The following Fedora 19 Security updates need testing: Age URL 222 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 34 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 29 https://admin.fedoraproject.org/updates/FEDORA-2014-6046/cifs-utils-6.3-2.fc19 26 https://admin.fedoraproject.org/updates/FEDORA-2014-5759/cups-filters-1.0.53-2.fc19 23 https://admin.fedoraproject.org/updates/FEDORA-2014-6233/dpkg-1.16.14-1.fc19 22 https://admin.fedoraproject.org/updates/FEDORA-2014-6331/dovecot-2.2.13-1.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-6553/chicken-4.8.0.6-2.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-6569/openssh-6.2p2-8.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-6594/libtiff-4.0.3-10.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-6597/drupal7-views-3.8-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-6645/libgadu-1.12.0-0.5.rc3.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6717/libpng-1.5.13-3.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6716/readline-6.2-7.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-6818/check-mk-1.2.4p2-2.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6851/mingw-libgcrypt-1.5.3-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6831/mingw-libtiff-4.0.3-4.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6858/mingw-icu-50.1.2-3.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6829/mingw-pixman-0.30.0-4.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6859/mingw-libjpeg-turbo-1.3.1-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6833/mingw-freetype-2.4.12-3.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6866/mingw-readline-6.2-4.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6892/mingw-libpng-1.5.18-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6921/mingw-curl-7.37.0-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6896/qt3-3.3.8b-58.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6881/gnutls-3.1.20-5.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6919/libtasn1-3.6-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6938/mod_wsgi-3.5-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6962/mediawiki-1.21.10-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6963/mingw-gnutls-3.1.25-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7041/kernel-3.14.5-100.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6904/php-doctrine-orm-2.4.2-2.fc19,php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19,php-5.5.13-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7095/sendmail-8.14.7-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7090/chkrootkit-0.49-9.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 170 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 96 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-6613/langtable-0.0.24-2.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6708/webkitgtk3-2.0.4-3.fc19,webkitgtk-2.0.4-3.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-6814/device-mapper-persistent-data-0.3.2-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6898/openldap-2.4.39-3.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6988/curl-7.29.0-20.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7095/sendmail-8.14.7-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7041/kernel-3.14.5-100.fc19 The following builds have been pushed to Fedora 19 updates-testing antimicro-2.4-1.fc19 chkrootkit-0.49-9.fc19 fedup-0.8.1-1.fc19 gcal-3.6.3-1.fc19 ibus-table-1.8.1-1.fc19 pyfits-3.1.6-2.fc19 sendmail-8.14.7-2.fc19 springlobby-0.195-1.fc19 tomcat-native-1.1.30-1.fc19 zabbix-2.0.12-2.fc19 Details about builds: ================================================================================ antimicro-2.4-1.fc19 (FEDORA-2014-7075) Graphical program used to map keyboard buttons and mouse controls to a gamepad -------------------------------------------------------------------------------- Update Information: new upstream release (#1103432) Initial package. Antimicro is a graphical program used to map keyboard buttons and mouse controls to a gamepad. