The following Fedora 23 Security updates need testing: Age URL 283 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 240 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 213 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 164 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 163 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 129 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 48 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940 squid-3.5.10-4.fc23 26 https://bodhi.fedoraproject.org/updates/FEDORA-2016-89e0874533 ntp-4.2.6p5-41.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e538b11379 python-django-horizon-2015.1.4-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5e392ef01 wordpress-4.5.3-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-21bd6a33af struts-1.3.10-18.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b68f69b086 setroubleshoot-plugins-3.3.5.1-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73853a7a16 qemu-2.4.1-11.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-34a6b65583 php-5.6.23-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4f3c77ef90 php-pecl-zip-1.13.3-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9df3915036 phpMyAdmin-4.6.3-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0b966047e1 krb5-1.14.1-7.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3093027736 mediawiki-1.26.3-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-16e8d38f57 gsi-openssh-7.1p2-2.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ef784cf9f7 python3-3.4.3-9.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d126bb1b74 gd-2.1.1-8.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9 kernel-4.5.7-202.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-28873e4832 vim-7.4.1868-1.fc23 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad11727bf PackageKit-1.1.1-2.fc23 appstream-data-23-11.fc23 fwupd-0.7.1-1.fc23 gnome-software-3.20.3-1.fc23.1 json-glib-1.2.0-1.fc23 libappstream-glib-0.5.14-1.fc23 libgusb-0.2.9-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f637b89dda samba-4.3.10-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c9c2badcb selinux-policy-3.13.1-158.20.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9bc854cca texinfo-6.0-3.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-001588074b libfm-1.2.4-4.D20160618gitb22c0995e7.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-06b36c0134 lxsession-0.5.2-10.D20160417git9f8d613332.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0b966047e1 krb5-1.14.1-7.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-abff7c6423 kde-settings-23-12.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-99671098b1 qt-4.8.7-18.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4b66e3011c lxpanel-0.8.2-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9 kernel-4.5.7-202.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-20e8af4a21 audit-2.6.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d126bb1b74 gd-2.1.1-8.fc23 The following builds have been pushed to Fedora 23 updates-testing atomic-1.10.5-2.gitce09e40.fc23 audit-2.6.1-1.fc23 bzflag-2.4.6-2.fc23 cdbs-0.4.142-1.fc23 fedfind-2.4.10-1.fc23 fedpkg-1.24-2.fc23 firewalld-0.4.3.1-1.fc23 gd-2.1.1-8.fc23 gpaste-3.18.5-1.fc23 kernel-4.5.7-202.fc23 kubernetes-ansible-0.6.0-0.1.gitd65ebd5.fc23 libabigail-1.0-0.8.rc5.2.fc23 libopenraw-0.0.9-18.fc23 numatop-1.0.4-1.fc23 orthanc-1.1.0-1.fc23 pbuilder-0.225.1-1.fc23 py3status-3.0-1.fc23 pyobd-0.9.3-3.fc23 python-flower-0.8.4-1.fc23 python-maxminddb-1.2.1-1.fc23 python-stuf-0.9.16-7.fc23 rpkg-1.45-2.fc23 torrent-file-editor-0.3.0-1.fc23 yamllint-1.3.2-1.fc23 Details about builds: ================================================================================ atomic-1.10.5-2.gitce09e40.fc23 (FEDORA-2016-a28b2b05ec) Tool for managing ProjectAtomic systems and containers -------------------------------------------------------------------------------- Update Information: build atomic 1.10.5 -------------------------------------------------------------------------------- ================================================================================ audit-2.6.1-1.fc23 (FEDORA-2016-20e8af4a21) User space tools for 2.6 kernel auditing -------------------------------------------------------------------------------- Update Information: A bug was found that is causing audisp-plugins to get malformed events. Auditd will now correct directory permissions for logging on startup. There is also now audit-stop.rules that can be enabled in auditd.service to cleanup when auditd is stopped. ---- This update to the audit system adds a new enriched data format. This will help in reporting when multiple system's audit logs are aggregated on a central server. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334850 - audit.rules is readable by all https://bugzilla.redhat.com/show_bug.cgi?id=1334850 [ 2 ] Bug #1334772 - ausearch results depend on order of parameters https://bugzilla.redhat.com/show_bug.cgi?id=1334772 [ 3 ] Bug #1344268 - autrace destroys all audit rules, despite what manpage says https://bugzilla.redhat.com/show_bug.cgi?id=1344268 -------------------------------------------------------------------------------- ================================================================================ bzflag-2.4.6-2.fc23 (FEDORA-2016-4aa57e8b8a) 3D multi-player tank battle game -------------------------------------------------------------------------------- Update Information: Add unit file. ---- 2.4.