The following Fedora 24 Security updates need testing: Age URL 94 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 87 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 49 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 30 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-68cdc567e9 php-onelogin-php-saml-2.10.5-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-05010f0b46 drupal8-8.2.7-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-66593c367e qbittorrent-3.3.11-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f38995622 webkitgtk4-2.16.0-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-712ffce24d sscg-2.0.4-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2480c7f50 erlang-18.3.4.5-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0fcaf52f1a moodle-3.1.5-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9e1ccfe586 firefox-52.0-6.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f5fe1913f sane-backends-1.0.25-7.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab5fa91445 samba-4.4.12-0.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7accc8010b pcs-0.9.156-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-72323a442f ntp-4.2.6p5-44.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7980b5e846 tcpreplay-4.2.1-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-da0912d205 cryptsetup-1.7.4-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b643ea40f4 nss-3.29.3-1.0.fc24 nss-softokn-3.29.3-1.0.fc24 nss-util-3.29.3-1.0.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9850301127 kde-settings-24-8.fc24.1 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9e1ccfe586 firefox-52.0-6.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-604155a301 vim-8.0.502-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab5fa91445 samba-4.4.12-0.fc24 The following builds have been pushed to Fedora 24 updates-testing GeoIP-1.6.9-4.fc24 armadillo-7.800.2-1.fc24 jovie-16.12.3-1.fc24 kaccessible-16.12.3-1.fc24 kcron-16.12.3-1.fc24 kf5-kross-interpreters-16.12.3-1.fc24 kmag-16.12.3-1.fc24 kmousetool-16.12.3-1.fc24 kmouth-16.12.3-1.fc24 ksystemlog-16.12.3-1.fc24 nrpe-3.0.1-6.fc24 ntp-4.2.6p5-44.fc24 pcs-0.9.156-2.fc24 perl-DateTime-Format-Flexible-0.28-1.fc24 perl-HTML-Selector-XPath-0.23-1.fc24 pkgconf-1.3.2-1.fc24 plasma-workspace-5.8.6-5.fc24 samba-4.4.12-0.fc24 sane-backends-1.0.25-7.fc24 speedtest-cli-1.0.2-1.fc24 tcpreplay-4.2.1-1.fc24 vdr-epg-daemon-1.1.114-1.fc24 vdr-epg2vdr-1.1.55-1.fc24 znc-1.6.5-1.fc24 Details about builds: ================================================================================ GeoIP-1.6.9-4.fc24 (FEDORA-2017-d8033000d4) Library for country/city/organization to IP address or hostname mapping -------------------------------------------------------------------------------- Update Information: Fix GeoIP_database_info truncation issue: * https://github.com/maxmind/geoip- api-c/issues/79 * https://github.com/maxmind/geoip-api-c/pull/80 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1426853 - GeoIP_database_info is not returning full string from database https://bugzilla.redhat.com/show_bug.cgi?id=1426853 -------------------------------------------------------------------------------- ================================================================================ armadillo-7.800.2-1.fc24 (FEDORA-2017-d6c7a74d9e) Fast C++ matrix library with syntax similar to MATLAB and Octave -------------------------------------------------------------------------------- Update Information: Update to the latest stable release. This is a minor update that fixes some small issues regarding: * the display of complex or real number; * the documentation. -------------------------------------------------------------------------------- ================================================================================ jovie-16.12.3-1.fc24 (FEDORA-2017-73f6ee75ea) Text to speech support -------------------------------------------------------------------------------- Update Information: KDE Accessibility Applications 16.12.3, https://www.kde.org/announcements /announce-applications-16.12.3.php -------------------------------------------------------------------------------- ================================================================================ kaccessible-16.12.3-1.fc24 (FEDORA-2017-73f6ee75ea) An accessibility bridge plugin -------------------------------------------------------------------------------- Update Information: KDE Accessibility Applications 16.12.3, https://www.kde.org/announcements /announce-applications-16.12.3.php -------------------------------------------------------------------------------- ================================================================================ kcron-16.12.3-1.fc24 (FEDORA-2017-e211adbc17) Cron KDE configuration module -------------------------------------------------------------------------------- Update Information: KDE Admin Applications 16.12.3, https://www.kde.org/announcements/announce- applications-16.12.3.php -------------------------------------------------------------------------------- ================================================================================ kf5-kross-interpreters-16.12.3-1.fc24 (FEDORA-2017-ea0b07a869) Kross interpreters for KDE Frameworks 5 -------------------------------------------------------------------------------- Update Information: KDE Bindings 16.12.3, https://www.kde.org/announcements/announce- applications-16.12.3.php -------------------------------------------------------------------------------- ================================================================================ kmag-16.12.3-1.fc24 (FEDORA-2017-73f6ee75ea) A screen magnifier -------------------------------------------------------------------------------- Update Information: KDE Accessibility Applications 16.12.3, https://www.kde.org/announcements /announce-applications-16.12.3.php -------------------------------------------------------------------------------- ================================================================================ kmousetool-16.12.3-1.fc24 (FEDORA-2017-73f6ee75ea) A program that clicks the mouse for you -------------------------------------------------------------------------------- Update Information: KDE Accessibility Applications 16.12.3, https://www.kde.org/announcements /announce-applications-16.12.3.php -------------------------------------------------------------------------------- ================================================================================ kmouth-16.12.3-1.fc24 (FEDORA-2017-73f6ee75ea) A program that speaks for you -------------------------------------------------------------------------------- Update Information: KDE Accessibility Applications 16.12.3, https://www.kde.org/announcements /announce-applications-16.12.3.php -------------------------------------------------------------------------------- ================================================================================ ksystemlog-16.12.3-1.fc24 (FEDORA-2017-e211adbc17) System Log Viewer for KDE -------------------------------------------------------------------------------- Update Information: KDE Admin Applications 16.12.3, https://www.kde.org/announcements/announce- applications-16.12.3.php -------------------------------------------------------------------------------- ================================================================================ nrpe-3.0.1-6.fc24 (FEDORA-2017-8f92515d27) Host/service/network monitoring agent for Nagios -------------------------------------------------------------------------------- Update Information: Bring up nrpe to fixes in upstream git to lower noise. ---- update to 3.0.1 tree to deal with mismatch -------------------------------------------------------------------------------- References: [ 1 ] Bug #970997 - Allow multiple packets to be received https://bugzilla.redhat.com/show_bug.cgi?id=970997 [ 2 ] Bug #1236081 - nrpe: /var/run/nrpe owner mismatch https://bugzilla.redhat.com/show_bug.cgi?id=1236081 [ 3 ] Bug #1318773 - nrpe.service sets User/Group, prevents normal .cfg user/group setting https://bugzilla.redhat.com/show_bug.cgi?id=1318773 [ 4 ] Bug #1412214 - NRPE systemd service file does not support reload command https://bugzilla.redhat.com/show_bug.cgi?id=1412214 [ 5 ] Bug #1428769 - NRPE uses nagios log dir for pid file https://bugzilla.redhat.com/show_bug.cgi?id=1428769 -------------------------------------------------------------------------------- ================================================================================ ntp-4.2.6p5-44.fc24 (FEDORA-2017-72323a442f) The NTP daemon and utilities -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 CVE-2017-6458 CVE-2017-6451. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434011 - CVE-2017-6451 ntp: Improper use of snprintf() in mx4200_send() https://bugzilla.redhat.com/show_bug.cgi?id=1434011 [ 2 ] Bug #1434005 - CVE-2017-6458 ntp: Potential Overflows in ctl_put() functions https://bugzilla.redhat.com/show_bug.cgi?id=1434005 [ 3 ] Bug #1434002 - CVE-2017-6463 ntp: Authenticated DoS via Malicious Config Option https://bugzilla.redhat.com/show_bug.cgi?id=1434002 [ 4 ] Bug #1433995 - CVE-2017-6462 ntp: Buffer Overflow in DPTS Clock https://bugzilla.redhat.com/show_bug.cgi?id=1433995 [ 5 ] Bug #1433987 - CVE-2017-6464 ntp: Denial of Service via Malformed Config https://bugzilla.redhat.com/show_bug.cgi?id=1433987 -------------------------------------------------------------------------------- ================================================================================ pcs-0.9.156-2.fc24 (FEDORA-2017-7accc8010b) Pacemaker Configuration System -------------------------------------------------------------------------------- Update Information: - Security fix for CVE-2017-2661: Improper node name field validation when creating clusters leads to XSS - Re-added support for clufter as it is now available for Python 3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428948 - CVE-2017-2661 pcs: Improper node name field validation when creating clusters leads to XSS https://bugzilla.redhat.com/show_bug.cgi?id=1428948 -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-Format-Flexible-0.28-1.fc24 (FEDORA-2017-fcc7838c08) Flexibly parse strings and turn them into DateTime objects -------------------------------------------------------------------------------- Update Information: This release fixes tests to work on Perl without "." in @INC path. We deliver this release to provide up-to-date version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1435489 - perl-DateTime-Format-Flexible-0.28 is available https://bugzilla.redhat.com/show_bug.cgi?id=1435489 -------------------------------------------------------------------------------- ================================================================================ perl-HTML-Selector-XPath-0.23-1.fc24 (FEDORA-2017-4a4389246a) CSS Selector to XPath compiler -------------------------------------------------------------------------------- Update Information: ---- -------------------------------------------------------------------------------- References: [ 1 ] Bug #1435194 - Upgrade perl-HTML-Selector-XPath to 0.22 https://bugzilla.redhat.com/show_bug.cgi?id=1435194 -------------------------------------------------------------------------------- ================================================================================ pkgconf-1.3.2-1.fc24 (FEDORA-2017-5422ba5bce) Package compiler and linker metadata toolkit -------------------------------------------------------------------------------- Update Information: - **Features**: - implement `--short-errors` - **Bug fixes**: - only consider a single package at a time with `--print-requires`, `--print-requires- private`, `--print-provides`, `--modversion`, `--print-variable` and `--print- variables` - rewrite handling of `--modversion`, `--print-variables` and `--variable` to not require the dependency resolver - Enhancements: - synchronized latest freedesktop.org changes to pkg.m4 - improve error reporting with legacy `--atleast-version` and similar flags -------------------------------------------------------------------------------- ================================================================================ plasma-workspace-5.8.6-5.fc24 (FEDORA-2017-598bc8a1c3) Plasma workspace, applications and applets -------------------------------------------------------------------------------- Update Information: Pull in some 5.8 fixes, including one for a potential crash-on-logout. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434870 - plasma closed UNexpectedly during logout https://bugzilla.redhat.com/show_bug.cgi?id=1434870 -------------------------------------------------------------------------------- ================================================================================ samba-4.4.12-0.fc24 (FEDORA-2017-ab5fa91445) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-2619 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1429472 - CVE-2017-2619 samba: symlink race permits opening files outside share directory https://bugzilla.redhat.com/show_bug.cgi?id=1429472 -------------------------------------------------------------------------------- ================================================================================ sane-backends-1.0.25-7.fc24 (FEDORA-2017-0f5fe1913f) Scanner access software -------------------------------------------------------------------------------- Update Information: CVE-2017-6318 sane-backends: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server [fedora-all] ---- This update adds the "skip- adf" option to the avision driver. This let users work around problems on HP ScanJet 82xx/83xx scanners with no automatic document feeder attached. