.3-1.1.fc24 (FEDORA-2017-579411a8a3)
Network Security Services
--------------------------------------------------------------------------------
Update Information:
Backport necessary changes for bug 1207335 from NSS 3.30.
--------------------------------------------------------------------------------
================================================================================
nss-util-3.29.3-1.1.fc24 (FEDORA-2017-579411a8a3)
Network Security Services Utilities Library
--------------------------------------------------------------------------------
Update Information:
Backport necessary changes for bug 1207335 from NSS 3.30.
--------------------------------------------------------------------------------
================================================================================
p11-kit-0.23.2-3.fc24 (FEDORA-2017-3e90bdded7)
Library for loading and sharing PKCS#11 modules
--------------------------------------------------------------------------------
Update Information:
Backport the patch to recognize CKA_NSS_MOZILLA_CA_POLICY used for HPKP in
Firefox
--------------------------------------------------------------------------------
================================================================================
pcre2-10.21-17.fc24 (FEDORA-2017-d87225756d)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release fixes DFA magch for a possessively repeated character class and a
memory allocator from the pattern if no context is supplied to pcre2_match().
--------------------------------------------------------------------------------
================================================================================
perl-Test-Dir-1.15-1.fc24 (FEDORA-2017-a0ed681b1d)
Some simple tests on directories and folders
--------------------------------------------------------------------------------
Update Information:
This release fixes building on Perl without "." in @INC path. We deliver this
release only to provide up-to-date version string.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438208 - perl-Test-Dir-1.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1438208
--------------------------------------------------------------------------------
================================================================================
php-container-interop-1.2.0-3.fc24 (FEDORA-2017-cf92eaff78)
Promoting the interoperability of container objects (DIC, SL, etc.)
--------------------------------------------------------------------------------
Update Information:
## 1.2.0 This release deprecates container-interop in favor of PSR-11 which
becomes the official container-interop successor. Container-interop interfaces
now extend the PSR-11 interfaces, in order to smooth transition to PSR-11.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422487 - php-container-interop-1.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1422487
--------------------------------------------------------------------------------
================================================================================
php-di-5.4.2-1.fc24 (FEDORA-2017-dd8b802b37)
The dependency injection container for humans
--------------------------------------------------------------------------------
Update Information:
## 5.4.2 Minor patch to add the provide: `psr/container-implementation` to
`composer.json` ## 5.4.1 - [
PSR-11](http://www.php-fig.org/psr/) compliance
Note that PHP-DI was already compliant with PSR-11 because it was implementing
container-interop, and container-interop 1.2 extends PSR-11. This new version
just makes it more explicit and will allow to drop container-interop support in
the next major versions. ## 5.4 Read the [news entry](news/20-php-
di-5-4-released.md). New features: - [#362](https://github.com/PHP-DI/PHP-
DI/issues/362) implemented in [#428](https://github.com/PHP-DI/PHP-DI/pull/428),
[#430](https://github.com/PHP-DI/PHP-DI/pull/430), [#431](https://github.com
/PHP-DI/PHP-DI/pull/431) and [#432](https://github.com/PHP-DI/PHP-DI/pull/432):
factory parameters can now be configured, for example: ```php return [
'Database' => DI\factory(function ($host) {...})
->parameter('host',
DI\get('db.host')), ]; ``` Read the [factories documentation](http
://php-di.org/doc/php-definitions.html#factories) to learn more. Feature
implemented by [@predakanga](https://github.com/predakanga). Improvements: -
[#429](https://github.com/PHP-DI/PHP-DI/pull/429): performance improvements in
definition resolution (by [@mnapoli](https://github.com/mnapoli)) -
[#421](https://github.com/PHP-DI/PHP-DI/issues/421): once a `ContainerBuilder`
has built a container, it is locked to prevent confusion when adding new
definitions to it (by [@mnapoli](https://github.com/mnapoli)) -
[#423](https://github.com/PHP-DI/PHP-DI/pull/423): improved exception messages
(by [@mnapoli](https://github.com/mnapoli)) ## 5.3 Read the [news
entry](news/19-php-di-5-3-released.md). - release of the [2.0
version](https://github.com/PHP-DI/Symfony-Bridge/releases/tag/2.0.0) of the
Symfony bridge (by [@mnapoli](https://github.com/mnapoli)) - PHP 5.5 or above is
