The following Fedora 25 Security updates need testing:
Age URL
154
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25
53
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e
python-XStatic-jquery-ui-1.12.0.1-4.fc25
33
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f85c37ae3d
squirrelmail-1.4.22-19.fc25
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3c7d077c7
perltidy-20170521-1.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8ad8d1bd86
puppet-4.2.1-5.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8e9bd58cbb
dropbear-2017.75-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c7c3f7ed26
libtasn1-4.12-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ac7fc2fd8c picocom-2.2-2.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-926e11c76e yara-3.6.0-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-60997f0d14
oniguruma-6.1.3-2.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2113aacd2
mosquitto-1.4.12-1.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
18
https://bodhi.fedoraproject.org/updates/FEDORA-2017-116fdd792f
pungi-4.1.15-1.fc25
13
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8d8e95f8a
tigervnc-1.8.0-1.fc25
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1a705b1ff4
libtiff-4.0.8-1.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6dcf888128
iproute-4.11.0-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-923b506a22
gssproxy-0.7.0-8.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-01cceaebe9
python-pycurl-7.43.0-6.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5880e6a285
libsolv-0.6.27-2.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a3c5b9ae5
firefox-53.0.3-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c7c3f7ed26
libtasn1-4.12-1.fc25
The following builds have been pushed to Fedora 25 updates-testing
awstats-7.6-3.fc25
blivet-gui-2.0.2-3.fc25
byobu-5.117-1.fc25
cpanspec-1.78-27.fc25
darktable-2.2.5-2.fc25
dynafed-1.3.1-1.fc25
easybashgui-10.0.1-1.fc25
firefox-53.0.3-1.fc25
getdp-2.11.1-1.fc25
gfal2-2.13.4-1.fc25
gnome-commander-1.6.4-1.fc25
hplip-3.17.4-2.fc25
inxi-2.3.9-1.fc25
jumpnbump-1.60-1.fc25
kdevelop-5.1.1-1.fc25
kdevelop-php-5.1.1-1.fc25
kdevelop-python-5.1.1-1.py3.fc25
kdevplatform-5.1.1-1.fc25
kompose-0.7.0-0.1.fc25
lcgdm-dav-0.18.2-1.fc25
libmicrohttpd-0.9.55-1.fc25
libsolv-0.6.27-2.fc25
libtasn1-4.12-1.fc25
mosquitto-1.4.12-1.fc25
nuvolasdk-4.4.0-1.fc25
oniguruma-6.1.3-2.fc25
perl-Net-HTTP-6.16-1.fc25
picocom-2.2-2.fc25
pkgconf-1.3.7-1.fc25
pysnmp-4.3.7-1.fc25
python-msrest-0.4.8-2.fc25
python-pycurl-7.43.0-6.fc25
python-unidiff-0.5.4-1.fc25
python-yamlordereddictloader-0.3.0-1.fc25
sugar-chat-84-1.fc25
sugar-clock-19-1.fc25
wine-2.9-1.fc25
yara-3.6.0-1.fc25
Details about builds:
================================================================================
awstats-7.6-3.fc25 (FEDORA-2017-b4a3397e48)
Advanced Web Statistics
--------------------------------------------------------------------------------
Update Information:
awstats_buildstaticpages.pl and awstats_updateall.pl try to use
/usr/share/awstats/wwwroot/cgi-bin/awstats.pl first. ---- This is an update to
last stable version 7.6, see
https://awstats.sourceforge.io/docs/awstats_changelog.txt to see what's new.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1264881 - awstats-7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1264881
--------------------------------------------------------------------------------
================================================================================
blivet-gui-2.0.2-3.fc25 (FEDORA-2017-a5c3f67605)
Tool for data storage configuration
--------------------------------------------------------------------------------
Update Information:
Fix for two luks related bugs (resize and visualization)
--------------------------------------------------------------------------------
================================================================================
byobu-5.117-1.fc25 (FEDORA-2017-253df860e7)
Light-weight, configurable window manager built upon GNU screen
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream release 5.117, fixes rhbz #1446592
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1446592 - byobu-5.117 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1446592
--------------------------------------------------------------------------------
================================================================================
cpanspec-1.78-27.fc25 (FEDORA-2017-6e9a4e80d0)
RPM spec file generation utility
--------------------------------------------------------------------------------
Update Information:
This update makes cpanspec compatible with Module::Build::Tiny.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456589 - cpanspec uses wrong argument format for Module::Build::Tiny
https://bugzilla.redhat.com/show_bug.cgi?id=1456589
--------------------------------------------------------------------------------
================================================================================
darktable-2.2.5-2.fc25 (FEDORA-2017-91f4832eeb)
Utility to organize and develop raw images
--------------------------------------------------------------------------------
Update Information:
2.2.5 release
--------------------------------------------------------------------------------
================================================================================
dynafed-1.3.1-1.fc25 (FEDORA-2017-6ad3802ea0)
