The following Fedora 22 Security updates need testing: Age URL 246 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 195 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 127 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 113 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13823 python-django-1.8.4-1.fc22 111 https://bodhi.fedoraproject.org/updates/FEDORA-2015-1aee5e6f0b conntrack-tools-1.4.2-9.fc22 82 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 75 https://bodhi.fedoraproject.org/updates/FEDORA-2015-05490fc42d squid-3.4.13-3.fc22 75 https://bodhi.fedoraproject.org/updates/FEDORA-2015-be2c11d456 subversion-1.8.14-1.fc22 70 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 68 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3e4043f088 python-pymongo-3.0.3-1.fc22 46 https://bodhi.fedoraproject.org/updates/FEDORA-2015-de44abca87 ntp-4.2.6p5-34.fc22 39 https://bodhi.fedoraproject.org/updates/FEDORA-2015-0552500cd7 python-pygments-2.0.2-3.fc22 39 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 22 https://bodhi.fedoraproject.org/updates/FEDORA-2015-c7b1be8823 seamonkey-2.39-1.fc22 22 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 22 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 15 https://bodhi.fedoraproject.org/updates/FEDORA-2015-8413bdd343 abrt-2.6.1-7.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-89468612f5 jenkins-1.609.3-4.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-fff2073f50 wget-1.16.3-2.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-36.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6565f29415 pax-utils-1.1.4-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6d64c257cf thunderbird-38.4.0-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-a288773b9a LibRaw-0.16.2-3.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3461e976cb libpng10-1.0.65-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2ebdd4ad8f moodle-2.8.9-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-d87d60b9a9 openssl-1.0.1k-13.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-d5cc306730 p7zip-15.09-4.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-39522bb8c9 php-PHPMailer-5.2.14-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-020f4b9400 xsupplicant-2.2.0-13.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-686f289aa5 qemu-2.3.1-8.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-233750b6ab libpng15-1.5.25-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b406a8e4f2 qemu-2.3.1-9.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-c4ed00a68f kernel-4.2.7-200.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-8dd01b09a9 arts-1.5.10-30.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2f4b92ed2e kdelibs3-3.5.10-71.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-08e4af5a20 xen-4.5.2-5.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-90c27b6e91 grub2-2.02-0.18.fc22
The following Fedora 22 Critical Path updates have yet to be approved: Age URL 121 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 107 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14218 xulrunner-40.0-1.fc22 39 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 36 https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22 33 https://bodhi.fedoraproject.org/updates/FEDORA-2015-069fea7e6b livecd-tools-22.3-1.fc22 22 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 22 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 22 https://bodhi.fedoraproject.org/updates/FEDORA-2015-82b7665427 koji-1.10.1-1.fc22 17 https://bodhi.fedoraproject.org/updates/FEDORA-2015-1d21e7f650 unzip-6.0-23.fc22 15 https://bodhi.fedoraproject.org/updates/FEDORA-2015-efc06edc85 NetworkManager-vpnc-1.0.8-1.fc22 NetworkManager-openconnect-1.0.8-1.fc22 NetworkManager-openvpn-1.0.8-1.fc22 NetworkManager-openswan-1.0.8-1.fc22 NetworkManager-fortisslvpn-1.0.8-1.fc22 NetworkManager-1.0.8-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-bee294be57 grep-2.21-6.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f194dc9900 librsvg2-2.40.12-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6d64c257cf thunderbird-38.4.0-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2015-74751a6fd5 chkconfig-1.7-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-4daef06c07 nautilus-3.16.3-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-d87d60b9a9 openssl-1.0.1k-13.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f03bcc3731 perl-libwww-perl-6.15-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-1b2b67ac30 gnome-online-accounts-3.16.5-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3c934e07c3 kdelibs-4.14.14-4.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-8083abc683 selinux-policy-3.13.1-128.22.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-8be6e502c3 gcc-5.3.1-2.fc22 gcc-python-plugin-0.14-4.2.fc22 libtool-2.4.2-35.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-c4ed00a68f kernel-4.2.7-200.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-1c93bbd1a7 sqlite-3.9.0-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-473007accf util-linux-2.26.2-4.fc22
