The following Fedora 16 Security updates need testing: Age URL 60 https://admin.fedoraproject.org/updates/FEDORA-2012-20157/libproxy-0.4.11-1.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1748/sssd-1.8.6-1.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1713/libupnp-1.6.18-1.fc16 59 https://admin.fedoraproject.org/updates/FEDORA-2012-20236/rssh-2.3.4-1.fc16 218 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16 138 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16 31 https://admin.fedoraproject.org/updates/FEDORA-2012-19347/cups-1.5.4-12.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2190/openssh-5.8p2-26.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1716/samba-3.6.12-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2201/kernel-3.6.11-7.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2013-1991/xen-4.1.4-4.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2013-1735/wordpress-3.5.1-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2210/roundcubemail-0.8.5-1.fc16 The following Fedora 16 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2201/kernel-3.6.11-7.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2013-2190/openssh-5.8p2-26.fc16 1 https://admin.fedoraproject.org/updates/FEDORA-2013-2011/xulrunner-18.0.2-1.fc16,firefox-18.0.2-1.fc16 5 https://admin.fedoraproject.org/updates/FEDORA-2013-1897/phonon-backend-gstreamer-4.6.3-1.fc16 13 https://admin.fedoraproject.org/updates/FEDORA-2013-1531/qrencode-3.4.1-1.fc16 284 https://admin.fedoraproject.org/updates/FEDORA-2012-6994/upower-0.9.16-1.fc16 The following builds have been pushed to Fedora 16 updates-testing abi-compliance-checker-1.98.8-1.fc16 ffgtk-0.8.5-1.fc16 kernel-3.6.11-7.fc16 openssh-5.8p2-26.fc16 roundcubemail-0.8.5-1.fc16 Details about builds: ================================================================================ abi-compliance-checker-1.98.8-1.fc16 (FEDORA-2013-2186) An ABI Compliance Checker -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2013 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.98.8-1 - Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #909136 - abi-compliance-checker-1.98.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=909136 -------------------------------------------------------------------------------- ================================================================================ ffgtk-0.8.5-1.fc16 (FEDORA-2013-2167) A solution for controlling Fritz!Box or compatible routers -------------------------------------------------------------------------------- Update Information: New upstream release Add FRITZ!OS 05.50 support -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 4 2013 Louis Lagendijk <louis.lagendijk@xxxxxxxxx> 0.8.5-1 - New upstream release - Add support for FRITZ!OS 05.50 * Wed Jan 16 2013 Milan Crha <mcrha@xxxxxxxxxx> - 0.8.4-3 - Rebuild for new evolution-data-server - Add patch to replace deprecated AM_CONFIG_HEADER with AC_CONFIG_HEADERS * Fri Dec 21 2012 Louis Lagendijk <louis.lagendijk@xxxxxxxxx> 0.8.4-2 Rebuild for new libemiscwidgets, libedataserverui libcamel -------------------------------------------------------------------------------- ================================================================================ kernel-3.6.11-7.fc16 (FEDORA-2013-2201) The Linux kernel -------------------------------------------------------------------------------- Update Information: - Fix local privilege escalation in MSR code. - Remove warning about empty IPI mask. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 7 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - Fix local privilege escalation in MSR code (rhbz 908693 908706) * Wed Jan 23 2013 Dave Jones <davej@xxxxxxxxxx> - Remove warning about empty IPI mask. * Wed Jan 16 2013 Justin M. Forbes <jforbes@xxxxxxxxxx> 3.6.11-6 - Fix resize2fs issue with ext4 (rhbz 852833) - Fix for CVE-2013-0190 xen corruption with 32bit pvops (rhbz 896051 896038) * Wed Jan 16 2013 Josh Boyer <jwboyer@xxxxxxxxxx> - Add patch from Stanislaw Gruszka to fix iwlegacy IBSS cleanup (rhbz 886946) -------------------------------------------------------------------------------- References: [ 1 ] Bug #908693 - CVE-2013-0268 kernel: x86/msr: /dev/cpu/*/msr local privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=908693 -------------------------------------------------------------------------------- ================================================================================ openssh-5.8p2-26.fc16 (FEDORA-2013-2190) An open source implementation of SSH protocol versions 1 and 2 -------------------------------------------------------------------------------- Update Information: This update changes default of MaxStartups to 10:30:100 to start doing random early drop at 10 connections up to 100 connections - CVE-2010-5107 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2013 Petr Lautrbach <plautrba@xxxxxxxxxx> 5.8p2-26 + 0.9.2-31 - change default value of MaxStartups - CVE-2010-5107 (#908707) -------------------------------------------------------------------------------- References: [ 1 ] Bug #908707 - CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks https://bugzilla.redhat.com/show_bug.cgi?id=908707 -------------------------------------------------------------------------------- ================================================================================ roundcubemail-0.8.5-1.fc16 (FEDORA-2013-2210) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: A cross-site scripting (XSS) flaws were round in the way Round Cube Webmail, a browser-based multilingual IMAP client, performed sanitization of 'data' and 'vbscript' URLs. A remote attacker could provide a specially-crafted URL that, when opened would lead to arbitrary JavaScript, VisualBasic script or HTML code execution in the context of Round Cube Webmail's user session. Upstream ticket: [1] http://trac.roundcube.net/ticket/1488850 Further details: [2] http://trac.roundcube.net/attachment/ticket/1488850/RoundCube2XSS.pdf Upstream patch: [3] https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba References: [4] http://sourceforge.net/news/?group_id=139281&id=310213 [5] http://www.openwall.com/lists/oss-security/2013/02/07/11 [6] http://www.openwall.com/lists/oss-security/2013/02/08/1 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 0.8.5-1 - Latest upstream. * Mon Nov 19 2012 Jon Ciesla <limburgher@xxxxxxxxx> - 0.8.4-1 - Latest upstream. * Mon Oct 29 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 0.8.2-3 - fix configuration for httpd 2.4 (#871123) * Sun Oct 28 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 0.8.2-2 - add fix for latest MDB2 (#870933) -------------------------------------------------------------------------------- References: [ 1 ] Bug #909304 - CVE-2012-6121 roundcubemail: Cross-site scripting (XSS) in vbscript: and data:text URL handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=909304 [ 2 ] Bug #909306 - CVE-2012-6121 roundcubemail: Cross-site scripting (XSS) in vbscript: and data:text URL handling [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=909306 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