Ultra-scalable dynamic system for federating HTTP-based storage resources
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
================================================================================
easybashgui-10.0.1-1.fc25 (FEDORA-2017-73b167a9ac)
Bash function library
--------------------------------------------------------------------------------
Update Information:
Update to 10.0.1
--------------------------------------------------------------------------------
================================================================================
firefox-53.0.3-1.fc25 (FEDORA-2017-9a3c5b9ae5)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
- new upstream version (53.0.3)
--------------------------------------------------------------------------------
================================================================================
getdp-2.11.1-1.fc25 (FEDORA-2017-5ef745f97a)
General Environment for the Treatment of Discrete Problems
--------------------------------------------------------------------------------
Update Information:
Update to 2.11.1, see
http://getdp.info/CHANGELOG.txt for details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450617 - getdp-2.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450617
--------------------------------------------------------------------------------
================================================================================
gfal2-2.13.4-1.fc25 (FEDORA-2017-925e0c8fb8)
Grid file access library 2.0
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
================================================================================
gnome-commander-1.6.4-1.fc25 (FEDORA-2017-2c2e7705f5)
A nice and fast file manager for the GNOME desktop
--------------------------------------------------------------------------------
Update Information:
New version 1.6.4 is released.
--------------------------------------------------------------------------------
================================================================================
hplip-3.17.4-2.fc25 (FEDORA-2017-a01bbebdee)
HP Linux Imaging and Printing Project
--------------------------------------------------------------------------------
Update Information:
1456467 - hp-check shows 'CUPS incompatible or not running' even if CUPS is
running
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456467 - hp-check shows 'CUPS incompatible or not running' even if
CUPS is running
https://bugzilla.redhat.com/show_bug.cgi?id=1456467
--------------------------------------------------------------------------------
================================================================================
inxi-2.3.9-1.fc25 (FEDORA-2017-cf414e88ea)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.9.
--------------------------------------------------------------------------------
================================================================================
jumpnbump-1.60-1.fc25 (FEDORA-2017-bf8d29889c)
Cute multiplayer platform game with bunnies
--------------------------------------------------------------------------------
Update Information:
Import in Fedora (#1456203)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456203 - Review Request: jumpnbump - Cute multiplayer platform game with
bunnies
https://bugzilla.redhat.com/show_bug.cgi?id=1456203
--------------------------------------------------------------------------------
================================================================================
kdevelop-5.1.1-1.fc25 (FEDORA-2017-01953adaee)
Integrated Development Environment for C++/C
--------------------------------------------------------------------------------
Update Information:
KDevelop 5.1.1 release. See
https://www.kdevelop.org/news/kdevelop-511-released
for more information.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456070 - kdevelop-5.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1456070
--------------------------------------------------------------------------------
================================================================================
kdevelop-php-5.1.1-1.fc25 (FEDORA-2017-01953adaee)
Php language and documentation plugins for KDevelop
--------------------------------------------------------------------------------
Update Information:
KDevelop 5.1.1 release. See
https://www.kdevelop.org/news/kdevelop-511-released
for more information.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456070 - kdevelop-5.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1456070
--------------------------------------------------------------------------------
================================================================================
kdevelop-python-5.1.1-1.py3.fc25 (FEDORA-2017-01953adaee)
Python 3 Plugin for KDevelop
--------------------------------------------------------------------------------
Update Information:
KDevelop 5.1.1 release. See
https://www.kdevelop.org/news/kdevelop-511-released
for more information.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456070 - kdevelop-5.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1456070
--------------------------------------------------------------------------------
================================================================================
kdevplatform-5.1.1-1.fc25 (FEDORA-2017-01953adaee)
Libraries for use by KDE development tools
--------------------------------------------------------------------------------
Update Information:
KDevelop 5.1.1 release. See