The following builds have been pushed to Fedora 22 updates-testing
arts-1.5.10-30.fc22 cross-binutils-2.25.1-2.fc22 cross-gcc-5.2.1-4.fc22 datovka-4.4.2-1.fc22 gcc-5.3.1-2.fc22 gcc-python-plugin-0.14-4.2.fc22 globus-gsi-proxy-core-7.9-1.fc22 globus-gsi-sysconfig-6.9-1.fc22 globus-gssapi-gsi-11.24-1.fc22 grub2-2.02-0.18.fc22 jfontchooser-1.0.5-2.fc22 kdelibs3-3.5.10-71.fc22 kernel-4.2.7-200.fc22 libosmocore-0.9.0-3.20151109git916423ef.fc22 libsolv-0.6.14-3.fc22 libtool-2.4.2-35.fc22 lua-argparse-0.5.0-1.fc22 mathgl-2.3.3-5.fc22 myproxy-6.1.16-1.fc22 mysql-mmm-2.2.1-13.fc22 nodejs-extsprintf-1.3.0-1.fc22 nodejs-path-exists-2.2.0-1.fc22 opencl-utils-1-1.svn16.fc22 pbuilder-0.221.3-1.fc22 pcsc-cyberjack-3.99.5final.SP08-2.fc22 pesign-0.111-7.fc22 pinta-1.6-2.fc22 python-libpagure-0.6-1.fc22 python-music21-2.2.1-1.fc22 qbittorrent-3.3.1-2.fc22 rb_libtorrent-1.0.7-2.fc22 rpmspectool-1.99.4-1.fc22 sqlite-3.9.0-2.fc22 util-linux-2.26.2-4.fc22 wine-1.8-0.1.fc22 xen-4.5.2-5.fc22
Details about builds:
================================================================================ arts-1.5.10-30.fc22 (FEDORA-2015-8dd01b09a9) aRts (analog realtime synthesizer) - the KDE sound system -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2015-7543 in arts (the legacy aRts sound server): A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter- process communication (IPC). This update fixes the temporary directory creation to use the safe mkdtemp function instead. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1280543 - CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC https://bugzilla.redhat.com/show_bug.cgi?id=1280543 --------------------------------------------------------------------------------
================================================================================ cross-binutils-2.25.1-2.fc22 (FEDORA-2015-942cab9499) A GNU collection of cross-compilation binary utilities -------------------------------------------------------------------------------- Update Information:
Rebased on binutils-2.25.1-9. Should now support powerpc64le. ---- Add support for ppcle & ppc64le, sync with binutils-2.25.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1037026 - cross-binutils FTBFS if "-Werror=format-security" flag is used https://bugzilla.redhat.com/show_bug.cgi?id=1037026 --------------------------------------------------------------------------------
================================================================================ cross-gcc-5.2.1-4.fc22 (FEDORA-2015-baa411f109) Cross C compiler -------------------------------------------------------------------------------- Update Information:
Rebased on gcc-5.2.1-5. Fixed alpha -O2 compilation [BZ 1256791]. ---- Rebase on gcc-5.2.1 and add ppcle and ppc64le support in binutils [BZ 1255946] ---- Rebase on gcc-5.2.1 and add ppcle and ppc64le support in binutils [BZ 1255946] -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1265791 - optimiser bug with -O3 on Alpha + other arches https://bugzilla.redhat.com/show_bug.cgi?id=1265791 [ 2 ] Bug #1219345 - ice in extract_insn, at recog.c:2343 for alpha cross compiler https://bugzilla.redhat.com/show_bug.cgi?id=1219345 --------------------------------------------------------------------------------
================================================================================ datovka-4.4.2-1.fc22 (FEDORA-2015-e0e40cff29) A free graphical interface for Czech Databox (Datov�� schr��nky) -------------------------------------------------------------------------------- Update Information:
