The following Fedora 22 Security updates need testing: Age URL 404 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 353 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 285 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 240 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 228 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 197 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 180 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 180 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 147 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 121 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 97 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 86 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 73 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 34 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4212484d5 imlib2-1.4.9-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2a1389f3e pgpdump-0.31-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-01198b9f9d cacti-0.8.8h-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69a74ceff openvpn-2.3.11-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3298e39f7 qemu-2.3.1-14.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a5867050 squid-3.5.10-4.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e97a850183 wordpress-4.5.2-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ad874e6c2 php-symfony-2.7.13-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-19c34099d3 libarchive-3.1.2-14.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-28a56c76c1 libksba-1.3.4-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cafcf15357 websvn-2.3.3-13.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a54261a145 xen-4.5.3-4.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-84fdc82b74 kernel-4.4.10-200.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f7e7a6067d jenkins-1.609.3-7.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2be4263b24 libndp-1.4-2.fc22.1 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f3262abda6 dosfstools-3.0.27-2.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 279 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 197 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 180 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 180 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 104 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 75 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22 62 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c upower-0.99.3-2.fc22 34 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 31 https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4 libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22 29 https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b pygtk2-2.24.0-14.fc22 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-83b47a28ce wavpack-4.80.0-1.fc22 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8 lldpad-1.0.1-4.git036e314.fc22 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-828f77de70 samba-4.2.12-0.fc22 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4212484d5 imlib2-1.4.9-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-19c34099d3 libarchive-3.1.2-14.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f3262abda6 dosfstools-3.0.27-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-84fdc82b74 kernel-4.4.10-200.fc22 The following builds have been pushed to Fedora 22 updates-testing abi-compliance-checker-1.99.20-1.fc22 abi-tracker-1.6-1.fc22 boinc-client-7.6.22-4.fc22 ceph-0.94.7-1.fc22 cflow-1.5-1.fc22 clusterssh-4.07-1.fc22 dosfstools-3.0.27-2.fc22 golang-github-cockroachdb-cmux-0-0.1.git112f050.fc22 golang-github-dustin-go-humanize-0-0.1.git8929fe9.fc22 golang-github-eapache-queue-1.0.2-0.1.gitded5959.fc22 jenkins-1.609.3-7.fc22 kernel-4.4.10-200.fc22 libndp-1.4-2.fc22.1 perl-Unicode-LineBreak-2016.003-1.fc22 php-pear-Text-Diff-1.2.1-1.fc22 postfix-3.0.5-1.fc22 python-pycxx-6.2.8-1.fc22 python-rhsm-1.17.2-1.fc22 smartmontools-6.5-1.fc22 sombok-2.4.0-2.fc22 subscription-manager-1.17.6-1.fc22 xboard-4.9.0-1.fc22 Details about builds: ================================================================================ abi-compliance-checker-1.99.20-1.fc22 (FEDORA-2016-daaaab3259) An ABI Compliance Checker -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336153 - abi-tracker-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1336153 -------------------------------------------------------------------------------- ================================================================================ abi-tracker-1.6-1.fc22 (FEDORA-2016-daaaab3259) Tool to visualize ABI changes timeline of a C/C++ library -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336153 - abi-tracker-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1336153 -------------------------------------------------------------------------------- ================================================================================ boinc-client-7.6.22-4.fc22 (FEDORA-2016-06a48f3a5f) The BOINC client core -------------------------------------------------------------------------------- Update Information: 7.6.22 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1303070 - boinc-client runs unconfined https://bugzilla.redhat.com/show_bug.cgi?id=1303070 -------------------------------------------------------------------------------- ================================================================================ ceph-0.94.7-1.fc22 (FEDORA-2016-444f554f51) User space components of the Ceph file system -------------------------------------------------------------------------------- Update Information: New minor bugfix upstream release. -------------------------------------------------------------------------------- ================================================================================ cflow-1.5-1.fc22 (FEDORA-2016-e3cbe44453) Analyzes C files charting control flow within the program -------------------------------------------------------------------------------- Update Information: Update to latest upstream release cflow 1.