https://www.kdevelop.org/news/kdevelop-511-released
for more information.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456070 - kdevelop-5.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1456070
--------------------------------------------------------------------------------
================================================================================
kompose-0.7.0-0.1.fc25 (FEDORA-2017-405ce5bc07)
Tool to move from 'docker-compose' to Kubernetes
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1455725 - kompose-v0.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1455725
--------------------------------------------------------------------------------
================================================================================
lcgdm-dav-0.18.2-1.fc25 (FEDORA-2017-9c870eae6e)
HTTP/DAV front end to the DPM/LFC services
--------------------------------------------------------------------------------
Update Information:
Patch for uninitialised buffer
--------------------------------------------------------------------------------
================================================================================
libmicrohttpd-0.9.55-1.fc25 (FEDORA-2017-d819e86d25)
Lightweight library for embedding a webserver in applications
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.55
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456304 - libmicrohttpd-0.9.55 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1456304
--------------------------------------------------------------------------------
================================================================================
libsolv-0.6.27-2.fc25 (FEDORA-2017-5880e6a285)
Package dependency solver
--------------------------------------------------------------------------------
Update Information:
Backport few fixes for bindings
--------------------------------------------------------------------------------
================================================================================
libtasn1-4.12-1.fc25 (FEDORA-2017-c7c3f7ed26)
The ASN.1 library used in GNUTLS
--------------------------------------------------------------------------------
Update Information:
Update to 4.12 (#1456190)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456190 - libtasn1-4.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1456190
[ 2 ] Bug #1456765 - CVE-2017-6891 libtasn1: Stack-based buffer overflow in
asn1_find_node() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1456765
--------------------------------------------------------------------------------
================================================================================
mosquitto-1.4.12-1.fc25 (FEDORA-2017-c2113aacd2)
An Open Source MQTT v3.1/v3.1.1 Broker
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2017-7650 (rhbz#1456507)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456507 - CVE-2017-7650 mosquitto: Pattern based ACLs can be bypassed
https://bugzilla.redhat.com/show_bug.cgi?id=1456507
--------------------------------------------------------------------------------
================================================================================
nuvolasdk-4.4.0-1.fc25 (FEDORA-2017-0c0afabcee)
SDK for building Nuvola Player's web app scripts
--------------------------------------------------------------------------------
Update Information:
Update to 4.4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456306 - nuvolasdk-4.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1456306
--------------------------------------------------------------------------------
================================================================================
oniguruma-6.1.3-2.fc25 (FEDORA-2017-60997f0d14)
Regular expressions library
--------------------------------------------------------------------------------
Update Information:
Multiple security flaws were found on oniguruma currently being shipped on
Fedora. This new rpm should fix the issue. Fixed CVEs: CVE-2017-9226
CVE-2017-9225 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229 CVE-2017-9228
--------------------------------------------------------------------------------
================================================================================
perl-Net-HTTP-6.16-1.fc25 (FEDORA-2017-39a43c0077)
Low-level HTTP connection (client)
--------------------------------------------------------------------------------
Update Information:
This release correct minimal required IO::Socket::SSL version.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456624 - perl-Net-HTTP-6.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1456624
--------------------------------------------------------------------------------
================================================================================
picocom-2.2-2.fc25 (FEDORA-2017-ac7fc2fd8c)
Minimal serial communications program
--------------------------------------------------------------------------------
Update Information:
Upgrade to 2.2, fixing CVE-2015-9059
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456399 - CVE-2015-9059 picocom: Command injection in the "send and
receive file" command [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1456399
--------------------------------------------------------------------------------
================================================================================
pkgconf-1.3.7-1.fc25 (FEDORA-2017-654d70eb45)
Package compiler and linker metadata toolkit
