The following Fedora 20 Security updates need testing: Age URL 178 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 133 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 116 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 101 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 96 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20 83 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20 68 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20 68 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 61 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 49 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.fc20 47 https://admin.fedoraproject.org/updates/FEDORA-2015-7302/drupal7-views-3.11-1.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2015-8159/rawstudio-2.1-0.1.20150511git983bda1.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2015-8142/cabal-install-1.16.1.0-1.fc20,haskell-platform-2013.2.0.0-39.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2015-8727/fail2ban-0.9.2-1.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2015-9163/fossil-1.33-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-9649/libwmf-0.2.8.4-43.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-5375/strongswan-5.3.2-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-9703/squid-3.3.14-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-9965/xen-4.3.4-6.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-9985/postgresql-9.3.9-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9371/openssl-1.0.1e-44.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 116 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2015-9452/gnupg2-2.0.28-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-8911/kdelibs-4.14.9-2.fc20,kdepimlibs-4.14.9-1.fc20,kde-runtime-15.04.2-1.fc20,kde-baseapps-15.04.2-1.fc20,oxygen-icon-theme-15.04.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9371/openssl-1.0.1e-44.fc20 The following builds have been pushed to Fedora 20 updates-testing golang-googlecode-go-crypto-0-0.3.gitc57d4a7.fc20 openssl-1.0.1e-44.fc20 safelease-1.0-5.fc20 Details about builds: ================================================================================ golang-googlecode-go-crypto-0-0.3.gitc57d4a7.fc20 (FEDORA-2015-10100) Supplementary Go cryptography libraries -------------------------------------------------------------------------------- Update Information: Repository has moved to github.com/golang/crypto, updating spec file accordingly -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 15 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.3.gitc57d4a7 - Repository has moved to github.com/golang/crypto, updating spec file accordingly resolves: #1231618 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1231618 - Tracker for golang-googlecode-go-crypto https://bugzilla.redhat.com/show_bug.cgi?id=1231618 -------------------------------------------------------------------------------- ================================================================================ openssl-1.0.1e-44.fc20 (FEDORA-2015-9371) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information: Update mitigating the LOGJAM security vulnerability and other moderate or low impact vulnerabilities. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 15 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1e-44 - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function - add missing parts of CVE-2015-0209 fix for corectness although unexploitable * Fri May 29 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1e-43 - fix CVE-2015-4000 - prevent the logjam attack on client - restrict the DH key size to at least 768 bits (limit will be increased in future) - drop the AES-GCM restriction of 2^32 operations because the IV is always 96 bits (32 bit fixed field + 64 bit invocation field) - fix regression in RAND locking (#1225994) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks https://bugzilla.redhat.com/show_bug.cgi?id=1223211 [ 2 ] Bug #1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression https://bugzilla.redhat.com/show_bug.cgi?id=1227574 -------------------------------------------------------------------------------- ================================================================================ safelease-1.0-5.fc20 (FEDORA-2015-10049) Legacy locking utility for VDSM -------------------------------------------------------------------------------- Update Information: Adding vdsm hack to require platform depended packages which vdsm needs -------------------------------------------------------------------------------- ChangeLog: * Sun May 17 2015 Yaniv Bronhaim <ybronhei@xxxxxxxxxx> - 1.0-5 - Adding vdsm hack to require platform depended packages which vdsm needs -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