new upstream release: - enhancement: better explanation of some error codes - fix: increased maximum number of downloaded messages - fix: don't forget password on ISDS connection failure ---- New upstream release: + feature: store attachments for sent messages into the database + feature: configurable timeout for marking a message as read + feature: filter field background color based on whether a matching message matches + enhancement: renamed attachments to avoid potentially problematic characters + enhancement: Home and End key navigation in message list + enhancement: add some missing tool tips + fix: two pop-ups show on errors when sending a message + fix: importing messages from another database file + fix: message status updating with privilege- restricted accounts + fix: sending a commercial messages from templates -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1276802 - datovka-4.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1276802 [ 2 ] Bug #1289784 - datovka-4.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1289784 --------------------------------------------------------------------------------
================================================================================ gcc-5.3.1-2.fc22 (FEDORA-2015-8be6e502c3) Various compilers (C, C++, Objective-C, Java, ...) -------------------------------------------------------------------------------- Update Information:
This errata updates gcc in F23 to 5.3. List of upstream bugs fixed (http://gcc.gnu.org/PRNNNNN): 36192, 37072, 43341, 47266, 49940, 49944, 50201, 51048, 51993, 52482, 56158, 56274, 56383, 56520, 56956, 57845, 58027, 58066, 58754, 59678, 60164, 60736, 60993, 61313, 61819, 61830, 62258, 63408, 63740, 64833, 64906, 64921, 64986, 65049, 65089, 65099, 65142, 65195, 65393, 65441, 65697, 65711, 65726, 65734, 65742, 65750, 65751, 65841, 65843, 65879, 65880, 65882, 65908, 65913, 65914, 65919, 65945, 65973, 65974, 66001, 66035, 66048, 66055, 66067, 66079, 66085, 66098, 66114, 66119, 66134, 66136, 66200, 66216, 66260, 66301, 66311, 66332, 66336, 66375, 66412, 66413, 66422, 66424, 66432, 66465, 66501, 66509, 66515, 66523, 66533, 66539, 66545, 66546, 66549, 66556, 66563, 66566, 66567, 66568, 66569, 66581, 66583, 66585, 66596, 66611, 66619, 66628, 66633, 66647, 66648, 66649, 66650, 66667, 66691, 66697, 66700, 66702, 66703, 66705, 66711, 66724, 66725, 66728, 66731, 66743, 66748, 66760, 66761, 66780, 66782, 66790, 66793, 66794, 66814, 66820, 66823, 66828, 66838, 66840, 66855, 66857, 66861, 66864, 66866, 66891, 66896, 66908, 66912, 66917, 66919, 66922, 66923, 66929, 66930, 66936, 66942, 66948, 66952, 66956, 66957, 66979, 66998, 67002, 67005, 67015, 67021, 67028, 67029, 67037, 67049, 67055, 67056, 67060, 67061, 67104, 67121, 67127, 67130, 67131, 67141, 67143, 67161, 67171, 67173, 67177, 67211, 67222, 67226, 67244, 67258, 67265, 67271, 67280, 67281, 67303, 67337, 67354, 67362, 67369, 67374, 67378, 67391, 67401, 67409, 67429, 67439, 67440, 67442, 67443, 67452, 67460, 67470, 67495, 67500, 67501, 67502, 67504, 67506, 67511, 67512, 67514, 67517, 67521, 67522, 67523, 67525, 67526, 67557, 67563, 67573, 67600, 67609, 67614, 67615, 67616, 67619, 67657, 67662, 67690, 67699, 67707, 67716, 67721, 67730, 67736, 67747, 67769, 67770, 67783, 67794, 67802, 67803, 67805, 67808, 67813, 67818, 67821, 67849, 67850, 67885, 67900, 67929, 67933, 67939, 67940, 67941, 67954, 67967, 67977, 67987, 67989, 68015, 68017, 68018, 68019, 68053, 68054, 68055, 68057, 68059, 68067, 68079, 68087, 68102, 68106, 68108, 68129, 68143, 68151, 68153, 68154, 68157, 68169, 68185, 68190, 68194, 68196, 68218, 68220, 68221, 68224, 68238, 68249, 68250, 68277, 68318, 68319, 68321, 68328, 68337, 68339, 68363, 68376, 68408, 68416, 68422, 68448, 68483, 68508, 68552, 68564, 68671, 68680 --------------------------------------------------------------------------------
================================================================================ gcc-python-plugin-0.14-4.2.fc22 (FEDORA-2015-8be6e502c3) GCC plugin that embeds Python -------------------------------------------------------------------------------- Update Information:
This errata updates gcc in F23 to 5.3. List of upstream bugs fixed (http://gcc.gnu.org/PRNNNNN): 36192, 37072, 43341, 47266, 49940, 49944, 50201, 51048, 51993, 52482, 56158, 56274, 56383, 56520, 56956, 57845, 58027, 58066, 58754, 59678, 60164, 60736, 60993, 61313, 61819, 61830, 62258, 63408, 63740, 64833, 64906, 64921, 64986, 65049, 65089, 65099, 65142, 65195, 65393, 65441, 65697, 65711, 65726, 65734, 65742, 65750, 65751, 65841, 65843, 65879, 65880, 65882, 65908, 65913, 65914, 65919, 65945, 65973, 65974, 66001, 66035, 66048, 66055, 66067, 66079, 66085, 66098, 66114, 66119, 66134, 66136, 66200, 66216, 66260, 66301, 66311, 66332, 66336, 66375, 66412, 66413, 66422, 66424, 66432, 66465, 66501, 66509, 66515, 66523, 66533, 66539, 66545, 66546, 66549, 66556, 66563, 66566, 66567, 66568, 66569, 66581, 66583, 66585, 66596, 66611, 66619, 66628, 66633, 66647, 66648, 66649, 66650, 66667, 66691, 66697, 66700, 66702, 66703, 66705, 66711, 66724, 66725, 66728, 66731, 66743, 66748, 66760, 66761, 66780, 