The following Fedora 18 Security updates need testing:
Age URL
197
https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2...
43
https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-...
40
https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17....
37
https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10....
36
https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3....
35
https://admin.fedoraproject.org/updates/FEDORA-2013-17912/chicken-4.8.0.4...
24
https://admin.fedoraproject.org/updates/FEDORA-2013-18647/gnupg-1.4.15-1....
23
https://admin.fedoraproject.org/updates/FEDORA-2013-18802/phpMyAdmin-3.5....
8
https://admin.fedoraproject.org/updates/FEDORA-2013-19976/mod_nss-1.0.8-2...
5
https://admin.fedoraproject.org/updates/FEDORA-2013-20200/python-backport...
5
https://admin.fedoraproject.org/updates/FEDORA-2013-20176/mantis-1.2.15-3...
3
https://admin.fedoraproject.org/updates/FEDORA-2013-20360/spice-0.12.4-3....
2
https://admin.fedoraproject.org/updates/FEDORA-2013-20410/poppler-0.20.2-...
2
https://admin.fedoraproject.org/updates/FEDORA-2013-20429/xulrunner-25.0-...
0
https://admin.fedoraproject.org/updates/FEDORA-2013-20544/xen-4.2.3-7.fc18
0
https://admin.fedoraproject.org/updates/FEDORA-2013-20545/kernel-3.11.6-1...
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
266
https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5...
5
https://admin.fedoraproject.org/updates/FEDORA-2013-20150/nss-util-3.15.2...
4
https://admin.fedoraproject.org/updates/FEDORA-2013-20263/openssl-1.0.1e-...
4
https://admin.fedoraproject.org/updates/FEDORA-2013-20268/sane-backends-1...
4
https://admin.fedoraproject.org/updates/FEDORA-2013-20279/gnome-abrt-0.3....
2
https://admin.fedoraproject.org/updates/FEDORA-2013-20434/thunderbird-24....
2
https://admin.fedoraproject.org/updates/FEDORA-2013-20422/bind-9.9.3-7.P2...
2
https://admin.fedoraproject.org/updates/FEDORA-2013-20410/poppler-0.20.2-...
2
https://admin.fedoraproject.org/updates/FEDORA-2013-20429/xulrunner-25.0-...
0
https://admin.fedoraproject.org/updates/FEDORA-2013-20545/kernel-3.11.6-1...
The following builds have been pushed to Fedora 18 updates-testing
anki-2.0.16-1.fc18
ghc-MonadRandom-0.1.12-1.fc18
kernel-3.11.6-101.fc18
mate-applets-1.6.1-6.fc18
python-keyring-3.1-1.fc18
rubygem-ruby-opengl-0.60.1-14.fc18
xen-4.2.3-7.fc18
Details about builds:
================================================================================
anki-2.0.16-1.fc18 (FEDORA-2013-20556)
Flashcard program for using space repetition learning
--------------------------------------------------------------------------------
Update Information:
Update to new bugfix upstream release 2.0.16.
Minor bug fixes
Please see
http://www.ankisrs.net/docs/changes.html for details.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Christian Krause <chkr(a)fedoraproject.org> - 2.0.16-1
- Update to new upstream version 2.0.16
--------------------------------------------------------------------------------
================================================================================
ghc-MonadRandom-0.1.12-1.fc18 (FEDORA-2013-20539)
Random-number generation monad
--------------------------------------------------------------------------------
Update Information:
New release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> -
0.1.12-1
- Updated to new upstream 0.1.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016212 - ghc-MonadRandom-0.1.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1016212
--------------------------------------------------------------------------------
================================================================================
kernel-3.11.6-101.fc18 (FEDORA-2013-20545)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
Various bug and CVE fixes
The 3.11.6 stable update contains a number of fixes across the tree.