--------------------------------------------------------------------------------
Update Information:
#### Changes from 1.3.6 to 1.3.7: * Enhancements: - improved diagnostics
for malformed packages. * Bug fixes: - reject packages which contain
incomplete metadata in post-parse phase.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1452952 - pkgconf-1.3.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1452952
--------------------------------------------------------------------------------
================================================================================
pysnmp-4.3.7-1.fc25 (FEDORA-2017-205fcfc98a)
An SNMP engine written in Python
--------------------------------------------------------------------------------
Update Information:
Updated to new upstream version 4.3.7 ---- Updated to new upstream version
4.3.6
--------------------------------------------------------------------------------
================================================================================
python-msrest-0.4.8-2.fc25 (FEDORA-2017-8182dcb438)
AutoRest swagger generator Python client runtime
--------------------------------------------------------------------------------
Update Information:
* Fix random ���pool is closed��� error ([#29](https://github.com/Azure/msrest-for-
python/pull/29)) * Fix requests dependency to version 2.x, since version 3.x is
annunced to be breaking.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1454515 - python-msrest-v0.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1454515
--------------------------------------------------------------------------------
================================================================================
python-pycurl-7.43.0-6.fc25 (FEDORA-2017-01cceaebe9)
A Python interface to libcurl
--------------------------------------------------------------------------------
Update Information:
- Fix python2 subpackage name
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456477 - engine-python-sdk4 still fails running until updating libcurl on
fedora 25
https://bugzilla.redhat.com/show_bug.cgi?id=1456477
--------------------------------------------------------------------------------
================================================================================
python-unidiff-0.5.4-1.fc25 (FEDORA-2017-af645db5a3)
Python library to parse and interact with unified diffs (patches)
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.5.4:
https://github.com/matiasb/python-
unidiff/blob/v0.5.4/HISTORY
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1441013 - python-unidiff-0.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1441013
--------------------------------------------------------------------------------
================================================================================
python-yamlordereddictloader-0.3.0-1.fc25 (FEDORA-2017-13054b8062)
YAML loader for PyYAML that maintains key order
--------------------------------------------------------------------------------
Update Information:
New version 0.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1456626 - python-yamlordereddictloader-0.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1456626
--------------------------------------------------------------------------------
================================================================================
sugar-chat-84-1.fc25 (FEDORA-2017-ed93feb888)
Chat client for Sugar
--------------------------------------------------------------------------------
Update Information:
Release version 84.
--------------------------------------------------------------------------------
================================================================================
sugar-clock-19-1.fc25 (FEDORA-2017-351aff69c6)
Clock activity for Sugar
--------------------------------------------------------------------------------
Update Information:
Release version 19.
--------------------------------------------------------------------------------
================================================================================
wine-2.9-1.fc25 (FEDORA-2017-e2f832f2a9)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
- Support for tesselation shaders in Direct3D. - Binary mode support in
WebServices. - Clipboard changes detected through Xfixes. - User interface
improvements in RegEdit. - Various bug fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1455917 - wine-2.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1455917
--------------------------------------------------------------------------------
================================================================================
yara-3.6.0-1.fc25 (FEDORA-2017-926e11c76e)
Pattern matching Swiss knife for malware researchers
--------------------------------------------------------------------------------
Update Information:
Update to a bugfix release of yara.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1440739 - CVE-2016-10210 CVE-2016-10211 CVE-2017-5923 CVE-2017-5924 yara:
Multiple security issues [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1440739
[ 2 ] Bug #1451383 - CVE-2017-8929 yara: Use-after-free in sized_string_cmp function
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1451383
[ 3 ] Bug #1451384 - CVE-2017-8929 yara: Use-after-free in sized_string_cmp function
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1451384
--------------------------------------------------------------------------------