66782, 66790, 66793, 66794, 66814, 66820, 66823, 66828, 66838, 66840, 66855, 66857, 66861, 66864, 66866, 66891, 66896, 66908, 66912, 66917, 66919, 66922, 66923, 66929, 66930, 66936, 66942, 66948, 66952, 66956, 66957, 66979, 66998, 67002, 67005, 67015, 67021, 67028, 67029, 67037, 67049, 67055, 67056, 67060, 67061, 67104, 67121, 67127, 67130, 67131, 67141, 67143, 67161, 67171, 67173, 67177, 67211, 67222, 67226, 67244, 67258, 67265, 67271, 67280, 67281, 67303, 67337, 67354, 67362, 67369, 67374, 67378, 67391, 67401, 67409, 67429, 67439, 67440, 67442, 67443, 67452, 67460, 67470, 67495, 67500, 67501, 67502, 67504, 67506, 67511, 67512, 67514, 67517, 67521, 67522, 67523, 67525, 67526, 67557, 67563, 67573, 67600, 67609, 67614, 67615, 67616, 67619, 67657, 67662, 67690, 67699, 67707, 67716, 67721, 67730, 67736, 67747, 67769, 67770, 67783, 67794, 67802, 67803, 67805, 67808, 67813, 67818, 67821, 67849, 67850, 67885, 67900, 67929, 67933, 67939, 67940, 67941, 67954, 67967, 67977, 67987, 67989, 68015, 68017, 68018, 68019, 68053, 68054, 68055, 68057, 68059, 68067, 68079, 68087, 68102, 68106, 68108, 68129, 68143, 68151, 68153, 68154, 68157, 68169, 68185, 68190, 68194, 68196, 68218, 68220, 68221, 68224, 68238, 68249, 68250, 68277, 68318, 68319, 68321, 68328, 68337, 68339, 68363, 68376, 68408, 68416, 68422, 68448, 68483, 68508, 68552, 68564, 68671, 68680 --------------------------------------------------------------------------------
================================================================================ globus-gsi-proxy-core-7.9-1.fc22 (FEDORA-2015-2427c4acbd) Globus Toolkit - Globus GSI Proxy Core Library -------------------------------------------------------------------------------- Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6 update: Don't call SSLv3_method unless it is available globus-gsi-proxy- core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3 myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type) --------------------------------------------------------------------------------
================================================================================ globus-gsi-sysconfig-6.9-1.fc22 (FEDORA-2015-2427c4acbd) Globus Toolkit - Globus GSI System Config Library -------------------------------------------------------------------------------- Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6 update: Don't call SSLv3_method unless it is available globus-gsi-proxy- core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3 myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type) --------------------------------------------------------------------------------
================================================================================ globus-gssapi-gsi-11.24-1.fc22 (FEDORA-2015-2427c4acbd) Globus Toolkit - GSSAPI library -------------------------------------------------------------------------------- Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6 update: Don't call SSLv3_method unless it is available globus-gsi-proxy- core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3 myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type) --------------------------------------------------------------------------------
================================================================================ grub2-2.02-0.18.fc22 (FEDORA-2015-90c27b6e91) Bootloader with support for Linux, Multiboot and more -------------------------------------------------------------------------------- Update Information:
Fixes CVE-2015-8370. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1290417 - CVE-2015-8370 grub2: buffer overflow when checking password entered during bootup [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1290417 --------------------------------------------------------------------------------
================================================================================ jfontchooser-1.0.5-2.fc22 (FEDORA-2015-bc9bf43ebc) Swing-based java component for font selection -------------------------------------------------------------------------------- Update Information:
New Java font chooser library package. --------------------------------------------------------------------------------
================================================================================ kdelibs3-3.5.10-71.fc22 (FEDORA-2015-2f4b92ed2e) KDE 3 Libraries -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2015-7543 in kdelibs3 (the KDE 3 compatibility version of kdelibs): A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter-process communication (IPC). This update fixes the temporary directory creation to use the safe mkdtemp function instead. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1280543 - CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC https://bugzilla.redhat.com/show_bug.cgi?id=1280543 --------------------------------------------------------------------------------