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #198929 - RFE: BZflag needs an init.d script https://bugzilla.redhat.com/show_bug.cgi?id=198929 -------------------------------------------------------------------------------- ================================================================================ cdbs-0.4.142-1.fc23 (FEDORA-2016-fdf7dbe557) Common build system for Debian packages -------------------------------------------------------------------------------- Update Information: Update to version 0.4.142, see http://metadata.ftp- master.debian.org/changelogs//main/c/cdbs/cdbs_0.4.142_changelog for details. -------------------------------------------------------------------------------- ================================================================================ fedfind-2.4.10-1.fc23 (FEDORA-2016-4696f12c13) Fedora Finder finds Fedora -------------------------------------------------------------------------------- Update Information: This update mainly updates fedfind to handle the new Pungi 4 two-week Atomic composes (release engineering is now building these, which are nightly composes of Cloud and Atomic images for the current stable release, with Pungi 4, whereas before they were built with the old compose process). The new `AtomicNightly` subclass of `fedfind.release.Release` is added to handle these, and will be returned when appropriate by `fedfind.release.get_release`. This update also stops fedfind using the `Pungi4Mirror` class which is intended to be used for milestone releases that have been synced to the public mirror system; at present, these composes are actually split in two and different outputs mirrored to two different locations, and the productmd metadata is stripped from both locations (as it no longer accurately reflects the contents to be found in each), so fedfind cannot treat them as Pungi 4 composes as the metadata is unavailable. Instead we simply use the old `MirrorRelease` subclasses, so the contents are discovered by scraping and the metadata synthesized. Note that fedfind does not and in fact never has supported finding the contents that are split out and placed in the `alt/releases/` tree, as I was not aware of the fact that composes were split in this way and never designed fedfind to take account of it. -------------------------------------------------------------------------------- ================================================================================ fedpkg-1.24-2.fc23 (FEDORA-2016-3540ed2e2b) Fedora utility for working with dist-git -------------------------------------------------------------------------------- Update Information: This new release contains several enhancement, bugfix and more compatible with Python 3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #829012 - fedpkg command completion https://bugzilla.redhat.com/show_bug.cgi?id=829012 [ 2 ] Bug #1286374 - fedpkg commands fail when under non-ASCII path https://bugzilla.redhat.com/show_bug.cgi?id=1286374 -------------------------------------------------------------------------------- ================================================================================ firewalld-0.4.3.1-1.fc23 (FEDORA-2016-cb05cdfa23) A firewall daemon with D-Bus interface providing a dynamic firewall -------------------------------------------------------------------------------- Update Information: Update to firewalld release 0.4.3.1 Main changes: * New transaction model for speed ups * Enhanced handling of connections and interfaces * Usability enhancements for firewall-config * Enhanced runtime to permanent migration * ICMP block inversion support * Source ports in zones, services and rich rules * Rich rules with destination only * Create backup on removal of zones, services, ipsets and icmptypes * Add and remove several ipset entries with firewall-config * Additional information zone handling with NetworkManager and ifcfg files * Sequence options in all command line utilities * New firewallctl command line utility * Updated and new services * Test suite enhancements * Fixes issue with running programs using Python3 * Splits up source and destination address lists for transaction There are also several other bug fixes or enhancements and code optimizations. -------------------------------------------------------------------------------- ================================================================================ gd-2.1.1-8.fc23 (FEDORA-2016-d126bb1b74) A graphics library for quick creation of PNG or JPEG images -------------------------------------------------------------------------------- Update Information: * fix for stack overflow with gdImageFillToBorder (CVE-2015-8874) * fix integer Overflow in _gd2GetHeader() (CVE-2016-5766) -------------------------------------------------------------------------------- ================================================================================ gpaste-3.18.5-1.fc23 (FEDORA-2016-da8279bc9f) Clipboard management system -------------------------------------------------------------------------------- Update Information: * fix some extensive CPU usage in some cases ---- * fix crash when a search goes wrong * fix hanging issue due to gtk+ race (?) in gtk_clipboard_store * fix the gnome-shell menu sometimes displaying twice * add debug logs to the core library -------------------------------------------------------------------------------- ================================================================================ kernel-4.5.7-202.fc23 (FEDORA-2016-73a733f4d9) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.5.7-202 kernel update contains a number of important security fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1344721 - CVE-2016-1583 kernel: Stack overflow via ecryptfs and /proc/$pid/environ https://bugzilla.redhat.com/show_bug.cgi?id=1344721 [ 2 ] Bug #1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path https://bugzilla.redhat.com/show_bug.cgi?id=1341716 [ 3 ] Bug #1349886 - CVE-2016-4998 kernel: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt https://bugzilla.redhat.com/show_bug.cgi?id=1349886 [ 4 ] Bug #1350509 - CVE-2016-5829 kernel: Heap buffer overflow in hiddev driver https://bugzilla.redhat.com/show_bug.cgi?id=1350509 [ 5 ] Bug #1350811 - CVE-2016-5728 kernel: Race condition vulnerability in VOP driver https://bugzilla.redhat.com/show_bug.cgi?id=1350811 [ 6 ] Bug #1350845 - CVE-2016-1237 kernel: Missing check for permissions when setting ACL https://bugzilla.redhat.com/show_bug.cgi?id=1350845 -------------------------------------------------------------------------------- ================================================================================ kubernetes-ansible-0.6.0-0.1.gitd65ebd5.fc23 (FEDORA-2016-d495ee2544) Playbook and set of roles for seting up a Kubernetes cluster onto machines -------------------------------------------------------------------------------- Update Information: Package kubernetes/contrib/ansible -------------------------------------------------------------------------------- References: [ 1 ] Bug #1341310 - Review Request: kubernetes-ansible - Playbook and set of roles for seting up a Kubernetes cluster onto machines https://bugzilla.redhat.com/show_bug.cgi?id=1341310 -------------------------------------------------------------------------------- ================================================================================ libabigail-1.0-0.8.rc5.2.fc23 (FEDORA-2016-605c4d3cc0) Set of ABI analysis tools -------------------------------------------------------------------------------- Update Information: Add README file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331348 - README file is not packaged https://bugzilla.redhat.com/show_bug.cgi?id=1331348 -------------------------------------------------------------------------------- ================================================================================ libopenraw-0.0.9-18.fc23 (FEDORA-2016-3cb527ae3d) Decode camera RAW files -------------------------------------------------------------------------------- Update Information: Fix crash in GdkPixbuf loader -------------------------------------------------------------------------------- References: [ 1 ] Bug #1279152 - libopenraw-pixbuf-loader causes SEGV in nautilus https://bugzilla.redhat.com/show_bug.cgi?id=1279152 -------------------------------------------------------------------------------- ================================================================================ numatop-1.0.4-1.fc23 (FEDORA-2016-151ce458bd) Memory access locality characterization and analysis -------------------------------------------------------------------------------- Update Information: Minor update that adds support for BDW-EP/EX. -------------------------------------------------------------------------------- ================================================================================ orthanc-1.1.0-1.fc23 (FEDORA-2016-b2ac0ceeb8) RESTful DICOM server for healthcare and medical research -------------------------------------------------------------------------------- Update Information: New upstream version -------------------------------------------------------------------------------- ================================================================================ pbuilder-0.225.1-1.fc23 (FEDORA-2016-d0ddbf7d51) Personal package builder for Debian packages -------------------------------------------------------------------------------- Update Information: Update to version 0.225.1, see http://metadata.ftp- master.debian.org/changelogs//main/p/pbuilder/pbuilder_0.225.1_changelog for details. -------------------------------------------------------------------------------- ================================================================================ py3status-3.0-1.fc23 (FEDORA-2016-6aebe22ae9) An extensible i3status wrapper written in python -------------------------------------------------------------------------------- Update Information: update to version 3.0 -------------------------------------------------------------------------------- ================================================================================ pyobd-0.9.3-3.fc23 (FEDORA-2016-c3a29222dd) OBD-II (SAE-J1979) compliant scantool software -------------------------------------------------------------------------------- Update Information: This is an update adding SVG icon and fixing exception if invalid device is specified. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1231476 - [abrt] pyobd: serialposix.py:289:open:OSError: [Errno 13] Permission denied: '/dev/ttyS0' https://bugzilla.redhat.com/show_bug.cgi?id=1231476 [ 2 ] Bug #1157565 - Application icon is too small to be used in the software center https://bugzilla.redhat.com/show_bug.cgi?id=1157565 -------------------------------------------------------------------------------- ================================================================================ python-flower-0.8.4-1.fc23 (FEDORA-2016-f7d3f34fbe) A web based tool for monitoring and administrating Celery clusters -------------------------------------------------------------------------------- Update Information: Bump to version 0.8.4 -------------------------------------------------------------------------------- ================================================================================ python-maxminddb-1.2.1-1.fc23 (FEDORA-2016-1ed8e00c19) Reader for the MaxMind DB format -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1350429 - Review Request: python-maxminddb - Reader for the MaxMind DB format https://bugzilla.redhat.com/show_bug.cgi?id=1350429 -------------------------------------------------------------------------------- ================================================================================ python-stuf-0.9.16-7.fc23 (FEDORA-2016-68834a8bf9) Fancy python dictionary types -------------------------------------------------------------------------------- Update Information: Re-bundle 'six' since it is highly customized. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335144 - python-stuf: ImportError: cannot import name items https://bugzilla.redhat.com/show_bug.cgi?id=1335144 -------------------------------------------------------------------------------- ================================================================================ rpkg-1.45-2.fc23 (FEDORA-2016-caf9693898) Utility for interacting with rpm+git packaging systems -------------------------------------------------------------------------------- Update Information: This new release contains several enhancement, bugfix and more compatible with Python 3. -------------------------------------------------------------------------------- ================================================================================ torrent-file-editor-0.3.0-1.fc23 (FEDORA-2016-1e75818de2) Qt based GUI tool designed to create and edit .torrent files -------------------------------------------------------------------------------- Update Information: Bump to v0.3.0 -------------------------------------------------------------------------------- ================================================================================ yamllint-1.3.2-1.fc23 (FEDORA-2016-4996a577d3) A linter for YAML files -------------------------------------------------------------------------------- Update Information: Update to latest upstream version -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
