The following Fedora 23 Security updates need testing: Age URL 314 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 271 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 244 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 195 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 195 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 160 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 35 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a7322c9fd1 spice-0.12.8-1.fc23 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05 ecryptfs-utils-111-1.fc23 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6db1c9eb69 dnsmasq-2.76-1.fc23 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-430bc0f808 p7zip-16.02-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-833533ffde ca-certificates-2016.2.8-1.0.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e20730676 pbuilder-0.225.2-1.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ec4c27d766 libgcrypt-1.6.5-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97ca9d52a4 python-django-1.8.14-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-610fe5f5f8 libidn-1.33-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8dc0af2c29 php-doctrine-common-2.5.3-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a29c65b00f perl-CGI-Emulate-PSGI-0.22-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6de0b19b3b dropbear-2016.74-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a1dc53971 dietlibc-0.33-8.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb0b94f8db perl-DBD-MySQL-4.033-2.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-23f0d552e8 collectd-5.5.2-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6fd3131c03 v8-3.14.5.10-25.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2941b3264e bind99-9.9.9-1.P2.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3fba74e7f5 bind-9.10.4-1.P2.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9402100276 openssh-7.2p2-5.fc23 selinux-policy-3.13.1-158.22.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-197a01f756 lighttpd-1.4.40-4.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-aa394a130e nodejs-string-dot-prototype-dot-repeat-0.2.0-2.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0049aa6e5d xen-4.5.3-9.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0aa251bc9b perl-Module-Load-Conditional-0.68-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e8e353d493 krb5-1.14.1-8.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-754e4768d8 kernel-4.6.5-200.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d46685629d libreswan-3.18-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fc3a26d327 coreutils-8.24-8.fc23 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-916c007124 firefox-47.0.1-2.fc23 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6db1c9eb69 dnsmasq-2.76-1.fc23 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70344c9c11 thunderbird-45.2.0-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-833533ffde ca-certificates-2016.2.8-1.0.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23 libreport-2.6.4-3.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f76d52932c koji-1.10.1-10.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ec4c27d766 libgcrypt-1.6.5-1.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-65dc8f0ead libassuan-2.4.3-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-610fe5f5f8 libidn-1.33-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c87f8f1eb3 systemtap-3.0-3.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6838cbe113 libcap-ng-0.7.8-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9402100276 openssh-7.2p2-5.fc23 selinux-policy-3.13.1-158.22.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3fba74e7f5 bind-9.10.4-1.P2.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb0b94f8db perl-DBD-MySQL-4.033-2.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ec7bd55286 lua-5.3.3-2.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-33b89975fe gpgme-1.6.0-3.fc23 python-pygpgme-0.3-18.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-979cb0cc41 PackageKit-1.1.3-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-754e4768d8 kernel-4.6.5-200.