================================================================================ kernel-4.2.7-200.fc22 (FEDORA-2015-c4ed00a68f) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 4.2.7 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1285326 - CVE-2015-7515 kernel: aiptek: crash on invalid USB device descriptors https://bugzilla.redhat.com/show_bug.cgi?id=1285326 [ 2 ] Bug #1270158 - CVE-2015-7833 kernel: usbvision: crash on invalid USB device descriptors https://bugzilla.redhat.com/show_bug.cgi?id=1270158 [ 3 ] Bug #1286261 - CVE-2015-8374 kernel: Information leak when truncating of compressed/inlined extents on BTRFS https://bugzilla.redhat.com/show_bug.cgi?id=1286261 --------------------------------------------------------------------------------
================================================================================ libosmocore-0.9.0-3.20151109git916423ef.fc22 (FEDORA-2015-f2da169de3) Utility functions for OsmocomBB, OpenBSC and related projects -------------------------------------------------------------------------------- Update Information:
Fixed library to pass smscb test on ppc. ---- This is new package - utility functions for OsmocomBB, OpenBSC and related projects. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1289940 - [libosmocore] Fix test on big-endian machines https://bugzilla.redhat.com/show_bug.cgi?id=1289940 [ 2 ] Bug #1279527 - Review Request: libosmocore - Utility functions for OsmocomBB, OpenBSC and related projects https://bugzilla.redhat.com/show_bug.cgi?id=1279527 --------------------------------------------------------------------------------
================================================================================ libsolv-0.6.14-3.fc22 (FEDORA-2015-f0a7ef1898) Package dependency solver -------------------------------------------------------------------------------- Update Information:
Enable bzip2 support -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1226647 - libsolv: RFE: Enable support for bzip2 compression https://bugzilla.redhat.com/show_bug.cgi?id=1226647 --------------------------------------------------------------------------------
================================================================================ libtool-2.4.2-35.fc22 (FEDORA-2015-8be6e502c3) The GNU Portable Library Tool -------------------------------------------------------------------------------- Update Information:
This errata updates gcc in F23 to 5.3. List of upstream bugs fixed (http://gcc.gnu.org/PRNNNNN): 36192, 37072, 43341, 47266, 49940, 49944, 50201, 51048, 51993, 52482, 56158, 56274, 56383, 56520, 56956, 57845, 58027, 58066, 58754, 59678, 60164, 60736, 60993, 61313, 61819, 61830, 62258, 63408, 63740, 64833, 64906, 64921, 64986, 65049, 65089, 65099, 65142, 65195, 65393, 65441, 65697, 65711, 65726, 65734, 65742, 65750, 65751, 65841, 65843, 65879, 65880, 65882, 65908, 65913, 65914, 65919, 65945, 65973, 65974, 66001, 66035, 66048, 66055, 66067, 66079, 66085, 66098, 66114, 66119, 66134, 66136, 66200, 66216, 66260, 66301, 66311, 66332, 66336, 66375, 66412, 66413, 66422, 66424, 66432, 66465, 66501, 66509, 66515, 66523, 66533, 66539, 66545, 66546, 66549, 66556, 66563, 66566, 66567, 66568, 66569, 66581, 66583, 66585, 66596, 66611, 66619, 66628, 66633, 66647, 66648, 66649, 66650, 66667, 66691, 66697, 66700, 66702, 66703, 66705, 66711, 66724, 66725, 66728, 66731, 66743, 66748, 66760, 66761, 66780, 66782, 66790, 66793, 66794, 66814, 66820, 66823, 66828, 66838, 66840, 66855, 66857, 66861, 66864, 66866, 66891, 66896, 66908, 66912, 66917, 66919, 66922, 66923, 66929, 66930, 66936, 66942, 66948, 66952, 66956, 66957, 66979, 66998, 67002, 67005, 67015, 67021, 67028, 67029, 67037, 67049, 67055, 67056, 67060, 67061, 67104, 67121, 67127, 67130, 67131, 67141, 67143, 67161, 67171, 67173, 67177, 67211, 67222, 67226, 67244, 67258, 67265, 67271, 67280, 67281, 67303, 67337, 67354, 67362, 67369, 67374, 67378, 67391, 67401, 67409, 67429, 67439, 67440, 67442, 67443, 67452, 67460, 67470, 67495, 67500, 67501, 67502, 67504, 67506, 67511, 67512, 67514, 67517, 67521, 67522, 67523, 67525, 67526, 67557, 67563, 67573, 67600, 67609, 67614, 67615, 67616, 67619, 67657, 67662, 67690, 67699, 67707, 67716, 67721, 67730, 67736, 67747, 67769, 67770, 67783, 67794, 67802, 67803, 67805, 67808, 67813, 67818, 67821, 67849, 67850, 67885, 67900, 67929, 67933, 67939, 67940, 67941, 67954, 67967, 67977, 67987, 67989, 68015, 68017, 68018, 68019, 68053, 68054, 68055, 68057, 68059, 68067, 68079, 68087, 68102, 68106, 68108, 68129, 68143, 68151, 68153, 68154, 68157, 68169, 68185, 68190, 68194, 68196, 68218, 68220, 68221, 68224, 68238, 68249, 68250, 68277, 68318, 68319, 68321, 68328, 68337, 68339, 68363, 68376, 68408, 68416, 68422, 68448, 68483, 68508, 68552, 68564, 68671, 68680 --------------------------------------------------------------------------------