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1103432 - antimicro-2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1103432 [ 2 ] Bug #1100961 - Review Request: antimicro - Graphical program used to map keyboard buttons and mouse controls to a gamepad https://bugzilla.redhat.com/show_bug.cgi?id=1100961 -------------------------------------------------------------------------------- ================================================================================ chkrootkit-0.49-9.fc19 (FEDORA-2014-7090) Tool to locally check for signs of a rootkit -------------------------------------------------------------------------------- Update Information: A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges. The problematic part was: file_port=$file_port $i Which is changed to file_port="$file_port $i" to fix the issue. From the Debian diff: --- chkrootkit-0.49.orig/debian/patches/CVE-2014-0476.patch +++ chkrootkit-0.49/debian/patches/CVE-2014-0476.patch @@ -0,0 +1,13 @@ +Index: chkrootkit/chkrootkit +=================================================================== +--- chkrootkit.orig/chkrootkit ++++ chkrootkit/chkrootkit +@@ -117,7 +117,7 @@ slapper (){ + fi + for i in ${SLAPPER_FILES}; do + if [ -f ${i} ]; then +- file_port=$file_port $i ++ file_port="$file_port $i" + STATUS=1 + fi + done Acknowledgements: Red Hat would like to thank Thomas Stangner for reporting this issue. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 0.49-9 - Patch for CVE-2014-0476, BZ 1104456, 11044567. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.49-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1104456 - CVE-2014-0476 chkrootkit: local privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1104456 [ 2 ] Bug #1104457 - CVE-2014-0476 chkrootkit: local privilege escalation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1104457 -------------------------------------------------------------------------------- ================================================================================ fedup-0.8.1-1.fc19 (FEDORA-2014-7085) The Fedora Upgrade tool -------------------------------------------------------------------------------- Update Information: * Adds a warning for upgrades without a new kernel * Fixes a bunch of crashes -------------------------------------------------------------------------------- ChangeLog: * Thu May 22 2014 Will Woods <wwoods@xxxxxxxxxx> 0.8.1-1 - Warn the user when there is no kernel package in the upgrade - Fix crash when resizing terminal window (#1044987) - Fix crashes with bad arguments to --repo and --iso (#1045090, #1044083) - Fix some crashes during transaction test (#1043981, #1047005) - Fix upgrade hang if packagedir isn't on root partition (#1045168) - Don't redownload everything if the user just upgraded from 0.7.x -------------------------------------------------------------------------------- References: [ 1 ] Bug #1044987 - fedup-0.8.0-3.fc20.noarch exits if doulble ckicking on the window to max/min it https://bugzilla.redhat.com/show_bug.cgi?id=1044987 [ 2 ] Bug #1045090 - [abrt] fedup: download.py:133:setup_repos:ValueError: need more than 1 value to unpack https://bugzilla.redhat.com/show_bug.cgi?id=1045090 [ 3 ] Bug #1044083 - [abrt] fedup: commandline.py:197:device_setup:NameError: global name 'message' is not defined https://bugzilla.redhat.com/show_bug.cgi?id=1044083 [ 4 ] Bug #1043981 - [abrt] fedup: fedup-cli:216:main:AttributeError: 'ProblemSummary' object has no attribute 'format_details' https://bugzilla.redhat.com/show_bug.cgi?id=1043981 [ 5 ] Bug #1047005 - [abrt] fedup: download.py:276:find_replacement:AttributeError: 'NoneType' object has no attribute 'pkgtup' https://bugzilla.redhat.com/show_bug.cgi?id=1047005 -------------------------------------------------------------------------------- ================================================================================ gcal-3.6.3-1.fc19 (FEDORA-2014-7069) GNU Gregorian calendar program -------------------------------------------------------------------------------- Update Information: new upstream release with: * Remove duplicate for All Saints Day for DE_BY. * Inherit some portability fixes from gnulib. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2014 Daiki Ueno <dueno@xxxxxxxxxx> - 3.6.3-1 - new upstream release (#100912) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.6.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1100912 - minor gcal update (to 3.6.3) available https://bugzilla.redhat.com/show_bug.cgi?id=1100912 -------------------------------------------------------------------------------- ================================================================================ ibus-table-1.8.1-1.fc19 (FEDORA-2014-7100) The Table engine for IBus platform -------------------------------------------------------------------------------- Update Information: update to 1.8.1; Added support for wildcards (both in table and in pinyin mode); Don’t show the prompt characters defined in the table in pinyin mode in hte auxiliary text update to 1.8.