The following Fedora 25 Security updates need testing:
Age URL
185
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25
84
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e
python-XStatic-jquery-ui-1.12.0.1-4.fc25
27
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dbbbafea6
runc-1.0.0-7.git6394544.fc25.2
23
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec3c82e64d
libstaroffice-0.0.3-3.fc25
23
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f
nodejs-brace-expansion-1.1.7-1.fc25
14
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bcfa3569d6
libmwaw-0.3.11-3.fc25
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f68c93aaac
kmail-16.12.3-2.fc25
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb1ecba1bc
kf5-messagelib-16.12.3-2.fc25
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a11f853361
kdepim4-4.14.10-31.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-708adeb9b6
libsndfile-1.0.28-3.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb xen-4.7.2-7.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-63aca509fb
zabbix-3.0.9-1.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7591a8e2c9
globus-xio-5.16-1.fc25 globus-net-manager-0.17-1.fc25 globus-gass-cache-program-6.7-1.fc25
globus-gass-copy-9.27-1.fc25 globus-gssapi-gsi-12.16-1.fc25
globus-gram-job-manager-14.36-1.fc25 globus-gridftp-server-12.2-1.fc25
globus-io-11.9-1.fc25 globus-xio-gsi-driver-3.11-1.fc25 globus-xio-pipe-driver-3.10-1.fc25
globus-xio-udt-driver-1.27-1.fc25 myproxy-6.1.28-1.fc25 globus-ftp-client-8.35-2.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-38113758e7
drupal7-7.56-1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff1b87765
webkitgtk4-2.16.5-1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f7d6fbccc
php-horde-Horde-Image-2.5.1-1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c57da6642
libmtp-1.1.13-1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-372bb1edb3
libdb-5.3.28-24.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-75c571778e irssi-1.0.3-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-620085cede
httpd-2.4.26-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-03954b6dc4
jetty-test-helper-3.1-3.fc25 jetty-alpn-8.1.11-2.v20170118.fc25
jetty-9.4.6-1.v20170531.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d3bc944153 pius-2.2.4-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a348b32eb5
libgcrypt-1.7.8-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-58cde32413
qt5-qtwebengine-5.9.0-4.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
27
https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25
14
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a83e0e61d6 fwupd-0.9.4-1.fc25
11
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd92718a5a
pungi-4.1.16-3.fc25
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-82f4a3afee
storaged-2.6.2-6.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb xen-4.7.2-7.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-708adeb9b6
libsndfile-1.0.28-3.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d90aa59a73
libguestfs-1.36.5-1.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0187b2a605
selinux-policy-3.13.1-225.19.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-372bb1edb3
libdb-5.3.28-24.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-80862de14e
perl-Scalar-List-Utils-1.48-1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff1b87765
webkitgtk4-2.16.5-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d8104c0ea6
hostname-3.15-8.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2a0a9f69f8
dbus-1.11.14-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-118505dd77
libsoup-2.56.0-3.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-de0dd8b845 gsm-1.0.17-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a348b32eb5
libgcrypt-1.7.8-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-92a040da1a rsync-3.1.2-4.fc25
The following builds have been pushed to Fedora 25 updates-testing
MUMPS-5.1.1-2.fc25
avr-gcc-6.3.0-1.fc25
cjs-3.4.2-2.fc25
coin-or-Ipopt-3.12.8-2.fc25
dbus-1.11.14-1.fc25
gsm-1.0.17-1.fc25
hostname-3.15-8.fc25
libforensic1394-0.2-17.fc25
libsoup-2.56.0-3.fc25
lightdm-settings-1.1.1-1.fc25
nemo-3.4.5-1.fc25
oci-systemd-hook-0.1.9-1.gitaa42622.fc25
pcp-3.12.0-1.fc25
python-batinfo-0.4.2-5.fc25
python-configargparse-0.12.0-1.fc25
python-msrest-0.4.11-1.fc25
python-munkres-1.0.12-1.fc25
python-pyvo-0.6.1-1.fc25
python-streamlink-0.7.0-1.fc25
python-xmlbuilder-1.0-9.fc25
qt5-qtwebengine-5.9.0-4.fc25
reg-0.4.1-5.fc25
thermald-1.6-4.fc25