================================================================================ lua-argparse-0.5.0-1.fc22 (FEDORA-2015-8478b2f6dc) Feature-rich command line parser for Lua -------------------------------------------------------------------------------- Update Information:
Updating to latest released version. Includes addition of several features. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1289954 - lua-argparse-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1289954 --------------------------------------------------------------------------------
================================================================================ mathgl-2.3.3-5.fc22 (FEDORA-2015-c598573ee0) Cross-platform library for making high-quality scientific graphics -------------------------------------------------------------------------------- Update Information:
- Reenable octave module. - Split out -qt, -wx and -fltk widgets into seperate subpackages. --------------------------------------------------------------------------------
================================================================================ myproxy-6.1.16-1.fc22 (FEDORA-2015-2427c4acbd) Manage X.509 Public Key Infrastructure (PKI) security credentials -------------------------------------------------------------------------------- Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6 update: Don't call SSLv3_method unless it is available globus-gsi-proxy- core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3 myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type) --------------------------------------------------------------------------------
================================================================================ mysql-mmm-2.2.1-13.fc22 (FEDORA-2015-ac67ef7547) Multi-Master Replication Manager for MySQL -------------------------------------------------------------------------------- Update Information:
Fixes issue with newer Net::ARP version numbers -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169914 - mysql-mmm bug with newer Net::ARP version numbers https://bugzilla.redhat.com/show_bug.cgi?id=1169914 --------------------------------------------------------------------------------
================================================================================ nodejs-extsprintf-1.3.0-1.fc22 (FEDORA-2015-58d1069add) Extended POSIX-style sprintf -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1290171 - Review Request: nodejs-extsprintf - Extended POSIX-style sprintf https://bugzilla.redhat.com/show_bug.cgi?id=1290171 --------------------------------------------------------------------------------
================================================================================ nodejs-path-exists-2.2.0-1.fc22 (FEDORA-2015-615098d9b1) Promisify a callback-style function -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1272764 - Review Request: nodejs-path-exists - Check if a path exists https://bugzilla.redhat.com/show_bug.cgi?id=1272764 --------------------------------------------------------------------------------
================================================================================ opencl-utils-1-1.svn16.fc22 (FEDORA-2015-1736b6c271) Useful OpenCL tools and utilities -------------------------------------------------------------------------------- Update Information:
Patch to work with OpenCL 1.2, cleanup and moving header files -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1266184 - opencl-utils bundles OpenCL headers packaged in opencl-headers https://bugzilla.redhat.com/show_bug.cgi?id=1266184 --------------------------------------------------------------------------------
================================================================================ pbuilder-0.221.3-1.fc22 (FEDORA-2015-2128fbbc06) Personal package builder for Debian packages -------------------------------------------------------------------------------- Update Information:
