The following Fedora 22 Security updates need testing: Age URL 398 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 347 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 280 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 234 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 223 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 192 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 174 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 174 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 156 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 141 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 115 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 91 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 80 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 68 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 29 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1aaf308de4 community-mysql-5.6.30-1.fc22 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe0d8f126a botan-1.10.13-1.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d708261ce2 jackson-dataformat-xml-2.5.0-3.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-377b1a015c owncloud-8.2.4-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4212484d5 imlib2-1.4.9-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d049ad1118 ioprocess-0.15.1-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2a1389f3e pgpdump-0.31-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a159c484e4 kernel-4.4.9-200.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3f597b76b8 xen-4.5.3-3.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-01198b9f9d cacti-0.8.8h-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69a74ceff openvpn-2.3.11-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3298e39f7 qemu-2.3.1-14.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a5867050 squid-3.5.10-4.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e97a850183 wordpress-4.5.2-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ad874e6c2 php-symfony-2.7.13-1.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 274 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 192 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 174 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 174 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 98 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 69 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22 56 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c upower-0.99.3-2.fc22 29 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4 libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b pygtk2-2.24.0-14.fc22 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-83b47a28ce wavpack-4.80.0-1.fc22 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8 lldpad-1.0.1-4.git036e314.fc22 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc848e483a xulrunner-44.0-6.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e99389f35d openssh-6.9p1-12.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-828f77de70 samba-4.2.12-0.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4212484d5 imlib2-1.4.9-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a159c484e4 kernel-4.4.9-200.fc22 The following builds have been pushed to Fedora 22 updates-testing cross-binutils-2.26-8.fc22 homebank-5.0.7-1.fc22 ibus-typing-booster-1.4.4-2.fc22 lbd-0.4-1.fc22 nagios-plugins-lcgdm-0.9.6-1.fc22 netmonitor-0.5-18.fc22 openvpn-2.3.11-1.fc22 pam_yubico-2.21-3.fc22 php-symfony-2.7.13-1.fc22 python-nitrate-1.3-2.fc22 qemu-2.3.1-14.fc22 qt-creator-4.0.0-1.fc22 squid-3.5.10-4.fc22 tomoe-gtk-0.6.0-24.fc22 uriparser-0.8.4-3.fc22 wordpress-4.5.2-1.fc22 ykclient-2.15-1.fc22 Details about builds: ================================================================================ cross-binutils-2.26-8.fc22 (FEDORA-2016-db2289fd5b) A GNU collection of cross-compilation binary utilities -------------------------------------------------------------------------------- Update Information: Sync with binutils-2.26-21. This includes a fix for building the arm target on some arches (including ppc64/pcc64le and s390(x)) (bug #1333695). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333695 - gcc build inconsistency - FTBFS in gas/config/tc-arm.c https://bugzilla.redhat.com/show_bug.cgi?id=1333695 -------------------------------------------------------------------------------- ================================================================================ homebank-5.0.7-1.fc22 (FEDORA-2016-fcd31e3134) Free easy personal accounting for all -------------------------------------------------------------------------------- Update Information: Rebuilt for new upstream version 5.0.7, fixes rhbz #1312448 #1334339 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1312448 - [abrt] homebank: gtk_widget_get_ancestor(): homebank killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1312448 [ 2 ] Bug #1334339 - homebank-5.0.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1334339 -------------------------------------------------------------------------------- ================================================================================ ibus-typing-booster-1.4.4-2.fc22 (FEDORA-2016-2f257ceda4) A typing booster engine for the IBus platform -------------------------------------------------------------------------------- Update Information: self._current_imes needs to be updated before self.init_transliterators() -------------------------------------------------------------------------------- References: [ 1 ] Bug #2334579 - None https://bugzilla.redhat.com/show_bug.cgi?id=2334579 -------------------------------------------------------------------------------- ================================================================================ lbd-0.4-1.fc22 (FEDORA-2016-1cbf8be4bd) A DNS/HTTP load balancing detector -------------------------------------------------------------------------------- Update Information: Update to latest upstream release 0.4 -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-lcgdm-0.9.6-1.fc22 (FEDORA-2016-6c42ece0b2) Nagios probes to be run remotely against DPM / LFC nodes -------------------------------------------------------------------------------- Update Information: - new upstream release -------------------------------------------------------------------------------- ================================================================================ netmonitor-0.5-18.fc22 (FEDORA-2016-a7ee861d48) The free linux network bandwidth monitor -------------------------------------------------------------------------------- Update Information: Cleanup spec file -------------------------------------------------------------------------------- ================================================================================ openvpn-2.3.11-1.fc22 (FEDORA-2016-a69a74ceff) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information: Latest upstream. https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334729 - openvpn-2.3.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1334729 -------------------------------------------------------------------------------- ================================================================================ pam_yubico-2.21-3.fc22 (FEDORA-2016-0361bf0584) A Pluggable Authentication Module for yubikeys -------------------------------------------------------------------------------- Update Information: Update yubikey packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1265220 - pam_yubico-2.