ugene-1.26.3-1.fc25.1
weechat-1.9-1.fc25
xed-1.4.4-2.fc25
xviewer-1.4.3-2.fc25
Details about builds:
================================================================================
MUMPS-5.1.1-2.fc25 (FEDORA-2017-c0e9637b10)
A MUltifrontal Massively Parallel sparse direct Solver
--------------------------------------------------------------------------------
Update Information:
- Update MUMPS and Ipopt to newer versions
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1461038 - coin-or-Ipopt-3.12.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1461038
--------------------------------------------------------------------------------
================================================================================
avr-gcc-6.3.0-1.fc25 (FEDORA-2017-5463a67108)
Cross Compiling GNU GCC targeted at avr
--------------------------------------------------------------------------------
Update Information:
avr-gcc updated to gcc version 6.3.0
--------------------------------------------------------------------------------
================================================================================
cjs-3.4.2-2.fc25 (FEDORA-2017-db1258a8c9)
Javascript Bindings for Cinnamon
--------------------------------------------------------------------------------
Update Information:
Fix log spam
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1465004 - cjs-3.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1465004
--------------------------------------------------------------------------------
================================================================================
coin-or-Ipopt-3.12.8-2.fc25 (FEDORA-2017-c0e9637b10)
Interior Point OPTimizer
--------------------------------------------------------------------------------
Update Information:
- Update MUMPS and Ipopt to newer versions
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1461038 - coin-or-Ipopt-3.12.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1461038
--------------------------------------------------------------------------------
================================================================================
dbus-1.11.14-1.fc25 (FEDORA-2017-2a0a9f69f8)
D-BUS message bus
--------------------------------------------------------------------------------
Update Information:
Update to 1.11.14
--------------------------------------------------------------------------------
================================================================================
gsm-1.0.17-1.fc25 (FEDORA-2017-de0dd8b845)
Shared libraries for GSM speech compressor
--------------------------------------------------------------------------------
Update Information:
This update fixes undefined behaviour when doing left shifts on signed integers.
No API or ABI changes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1465878 - gsm-1.0.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1465878
--------------------------------------------------------------------------------
================================================================================
hostname-3.15-8.fc25 (FEDORA-2017-d8104c0ea6)
Utility to set/show the host name or domain name
--------------------------------------------------------------------------------
Update Information:
Man page: change yp_get_default_domain with getdomainname (#1168989)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1168989 - hostname(1) manpage dangling reference
https://bugzilla.redhat.com/show_bug.cgi?id=1168989
--------------------------------------------------------------------------------
================================================================================
libforensic1394-0.2-17.fc25 (FEDORA-2017-f1a09c5bde)
A library for performing live memory forensics over firewire
--------------------------------------------------------------------------------
Update Information:
Enable Python3 support by default
--------------------------------------------------------------------------------
================================================================================
libsoup-2.56.0-3.fc25 (FEDORA-2017-118505dd77)
Soup, an HTTP library implementation
--------------------------------------------------------------------------------
Update Information:
This update fixes the following problems: * Possible crashes when accessing
sites with GSSAPI authentication * Sites with GSSAPI authentication that
require closing the connection are not loaded at all * Some servers does not
follow the GSSAPI authentication workflow closely, weaken the libsoup
implemetation to behave like other clients (Firefox, cURL) to support them.
