The following Fedora 22 Security updates need testing: Age URL 439 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 388 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 321 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 275 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 264 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 233 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 215 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 215 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 182 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 156 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 132 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 121 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 109 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 69 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 40 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a5867050 squid-3.5.10-4.fc22 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c3bd6a3496 ntp-4.2.6p5-41.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95f1569a73 drupal7-7.44-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0fd6ca526a expat-2.1.1-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5c52dcfe47 python3-3.4.2-8.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e37f15a5f4 python-2.7.10-10.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fbb5a65729 squidGuard-1.4-26.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f597359bf2 setroubleshoot-3.2.27.1-1.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 314 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 233 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 215 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 215 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 69 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 66 https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4 libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22 64 https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b pygtk2-2.24.0-14.fc22 61 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8 lldpad-1.0.1-4.git036e314.fc22 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2cdb5d5a7c vim-7.4.1868-1.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-409af1ecfd lua-5.3.3-1.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4a2bc1983 mdadm-3.3.4-3.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab75c587f3 perl-5.20.3-331.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-babda1429a thunderbird-45.1.1-2.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b1495a847 samba-4.2.12-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0fd6ca526a expat-2.1.1-2.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-18212502a4 pcre-8.39-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e37f15a5f4 python-2.7.10-10.fc22 The following builds have been pushed to Fedora 22 updates-testing chkrootkit-0.50-8.fc22 clustershell-1.7.2-1.fc22 deja-dup-34.2-2.fc22 liveusb-creator-3.95.2-1.fc22 lyx-2.1.5-1.fc22 minimodem-0.24-1.fc22 open-vm-tools-10.0.5-3.fc22 perl-Module-CoreList-5.20160620-1.fc22 pyotherside-1.5.0-2.fc22 python-2.7.10-10.fc22 python-netdiff-0.4.7-2.fc22 python3-3.4.2-8.fc22 setroubleshoot-3.2.27.1-1.fc22 squidGuard-1.4-26.fc22 Details about builds: ================================================================================ chkrootkit-0.50-8.fc22 (FEDORA-2016-533e10ae24) Tool to locally check for signs of a rootkit -------------------------------------------------------------------------------- Update Information: Fix l2cap false positive. ---- Fix Windigo false positive. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1234420 - chkrootkit warnings - l2cap https://bugzilla.redhat.com/show_bug.cgi?id=1234420 [ 2 ] Bug #1234436 - Bogus Windigo reports https://bugzilla.redhat.com/show_bug.cgi?id=1234436 -------------------------------------------------------------------------------- ================================================================================ clustershell-1.7.2-1.fc22 (FEDORA-2016-ecc09efbf3) Python framework for efficient cluster administration -------------------------------------------------------------------------------- Update Information: Minor release 1.7.2. Bugfix for tree mode and better error handling (like broken pipe). The only new minor enhancement is the --pick option available with clush and nodeset. -------------------------------------------------------------------------------- ================================================================================ deja-dup-34.2-2.fc22 (FEDORA-2016-5468ee7277) Simple backup tool and frontend for duplicity -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ liveusb-creator-3.95.2-1.fc22 (FEDORA-2016-94b3079fbb) Fedora Media Writer -------------------------------------------------------------------------------- Update Information: Bump to have F24 data included -------------------------------------------------------------------------------- ================================================================================ lyx-2.1.5-1.fc22 (FEDORA-2016-13f1ce3950) WYSIWYM (What You See Is What You Mean) document processor -------------------------------------------------------------------------------- Update Information: LyX 2.1.5 is the the final release in the 2.1.x series. In this release were fixed a number of bugs and made a number of improvements. Many of these were minor, but there were a few crashes fixed. All these changes are detailed in the announcement <http://www.lyx.org/announce/2_1_5.txt>. One of the main features of 2.1.5 is its ability to read and write files in the 2.2.x format. Since the conversion process back and forth usually will not leave one with an identical file, however, it is not recommend attempting to collaborate with users of 2.2.x. Since the end of support for Fedora 22 is near this will be the last available LyX version. If you intend to use LyX 2.2 we encourage you to upgrade to Fedora 23 or 24 where lyx-2.2.0 is available in the stable repositories. -------------------------------------------------------------------------------- ================================================================================ minimodem-0.24-1.fc22 (FEDORA-2016-e14c397baa) General-purpose software audio FSK modem -------------------------------------------------------------------------------- Update Information: Latest upstream release. ---- Latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1310279 - minimodem-0.