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1265220 [ 2 ] Bug #1312659 - pam_yubico upgrade also requires ykclient upgrade to 2.15 https://bugzilla.redhat.com/show_bug.cgi?id=1312659 -------------------------------------------------------------------------------- ================================================================================ php-symfony-2.7.13-1.fc22 (FEDORA-2016-4ad874e6c2) PHP framework for web projects -------------------------------------------------------------------------------- Update Information: **Version 2.7.13** (2016-05-09) * **security** #18733 limited the maximum length of a submitted username (fabpot) * bug #18730 [FrameworkBundle] prevent calling get() for service_container service (xabbuh) * bug #18709 [DependencyInjection] top-level anonymous services must be public (xabbuh) * bug #18692 add Event annotation for KernelEvents (Haehnchen) * bug #18246 [DependencyInjection] fix ambiguous services schema (backbone87) -------------------------------------------------------------------------------- ================================================================================ python-nitrate-1.3-2.fc22 (FEDORA-2016-b7c761bb37) Python API for the Nitrate test case management system -------------------------------------------------------------------------------- Update Information: Removed obsolete project page links -------------------------------------------------------------------------------- ================================================================================ qemu-2.3.1-14.fc22 (FEDORA-2016-a3298e39f7) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * CVE-2016-3710: incorrect bounds checking in vga (bz #1334345) * CVE-2016-3712: out of bounds read in vga (bz #1334342) * Fix USB redirection (bz #1330221) * CVE-2016-4037: infinite loop in usb ehci (bz #1328080) * CVE-2016-4001: buffer overflow in stellaris net (bz #1325885) * CVE-2016-2858: rng stack corruption (bz #1314677) * CVE-2016-2391: ohci: crash via multiple timers (bz #1308881) * CVE-2016-2198: ehci: null pointer dereference (bz #1303134) * Fix ./configure with ccache -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module https://bugzilla.redhat.com/show_bug.cgi?id=1331401 [ 2 ] Bug #1318712 - CVE-2016-3712 qemu-kvm: Out-of-bounds read when creating weird vga screen surface https://bugzilla.redhat.com/show_bug.cgi?id=1318712 [ 3 ] Bug #1325129 - CVE-2016-4037 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process https://bugzilla.redhat.com/show_bug.cgi?id=1325129 [ 4 ] Bug #1325884 - CVE-2016-4001 Qemu: net: buffer overflow in stellaris_enet emulator https://bugzilla.redhat.com/show_bug.cgi?id=1325884 [ 5 ] Bug #1314676 - CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to corruption https://bugzilla.redhat.com/show_bug.cgi?id=1314676 [ 6 ] Bug #1304794 - CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1304794 [ 7 ] Bug #1301643 - CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write https://bugzilla.redhat.com/show_bug.cgi?id=1301643 -------------------------------------------------------------------------------- ================================================================================ qt-creator-4.0.0-1.fc22 (FEDORA-2016-c9032c6061) Cross-platform IDE for Qt -------------------------------------------------------------------------------- Update Information: Update to version 4.0.0, see https://blog.qt.io/blog/2016/05/11/qt- creator-4-0-0-released/ for details. -------------------------------------------------------------------------------- ================================================================================ squid-3.5.10-4.fc22 (FEDORA-2016-73a5867050) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556 ---- Security fix for CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054 ---- Security fix for CVE-2016-3947 and CVE-2016-3948 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334246 - CVE-2016-4555 squid: SegFault from ESIInclude::Start https://bugzilla.redhat.com/show_bug.cgi?id=1334246 [ 2 ] Bug #1334241 - CVE-2016-4554 squid: Header Smuggling issue in HTTP Request processing https://bugzilla.redhat.com/show_bug.cgi?id=1334241 [ 3 ] Bug #1334233 - CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling https://bugzilla.redhat.com/show_bug.cgi?id=1334233 [ 4 ] Bug #1329136 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing https://bugzilla.redhat.com/show_bug.cgi?id=1329136 [ 5 ] Bug #1329126 - CVE-2016-4051 squid: buffer overflow in cachemgr.cgi https://bugzilla.redhat.com/show_bug.cgi?id=1329126 [ 6 ] Bug #1323594 - CVE-2016-3948 squid: denial of service issue in HTTP response processing https://bugzilla.redhat.com/show_bug.cgi?id=1323594 [ 7 ] Bug #1323590 - CVE-2016-3947 squid: buffer overrun in Squid proxy pinger https://bugzilla.redhat.com/show_bug.cgi?id=1323590 -------------------------------------------------------------------------------- ================================================================================ tomoe-gtk-0.6.0-24.fc22 (FEDORA-2016-4be6d72221) Gtk library for tomoe for Japanese and Chinese handwritten input -------------------------------------------------------------------------------- Update Information: - Fixed Bug 1240071 - tomoe-gtk: FTBFS in rawhide -------------------------------------------------------------------------------- ================================================================================ uriparser-0.8.4-3.fc22 (FEDORA-2016-468b54816b) URI parsing library - RFC 3986 -------------------------------------------------------------------------------- Update Information: This update removes an unused dependency on cpptest. ---- Update to latest upstream. -------------------------------------------------------------------------------- ================================================================================ wordpress-4.5.2-1.fc22 (FEDORA-2016-e97a850183) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: **WordPress 4.5.2** is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. See the [Release announcement](https://wordpress.org/news/2016/05/wordpress-4-5-2/) ---- Version 4.5.1 of WordPress is available and fixes 12 bugs. See [Release announcement](https://wordpress.org/news/2016/04/wordpress-4-5-1-maintenance- release/) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334205 - CVE-2016-4566 CVE-2016-4567 wordpress: 4.5.2 Security Release https://bugzilla.redhat.com/show_bug.cgi?id=1334205 -------------------------------------------------------------------------------- ================================================================================ ykclient-2.15-1.fc22 (FEDORA-2016-0361bf0584) Yubikey management library and client -------------------------------------------------------------------------------- Update Information: Update yubikey packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1265220 - pam_yubico-2.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1265220 [ 2 ] Bug #1312659 - pam_yubico upgrade also requires ykclient upgrade to 2.15 https://bugzilla.redhat.com/show_bug.cgi?id=1312659 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