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e8e353d493 krb5-1.14.1-8.fc23 The following builds have been pushed to Fedora 23 updates-testing apx-0.1-11.fc23 chromium-52.0.2743.82-9.fc23 dvgrab-3.5-15.20160616gite46042.fc23 fuse-emulator-1.2.1-2.fc23 kernel-4.6.5-200.fc23 krb5-1.14.1-8.fc23 libreswan-3.18-1.fc23 libspectrum-1.2.1-1.fc23 magic-8.0.211-1.fc23 mozilla-noscript-2.9.0.12-1.fc23 perl-Archive-Extract-0.78-1.fc23 perl-Archive-Tar-2.06-2.fc23 perl-Digest-SHA-5.96-1.fc23 perl-IPC-Cmd-0.96-1.fc23 perl-Module-Load-Conditional-0.68-1.fc23 perl-Pod-Perldoc-3.26-1.fc23 php-aws-sdk3-3.18.35-1.fc23 python-pyudev-0.21.0-1.fc23 skf-2.00.6-1.fc23 wise2-2.4.1-1.fc23 xfe-1.42-1.fc23 Details about builds: ================================================================================ apx-0.1-11.fc23 (FEDORA-2016-715fa56f4e) QIX clone, cut into and claim the square area -------------------------------------------------------------------------------- Update Information: - Port to Python3 - Difficult to see with some desktop themes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347738 - Crash due to variable naming conflict https://bugzilla.redhat.com/show_bug.cgi?id=1347738 -------------------------------------------------------------------------------- ================================================================================ chromium-52.0.2743.82-9.fc23 (FEDORA-2016-ccb3e3d8e1) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: * Add an AppData file so that Chromium appears in the software center (thanks to Richard Hughes) * Fix post scriptlet so that selinux stuff only happens when selinux is enabled (thanks to Dan Walsh) * Enable nacl/pnacl for Fedora 24+ * Fix logging output to not be super verbose unless build is beta/dev * Fix build target identification in About -------------------------------------------------------------------------------- References: [ 1 ] Bug #1270405 - Review Request: chromium-native_client - Google Native Client Toolchain https://bugzilla.redhat.com/show_bug.cgi?id=1270405 [ 2 ] Bug #1361206 - SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.30: No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=1361206 [ 3 ] Bug #1360905 - Receiving error messages from SELINUX, when SELINUX is disabled https://bugzilla.redhat.com/show_bug.cgi?id=1360905 -------------------------------------------------------------------------------- ================================================================================ dvgrab-3.5-15.20160616gite46042.fc23 (FEDORA-2016-0b60033a41) Utility to capture video from a DV camera -------------------------------------------------------------------------------- Update Information: - Rebuild with new source code -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307435 - dvgrab: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307435 -------------------------------------------------------------------------------- ================================================================================ fuse-emulator-1.2.1-2.fc23 (FEDORA-2016-91902cb470) The Free UNIX Spectrum Emulator -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357306 - fuse-emulator-2.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1357306 -------------------------------------------------------------------------------- ================================================================================ kernel-4.6.5-200.fc23 (FEDORA-2016-754e4768d8) The Linux kernel -------------------------------------------------------------------------------- Update Information: Update to latest upstream stable release, Linux v4.6.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1353533 - CVE-2016-6136 kernel: Race condition vulnerability in auditsc.c https://bugzilla.redhat.com/show_bug.cgi?id=1353533 [ 2 ] Bug #1358184 - CVE-2016-5400 kernel: memory leak in airspy usb driver https://bugzilla.redhat.com/show_bug.cgi?id=1358184 -------------------------------------------------------------------------------- ================================================================================ krb5-1.14.1-8.fc23 (FEDORA-2016-e8e353d493) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information: Fix low-impact CVE-2016-3120 where S4U2Self may cause KDC crash when anon is restricted -------------------------------------------------------------------------------- References: [ 1 ] Bug #1361050 - CVE-2016-3120 krb5: S4U2Self KDC crash when anon is restricted https://bugzilla.redhat.com/show_bug.cgi?id=1361050 -------------------------------------------------------------------------------- ================================================================================ libreswan-3.18-1.fc23 (FEDORA-2016-d46685629d) IPsec implementation with IKEv1 and IKEv2 keying protocols -------------------------------------------------------------------------------- Update Information: Updated to 3.18 for CVE-2016-5391 rhbz#1361164 and VTI support -------------------------------------------------------------------------------- References: [ 1 ] Bug #1361164 - libreswan-3.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1361164 -------------------------------------------------------------------------------- ================================================================================ libspectrum-1.2.1-1.fc23 (FEDORA-2016-91902cb470) A library for reading spectrum emulator file formats -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357306 - fuse-emulator-2.