The 3.11.5 stable update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Josh Boyer <jwboyer(a)fedoraproject.org> - 3.11.6-101
- Revert blocking patches causing systemd to crash on resume (rhbz 1010603)
- CVE-2013-4348 net: deadloop path in skb_flow_dissect (rhbz 1007939 1025647)
* Thu Oct 31 2013 Josh Boyer <jwboyer(a)fedoraprorject.org>
- Fix display regression on Dell XPS 13 machines (rhbz 995782)
* Tue Oct 29 2013 Josh Boyer <jwboyer(a)fedoraproject.org>
- Fix plaintext auth regression in cifs (rhbz 1011621)
* Fri Oct 25 2013 Josh Boyer <jwboyer(a)fedoraproject.org>
- CVE-2013-4470 net: memory corruption with UDP_CORK and UFO (rhbz 1023477 1023495)
- Add touchpad support for Dell XT2 (rhbz 1023413)
* Tue Oct 22 2013 Josh Boyer <jwboyer(a)fedoraproject.org>
- Add patch to fix warning in tcp_fastretrans_alert (rhbz 989251)
* Fri Oct 18 2013 Justin M. Forbes <jforbes(a)fedoraproject.org> - 3.11.6-100
- Linux v3.11.6
* Thu Oct 17 2013 Josh Boyer <jwboyer(a)fedoraproject.org>
- Add patch to fix BusLogic error (rhbz 1015558)
- Fix rt2800usb polling timeouts and throughput issues (rhbz 984696)
* Wed Oct 16 2013 Josh Boyer <jwboyer(a)fedoraproject.org>
- Fix btrfs balance/scrub issue (rhbz 1011714)
* Tue Oct 15 2013 Josh Boyer <jwboyer(a)fedoraproject.org>
- Fix regression in radeon sound (rhbz 1010679)
* Mon Oct 14 2013 Kyle McMartin <kyle(a)redhat.com>
- Fix crash-driver.patch to properly use page_is_ram.
* Mon Oct 14 2013 Justin M. Forbes <jforbes(a)fedoraproject.org> - 3.11.5-100
- Linux v3.11.5
* Fri Oct 11 2013 Josh Boyer <jwboyer(a)fedoraproject.org>
- Fix segfault in cpupower set (rhbz 1000439)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1007939 - CVE-2013-4348 kernel: net: deadloop path in skb_flow_dissect()
https://bugzilla.redhat.com/show_bug.cgi?id=1007939
[ 2 ] Bug #1023477 - CVE-2013-4470 Kernel: net: memory corruption with UDP_CORK and UFO
https://bugzilla.redhat.com/show_bug.cgi?id=1023477
--------------------------------------------------------------------------------
================================================================================
mate-applets-1.6.1-6.fc18 (FEDORA-2013-20534)
MATE Desktop panel applets
--------------------------------------------------------------------------------
Update Information:
- disable upower BR > f20, until we know to handle upower-1.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.6.1-6
- disable upower BR > f20, until we know to handle upower-1.0
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.6.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-keyring-3.1-1.fc18 (FEDORA-2013-20537)
Python library to access the system keyring service
--------------------------------------------------------------------------------
Update Information:
Update to version 3.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 22 2013 rtnpro <rtnpro(a)gmail.com> - 3.1-1
- Bump to version 3.1
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.7-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1007354 - Please update this package ASAP
https://bugzilla.redhat.com/show_bug.cgi?id=1007354
--------------------------------------------------------------------------------
================================================================================
rubygem-ruby-opengl-0.60.1-14.fc18 (FEDORA-2013-20553)
OpenGL Interface for Ruby
--------------------------------------------------------------------------------
Update Information:
Current rpm being shipped on Fedora contained some files with license unclear. With this
rpm such files are removed.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 0.60.1-14
- Remove files with unclear licenses
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.60.1-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Mar 7 2013 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 0.60.1-12
- F-19: Rebuild for ruby 2.0.0
--------------------------------------------------------------------------------
================================================================================
xen-4.2.3-7.fc18 (FEDORA-2013-20544)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
Lock order reversal between page allocation and grant table locks
ocaml xenstored mishandles oversized message replies
systemd changes to allow oxenstored to be used instead of xenstored
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Michael Young <m.a.young(a)durham.ac.uk> - 4.2.3-7
- Lock order reversal between page allocation and grant table locks
[XSA-73, CVE-2013-4494]
* Tue Oct 29 2013 Michael Young <m.a.young(a)durham.ac.uk> - 4.2.3-6
- ocaml xenstored mishandles oversized message replies
[XSA-72, CVE-2013-4416] (#1024450)
* Fri Oct 25 2013 Michael Young <m.a.young(a)durham.ac.uk> - 4.2.3-5
- systemd changes to allow oxenstored to be used instead of xenstored (#1022640)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1017875 - CVE-2013-4416 xen: ocaml xenstored mishandles oversized message
replies (XSA-72)
https://bugzilla.redhat.com/show_bug.cgi?id=1017875
--------------------------------------------------------------------------------