--------------------------------------------------------------------------------
================================================================================
lightdm-settings-1.1.1-1.fc25 (FEDORA-2017-5991cb7cf6)
Configuration tool for the LightDM display manager
--------------------------------------------------------------------------------
Update Information:
* New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1466545 - lightdm-settings-1.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1466545
--------------------------------------------------------------------------------
================================================================================
nemo-3.4.5-1.fc25 (FEDORA-2017-41afc9bd92)
File manager for Cinnamon
--------------------------------------------------------------------------------
Update Information:
Update to latest release
--------------------------------------------------------------------------------
================================================================================
oci-systemd-hook-0.1.9-1.gitaa42622.fc25 (FEDORA-2017-8c49b86e6c)
OCI systemd hook for docker
--------------------------------------------------------------------------------
Update Information:
Updated to work with newer versions of runc as well as docker-runc. It should
work well with CRI-O Also.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401537 - Cannot build image with --userns-remap set, permission denied
https://bugzilla.redhat.com/show_bug.cgi?id=1401537
--------------------------------------------------------------------------------
================================================================================
pcp-3.12.0-1.fc25 (FEDORA-2017-9103ca28d1)
System-level performance monitoring and performance management
--------------------------------------------------------------------------------
Update Information:
Fix pcp-atop failure in open-ended write mode (BZ 1431292) ---- Correct subrpm
inclusion of zeroconf config files (BZ 1456262)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431292 - pmatop -w fails, bad -T argument to pmlogger
https://bugzilla.redhat.com/show_bug.cgi?id=1431292
[ 2 ] Bug #1317515 - SELinux is preventing /usr/bin/bash from 'read' accesses on
the directory /var/lib/pcp/pmdas.
https://bugzilla.redhat.com/show_bug.cgi?id=1317515
[ 3 ] Bug #1376857 - poor pmlogconf performance, esp. with derived metrics
https://bugzilla.redhat.com/show_bug.cgi?id=1376857
[ 4 ] Bug #1456262 - proc.* metrics being pmlogconf'd, even without pcp-zeroconf
installed
https://bugzilla.redhat.com/show_bug.cgi?id=1456262
--------------------------------------------------------------------------------
================================================================================
python-batinfo-0.4.2-5.fc25 (FEDORA-2017-9cd4056c89)
Python module to retrieve battery information
--------------------------------------------------------------------------------
Update Information:
Enable Python3 support by default
--------------------------------------------------------------------------------
================================================================================
python-configargparse-0.12.0-1.fc25 (FEDORA-2017-b6bcea1333)
A Python module with support for argparse, config files, and env variables
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version 0.12.0
--------------------------------------------------------------------------------
================================================================================
python-msrest-0.4.11-1.fc25 (FEDORA-2017-81992237dc)
AutoRest swagger generator Python client runtime
--------------------------------------------------------------------------------
Update Information:
###Version 0.4.11 Bugfixes * Fix incorrect dependency to ���requests��� 2.14.x,
instead of 2.x meant in 0.4.8 ### Version 0.4.10 Features * Add requests
hooks to configuration
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1460050 - python-msrest-v0.4.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1460050
--------------------------------------------------------------------------------
================================================================================
python-munkres-1.0.12-1.fc25 (FEDORA-2017-c8d4174f76)
A Munkres algorithm for Python
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 1.0.12
--------------------------------------------------------------------------------
================================================================================
python-pyvo-0.6.1-1.fc25 (FEDORA-2017-7428d9e276)
Access to remote data and services of the Virtual observatory (VO) using Python
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
================================================================================
python-streamlink-0.7.0-1.fc25 (FEDORA-2017-9b06e14503)
Python library for extracting streams from various websites
--------------------------------------------------------------------------------
Update Information:
0.7.0 of Streamlink! Since our May release, we've incorporated quite a few
changes! Outlined are the major features in this month's release: * Stream
types will now be sorted accordingly in terms of quality *
TeamLiquid.net Plugin
added * Numerous plugin & bug fixes * Updated HomeBrew package * Improved CLI
documentation Many thanks to those who've contributed in this release! If you
think that this application is helpful, please consider supporting the
maintainers by [donating](https://streamlink.github.io/donate.html). See
https://github.com/streamlink/streamlink/releases/tag/0.7.0 for more
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1466776 - python-streamlink-0.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1466776
--------------------------------------------------------------------------------
================================================================================
python-xmlbuilder-1.0-9.fc25 (FEDORA-2017-b1ff24f2b9)
A python XML/(x)HTML builder
--------------------------------------------------------------------------------
Update Information:
Renaming for Python 2
--------------------------------------------------------------------------------
================================================================================
qt5-qtwebengine-5.9.0-4.fc25 (FEDORA-2017-58cde32413)
Qt5 - QtWebEngine components
--------------------------------------------------------------------------------
Update Information:
This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part
of the Qt 5.9.0 release, but only the QtWebEngine component is included in this
update. The update fixes the following security issues in QtWebEngine 5.8.0:
CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010,
CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015,
CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020,
CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025,
CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033,
CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044,
CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055,
CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061,
CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and
CVE-2017-5069. Other important changes include: * Based on Chromium
56.0.2924.122 with security fixes from Chromium up to version 58.0.3029.96.