now required - a lot of documentation improvements by 9 different contributors -
[#389](https://github.com/PHP-DI/PHP-DI/pull/389): exception message improvement
by [@mopahle](https://github.com/mopahle) - [#359](https://github.com/PHP-DI
/PHP-DI/issues/359), [#411](https://github.com/PHP-DI/PHP-DI/issues/411),
[#414](https://github.com/PHP-DI/PHP-DI/pull/414), [#412](https://github.com
/PHP-DI/PHP-DI/pull/412): compatibility with ProxyManager 1.* and 2.* (by
[@holtkamp](https://github.com/holtkamp) and
[@mnapoli](https://github.com/mnapoli)) - [#416](https://github.com/PHP-DI/PHP-
DI/pull/416): dumping definitions was refactored into a more lightweight and
simple solution; definition "dumpers" have been removed (internal classes),
definitions can now be cast to string directly (by
[@mnapoli](https://github.com/mnapoli))
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1435627 - php-di-5.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1435627
--------------------------------------------------------------------------------
================================================================================
php-firebase-php-jwt-4.0.0-1.fc24 (FEDORA-2017-50c2056000)
A simple library to encode and decode JSON Web Tokens (JWT)
--------------------------------------------------------------------------------
Update Information:
A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming
to RFC 7519 [1]. [1]
https://tools.ietf.org/html/rfc7519
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431377 - Review Request: php-firebase-php-jwt - A simple library to encode
and decode JSON Web Tokens (JWT)
https://bugzilla.redhat.com/show_bug.cgi?id=1431377
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Form-2.0.17-1.fc24 (FEDORA-2017-095a5708ca)
Horde Form API
--------------------------------------------------------------------------------
Update Information:
**Horde_Form 2.0.17** * [jan] Fix regression when submitting multiple forms
(Bug #14604).
--------------------------------------------------------------------------------
================================================================================
php-phpunit-PHP-CodeCoverage-4.0.8-1.fc24 (FEDORA-2017-f57c2cc67a)
PHP code coverage information
--------------------------------------------------------------------------------
Update Information:
**Version 4.0.8** - 2017-04-02 * Fixed
[#515](https://github.com/sebastianbergmann/php-code-coverage/pull/515): Wrong
use of recursive iterator causing duplicate entries in XML coverage report
--------------------------------------------------------------------------------
================================================================================
php-phpunit-PHPUnit-5.7.19-1.fc24 (FEDORA-2017-4aed0b0028)
The PHP Unit Testing framework
--------------------------------------------------------------------------------
Update Information:
**Version 5.7.19** - 2017-04-03 * Fixed
[#2638](https://github.com/sebastianbergmann/phpunit/pull/2638): Regression in
`PHPUnit\Framework\TestCase:registerMockObjectsFromTestArguments()` **Version
5.7.18** - 2017-04-02 * Fixed
[#2145](https://github.com/sebastianbergmann/phpunit/issues/2145): `--stop-on-
failure` fails to stop on PHP 7 * Fixed
[#2572](https://github.com/sebastianbergmann/phpunit/issues/2572):
`PHPUnit\Framework\TestCase:registerMockObjectsFromTestArguments()` does not
correctly handle arrays that reference themselves
--------------------------------------------------------------------------------
================================================================================
php-react-dns-0.4.7-1.fc24 (FEDORA-2017-ef28e8706d)
Async DNS resolver
--------------------------------------------------------------------------------
Update Information:
## 0.4.7 (2017-03-31) * Feature: Forward compatibility with upcoming Socket
v0.6 and v0.7 component (#57 by @clue) ## 0.4.6 (2017-03-11) * Fix: Fix DNS
timeout issues for Windows users and add forward compatibility with Stream
v0.5 and upcoming v0.6 (#53 by @clue) * Improve test suite by adding PHPUnit
to `require-dev` (#54 by @clue) ## 0.4.5 (2017-03-02) * Fix: Ensure we
ignore the case of the answer (#51 by @WyriHaximus) * Feature: Add
`TimeoutExecutor` and simplify internal APIs to allow internal code re-use for
upcoming versions. (#48 and #49 by @clue) ## 0.4.4 (2017-02-13) * Fix: Fix
handling connection and stream errors (#45 by @clue) * Feature: Add examples
and forward compatibility with upcoming Socket v0.5 component (#46 and #47 by
@clue)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1421888 - php-react-dns-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1421888
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-feed-2.8.0-2.fc24 (FEDORA-2017-17af1ba24a)
Zend Framework Feed component
--------------------------------------------------------------------------------
Update Information:
**Version 2.8.0** - 2017-04-02 * Added -
[#27](https://github.com/zendframework/zend-feed/pull/27) adds a documentation
chapter demonstrating wrapping a PSR-7 client to use with `Zend\Feed\Reader`.