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1357306 -------------------------------------------------------------------------------- ================================================================================ magic-8.0.211-1.fc23 (FEDORA-2016-666ac364ad) A very capable VLSI layout tool -------------------------------------------------------------------------------- Update Information: New version 8.0.211 is released. -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-2.9.0.12-1.fc23 (FEDORA-2016-c5fc6b8522) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: * Updated DNT implementation to match the most recent spec about navigator.doNotTrack values (thanks Francois Merier) * [XSS] Better compatibility with Unionbank's website (thanks Brent for reporting) * Fixed bug 1278735 (JavaScript disabled in private windows) * Fixed JSON viewer not working * about:feed in the mandatory whitelist to fix bug 1272139 * [XSS] Disable JavaScript on FTP-served pages when a potential DOM XSS threat is detected (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed DOS through script- triggered ClickToPlay confirmation dialogs in a loop (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed placeholder links might be potentially used as XSS vectors if stars were properly aligned (thanks Emanuel Bronshtein @e3amn2l for reporting) * [Surrogate] Updated google-analytics.com replacement (thanks noscriptsplox) * [XSS] Fixed regression (thanks Masato Kinugawa for report) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1360761 - mozilla-noscript-2.9.0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1360761 -------------------------------------------------------------------------------- ================================================================================ perl-Archive-Extract-0.78-1.fc23 (FEDORA-2016-22312d8521) Generic archive extracting mechanism -------------------------------------------------------------------------------- Update Information: This release fixes loading optional modules from default . path as decribed in CVE-2016-1238. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1361150 - perl-Archive-Extract-0.78 is available https://bugzilla.redhat.com/show_bug.cgi?id=1361150 -------------------------------------------------------------------------------- ================================================================================ perl-Archive-Tar-2.06-2.fc23 (FEDORA-2016-c163b58a24) A module for Perl manipulation of .tar files -------------------------------------------------------------------------------- Update Information: This release fixes loading optional modules from default . path as described in CVE-2016-1238. -------------------------------------------------------------------------------- ================================================================================ perl-Digest-SHA-5.96-1.fc23 (FEDORA-2016-07bf1cb156) Perl extension for SHA-1/224/256/384/512 -------------------------------------------------------------------------------- Update Information: This release fixes loading optional modules from . directory as described in CVE-2016-1238. It also tidies name space polution. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1361153 - perl-Digest-SHA-5.96 is available https://bugzilla.redhat.com/show_bug.cgi?id=1361153 -------------------------------------------------------------------------------- ================================================================================ perl-IPC-Cmd-0.96-1.fc23 (FEDORA-2016-73b290a071) Finding and running system commands made easy -------------------------------------------------------------------------------- Update Information: This release fixes loading optional modules from . directory as described in CVE-2016-1238. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1361162 - perl-IPC-Cmd-0.96 is available https://bugzilla.redhat.com/show_bug.cgi?id=1361162 -------------------------------------------------------------------------------- ================================================================================ perl-Module-Load-Conditional-0.68-1.fc23 (FEDORA-2016-0aa251bc9b) Looking up module information and loading at run-time -------------------------------------------------------------------------------- Update Information: This update adds an option "FORCE_SAFE_INC", which, if set (it isn't by default), removes the current directory from the module load path so as to avoid loading code from a potentially unsafe place (CVE-2016-1238). -------------------------------------------------------------------------------- ================================================================================ perl-Pod-Perldoc-3.26-1.fc23 (FEDORA-2016-af5344411c) Look up Perl documentation in Pod format -------------------------------------------------------------------------------- Update Information: This release prevents from loading optional modules from writable . directory. This can be overriden by -U option. This release also fixes locating head3 POD directive and a fall back to English if translated documentation does not exist. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1361433 - perl-Pod-Perldoc-3.26 is available https://bugzilla.redhat.com/show_bug.cgi?id=1361433 -------------------------------------------------------------------------------- ================================================================================ php-aws-sdk3-3.18.35-1.fc23 (FEDORA-2016-9084d4f4fe) Amazon Web Services framework for PHP -------------------------------------------------------------------------------- Update Information: ## 3.18.35 - 2016-07-28 * `Aws\Route53Domains` - API Updates ## 3.18.34 - 2016-07-28 * `Aws\CodeDeploy` - Added support for `DeploymentSuccessful ` waiter * `Aws\ApiGateway` - Added support for `Cognito`User Pools Auth Support * `Aws\Ec2` - Added support for DNS for VPC Peering * `Aws\DirectoryService` - Added support for new API for Microsoft AD to manage routing * `Aws\Route53Domains` - Added support for `getDomainSuggestions` capability * `Aws\CognitoIdentity` - Added support for `User Pools` * `Aws\ElasticsearchService` - Added support for pipeline aggregations to perform advanced analytics like moving averages and derivatives, and enhancements to geospatial queries ## 3.18.33 - 2016-07-26 * `Aws\Iot` - Added support for Thing Types, ":" in Thing Name, and `separator` in `Firehose` action * `Aws\CloudSearchDomain` - Fix query value in `POST` request ## 3.18.32 - 2016-07-21 * `Aws\Acm` - Added support for additional field to return for `Describe Certificate ` * `Aws\Config` - Added support for `ACM`, `RDS` resource types, introducing Hybrid Rules & Forced Evaluation feature * `Aws\CloudSearchDomain` - Convert long query request to `POST` * `Aws\CloudFormation` - Added support for enum value for API parameter :`Capabilities` * `Aws\ElasticTranscoder` - Added support for WAV file output format * `Aws\Ssm` - Fixing missing paginator for SSM `DescribeInstanceInformation` ## 3.18.31 - 2016-07-19 * `Aws\Ssm` - Added support for notification * `Aws\DeviceFarm` - Added support for session based APIs ## 3.18.30 - 2016-07-18 * Fix composer version constraints. ## 3.18.29 - 2016-07-18 * Updating dependency to a version of Guzzle that addresses CVE-2016-5385. Please upgrade your version of the SDK or Guzzle if you are using the AWS SDK for PHP in a CGI process that connects to an `http` endpoint. * See https://httpoxy.org for more details on the vulnerability. ## 3.18.28 - 2016-07-13 * `Aws\DatabaseMigrationService` - Added support for SSL Endpoint and Replication * `Aws\Ecs` - Added support for IAM roles for ECS Tasks * `Aws\Rds` - Adds new method `CopyDBClusterParameterGroup` and new parameter `TargetDBInstanceIdentifier` to `FailoverDBCluster` API ## 3.18.27 - 2016-07-07 * `Aws\ServiceCatalog` - Added support for `Aws\ServiceCatalog` ## 3.18.26 - 2016-07-07 * `Aws\Config` - Added support for `DeleteConfigurationRecorder` API * `Aws\DirectoryService` - Added support for tagging APIs ## 3.18.25 - 2016-07-05 * `Aws\CodePipeline` - Added support for manual approvals. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1353056 - php-aws-sdk3-3.18.35 is available https://bugzilla.redhat.com/show_bug.cgi?id=1353056 -------------------------------------------------------------------------------- ================================================================================ python-pyudev-0.21.0-1.fc23 (FEDORA-2016-51f1be88a1) A libudev binding -------------------------------------------------------------------------------- Update Information: See changelog. A few bug fixes, one significant deprecation. -------------------------------------------------------------------------------- ================================================================================ skf-2.00.6-1.fc23 (FEDORA-2016-519b3ce5bb) Utility binary files in Simple Kanji Filter -------------------------------------------------------------------------------- Update Information: New version 2.00.6 is released. -------------------------------------------------------------------------------- ================================================================================ wise2-2.4.1-1.fc23 (FEDORA-2016-420a898001) Tools for comparison of bio-polymers -------------------------------------------------------------------------------- Update Information: - Update to 2.4.1 - Fix compiler flags -------------------------------------------------------------------------------- References: [ 1 ] Bug #1218793 - Update to 2.4.1 https://bugzilla.redhat.com/show_bug.cgi?id=1218793 -------------------------------------------------------------------------------- ================================================================================ xfe-1.42-1.fc23 (FEDORA-2016-ef935700ab) X File Explorer File Manager -------------------------------------------------------------------------------- Update Information: New version 1.42 is released. -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