(5.8.0 was based on Chromium 53.0.2785.148 with security fixes from Chromium up
to version 55.0.2883.75.) * [QTBUG-54650, QTBUG-59922] Accessibility is now
disabled by default on Linux, like it is in Chrome, due to poor options for
enabling it conditionally and its heavy performance impact. Set the environment
variable `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it again. *
[QTBUG-56531] Enabled `filesystem:` protocol handler. * [QTBUG-57720] Optimized
incremental scene-graph rendering in particular for software rendering. *
[QTBUG-60049] Enabled brotli support. * Many bug fixes, see
https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.9.0?h=5.9 for
details. In addition, this build includes a fix for
https://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility in
QtWebEngine 5.9.0 compared to 5.8.0.
--------------------------------------------------------------------------------
================================================================================
reg-0.4.1-5.fc25 (FEDORA-2017-263decc3c1)
Docker registry v2 command line client
--------------------------------------------------------------------------------
Update Information:
Fix epel7 build and add upstream patch for single-run execution mode. ---- Fix
build for epel7 ---- Add an upstream'd patch to enable single-run mode of reg-
server that will create static html files and then exit instead of serving the
files with built-in http server. ---- New package for Fedora.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1432214 - Review Request: reg - Docker registry v2 command line client.
https://bugzilla.redhat.com/show_bug.cgi?id=1432214
--------------------------------------------------------------------------------
================================================================================
thermald-1.6-4.fc25 (FEDORA-2017-b7cc97e7ff)
Thermal Management daemon
--------------------------------------------------------------------------------
Update Information:
* Add upstream patch to fix ThermalMonitor * Add several fixes from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1464548 - [abrt] thermald-monitor:
ThermaldInterface::getLowestValidTripTempForZone(): ThermalMonitor killed by signal 11
https://bugzilla.redhat.com/show_bug.cgi?id=1464548
--------------------------------------------------------------------------------
================================================================================
ugene-1.26.3-1.fc25.1 (FEDORA-2017-53d214b243)
Integrated bioinformatics toolkit
--------------------------------------------------------------------------------
Update Information:
This is a patch release that contains several major bug fixes and interface
improvements requested by users. ---- Changes in the release include: 1. All
databases, supported by SnpEff, are now available for prediction of variant
effects. 2. By default, all documents are opened in tabs instead of windows. To
change this parameter go to the Application Settings. 3. Support of high-
resolution Retina displays. You can download the latest UGENE version on this
page -
http://ugene.unipro.ru/download.html. A new view for working with Sanger
reads ��� the Chromatogram Alignment Editor ��� is planned for 1.27 version. Stay
tuned!
--------------------------------------------------------------------------------
================================================================================
weechat-1.9-1.fc25 (FEDORA-2017-2261491984)
Portable, fast, light and extensible IRC client
--------------------------------------------------------------------------------
Update Information:
New upstream version 1.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1464190 - New upstream version - 1.8
https://bugzilla.redhat.com/show_bug.cgi?id=1464190
[ 2 ] Bug #1450583 - weechat-1.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450583
--------------------------------------------------------------------------------
================================================================================
xed-1.4.4-2.fc25 (FEDORA-2017-013f4a7a29)
X-Apps [Text] Editor (Cross-DE, backward-compatible, GTK3, traditional UI)
--------------------------------------------------------------------------------
Update Information:
* Fix filtered provides
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1463461 - xed-1.4.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1463461
--------------------------------------------------------------------------------
================================================================================
xviewer-1.4.3-2.fc25 (FEDORA-2017-23dfa8ba2b)
Fast and functional graphics viewer
--------------------------------------------------------------------------------
Update Information:
* Fix filtered provides
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1465898 - xviewer-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1465898
--------------------------------------------------------------------------------