The following Fedora 22 Security updates need testing: Age URL 440 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 389 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 322 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 276 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 264 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 234 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 216 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 216 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 183 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 157 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 133 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 122 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 109 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 70 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 41 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a5867050 squid-3.5.10-4.fc22 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c3bd6a3496 ntp-4.2.6p5-41.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95f1569a73 drupal7-7.44-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0fd6ca526a expat-2.1.1-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5c52dcfe47 python3-3.4.2-8.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e37f15a5f4 python-2.7.10-10.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fbb5a65729 squidGuard-1.4-26.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f597359bf2 setroubleshoot-3.2.27.1-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4573f8c9ba wordpress-4.5.3-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea3002b577 qemu-2.3.1-16.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 315 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 234 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 216 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 216 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 70 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 67 https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4 libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22 65 https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b pygtk2-2.24.0-14.fc22 61 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8 lldpad-1.0.1-4.git036e314.fc22 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2cdb5d5a7c vim-7.4.1868-1.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4a2bc1983 mdadm-3.3.4-3.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab75c587f3 perl-5.20.3-331.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-babda1429a thunderbird-45.1.1-2.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b1495a847 samba-4.2.12-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0fd6ca526a expat-2.1.1-2.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-18212502a4 pcre-8.39-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e37f15a5f4 python-2.7.10-10.fc22 The following builds have been pushed to Fedora 22 updates-testing Field3D-1.7.2-1.fc22 fusioninventory-agent-2.3.18-2.fc22 gnome-chemistry-utils-0.14.12-3.fc22 gnumeric-1.12.30-1.fc22 goffice-0.10.30-1.fc22 lilypond-2.19.44-1.fc22 lilypond-doc-2.19.44-1.fc22 qemu-2.3.1-16.fc22 softhsm-2.1.0-1.fc22 strongswan-5.4.0-2.fc22 wordpress-4.5.3-1.fc22 Details about builds: ================================================================================ Field3D-1.7.2-1.fc22 (FEDORA-2016-25ff545639) Library for storing voxel data -------------------------------------------------------------------------------- Update Information: Minor update to latest upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347967 - Field3D-v1.7.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1347967 -------------------------------------------------------------------------------- ================================================================================ fusioninventory-agent-2.3.18-2.fc22 (FEDORA-2016-b25f815538) FusionInventory agent -------------------------------------------------------------------------------- Update Information: Update to latest upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300870 - fusioninventory-agent-2.3.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1300870 -------------------------------------------------------------------------------- ================================================================================ gnome-chemistry-utils-0.14.12-3.fc22 (FEDORA-2016-a69b9d89bd) A set of chemical utilities -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html -------------------------------------------------------------------------------- ================================================================================ gnumeric-1.12.30-1.fc22 (FEDORA-2016-a69b9d89bd) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html -------------------------------------------------------------------------------- ================================================================================ goffice-0.10.30-1.fc22 (FEDORA-2016-a69b9d89bd) G Office support libraries -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html -------------------------------------------------------------------------------- ================================================================================ lilypond-2.19.44-1.fc22 (FEDORA-2016-265658471d) A typesetting system for music notation -------------------------------------------------------------------------------- Update Information: 2.19.44 -------------------------------------------------------------------------------- ================================================================================ lilypond-doc-2.19.44-1.fc22 (FEDORA-2016-265658471d) HTML documentation for LilyPond -------------------------------------------------------------------------------- Update Information: 2.19.44 -------------------------------------------------------------------------------- ================================================================================ qemu-2.3.1-16.fc22 (FEDORA-2016-ea3002b577) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * CVE-2016-4002: net: buffer overflow in MIPSnet (bz #1326083) * CVE-2016-4952 scsi: pvscsi: out-of-bounds access issue * CVE-2016-5106: scsi: megasas: out-of- bounds write (bz #1339581) * CVE-2016-5105: scsi: megasas: stack information leakage (bz #1339585) * CVE-2016-5107: scsi: megasas: out-of-bounds read (bz #1339573) * CVE-2016-4454: display: vmsvga: out-of-bounds read (bz #1340740) * CVE-2016-4453: display: vmsvga: infinite loop (bz #1340744) * CVE-2016-5238: scsi: esp: OOB write (bz #1341932) * CVE-2016-5338: scsi: esp: OOB r/w access (bz #1343325) * CVE-2016-5337: scsi: megasas: information leakage (bz #1343910) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326082 - CVE-2016-4002 Qemu: net: buffer overflow in MIPSnet emulator https://bugzilla.redhat.com/show_bug.cgi?id=1326082 [ 2 ] Bug #1334384 - CVE-2016-4952 Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines https://bugzilla.redhat.com/show_bug.cgi?id=1334384 [ 3 ] Bug #1339578 - CVE-2016-5106 Qemu: scsi: megasas: out-of-bounds write while setting controller properties https://bugzilla.redhat.com/show_bug.cgi?id=1339578 [ 4 ] Bug #1339583 - CVE-2016-5105 Qemu: scsi: megasas: stack information leakage while reading configuration https://bugzilla.redhat.com/show_bug.cgi?id=1339583 [ 5 ] Bug #1336461 - CVE-2016-5107 Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function https://bugzilla.redhat.com/show_bug.cgi?id=1336461 [ 6 ] Bug #1336429 - CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine https://bugzilla.redhat.com/show_bug.cgi?id=1336429 [ 7 ] Bug #1336650 - CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine https://bugzilla.redhat.com/show_bug.cgi?id=1336650 [ 8 ] Bug #1341931 - CVE-2016-5238 Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd https://bugzilla.redhat.com/show_bug.cgi?id=1341931 [ 9 ] Bug #1343323 - CVE-2016-5338 Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO https://bugzilla.redhat.com/show_bug.cgi?id=1343323 [ 10 ] Bug #1343909 - CVE-2016-5337 Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info https://bugzilla.redhat.com/show_bug.cgi?id=1343909 -------------------------------------------------------------------------------- ================================================================================ softhsm-2.1.0-1.fc22 (FEDORA-2016-40cd1f94ba) Software version of a PKCS#11 Hardware Security Module -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1244461 Updated to 2.1.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1244461 - softhsm-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1244461 [ 2 ] Bug #1272423 - Softhsm PKCS#11 module not visible to NSS becasue it is not in the search path https://bugzilla.redhat.com/show_bug.cgi?id=1272423 [ 3 ] Bug #11 - shutdown -F failsfr works https://bugzilla.redhat.com/show_bug.cgi?id=11 [ 4 ] Bug #162 - dosemu is not able to handle subst command / lredir in default configuration https://bugzilla.redhat.com/show_bug.cgi?id=162 -------------------------------------------------------------------------------- ================================================================================ strongswan-5.4.0-2.fc22 (FEDORA-2016-94747bc6c3) An OpenSource IPsec-based VPN and TNC solution -------------------------------------------------------------------------------- Update Information: Enhancement update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1298230 - None https://bugzilla.redhat.com/show_bug.cgi?id=1298230 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.5.3-1.fc22 (FEDORA-2016-4573f8c9ba) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: See upstream announcement [WordPress 4.5.3 Maintenance and Security Release](ttps://wordpress.org/news/2016/06/wordpress-4-5-3/) Packaging changes: - never bundle ca-bundle.crt (EL-5) - provide nginx configuration (fedora) - drop mandatory dependency on httpd (suggested) #1336091 - protect php files in uploads directory -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