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1310279 [ 2 ] Bug #1164134 - minimodem-0.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1164134 -------------------------------------------------------------------------------- ================================================================================ open-vm-tools-10.0.5-3.fc22 (FEDORA-2016-f2b2eb3aca) Open Virtual Machine Tools for virtual machines hosted on VMware -------------------------------------------------------------------------------- Update Information: Use systemd-detect-virt to detect VMware platform (RHBZ#1251656). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1251656 - vmtoolsd load 1 core of cpu 100% in Virtualbox environment https://bugzilla.redhat.com/show_bug.cgi?id=1251656 -------------------------------------------------------------------------------- ================================================================================ perl-Module-CoreList-5.20160620-1.fc22 (FEDORA-2016-dc5c8b0711) What modules are shipped with versions of perl -------------------------------------------------------------------------------- Update Information: This release provides data for perl 5.25.2. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1348367 - perl-Module-CoreList-5.20160620 is available https://bugzilla.redhat.com/show_bug.cgi?id=1348367 -------------------------------------------------------------------------------- ================================================================================ pyotherside-1.5.0-2.fc22 (FEDORA-2016-c816d8b04d) Asynchronous Python 3 Bindings for Qt 5 -------------------------------------------------------------------------------- Update Information: New upstream release 1.5.0 - brings new APIs while keeping backwards compatibility. What's new: http://pyotherside.readthedocs.io/en/latest/#io-thp- pyotherside-1-5 -------------------------------------------------------------------------------- ================================================================================ python-2.7.10-10.fc22 (FEDORA-2016-e37f15a5f4) An interpreted, interactive, object-oriented programming language -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-0772 ---- Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() -------------------------------------------------------------------------------- References: [ 1 ] Bug #1303647 - CVE-2016-0772 python: smtplib StartTLS stripping attack https://bugzilla.redhat.com/show_bug.cgi?id=1303647 -------------------------------------------------------------------------------- ================================================================================ python-netdiff-0.4.7-2.fc22 (FEDORA-2016-0d58782dc0) Python library for parsing network topology data and detect changes -------------------------------------------------------------------------------- Update Information: First F22 release -------------------------------------------------------------------------------- ================================================================================ python3-3.4.2-8.fc22 (FEDORA-2016-5c52dcfe47) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-0772 ---- Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() -------------------------------------------------------------------------------- References: [ 1 ] Bug #1303647 - CVE-2016-0772 python: smtplib StartTLS stripping attack https://bugzilla.redhat.com/show_bug.cgi?id=1303647 -------------------------------------------------------------------------------- ================================================================================ setroubleshoot-3.2.27.1-1.fc22 (FEDORA-2016-f597359bf2) Helps troubleshoot SELinux problems -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-4446 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1339250 - CVE-2016-4446 setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin https://bugzilla.redhat.com/show_bug.cgi?id=1339250 -------------------------------------------------------------------------------- ================================================================================ squidGuard-1.4-26.fc22 (FEDORA-2016-fbb5a65729) Filter, redirector and access controller plugin for squid -------------------------------------------------------------------------------- Update Information: Unit file fix. ---- http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1177012 - ExecStop syntax error in squidGuard.service https://bugzilla.redhat.com/show_bug.cgi?id=1177012 [ 2 ] Bug #1323211 - "squidGuard" doesn't guard - no errormessages when failing https://bugzilla.redhat.com/show_bug.cgi?id=1323211 [ 3 ] Bug #1348459 - squidGuard: Reflected cross site scripting vulnerability in squidGuard.cgi [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1348459 [ 4 ] Bug #1253636 - error: squidGuard:7 error verifying olddir path /var/log/squidGuard/old: No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=1253636 [ 5 ] Bug #1253633 - /var/log/squidGuard permissions https://bugzilla.redhat.com/show_bug.cgi?id=1253633 [ 6 ] Bug #1348458 - squidGuard: Reflected cross site scripting vulnerability in squidGuard.cgi [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1348458 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