Update to version 0.221.3, see http://metadata.ftp- master.debian.org/changelogs/main/p/pbuilder/pbuilder_0.221.3_changelog for details. ---- Update to version 0.221.2, see http://metadata.ftp- master.debian.org/changelogs/main/p/pbuilder/pbuilder_0.221.2_changelog for details. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1289788 - pbuilder-0.221.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1289788 --------------------------------------------------------------------------------
================================================================================ pcsc-cyberjack-3.99.5final.SP08-2.fc22 (FEDORA-2015-b1c1f34555) PC/SC driver for REINER SCT cyberjack USB chip card reader -------------------------------------------------------------------------------- Update Information:
New upstream, spec-file cleanup. ---- new upstream --------------------------------------------------------------------------------
================================================================================ pesign-0.111-7.fc22 (FEDORA-2015-9d7c4ff402) Signing utility for UEFI binaries -------------------------------------------------------------------------------- Update Information:
Allow the mockbuild user to read the nss database if the account exists. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1283475 - Could not initialize nss: The certificate/key database is in an old, unsupported format. https://bugzilla.redhat.com/show_bug.cgi?id=1283475 [ 2 ] Bug #1284561 - Typo in pesign-authorize-groups https://bugzilla.redhat.com/show_bug.cgi?id=1284561 [ 3 ] Bug #1284063 - Need pesign-rh-test-certs to build kernel https://bugzilla.redhat.com/show_bug.cgi?id=1284063 --------------------------------------------------------------------------------
================================================================================ pinta-1.6-2.fc22 (FEDORA-2015-858171370b) An easy to use drawing and image editing program -------------------------------------------------------------------------------- Update Information:
fix build failure on ppc64 related to mono_arches --------------------------------------------------------------------------------
================================================================================ python-libpagure-0.6-1.fc22 (FEDORA-2015-a96bda327e) A Python library for Pagure APIs -------------------------------------------------------------------------------- Update Information:
Update the source to 0.6 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1281739 - Review Request: python-libpagure - A Python library for Pagure APIs https://bugzilla.redhat.com/show_bug.cgi?id=1281739 --------------------------------------------------------------------------------
================================================================================ python-music21-2.2.1-1.fc22 (FEDORA-2015-2718e724ad) A toolkit for computational musicology -------------------------------------------------------------------------------- Update Information:
New package. --------------------------------------------------------------------------------
================================================================================ qbittorrent-3.3.1-2.fc22 (FEDORA-2015-cd2f2dff6c) A Bittorrent Client -------------------------------------------------------------------------------- Update Information:
The major difference between qbittorrent 3.2.x and 3.3.x is the switch of default from Qt4 to Qt5 (and Fedora did this switch too). Multiple fixes and new features have been added as well ---- fix build on ppc64le -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1255788 - FTBFS with qbittorrent on ppc64le "Could not find a version of the library!" https://bugzilla.redhat.com/show_bug.cgi?id=1255788 [ 2 ] Bug #1252961 - qBittorrent fails to build on ppc64le https://bugzilla.redhat.com/show_bug.cgi?id=1252961 [ 3 ] Bug #1279239 - [abrt] qbittorrent: uw_frame_state_for(): qbittorrent killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1279239 [ 4 ] Bug #1286706 - qbittorrent-3.3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1286706 [ 5 ] Bug #1282019 - rb_libtorrent-1.0.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1282019 --------------------------------------------------------------------------------
================================================================================ rb_libtorrent-1.0.7-2.fc22 (FEDORA-2015-cd2f2dff6c) A C++ BitTorrent library aiming to be the best alternative -------------------------------------------------------------------------------- Update Information:
