The following Fedora 16 Security updates need testing: Age URL 75 https://admin.fedoraproject.org/updates/FEDORA-2012-14452/bacula-5.0.3-33.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-19538/weechat-0.3.9.2-2.fc16 48 https://admin.fedoraproject.org/updates/FEDORA-2012-16415/389-ds-base-1.2.10.16-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-19822/bind-9.8.4-3.P1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-19823/mysql-5.5.28-2.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-19828/xen-4.1.3-6.fc16 32 https://admin.fedoraproject.org/updates/FEDORA-2012-17553/libproxy-0.4.10-1.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2012-19347/cups-1.5.4-10.fc16 153 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16 73 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16 12 https://admin.fedoraproject.org/updates/FEDORA-2012-18927/cups-pk-helper-0.1.3-4.fc16 54 https://admin.fedoraproject.org/updates/FEDORA-2012-16032/cobbler-2.4.0-beta2.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-19227/squashfs-tools-4.2-5.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2012-19449/drupal6-ctools-1.10-1.fc16 36 https://admin.fedoraproject.org/updates/FEDORA-2012-17291/thunderbird-16.0.2-1.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2012-19455/php-symfony2-HttpFoundation-2.0.19-1.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2012-19715/qt-4.8.4-1.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-18330/perl-CGI-3.52-203.fc16,perl-5.14.3-203.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2012-19740/bogofilter-1.2.3-1.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2012-19752/dovecot-2.0.21-4.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2012-19750/kernel-3.6.9-2.fc16 15 https://admin.fedoraproject.org/updates/FEDORA-2012-18661/firefox-17.0-1.fc16,xulrunner-17.0-3.fc16,thunderbird-enigmail-1.4.6-2.fc16,thunderbird-lightning-1.9-1.fc16,thunderbird-17.0-1.fc16 The following Fedora 16 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2012-19823/mysql-5.5.28-2.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2012-19750/kernel-3.6.9-2.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2012-19715/qt-4.8.4-1.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2012-19471/xulrunner-17.0.1-1.fc16,firefox-17.0.1-1.fc16 4 https://admin.fedoraproject.org/updates/FEDORA-2012-19486/phonon-backend-gstreamer-4.6.2-2.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-19265/lxpanel-0.5.10-3.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-19227/squashfs-tools-4.2-5.fc16 12 https://admin.fedoraproject.org/updates/FEDORA-2012-18927/cups-pk-helper-0.1.3-4.fc16 13 https://admin.fedoraproject.org/updates/FEDORA-2012-18857/koji-1.7.1-1.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-18330/perl-CGI-3.52-203.fc16,perl-5.14.3-203.fc16 The following builds have been pushed to Fedora 16 updates-testing bind-9.8.4-3.P1.fc16 insight-7.4.50-5.20120403cvs.fc16 mysql-5.5.28-2.fc16 perl-CDB_File-0.97-1.fc16 perl-Locale-Codes-3.24-1.fc16 php-pluf-1.0-3.gitb1fed2e.fc16 python-ptrace-0.6.4-2.fc16 xen-4.1.3-6.fc16 Details about builds: ================================================================================ bind-9.8.4-3.P1.fc16 (FEDORA-2012-19822) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2012-5688. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 5 2012 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.8.4-3.P1 - update to bind-9.8.4-P1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #883533 - CVE-2012-5688 bind: DoS on servers using DNS64 https://bugzilla.redhat.com/show_bug.cgi?id=883533 -------------------------------------------------------------------------------- ================================================================================ insight-7.4.50-5.20120403cvs.fc16 (FEDORA-2012-19838) Graphical debugger based on GDB -------------------------------------------------------------------------------- Update Information: * Wed Dec 5 2012 Patrick Monnerat <pm@xxxxxxxxxxxxx> 7.4.50-5.20120403cvs - Patch "bz883591" to fix a segmentation fault. https://bugzilla.redhat.com/show_bug.cgi?id=883591 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 5 2012 Patrick Monnerat <pm@xxxxxxxxxxxxx> 7.4.50-5.20120403cvs - Patch "bz883591" to fix a segmentation fault. https://bugzilla.redhat.com/show_bug.cgi?id=883591 -------------------------------------------------------------------------------- References: [ 1 ] Bug #883591 - [abrt] insight-7.4.50-4.20120403cvs.fc18: gdb_find_bp_at_line: Process /usr/bin/insight was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=883591 -------------------------------------------------------------------------------- ================================================================================ mysql-5.5.28-2.fc16 (FEDORA-2012-19823) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information: - Add patch for CVE-2012-5611 - Widen DH key length from 512 to 1024 bits to meet minimum requirements of FIPS 140-2 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 5 2012 Tom Lane <tgl@xxxxxxxxxx> 5.5.28-2 - Add patch for CVE-2012-5611 Resolves: #883642 - Widen DH key length from 512 to 1024 bits to meet minimum requirements of FIPS 140-2 Related: #877124 -------------------------------------------------------------------------------- References: [ 1 ] Bug #881064 - CVE-2012-5611 mysql: acl_get() stack-based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=881064 -------------------------------------------------------------------------------- ================================================================================ perl-CDB_File-0.97-1.fc16 (FEDORA-2012-19837) Perl extension for access to cdb databases -------------------------------------------------------------------------------- Update Information: upgrade to 0.97 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 5 2012 Mark McKinstry <mmckinst@xxxxxxxxxxx> - 0.97-1 - upgrade to 0.97 -------------------------------------------------------------------------------- References: [ 1 ] Bug #882869 - perl-CDB_File-0.97 is available https://bugzilla.redhat.com/show_bug.cgi?id=882869 -------------------------------------------------------------------------------- ================================================================================ perl-Locale-Codes-3.24-1.fc16 (FEDORA-2012-19821) Distribution of modules to handle locale codes -------------------------------------------------------------------------------- Update Information: New codes added. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 5 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 3.24-1 - 3.24 bump * Tue Nov 20 2012 Petr Šabata <contyk@xxxxxxxxxx> - 3.23-2 - Add missing deps - Drop command macros - Modernize spec * Tue Sep 4 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 3.23-1 - 3.23 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #883815 - perl-Locale-Codes-3.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=883815 -------------------------------------------------------------------------------- ================================================================================ php-pluf-1.0-3.gitb1fed2e.fc16 (FEDORA-2012-19819) PHP WebApp Framework -------------------------------------------------------------------------------- Update Information: Upgrade from GIT to satisfy Indefero dependency. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ python-ptrace-0.6.4-2.fc16 (FEDORA-2012-19816) Debugger using ptrace written in Python -------------------------------------------------------------------------------- Update Information: Update to latest upstream release python-ptrace 0.6.4. The update also adds Python 3 support. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 5 2012 Terje Rosten <terje.rosten@xxxxxxx> - 0.6.4-2 - Add patch to build with Python 3.3 * Wed Dec 5 2012 Terje Rosten <terje.rosten@xxxxxxx> - 0.6.4-1 - 0.6.4 - Add python 3 subpackage * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.6.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ xen-4.1.3-6.fc16 (FEDORA-2012-19828) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) An HVM guest can cause xen to crash or leak information [XSA-28, CVE-2012-5512] (#883085) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 4 2012 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.1.3-6 - 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) An HVM guest can cause xen to crash or leak information [XSA-28, CVE-2012-5512] (#883085) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) -------------------------------------------------------------------------------- References: [ 1 ] Bug #877358 - CVE-2012-5510 kernel: xen: Grant table version switch list corruption vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=877358 [ 2 ] Bug #877365 - CVE-2012-5511 kernel: xen: several HVM operations do not validate the range of their inputs https://bugzilla.redhat.com/show_bug.cgi?id=877365 [ 3 ] Bug #877385 - CVE-2012-5512 kernel: xen: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak https://bugzilla.redhat.com/show_bug.cgi?id=877385 [ 4 ] Bug #877391 - CVE-2012-5513 kernel: xen: XENMEM_exchange may overwrite hypervisor memory https://bugzilla.redhat.com/show_bug.cgi?id=877391 [ 5 ] Bug #877393 - CVE-2012-5514 kernel: xen: Broken error handling in guest_physmap_mark_populate_on_demand() https://bugzilla.redhat.com/show_bug.cgi?id=877393 [ 6 ] Bug #877397 - CVE-2012-5515 kernel: xen: Several memory hypercall operations allow invalid extent order values https://bugzilla.redhat.com/show_bug.cgi?id=877397 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
