The following Fedora 24 Security updates need testing: Age URL 105 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 98 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 61 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 41 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 18 https://bodhi.fedoraproject.org/updates/FEDORA-2017-68cdc567e9 php-onelogin-php-saml-2.10.5-1.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f5fe1913f sane-backends-1.0.25-7.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-72323a442f ntp-4.2.6p5-44.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97e65f13bb python-sleekxmpp-1.3.2-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e6419b416d xen-4.6.5-4.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-712a186f5f icecat-52.0.1-5.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-461ce095b5 samba-4.4.13-0.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec01954fe9 chromium-57.0.2987.133-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8eac23007d xorgxrdp-0.2.1-1.fc24 xrdp-0.9.2-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-174cb400d7 flatpak-0.8.5-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2a3e6fa12 php-horde-Horde-Crypt-2.7.6-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-66fd940572 libpng15-1.5.28-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-84bc8ac268 libpng12-1.2.57-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3d7c3f66ae pcre-8.40-6.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-47eb254e1c vim-8.0.514-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-58d5521965 linux-firmware-20170313-72.git695f2d6d.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6189eb6f22 gvfs-1.28.4-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e50ea71b16 audit-2.7.4-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-470e502a7d libdrm-2.4.76-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-461ce095b5 samba-4.4.13-0.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-19ab04c1b9 cups-2.1.4-5.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-85f5f525f1 firefox-52.0.2-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-579411a8a3 nss-3.29.3-1.1.fc24 nss-util-3.29.3-1.1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c372fa4dbc sudo-1.8.19p2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3e90bdded7 p11-kit-0.23.2-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1739c0ed1b hwdata-0.299-1.fc24 The following builds have been pushed to Fedora 24 updates-testing cups-2.1.4-5.fc24 firefox-52.0.2-2.fc24 libglvnd-0.2.999-14.20170308git8e6e102.fc24 libpng12-1.2.57-1.fc24 libpng15-1.5.28-1.fc24 notmuch-0.24.1-1.fc24 php-composer-spdx-licenses-1.1.6-1.fc24 php-horde-Horde-Crypt-2.7.6-1.fc24 python-pygatt-3.1.1-1.fc24 xorgxrdp-0.2.1-1.fc24 xrdp-0.9.2-3.fc24 yakuake-3.0.4-1.fc24 Details about builds: ================================================================================ cups-2.1.4-5.fc24 (FEDORA-2017-19ab04c1b9) CUPS printing system -------------------------------------------------------------------------------- Update Information: Temporarily removing resolv_reload patch. ---- 1437065 - CUPS does not recognize changes to /etc/resolv.conf until CUPS restart -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437065 - CUPS does not recognize changes to /etc/resolv.conf until CUPS restart https://bugzilla.redhat.com/show_bug.cgi?id=1437065 -------------------------------------------------------------------------------- ================================================================================ firefox-52.0.2-2.fc24 (FEDORA-2017-85f5f525f1) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: - New upstream (52.0.2) - mozbz#1348576 - enable e10s for selected users - mozbz#1158076 - enable dark theme by pref ---- - fixed Bug 1435964 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1435964 - [Regression] with the dark theme, URLs are barely readable any more https://bugzilla.redhat.com/show_bug.cgi?id=1435964 -------------------------------------------------------------------------------- ================================================================================ libglvnd-0.2.999-14.20170308git8e6e102.fc24 (FEDORA-2017-e74215f61f) The GL Vendor-Neutral Dispatch library -------------------------------------------------------------------------------- Update Information: * Fix conditionals for _without_mesa_glvnd_default * Fix other RHEL- conditionals, too * Update RPM filters for private libraries (includes GLX, fixes RHEL 6). * Update to latest snapshot, remove upstreamed patches. * Update release to packaging guidelines format. * Make sure that for Fedora 24 and RHEL the libraries are always private. -------------------------------------------------------------------------------- ================================================================================ libpng12-1.2.57-1.fc24 (FEDORA-2017-84bc8ac268) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information: * Update to upstream release **1.2.57**. * Fixes **CVE-2016-10087**. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409617 - CVE-2016-10087 libpng: NULL pointer dereference in png_set_text_2() https://bugzilla.redhat.com/show_bug.cgi?id=1409617 -------------------------------------------------------------------------------- ================================================================================ libpng15-1.5.28-1.fc24 (FEDORA-2017-66fd940572) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information: * Update to upstream release **1.5.28**. * Fixes **CVE-2016-10087**. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409617 - CVE-2016-10087 libpng: NULL pointer dereference in png_set_text_2() https://bugzilla.redhat.com/show_bug.cgi?id=1409617 -------------------------------------------------------------------------------- ================================================================================ notmuch-0.24.1-1.fc24 (FEDORA-2017-e277fbdcb5) System for indexing, searching, and tagging email -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438206 - notmuch-0.24.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438206 -------------------------------------------------------------------------------- ================================================================================ php-composer-spdx-licenses-1.1.6-1.fc24 (FEDORA-2017-00322ab650) SPDX licenses list and validation library -------------------------------------------------------------------------------- Update Information: **Version 1.1.6** - 2017-04-03 * Changed: updated licenses list. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Crypt-2.7.6-1.fc24 (FEDORA-2017-e2a3e6fa12) Horde Cryptography API -------------------------------------------------------------------------------- Update Information: **Horde_Crypt 2.7.6** * [mjr] SECURITY: Fix remote code execution vulnerability (**CVE-2017-7413**, and **CVE-2017-7414**). -------------------------------------------------------------------------------- ================================================================================ python-pygatt-3.1.1-1.fc24 (FEDORA-2017-fe5ea84216) A Python Module for Bluetooth LE Generic Attribute Profile -------------------------------------------------------------------------------- Update Information: Update to latest upstream release 3.1.1 -------------------------------------------------------------------------------- ================================================================================ xorgxrdp-0.2.1-1.fc24 (FEDORA-2017-8eac23007d) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information: New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX codec support is now enabled by default. - Bitmap updates support is now enabled by default. - TLS ciphers suites and version is now logged. - Connected computer name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. - Miscellaneous RemoteFX codec mode improvements. - Socket directory is configurable at the compile time. Bugfixes in xrdp: - Parallels client for MacOS / iOS can now connect (audio redirection must be disabled on client or xrdp server though). - MS RDP client for iOS can now connect using TLS security layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions (4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored and rdp security layer could be used instead. - Kill disconnected sessions feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc- minimal. VNC is still the default. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1433959 -------------------------------------------------------------------------------- ================================================================================ xrdp-0.9.2-3.fc24 (FEDORA-2017-8eac23007d) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information: New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX codec support is now enabled by default. - Bitmap updates support is now enabled by default. - TLS ciphers suites and version is now logged. - Connected computer name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. - Miscellaneous RemoteFX codec mode improvements. - Socket directory is configurable at the compile time. Bugfixes in xrdp: - Parallels client for MacOS / iOS can now connect (audio redirection must be disabled on client or xrdp server though). - MS RDP client for iOS can now connect using TLS security layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions (4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored and rdp security layer could be used instead. - Kill disconnected sessions feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc- minimal. VNC is still the default. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1433959 -------------------------------------------------------------------------------- ================================================================================ yakuake-3.0.4-1.fc24 (FEDORA-2017-6fb147e762) A drop-down terminal emulator -------------------------------------------------------------------------------- Update Information: Latest upstream bugfix release. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