The major difference between qbittorrent 3.2.x and 3.3.x is the switch of default from Qt4 to Qt5 (and Fedora did this switch too). Multiple fixes and new features have been added as well ---- fix build on ppc64le -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1255788 - FTBFS with qbittorrent on ppc64le "Could not find a version of the library!" https://bugzilla.redhat.com/show_bug.cgi?id=1255788 [ 2 ] Bug #1252961 - qBittorrent fails to build on ppc64le https://bugzilla.redhat.com/show_bug.cgi?id=1252961 [ 3 ] Bug #1279239 - [abrt] qbittorrent: uw_frame_state_for(): qbittorrent killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1279239 [ 4 ] Bug #1286706 - qbittorrent-3.3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1286706 [ 5 ] Bug #1282019 - rb_libtorrent-1.0.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1282019 --------------------------------------------------------------------------------
================================================================================ rpmspectool-1.99.4-1.fc22 (FEDORA-2015-d7595935f4) Utility for handling RPM spec files -------------------------------------------------------------------------------- Update Information:
This update contains improvements in parsing spec files, as well as handling certain errors when downloading files. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1154596 - spectool not downloading source https://bugzilla.redhat.com/show_bug.cgi?id=1154596 --------------------------------------------------------------------------------
================================================================================ sqlite-3.9.0-2.fc22 (FEDORA-2015-1c93bbd1a7) Library that implements an embeddable SQL database engine -------------------------------------------------------------------------------- Update Information:
Updated sqlite with added amalgamation source distribution for stage2 builds. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1273994 - [REGRESSION] sqlite FTBFS during stage2 bootstrap - The 3.9 update requires tcl, that isn't available in stage2 https://bugzilla.redhat.com/show_bug.cgi?id=1273994 --------------------------------------------------------------------------------
================================================================================ util-linux-2.26.2-4.fc22 (FEDORA-2015-473007accf) A collection of basic system utilities -------------------------------------------------------------------------------- Update Information:
backport build-sys patch from f21 to fix STAGE1 bootstrap --------------------------------------------------------------------------------
================================================================================ wine-1.8-0.1.fc22 (FEDORA-2015-6306d811b5) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information:
Wine 1.8-rc3 Bug fixes. Code freeze, working towards 1.8 release. --------------------------------------------------------------------------------
================================================================================ xen-4.5.2-5.fc22 (FEDORA-2015-08e4af5a20) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information:
eepro100: Prevent two endless loops [CVE-2015-8345] (#1285215), pcnet: fix rx buffer overflow [CVE-2015-7512], ui: vnc: avoid floating point exception [CVE-2015-8504], additional patch for [XSA-158, CVE-2015-8338] long running memory operations on ARM [XSA-158, CVE-2015-8338] XENMEM_exchange error handling issues [XSA-159, CVE-2015-8339, CVE-2015-8340] libxl leak of pv kernel and initrd on error [XSA-160, CVE-2015-8341] ---- heap buffer overflow vulnerability in pcnet emulator [XSA-162, CVE-2015-7504], virtual PMU is unsupported [XSA-163] -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1285213 - CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list https://bugzilla.redhat.com/show_bug.cgi?id=1285213 [ 2 ] Bug #1285061 - CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode https://bugzilla.redhat.com/show_bug.cgi?id=1285061 [ 3 ] Bug #1261461 - CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive https://bugzilla.redhat.com/show_bug.cgi?id=1261461 [ 4 ] Bug #1285350 - xen: Virtual Performance Measurement Unit feature is unsupported https://bugzilla.redhat.com/show_bug.cgi?id=1285350 [ 5 ] Bug #1284933 - CVE-2015-8341 xen: libxl leak of PV kernel can cause OOM condition https://bugzilla.redhat.com/show_bug.cgi?id=1284933 [ 6 ] Bug #1284919 - CVE-2015-8339 CVE-2015-8340 xen: XENMEM_exchange error handling may cause DoS to host https://bugzilla.redhat.com/show_bug.cgi?id=1284919 [ 7 ] Bug #1284911 - CVE-2015-8338 xen: Long running memory operations on ARM cause DoS https://bugzilla.redhat.com/show_bug.cgi?id=1284911 --------------------------------------------------------------------------------