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428886 - CVE-2017-6318 sane-backends: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1428886 [ 2 ] Bug #1288712 - Fix for HP8200 scanners: ADF infinite loop [patch] https://bugzilla.redhat.com/show_bug.cgi?id=1288712 -------------------------------------------------------------------------------- ================================================================================ speedtest-cli-1.0.2-1.fc24 (FEDORA-2017-fa79b0c9f7) Command line interface for testing internet bandwidth -------------------------------------------------------------------------------- Update Information: Updated to 1.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1395369 - [abrt] speedtest-cli: ssl.py:575:read:socket.timeout: The read operation timed out https://bugzilla.redhat.com/show_bug.cgi?id=1395369 [ 2 ] Bug #1387821 - [abrt] speedtest-cli: ssl.py:570:read:socket.timeout: The read operation timed out https://bugzilla.redhat.com/show_bug.cgi?id=1387821 [ 3 ] Bug #1361822 - kpcli-3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1361822 -------------------------------------------------------------------------------- ================================================================================ tcpreplay-4.2.1-1.fc24 (FEDORA-2017-7980b5e846) Replay captured network traffic -------------------------------------------------------------------------------- Update Information: Here is what is fixed in this release: - Fix reporting of rates < 1Mbps (#348) - Option --unique-ip not working properly (#346) ---- Features and fixes include: - MAC rewriting capabilities by Pedro Arthur (#313) - Fix several issues identified by Coverity (#305) - Packet distortion --fuzz-seed option by Gabriel Ganne (#302) - Add --unique-ip-loops option to modify IPs every few loops (#296) - Netmap startup delay increase (#290) - tcpcapinfo buffer overflow vulnerablily (#278) - Update git-clone instructions by Kyle McDonald (#277) - Allow fractions for --pps option (#270) - Print per-loop stats with --stats=0 (#269) - Add protection against packet drift by Guillaume Scott (#268) - Print flow stats periodically with --stats output (#262) - Include Travis-CI build support by Ilya Shipitsin (#264) (#285) - tcpreplay won't replay all packets in a pcap file with --netmap (#255) - First and last packet times in --stats output (#239) - Switch to wire speed after 30 minutes at 6 Gbps (#210) - tcprewrite fix checksum properly for fragmented packets (#190) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1429521 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1429521 [ 2 ] Bug #1429522 - CVE-2017-6429 tcpreplay: Buffer overflow in Tcpcapinfo utility [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1429522 -------------------------------------------------------------------------------- ================================================================================ vdr-epg-daemon-1.1.114-1.fc24 (FEDORA-2017-5ea1445c73) A daemon to download EPG data from internet and manage it in a mysql database -------------------------------------------------------------------------------- Update Information: Update to 1.1.114 ---- Update to 1.1.112 ---- Update to 1.1.110 ---- Update to 1.1.108 ---- Update to 1.1.107 ---- Update to 1.1.106 ---- Update to 1.1.103 ---- Update to 1.1.102 ---- Update to 1.1.101 ---- Update to 1.1.100 ---- Update to 1.1.99 ---- Changed INIT_AFTER to mariadb.service in Make.config ---- Update to 1.1.97 ---- Update to 1.1.95 ---- Update to 1.94 ---- Update to 1.1.93 ---- Update to 1.1.91 ---- Update to 1.1.90 ---- Update to 1.1.89 -------------------------------------------------------------------------------- ================================================================================ vdr-epg2vdr-1.1.55-1.fc24 (FEDORA-2017-ef33faae02) A plugin to retrieve EPG data from a mysql database into VDR -------------------------------------------------------------------------------- Update Information: Update to 1.1.55 ---- Update to 1.1.52 ---- Update to 1.1.50 ---- Update to 1.1.49 ---- Update to 1.1.48 ---- Update to 1.1.47 ---- Update to 1.1.46 -------------------------------------------------------------------------------- ================================================================================ znc-1.6.5-1.fc24 (FEDORA-2017-2e003ea693) An advanced IRC bouncer -------------------------------------------------------------------------------- Update Information: Update to 1.6.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1429068 - znc-1.6.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1429068 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx