The following Fedora 23 Security updates need testing:
Age URL
225
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
183
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
156
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
106
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
106
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
71
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
26
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7
optipng-0.7.6-1.fc23
26
https://bodhi.fedoraproject.org/updates/FEDORA-2016-dffdc981ff
squid-3.5.10-2.fc23
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7c48036d73
community-mysql-5.6.30-1.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a8e2be0fe6
cacti-0.8.8g-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5733ad20f5
pgpdump-0.30-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2aae0dbc5
botan-1.10.13-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5b2eb0bf9c
ntp-4.2.6p5-40.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c93d49faf3
dhcp-4.3.3-9.P1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-88778482ea lorax-23.21-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0a2ca2016e
xulrunner-44.0-6.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-afa56613ca
lxsession-0.5.2-9.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1b48953d4
pungi-4.0.15-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5587c0678e phonon-4.9.0-2.fc23
phonon-backend-gstreamer-4.9.0-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c93d49faf3
dhcp-4.3.3-9.P1.fc23
The following builds have been pushed to Fedora 23 updates-testing
argus-3.0.8-6.fc23
blktap-3.0.0-7.fc23.git0.9.2
dhcp-4.3.3-9.P1.fc23
docker-1.10.3-16.gita41254f.fc23
fedora-review-0.6.1-1.fc23
gmic-1.7.1-1.fc23
kshutdown-3.99.1-0.1.beta.fc23
mutt-1.6.1-1.fc23
ntp-4.2.6p5-40.fc23
owncloud-8.2.3-6.fc23
perl-Module-CoreList-5.20160429-1.fc23
perl-PerlIO-eol-0.16-1.fc23
perl-Thread-Queue-3.09-1.fc23
php-myclabs-deep-copy-1.5.1-1.fc23
php-owncloud-tarstreamer-0.1.0-1.fc23
php-swiftmailer-5.4.2-1.fc23
php-symfony-2.7.12-2.fc23
python-assimulo-2.9-1.fc23
python-pyudev-0.20.0-1.fc23
Details about builds:
================================================================================
argus-3.0.8-6.fc23 (FEDORA-2016-f92332b224)
Network transaction audit tool
--------------------------------------------------------------------------------
Update Information:
Logrotate fix.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1332098 - /etc/logrotate.d/argus from argus-3.0.8-4.fc23.x86_64 causes global
default log compression for all logs handled by logrotate and not just the argus log
https://bugzilla.redhat.com/show_bug.cgi?id=1332098
--------------------------------------------------------------------------------
================================================================================
blktap-3.0.0-7.fc23.git0.9.2 (FEDORA-2016-483db91cbe)
Blktap Userspace Tools + Library
--------------------------------------------------------------------------------
Update Information:
Applied a bundled patch to fix a udev warning (BZ#1229953)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1229953 - blktap rule generates udev warning
https://bugzilla.redhat.com/show_bug.cgi?id=1229953
--------------------------------------------------------------------------------
================================================================================
dhcp-4.3.3-9.P1.fc23 (FEDORA-2016-c93d49faf3)
Dynamic host configuration protocol software
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-2774
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1315259 - CVE-2016-2774 dhcp: unclosed TCP connections to OMAPI or failover
ports can cause DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1315259
--------------------------------------------------------------------------------
================================================================================
docker-1.10.3-16.gita41254f.fc23 (FEDORA-2016-87f810b0f5)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
built docker @projectatomic/fedora-1.10.3 commit a41254f ---- built docker
@projectatomic/fedora-1.10.3 commit#964eda6 ---- built docker
@projectatomic/fedora-1.10.3 commit#ef2fa35 ---- docker package runtime
depends on docker-forward-journald ---- rebuilt to remove dockerroot user
creation ---- rebuilt to remove dockerroot user creation ---- rebuilt to
include dss_libdir directory ---- built docker @projectatomic/fedora-1.10.2
commit#86e59a5 ---- rebuilt with seccomp enabled ---- built docker
@projectatomic/fedora-1.10.1 commit#6c71d8f ---- built docker
@projectatomic/fedora-1.10.1 commit#6c71d8f ---- rebuilt, no change ----
built docker @projectatomic/fedora-1.10.2 commit#0f5ac89
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1289851 - Docker.service does not require docker.socket which can lead to
Docker crash when docker.sock is host mounted
https://bugzilla.redhat.com/show_bug.cgi?id=1289851
[ 2 ] Bug #1254694 - "man docker-login" incorrectly claims that you can
"docker login" to Docker Hub as non-root user
https://bugzilla.redhat.com/show_bug.cgi?id=1254694
[ 3 ] Bug #1269602 - Secrets patch does not work in Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=1269602
[ 4 ] Bug #1289963 - docker push not working in 1.9.1
https://bugzilla.redhat.com/show_bug.cgi?id=1289963
[ 5 ] Bug #1303105 - Docker does not own /usr/lib/docker-storage-setup
https://bugzilla.redhat.com/show_bug.cgi?id=1303105
[ 6 ] Bug #1326110 - Unable to create containers with Kubernetes master and Docker
1.9.1-9
https://bugzilla.redhat.com/show_bug.cgi?id=1326110
[ 7 ] Bug #1312934 - "docker images" command returns all the repositories
prepended with the "docker.io/" string
https://bugzilla.redhat.com/show_bug.cgi?id=1312934
--------------------------------------------------------------------------------
================================================================================
fedora-review-0.6.1-1.fc23 (FEDORA-2016-c502551b96)
Review tool for fedora rpm packages
--------------------------------------------------------------------------------
Update Information:
Bugfix release. From NEWS: - spec: Make plugin-ruby a separate package. - Fix
handling of license files w blanks (bz #1229412). - Handle licensecheck crash
gracefully (bz #1241481). - Fix bad check for %license (bz #1231019). - Add
COPYRIGHT to license files (bz #1232814). - fedora-create-review: --test: Print
used bz (#266). - fedora-review.1: typo (#262). - Optimize some dnf operations
(#1275275). - De-duplicate installed rpms (bz #1264803). - Clean up koji-
download-scratch and create-review (#260), add options --logs and --nodebug to
skip downloading logs and debuginfo packages - Generate correct PkgDB URL in
CheckNoNameConflict - Use rpm to find %check section (#225). - fedora-review.1:
Add info on bugz (#237, sort of). - ruby: Add test for obsolete R:rubygem,
%fedora > 20 (bz 1128094). - ruby: Disable check for R: rubygem when %fedora >
20 (bz #1128094). - generic_should, ruby: Add plugin checking code. - generic:
Move SHOULD checks to generic_should. - Fix false positive for Packager: tag (bz
#1146442). - Fix command line options w spaces (bz #1192184).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1275275 - fedora-review queries too many times for same thing
https://bugzilla.redhat.com/show_bug.cgi?id=1275275
--------------------------------------------------------------------------------
================================================================================
gmic-1.7.1-1.fc23 (FEDORA-2016-5ab9882f3a)
GREYC's Magic for Image Computing
--------------------------------------------------------------------------------
Update Information:
bump version ---- bump version
--------------------------------------------------------------------------------
================================================================================
kshutdown-3.99.1-0.1.beta.fc23 (FEDORA-2016-a98f0f7879)
Graphical shutdown utility for Plasma 5
--------------------------------------------------------------------------------
Update Information:
KShutdown 3.99.1 beta release. For more information visit
http://kshutdown.sourceforge.net/releases/3.99.1beta.html.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331948 - kshutdown-3.99.1beta is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331948
--------------------------------------------------------------------------------
================================================================================
mutt-1.6.1-1.fc23 (FEDORA-2016-f59f02b2b7)
A text mode mail user agent
--------------------------------------------------------------------------------
Update Information:
Bugfix release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1332105 - mutt-1.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1332105
--------------------------------------------------------------------------------
================================================================================
ntp-4.2.6p5-40.fc23 (FEDORA-2016-5b2eb0bf9c)
The NTP daemon and utilities
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-1548, CVE-2016-2516, CVE-2016-2518, CVE-2016-1550
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed
packets
https://bugzilla.redhat.com/show_bug.cgi?id=1331462
[ 2 ] Bug #1331466 - CVE-2016-2516 ntp: assertion failure in ntpd on duplicate IPs on
unconfig directives
https://bugzilla.redhat.com/show_bug.cgi?id=1331466
[ 3 ] Bug #1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet
https://bugzilla.redhat.com/show_bug.cgi?id=1331468
[ 4 ] Bug #1331464 - CVE-2016-1550 ntp: libntp message digest disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=1331464
--------------------------------------------------------------------------------
================================================================================
owncloud-8.2.3-6.fc23 (FEDORA-2016-6f479decc6)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
Owncloud now follows the PHP SIG direction of using a fedora autoloader to
directly call the autoloaders of the PHP libraries used. In addition a %check
has been added to ensure the autoloader works correctly and new dependency
versions bumped to match more closely with upstream.
--------------------------------------------------------------------------------
================================================================================
perl-Module-CoreList-5.20160429-1.fc23 (FEDORA-2016-e456fcb429)
What modules are shipped with versions of perl
--------------------------------------------------------------------------------
Update Information:
This release brings data for perl 5.22.2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331902 - perl-Module-CoreList-5.20160429 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331902
--------------------------------------------------------------------------------
================================================================================
perl-PerlIO-eol-0.16-1.fc23 (FEDORA-2016-21c0249f74)
PerlIO layer for normalizing line endings
--------------------------------------------------------------------------------
Update Information:
This release corrects build-time warnings. ---- This release improves
documentation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331951 - perl-PerlIO-eol-0.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331951
[ 2 ] Bug #1330787 - perl-PerlIO-eol-0.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1330787
--------------------------------------------------------------------------------
================================================================================
perl-Thread-Queue-3.09-1.fc23 (FEDORA-2016-3aac4ecc07)
Thread-safe queues
--------------------------------------------------------------------------------
Update Information:
This release updates documentation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331991 - perl-Thread-Queue-3.09 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331991
--------------------------------------------------------------------------------
================================================================================
php-myclabs-deep-copy-1.5.1-1.fc23 (FEDORA-2016-60eec52353)
Create deep copies (clones) of your objects
--------------------------------------------------------------------------------
Update Information:
**Version 1.5.1** * fix for exception
--------------------------------------------------------------------------------
================================================================================
php-owncloud-tarstreamer-0.1.0-1.fc23 (FEDORA-2016-85231c0e47)
Streaming dynamic tar files
--------------------------------------------------------------------------------
Update Information:
**Version 0.1.0** * Use UTF-8 filenames for any browser except Internet
Explorer
--------------------------------------------------------------------------------
================================================================================
php-swiftmailer-5.4.2-1.fc23 (FEDORA-2016-359620c6de)
Free Feature-rich PHP Mailer
--------------------------------------------------------------------------------
Update Information:
**Version 5.4.2** (2016-05-01) * fixed support for IPv6 sockets * added auto-
retry when sending messages from the memory spool * fixed consecutive read
calls in Swift_ByteStream_FileByteStream * added support for iso-8859-15
encoding * fixed PHP mail extra params on missing reversePath * added methods
to set custom stream context options * fixed charset changes in
QpContentEncoderProxy * added return-path header to the ignoredHeaders list of
DKIMSigner * fixed crlf for subject using mail * fixed add soft line break
only when necessary * fixed escaping command-line args to Sendmail
--------------------------------------------------------------------------------
================================================================================
php-symfony-2.7.12-2.fc23 (FEDORA-2016-7bff4ca867)
PHP framework for web projects
--------------------------------------------------------------------------------
Update Information:
**Version 2.7.12** (2016-04-29) * bug #18180 [Form] fixed BC break with pre
selection of choices with `ChoiceType` and its children (HeahDude) * bug #18562
[WebProfilerBunde] Give an absolute url in case the request occured from another
domain (romainneutron) * bug #18603 [PropertyAccess] ->getValue() should be
read-only (nicolas-grekas) * bug #18593 [VarDumper] Fix dumping type hints for
non-existing parent classes (nicolas-grekas) * bug #18581 [Console]
[TableHelper] make it work with SymfonyStyle. (aitboudad) * bug #18280
[Routing] add query param if value is different from default (Tobion) * bug
#18496 [Console] use ANSI escape sequences in ProgressBar overwrite method
(alekitto) * bug #18491 [DependencyInjection] anonymous services are always
private (xabbuh) * bug #18515 [Filesystem] Better error handling in remove()
(nicolas-grekas) * bug #18449 [PropertyAccess] Fix regression (nicolas-grekas)
* bug #18429 [Console] Correct time formatting. (camporter) * bug #18467
[DependencyInjection] Resolve aliases before removing abstract services + add
tests (nicolas-grekas) * bug #18460 [DomCrawler] Fix select option with empty
value (Matt Wells) * bug #18425 [Security] Fixed SwitchUserListener when
exiting an impersonation with AnonymousToken (lyrixx) * bug #18317 [Form] fix
"prototype" not required when parent form is not required (HeahDude) * bug
#18439 [Logging] Add support for Firefox (43+) in ChromePhpHandler (arjenm) *
bug #18385 Detect CLI color support for Windows 10 build 10586 (mlocati) * bug
#18426 [EventDispatcher] Try first if the event is Stopped (lyrixx) * bug
#18394 [FrameworkBundle] Return the invokable service if its name is the class
name (dunglas) * bug #18265 Optimize ReplaceAliasByActualDefinitionPass (ajb-
in) * bug #18349 [Process] Fix stream_select priority when writing to stdin
(nicolas-grekas) * bug #18358 [Form] NumberToLocalizedStringTransformer should
return floats when possible (nicolas-grekas) * bug #17926 [DependencyInjection]
Enable alias for service_container (hason) * bug #18352 [Debug] Fix case
sensitivity checks (nicolas-grekas) * bug #18336 [Debug] Fix handling of php7
throwables (nicolas-grekas) * bug #18354 [FrameworkBundle][TwigBridge] fix high
deps tests (xabbuh) * bug #18312 [ClassLoader] Fix storing not-found classes in
APC cache (nicolas-grekas) * bug #18298 [Validator] do not treat payload as
callback (xabbuh)
--------------------------------------------------------------------------------
================================================================================
python-assimulo-2.9-1.fc23 (FEDORA-2016-45fc12fcae)
Ordinary differential and differential algebraic equations solver
--------------------------------------------------------------------------------
Update Information:
- Update to 2.9
--------------------------------------------------------------------------------
================================================================================
python-pyudev-0.20.0-1.fc23 (FEDORA-2016-04bcd492ef)
A libudev binding
--------------------------------------------------------------------------------
Update Information:
Fixes to minor bugs that only those who noticed them should care about. No other
changes.
--------------------------------------------------------------------------------