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336597 - cflow-1.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1336597 -------------------------------------------------------------------------------- ================================================================================ clusterssh-4.07-1.fc22 (FEDORA-2016-c99d24a996) Secure concurrent multiple server terminal control -------------------------------------------------------------------------------- Update Information: - Updated to new 4.07 upstream version, attempt to fix rhbz #1025913 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1025913 - clusterssh segfaults when no fonts are installed https://bugzilla.redhat.com/show_bug.cgi?id=1025913 -------------------------------------------------------------------------------- ================================================================================ dosfstools-3.0.27-2.fc22 (FEDORA-2016-f3262abda6) Utilities for making and checking MS-DOS FAT filesystems on Linux -------------------------------------------------------------------------------- Update Information: This is an update fixing off-by-2 error leading to corruption in FAT12 ( CVE-2015-8872) and heap-buffer-overflows in read_fat() and get_fat() functions (CVE-2016-4804). -------------------------------------------------------------------------------- ================================================================================ golang-github-cockroachdb-cmux-0-0.1.git112f050.fc22 (FEDORA-2016-caece08ff0) Connection mux for serving different services on the same port -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336218 - Review Request: golang-github-cockroachdb-cmux - Connection mux for serving different services on the same port https://bugzilla.redhat.com/show_bug.cgi?id=1336218 -------------------------------------------------------------------------------- ================================================================================ golang-github-dustin-go-humanize-0-0.1.git8929fe9.fc22 (FEDORA-2016-fee8c22030) Formatters for units to human friendly sizes -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336217 - Review Request: golang-github-dustin-go-humanize - Formatters for units to human friendly sizes https://bugzilla.redhat.com/show_bug.cgi?id=1336217 -------------------------------------------------------------------------------- ================================================================================ golang-github-eapache-queue-1.0.2-0.1.gitded5959.fc22 (FEDORA-2016-6ec0c33ffa) Fast golang queue using ring-buffer -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1327254 - Review Request: golang-github-eapache-queue - Fast golang queue using ring-buffer https://bugzilla.redhat.com/show_bug.cgi?id=1327254 -------------------------------------------------------------------------------- ================================================================================ jenkins-1.609.3-7.fc22 (FEDORA-2016-f7e7a6067d) An extendable open source continuous integration server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335415 - CVE-2016-3721 jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170) https://bugzilla.redhat.com/show_bug.cgi?id=1335415 [ 2 ] Bug #1335416 - CVE-2016-3722 jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243) https://bugzilla.redhat.com/show_bug.cgi?id=1335416 [ 3 ] Bug #1335417 - CVE-2016-3723 jenkins: Information on installed plugins exposed via API (SECURITY-250) https://bugzilla.redhat.com/show_bug.cgi?id=1335417 [ 4 ] Bug #1335418 - CVE-2016-3724 jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266) https://bugzilla.redhat.com/show_bug.cgi?id=1335418 [ 5 ] Bug #1335420 - CVE-2016-3725 jenkins: Regular users can trigger download of update site metadata (SECURITY-273) https://bugzilla.redhat.com/show_bug.cgi?id=1335420 [ 6 ] Bug #1335421 - CVE-2016-3726 jenkins: Open redirect to scheme-relative URLs (SECURITY-276) https://bugzilla.redhat.com/show_bug.cgi?id=1335421 [ 7 ] Bug #1335422 - CVE-2016-3727 jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281) https://bugzilla.redhat.com/show_bug.cgi?id=1335422 -------------------------------------------------------------------------------- ================================================================================ kernel-4.4.10-200.fc22 (FEDORA-2016-84fdc82b74) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.4.10 update contains a number of important fixes across the tree -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300257 - CVE-2016-0758 kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length() https://bugzilla.redhat.com/show_bug.cgi?id=1300257 [ 2 ] Bug #1334643 - CVE-2016-4569 kernel: Information leak in Linux sound module in timer.c https://bugzilla.redhat.com/show_bug.cgi?id=1334643 [ 3 ] Bug #1334303 - CVE-2016-4558 kernel: bpf: refcnt overflow https://bugzilla.redhat.com/show_bug.cgi?id=1334303 [ 4 ] Bug #1334307 - CVE-2016-4557 kernel: Use after free vulnerability via double fdput https://bugzilla.redhat.com/show_bug.cgi?id=1334307 -------------------------------------------------------------------------------- ================================================================================ libndp-1.4-2.fc22.1 (FEDORA-2016-2be4263b24) Library for Neighbor Discovery Protocol -------------------------------------------------------------------------------- Update Information: Fix CVE-2016-3698 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336719 - CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1336719 -------------------------------------------------------------------------------- ================================================================================ perl-Unicode-LineBreak-2016.003-1.fc22 (FEDORA-2016-f695021f1a) UAX #14 Unicode Line Breaking Algorithm -------------------------------------------------------------------------------- Update Information: Update to 2016.003. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1321697 - perl-Unicode-LineBreak-2016.003 is available https://bugzilla.redhat.com/show_bug.cgi?id=1321697 -------------------------------------------------------------------------------- ================================================================================ php-pear-Text-Diff-1.2.1-1.fc22 (FEDORA-2016-ebee705889) Engine for performing and rendering text diffs -------------------------------------------------------------------------------- Update Information: Update to 1.2.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1243619 - php-pear-Text-Diff-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1243619 -------------------------------------------------------------------------------- ================================================================================ postfix-3.0.5-1.fc22 (FEDORA-2016-25865e212c) Postfix Mail Transport Agent -------------------------------------------------------------------------------- Update Information: This is an update fixing two bugs in Milter and header_checks, for details see upstream announcement: http://www.postfix.org/announcements/postfix-3.1.1.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336245 - postfix-3.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1336245 -------------------------------------------------------------------------------- ================================================================================ python-pycxx-6.2.8-1.fc22 (FEDORA-2016-3aaf4ec57d) Write Python extensions in C++ -------------------------------------------------------------------------------- Update Information: Version 6.2.8 (10-May-2016) * Fix crash when a member function is called via callMemberFunction() and that function raises an expection. * Found in comment on StackOverFlow. Fix memory size allocated for new objects. It used the wrong size calculation, but was big enough to avoid problems. Version 6.2.7 (28-Apr-2016) * Fix missing ptr__Unicode_Type. * Fixes from learn0more@xxxxxxxxx make python2 also remember the m_module and add accessor functions. * Fix for indirection issues from Vivian De Smedt. * Update to work with latest Microsoft Visual C++ for python 2.7. All test run in Win32 and Win64. * PyCXX.html documention has been updated, especially with 2TO3 information. * Use delete[] for objects allocated with new[]. Version 6.2.6 (04-Jan-2015) * Fix build issue with GCC 4.2.1 on FreeBSD and Mac OS X (stop python defining isspace as a macro). * Remove support for python 3.1 (API's are unstable). * Add Python 3.3 support. * Patch from Michael Droettboom to fix compilation issues. * Patch from Michael Droettboom to add buffer interface for python3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335953 - Update python-pycxx to latest version to pick up bug fixes https://bugzilla.redhat.com/show_bug.cgi?id=1335953 -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.17.2-1.fc22 (FEDORA-2016-1185a20e23) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: Minor bug fixes. -------------------------------------------------------------------------------- ================================================================================ smartmontools-6.5-1.fc22 (FEDORA-2016-01e7bbfae6) Tools for monitoring SMART capable hard disks -------------------------------------------------------------------------------- Update Information: - smartmontools updated to 6.5 - smartctl '-i', '-c', '-H' and '-l error': NVMe support. - smartctl '-l nvmelog': New option for NVMe. - smartd.conf '-H', '-l error' and '-W': NVMe support. - Optional NVMe device scanning support on Linux and Windows. - configure option '--with-nvme-devicescan' to include NVMe in default device scanning result. - Device scanning now allows to specify multiple '-d TYPE' options. - ATA: Added new POWER MODE values introduced in ATA ACS-2. - ATA: SCT commands are no longer issued if ATA Security is locked. - SCSI: LB provisioning improvements. - SCSI: Fixed GLTSD bit set/cleared info messages. - SCSI: Solid State media log page is no longer checked for tapes. - SCSI: Improved handling when no tape cartridge in drive. - SCSI: Workaround for buggy Seagate firmware. - SAT: Improved heuristics to detect bogus sense data from SAT layer. - smartd: Fixed crash on missing argument to '-s' directive. - update- smart-drivedb: Now uses HTTPS for download by default. - update-smart-drivedb: New options to select URL and download tool. - update-smart-drivedb: New download tool 'svn'. - configure option '--without-update-smart-drivedb' to disable update-smart-drivedb script. - Drive database file now also includes the DEFAULT setting for each attribute. - HDD, SSD and USB additions to drive database. -------------------------------------------------------------------------------- ================================================================================ sombok-2.4.0-2.fc22 (FEDORA-2016-77f1ef9144) Unicode Text Segmentation Package -------------------------------------------------------------------------------- Update Information: Update to 2.4.0. -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.17.6-1.fc22 (FEDORA-2016-1185a20e23) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: Minor bug fixes. -------------------------------------------------------------------------------- ================================================================================ xboard-4.9.0-1.fc22 (FEDORA-2016-cda0efebd9) An X Window System graphical chessboard -------------------------------------------------------------------------------- Update Information: Rebuilt for new upstream version + fixes deps, fixes rhbz #1336257 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336257 - xboard-4.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1336257 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