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.8.1-1 - update to 1.8.1 - Added support for wildcards (both in table and in pinyin mode) - Don’t show the prompt characters defined in the table in pinyin mode in the auxiliary text * Tue Jun 3 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.8.0-1 - update to 1.8.0 - adapt tools/ibus-table-query tothe new database format * Wed May 28 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.5.0.20140528-1 - update to 1.5.0.20140528 - Use Unicode code point as a last ditch sort key for the candidates - Fix bug in Unihan_Variants.txt, 同 is both simplified *and* traditional Chinese - Update Unihan_Variants.txt from “2011-08-08 Unicode 6.1.0” to “2013-02-25 Unicode 6.3.0” and regenerate engine/chinese_variants.py * Tue May 27 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.5.0.20140527-1 - update to 1.5.0.20140527 - Put exact matches always at the top of the candidate list - Fix typo in the filtering for Chinese mode 3 (All characters with traditional Chinese first) - Support prompt characters (e.g. for cangjie and stroke5) * Mon May 19 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.5.0.20140519-1 - update to 1.5.0.20140519 - rewrite major parts of ibus-table, fix many bugs. -------------------------------------------------------------------------------- ================================================================================ pyfits-3.1.6-2.fc19 (FEDORA-2014-7078) Python interface to FITS -------------------------------------------------------------------------------- Update Information: Release notes: http://www.stsci.edu/institute/software_hardware/pyfits/release -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 3 2014 Sergio Pascual <sergiopr@xxxxxxxxxxxxxxxxx> - 3.1.6-2 - New upstream 3.1.6 (bugfixes) * Fri Apr 4 2014 Sergio Pascual <sergiopr@xxxxxxxxxxxxxxxxx> - 3.1.5-1 - New upstream 3.1.5 (bugfixes) -------------------------------------------------------------------------------- ================================================================================ sendmail-8.14.7-2.fc19 (FEDORA-2014-7095) A widely used Mail Transport Agent (MTA) -------------------------------------------------------------------------------- Update Information: This is an update that fixes bug which can lead to sendmail leaking file descriptors to processes it spawns. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2014 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 8.14.7-2 - Properly set the close-on-exec flag for file descriptors (by close-on-exec patch) Resolves: CVE-2014-3956 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1102174 - CVE-2014-3956 sendmail: Properly set the close-on-exec flag for file descriptors https://bugzilla.redhat.com/show_bug.cgi?id=1102174 -------------------------------------------------------------------------------- ================================================================================ springlobby-0.195-1.fc19 (FEDORA-2014-7076) A lobby client for the spring RTS game engine -------------------------------------------------------------------------------- Update Information: - Version 0.195, integration w/ spring's pr-download library finally working on Fedora. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 3 2014 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 0.195-1 - Version 0.195, integration w/ spring's pr-download library finally working on Fedora. * Fri Apr 4 2014 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 0.180-1 - Version 0.188, major spring/springlobby upstream release. - CurlWrapper no longer needed. * Mon Jan 13 2014 Gilboa Davara <gilboad [AT] gmail [DOT] com> - 0.180-1 - Version 0.180, major spring/springlobby upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1101046 - springlooby 0.169 is outdated since Mars 18, 2013 https://bugzilla.redhat.com/show_bug.cgi?id=1101046 -------------------------------------------------------------------------------- ================================================================================ tomcat-native-1.1.30-1.fc19 (FEDORA-2014-7079) Tomcat native library -------------------------------------------------------------------------------- Update Information: Update to version 1.1.30 for Tomcat 7.0.54 compatibility. http://tomcat.apache.org/native-doc/miscellaneous/changelog.html -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2014 Ville Skyttä <ville.skytta@xxxxxx> - 1.1.30-1 - Update to 1.1.30 -------------------------------------------------------------------------------- ================================================================================ zabbix-2.0.12-2.fc19 (FEDORA-2014-7096) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: Release notes: http://www.zabbix.com/rn2.0.12.php This build contains a patch for ZBX-8238: https://support.zabbix.com/browse/ZBXNEXT-3238 "logrt may continue reading an old file repeatedly." -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 3 2014 Volker Fröhlich <volker27@xxxxxx> - 2.0.12-2 - Patch for ZBX-8238 (logrt may continue reading an old file repeatedly) -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
