The following Fedora 16 Security updates need testing: Age URL 52 https://admin.fedoraproject.org/updates/FEDORA-2012-20157/libproxy-0.4.11-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1748/sssd-1.8.6-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1713/libupnp-1.6.18-1.fc16 9 https://admin.fedoraproject.org/updates/FEDORA-2013-1233/rhncfg-5.10.36-1.fc16 51 https://admin.fedoraproject.org/updates/FEDORA-2012-20236/rssh-2.3.4-1.fc16 9 https://admin.fedoraproject.org/updates/FEDORA-2013-1257/libexif-0.6.21-2.fc16 210 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16 130 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16 6 https://admin.fedoraproject.org/updates/FEDORA-2013-1485/Zim-0.59-1.fc16 23 https://admin.fedoraproject.org/updates/FEDORA-2012-19347/cups-1.5.4-12.fc16 6 https://admin.fedoraproject.org/updates/FEDORA-2013-1494/gdal-1.7.3-15.fc16,OpenImageIO-1.0.11-2.fc16,libwebp-0.2.1-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1666/android-tools-20130123git98d0789-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1716/samba-3.6.12-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1745/rubygem-activesupport-3.0.10-6.fc16 13 https://admin.fedoraproject.org/updates/FEDORA-2013-0935/samba4-4.0.0-39.alpha16.fc16 2 https://admin.fedoraproject.org/updates/FEDORA-2013-1642/libvirt-0.9.6.4-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-1735/wordpress-3.5.1-1.fc16 The following Fedora 16 Critical Path updates have yet to be approved: Age URL 6 https://admin.fedoraproject.org/updates/FEDORA-2013-1531/qrencode-3.4.1-1.fc16 9 https://admin.fedoraproject.org/updates/FEDORA-2013-1257/libexif-0.6.21-2.fc16 276 https://admin.fedoraproject.org/updates/FEDORA-2012-6994/upower-0.9.16-1.fc16 The following builds have been pushed to Fedora 16 updates-testing android-tools-20130123git98d0789-1.fc16 drupal7-date_ical-2.3-1.fc16 guacd-0.7.0-3.fc16 libupnp-1.6.18-1.fc16 lua-ldoc-1.3.3-1.fc16 mate-window-manager-1.5.3-3.fc16 rubygem-activesupport-3.0.10-6.fc16 samba-3.6.12-1.fc16 sssd-1.8.6-1.fc16 wordpress-3.5.1-1.fc16 Details about builds: ================================================================================ android-tools-20130123git98d0789-1.fc16 (FEDORA-2013-1666) Android platform tools(adb, fastboot) -------------------------------------------------------------------------------- Update Information: - Update to upstream git commit 98d0789 - Resolves: rhbz 903074 Move udev rule to docs as example - Resolves: rhbz 879585 Introduce adb.service with PrivateTmp -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 28 2013 Ivan Afonichev <ivan.afonichev@xxxxxxxxx> - 20130123git98d0789-1 - Update to upstream git commit 98d0789 - Resolves: rhbz 903074 Move udev rule to docs as example - Resolves: rhbz 879585 Introduce adb.service with PrivateTmp -------------------------------------------------------------------------------- References: [ 1 ] Bug #879585 - CVE-2012-5564 android-tools (server): Insecure temporary file used for logging [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=879585 [ 2 ] Bug #903074 - android-tools: please fix or remove (non useful) udev rule https://bugzilla.redhat.com/show_bug.cgi?id=903074 -------------------------------------------------------------------------------- ================================================================================ drupal7-date_ical-2.3-1.fc16 (FEDORA-2013-1688) Allows creation of an iCal feed in Views -------------------------------------------------------------------------------- Update Information: Update to upstream 2.3 release Update to upstream 2.2 release -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #904736 - drupal7-date_ical-2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=904736 [ 2 ] Bug #903583 - drupal7-date_ical-2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=903583 -------------------------------------------------------------------------------- ================================================================================ guacd-0.7.0-3.fc16 (FEDORA-2013-1694) Proxy daemon for Guacamole -------------------------------------------------------------------------------- Update Information: Enable guacd user/group for daemon -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 30 2013 Simone Caronni <negativo17@xxxxxxxxx> - 0.7.0-3 - User creations is for all supported distributions. * Wed Jan 30 2013 Simone Caronni <negativo17@xxxxxxxxx> - 0.7.0-2 - Updated init script according to Fedora template. https://fedoraproject.org/wiki/Packaging:SysVInitScript?rd=Packaging/SysVInitScript - Run daemon as guacd user/group. - Make sure $HOME is set before starting the daemon or the child crashes. -------------------------------------------------------------------------------- ================================================================================ libupnp-1.6.18-1.fc16 (FEDORA-2013-1713) Universal Plug and Play (UPnP) SDK -------------------------------------------------------------------------------- Update Information: linupnp 1.6.18 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 29 2013 Adam Jackson <ajax@xxxxxxxxxx> 1.6.18-1 - libupnp 1.6.18 (#905577) * Tue Oct 16 2012 Adam Jackson <ajax@xxxxxxxxxx> 1.6.17-1 - libupnp 1.6.17 * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.13-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.13-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #883790 - CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 libupnp: Multiple stack-based buffer overflows in unique_service_name() by processing specially-crafted SSDP request (VU#922681) https://bugzilla.redhat.com/show_bug.cgi?id=883790 -------------------------------------------------------------------------------- ================================================================================ lua-ldoc-1.3.3-1.fc16 (FEDORA-2013-1768) Lua documentation generator -------------------------------------------------------------------------------- Update Information: LDoc is a second-generation documentation tool that can be used as a replacement for LuaDoc. It is mostly compatible with LuaDoc, except that certain workarounds are no longer needed. For instance, it is not so married to the idea that Lua modules should be defined using the module function. -------------------------------------------------------------------------------- References: [ 1 ] Bug #891996 - Review Request: lua-ldoc - Lua documentation generator https://bugzilla.redhat.com/show_bug.cgi?id=891996 -------------------------------------------------------------------------------- ================================================================================ mate-window-manager-1.5.3-3.fc16 (FEDORA-2013-1669) MATE Desktop window manager -------------------------------------------------------------------------------- Update Information: update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 29 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.5.3-3 - Add some configure flags * Fri Jan 18 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.5.3-2 - Sort BR's - Remove unneeded obsoletes tag * Mon Jan 14 2013 Dan Mashal <dan.mashal@xxxxxxxxxxxxxxxxx> - 1.5.3-1 - Update to latest upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #896357 - [abrt] mate-window-manager-1.5.2-10.fc18: meta_bug: Process /usr/bin/marco was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=896357 -------------------------------------------------------------------------------- ================================================================================ rubygem-activesupport-3.0.10-6.fc16 (FEDORA-2013-1745) Support and utility classes used by the Rails framework -------------------------------------------------------------------------------- Update Information: Fixes CVE-2013-0333. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 29 2013 Vít Ondruch <vondruch@xxxxxxxxxx> - 1:3.0.10-6 - Fix for CVE-2013-0333. -------------------------------------------------------------------------------- References: [ 1 ] Bug #903440 - CVE-2013-0333 rubygem-activesupport: json to yaml parsing https://bugzilla.redhat.com/show_bug.cgi?id=903440 -------------------------------------------------------------------------------- ================================================================================ samba-3.6.12-1.fc16 (FEDORA-2013-1716) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information: Update to 3.6.12 which fixes CVE-2013-0213 and CVE-2013-0214. Update to 3.6.10. Fix printing upgrade code. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 31 2013 - Andreas Schneider <asn@xxxxxxxxxx> - 2:3.6.12-1 - Update to 3.6.12 - Fixes CVE-2013-0213 and CVE-2013-0214. - resolves: #905700 - resolves: #906002 - resolves: #905704 * Mon Dec 10 2012 Guenther Deschner <gdeschner@xxxxxxxxxx> - 2:3.6.10-94 - Update to 3.6.10 * Fri Nov 9 2012 Guenther Deschner <gdeschner@xxxxxxxxxx> - 2:3.6.9-93 - Update to 3.6.9 * Fri Oct 26 2012 - Andreas Schneider <asn@xxxxxxxxxx> -2:3.6.8-92 - Fix pam_winbind segfault in pam_sm_authenticate(). - resolves: #870493 * Mon Sep 17 2012 Guenther Deschner <gdeschner@xxxxxxxxxx> - 2:3.6.8-91 - Update to 3.6.8 * Mon Aug 20 2012 Guenther Deschner <gdeschner@xxxxxxxxxx> - 2:3.6.7-90 - Update to 3.6.7 * Thu Jul 19 2012 Guenther Deschner <gdeschner@xxxxxxxxxx> - 2:3.6.6-89 - Fix printing tdb upgrade for 3.6.6 - resolves: #841609 -------------------------------------------------------------------------------- References: [ 1 ] Bug #905700 - CVE-2013-0213 samba: clickjacking vulnerability in SWAT https://bugzilla.redhat.com/show_bug.cgi?id=905700 [ 2 ] Bug #905704 - CVE-2013-0214 samba: cross-site request forgery vulnerability in SWAT https://bugzilla.redhat.com/show_bug.cgi?id=905704 -------------------------------------------------------------------------------- ================================================================================ sssd-1.8.6-1.fc16 (FEDORA-2013-1748) System Security Services Daemon -------------------------------------------------------------------------------- Update Information: A rebase to the latest LTM upstream relase that fixes CVE-2013-0220 and CVE-2013-0219 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 29 2013 Jakub Hrozek <jhrozek@xxxxxxxxxx> - 1.8.6-1 - New upstream release 1.8.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #884254 - CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees https://bugzilla.redhat.com/show_bug.cgi?id=884254 [ 2 ] Bug #884601 - CVE-2013-0220 sssd: Out-of-bounds read flaws in autofs and ssh services responders https://bugzilla.redhat.com/show_bug.cgi?id=884601 -------------------------------------------------------------------------------- ================================================================================ wordpress-3.5.1-1.fc16 (FEDORA-2013-1735) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include: * Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. * Media: Fix a collection of minor workflow and compatibility issues in the new media manager. * Networks: Suggest proper rewrite rules when creating a new network. * Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published. * Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail. * Suppress some warnings that could occur when a plugin misused the database or user APIs. WordPress 3.5.1 also addresses the following security issues: * A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work. * Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team. * A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 30 2013 Remi Collet <rcollet@xxxxxxxxxx> - 3.5.1-1 - version 3.5.1, various bug and security fixes: CVE-2013-0235, CVE-2013-0236 and CVE-2013-0237 - drop -f option from rm to break build if upstream archive content change - protect akismet content (from upstream .htaccess) -------------------------------------------------------------------------------- References: [ 1 ] Bug #904120 - CVE-2013-0235 wordpress: Server-side request forgery and remote port scanning using pingbacks https://bugzilla.redhat.com/show_bug.cgi?id=904120 [ 2 ] Bug #904121 - wordpress: XSS flaws via shortcodes and HTTP POST content https://bugzilla.redhat.com/show_bug.cgi?id=904121 [ 3 ] Bug #904122 - wordpress: XSS in the external Plupload library https://bugzilla.redhat.com/show_bug.cgi?id=904122 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