- [#22](https://github.com/zendframework/zend-feed/pull/22) adds missing
ExtensionManagerInterface on Writer\ExtensionPluginManager. -
[#32](https://github.com/zendframework/zend-feed/pull/32) adds missing
ExtensionManagerInterface on Reader\ExtensionPluginManager. * Removed -
[#38](https://github.com/zendframework/zend-feed/pull/38) dropped php 5.5
support * Fixed - [#35](https://github.com/zendframework/zend-
feed/pull/35) fixed "A non-numeric value encountered" in php 7.1 -
[#39](https://github.com/zendframework/zend-feed/pull/39) fixed protocol
relative link absolutisation - [#40](https://github.com/zendframework/zend-
feed/pull/40) fixed service manager v3 compatibility aliases in extension
plugin managers
--------------------------------------------------------------------------------
================================================================================
pidgin-2.12.0-1.fc24 (FEDORA-2017-985710db18)
A Gtk+ based multiprotocol instant messaging client
--------------------------------------------------------------------------------
Update Information:
Update to 2.12 ( rhbz#1438198)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1438198 - pidgin upgrade request for F24
https://bugzilla.redhat.com/show_bug.cgi?id=1438198
--------------------------------------------------------------------------------
================================================================================
python-astroquery-0.3.5-1.fc24 (FEDORA-2017-b95cc7a20f)
Python module to access astronomical online data resources
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437267 - python-astroquery-0.3.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1437267
--------------------------------------------------------------------------------
================================================================================
sudo-1.8.19p2-1.fc24 (FEDORA-2017-c372fa4dbc)
Allows restricted root access for specified users
--------------------------------------------------------------------------------
Update Information:
### update to 1.8.19p2 * The syslog priority (syslog_goodpri and syslog_badpri)
can now be negated or set to none to disable logging of successful or
unsuccessful sudo attempts via syslog. * New syslog_maxlen Defaults option to
control the maximum size of syslog messages generated by sudo. * Visudo will
now use the file and line number information about an unknown or unparsable
Defaults entry to go directly to the file with the problem. * Fixed a crash in
visudo when an IP address or network is used in a host-based Defaults entry. *
Fixed a bug where the "all" setting for verifypw and listpw was not being
honored.
--------------------------------------------------------------------------------
================================================================================
xorgxrdp-0.2.1-1.fc24 (FEDORA-2017-8eac23007d)
Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:
New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX
codec support is now enabled by default. - Bitmap updates support is now enabled
by default. - TLS ciphers suites and version is now logged. - Connected computer
name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. -
Miscellaneous RemoteFX codec mode improvements. - Socket directory is
configurable at the compile time. Bugfixes in xrdp: - Parallels client for
MacOS / iOS can now connect (audio redirection must be disabled on client or
xrdp server though). - MS RDP client for iOS can now connect using TLS security
layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions
(4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened
throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars
anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored
and rdp security layer could be used instead. - Kill disconnected sessions
feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup
and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc-
minimal. VNC is still the default.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session()
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1433959
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.2-2.fc24 (FEDORA-2017-8eac23007d)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX
codec support is now enabled by default. - Bitmap updates support is now enabled
by default. - TLS ciphers suites and version is now logged. - Connected computer
name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. -
Miscellaneous RemoteFX codec mode improvements. - Socket directory is
configurable at the compile time. Bugfixes in xrdp: - Parallels client for
MacOS / iOS can now connect (audio redirection must be disabled on client or
xrdp server though). - MS RDP client for iOS can now connect using TLS security
layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions
(4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened
throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars
anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored
and rdp security layer could be used instead. - Kill disconnected sessions
feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup
and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc-
minimal. VNC is still the default.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session()
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1433959
--------------------------------------------------------------------------------