The following Fedora 24 Security updates need testing: Age URL 107 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 100 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 62 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 43 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-68cdc567e9 php-onelogin-php-saml-2.10.5-1.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f5fe1913f sane-backends-1.0.25-7.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-72323a442f ntp-4.2.6p5-44.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97e65f13bb python-sleekxmpp-1.3.2-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-712a186f5f icecat-52.0.1-5.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec01954fe9 chromium-57.0.2987.133-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-174cb400d7 flatpak-0.8.5-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8eac23007d xorgxrdp-0.2.1-1.fc24 xrdp-0.9.2-3.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2a3e6fa12 php-horde-Horde-Crypt-2.7.6-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-66fd940572 libpng15-1.5.28-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-84bc8ac268 libpng12-1.2.57-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a66ca10c22 tigervnc-1.7.1-4.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-03dc811be6 xen-4.6.5-5.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7de130a80d tnef-1.4.14-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3d7c3f66ae pcre-8.40-6.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-47eb254e1c vim-8.0.514-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-58d5521965 linux-firmware-20170313-72.git695f2d6d.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6189eb6f22 gvfs-1.28.4-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e50ea71b16 audit-2.7.4-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-579411a8a3 nss-3.29.3-1.1.fc24 nss-util-3.29.3-1.1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c372fa4dbc sudo-1.8.19p2-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3e90bdded7 p11-kit-0.23.2-3.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1739c0ed1b hwdata-0.299-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3753e75f72 ca-certificates-2017.2.11-1.1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-85f5f525f1 firefox-52.0.2-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-61498b10c5 cups-2.1.4-6.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8cdabb9700 libdrm-2.4.77-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a66ca10c22 tigervnc-1.7.1-4.fc24 The following builds have been pushed to Fedora 24 updates-testing GeoIP-GeoLite-data-2017.04-1.fc24 aide-0.16-2.fc24 cacti-1.1.2-1.fc24 cups-2.1.4-6.fc24 dictd-1.12.1-14.fc24 dkms-2.3-4.20170313git974d838.fc24 golang-github-calmh-du-1.0.1-1.fc24 golang-github-calmh-xdr-2.0.1-1.fc24 kompose-0.5.0-0.1.fc24 libdrm-2.4.77-1.fc24 libmediainfo-0.7.94-1.fc24 libzen-0.4.35-1.fc24 lldpd-0.9.7-5.fc24 mediainfo-0.7.94-1.fc24 nfs-ganesha-2.4.5-1.fc24 perl-Bot-BasicBot-0.90-1.fc24 perl-Test-Harness-3.39-1.fc24 perl-WWW-OrangeHRM-Client-0.10.3-1.fc24 tigervnc-1.7.1-4.fc24 tnef-1.4.14-1.fc24 tripwire-2.4.3.5-1.fc24 xen-4.6.5-5.fc24 Details about builds: ================================================================================ GeoIP-GeoLite-data-2017.04-1.fc24 (FEDORA-2017-135e9fe8b9) Free GeoLite IP geolocation country database -------------------------------------------------------------------------------- Update Information: April 2017 database update. -------------------------------------------------------------------------------- ================================================================================ aide-0.16-2.fc24 (FEDORA-2017-a2d1c00128) Intrusion detection environment -------------------------------------------------------------------------------- Update Information: fixed upstream link -------------------------------------------------------------------------------- References: [ 1 ] Bug #1421355 - aide contrib directory is not readable https://bugzilla.redhat.com/show_bug.cgi?id=1421355 [ 2 ] Bug #1421351 - /sbin/aide is not readable by non root https://bugzilla.redhat.com/show_bug.cgi?id=1421351 -------------------------------------------------------------------------------- ================================================================================ cacti-1.1.2-1.fc24 (FEDORA-2017-00ea2b4508) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Update to 1.1.2 Release notes: http://www.cacti.net/release_notes_1_1_2.php -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438425 - cacti-1.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438425 -------------------------------------------------------------------------------- ================================================================================ cups-2.1.4-6.fc24 (FEDORA-2017-61498b10c5) CUPS printing system -------------------------------------------------------------------------------- Update Information: Updated resolv_reload.patch ---- Temporarily removing resolv_reload patch. ---- 1437065 - CUPS does not recognize changes to /etc/resolv.conf until CUPS restart -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437065 - CUPS does not recognize changes to /etc/resolv.conf until CUPS restart https://bugzilla.redhat.com/show_bug.cgi?id=1437065 -------------------------------------------------------------------------------- ================================================================================ dictd-1.12.1-14.fc24 (FEDORA-2017-dbbb1a8611) DICT protocol (RFC 2229) server and command-line client -------------------------------------------------------------------------------- Update Information: Unify SPEC file to one version for all distributions. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1116553 - Make available for EPEL-6 https://bugzilla.redhat.com/show_bug.cgi?id=1116553 -------------------------------------------------------------------------------- ================================================================================ dkms-2.3-4.20170313git974d838.fc24 (FEDORA-2017-1f4b32cc3e) Dynamic Kernel Module Support Framework -------------------------------------------------------------------------------- Update Information: Do not attempt to always install the "base" kernel-devel package even if the correct variant is already installed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1421106 - Switch from Requires kernel-devel to kernel-devel-uname-r https://bugzilla.redhat.com/show_bug.cgi?id=1421106 [ 2 ] Bug #1436840 - on i386, dkms specifically requires kernel-devel and not kernel-PAE-devel https://bugzilla.redhat.com/show_bug.cgi?id=1436840 -------------------------------------------------------------------------------- ================================================================================ golang-github-calmh-du-1.0.1-1.fc24 (FEDORA-2017-49ed64b17c) Disk Usage Information library for Go -------------------------------------------------------------------------------- Update Information: Update to version 1.0.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439413 - golang-github-calmh-du-v1.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1439413 -------------------------------------------------------------------------------- ================================================================================ golang-github-calmh-xdr-2.0.1-1.fc24 (FEDORA-2017-1c2062acd3) XDR enc/decoder for Go -------------------------------------------------------------------------------- Update Information: Update to version 2.0.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439422 - golang-github-calmh-xdr-v2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1439422 -------------------------------------------------------------------------------- ================================================================================ kompose-0.5.0-0.1.fc24 (FEDORA-2017-c5a4287811) Tool to move from 'docker-compose' to Kubernetes -------------------------------------------------------------------------------- Update Information: Update to kompose version 0.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1435032 - kompose-v0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1435032 -------------------------------------------------------------------------------- ================================================================================ libdrm-2.4.77-1.fc24 (FEDORA-2017-8cdabb9700) Direct Rendering Manager runtime library -------------------------------------------------------------------------------- Update Information: Update to 2.4.77 ---- Update to 2.4.76 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438788 - libdrm-2.4.77 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438788 [ 2 ] Bug #1437275 - libdrm-2.4.76 is available https://bugzilla.redhat.com/show_bug.cgi?id=1437275 -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.94-1.fc24 (FEDORA-2017-a34e8d0ad4) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Updae to last MediaInfo release. -------------------------------------------------------------------------------- ================================================================================ libzen-0.4.35-1.fc24 (FEDORA-2017-a34e8d0ad4) Shared library for libmediainfo and medianfo* -------------------------------------------------------------------------------- Update Information: Updae to last MediaInfo release. -------------------------------------------------------------------------------- ================================================================================ lldpd-0.9.7-5.fc24 (FEDORA-2017-8363c4e8ec) ISC-licensed implementation of LLDP -------------------------------------------------------------------------------- Update Information: New package for the LLDP daemon -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438853 - Review Request: lldpd - an ISC-licensed implementation of LLDP https://bugzilla.redhat.com/show_bug.cgi?id=1438853 -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.94-1.fc24 (FEDORA-2017-a34e8d0ad4) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Updae to last MediaInfo release. -------------------------------------------------------------------------------- ================================================================================ nfs-ganesha-2.4.5-1.fc24 (FEDORA-2017-c31a5f3887) NFS-Ganesha is a NFS Server running in user space -------------------------------------------------------------------------------- Update Information: nfs-ganesha 2.4.5 GA -------------------------------------------------------------------------------- ================================================================================ perl-Bot-BasicBot-0.90-1.fc24 (FEDORA-2017-de509aceb6) Simple IRC bot base class -------------------------------------------------------------------------------- Update Information: This release fixes setting raw_nick on chainjoin. It also updates the documentation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439415 - perl-Bot-BasicBot-0.90 is available https://bugzilla.redhat.com/show_bug.cgi?id=1439415 -------------------------------------------------------------------------------- ================================================================================ perl-Test-Harness-3.39-1.fc24 (FEDORA-2017-623c26406e) Run Perl standard test scripts with statistics -------------------------------------------------------------------------------- Update Information: This release fixes internal tests wheb builing on Perl without "." in @INC path. We deliver it only to provide an up-to-date version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439716 - perl-Test-Harness-3.39 is available https://bugzilla.redhat.com/show_bug.cgi?id=1439716 -------------------------------------------------------------------------------- ================================================================================ perl-WWW-OrangeHRM-Client-0.10.3-1.fc24 (FEDORA-2017-fd9ba5c327) Client for OrangeHRM -------------------------------------------------------------------------------- Update Information: This release fixes dispaying a time sheet status. -------------------------------------------------------------------------------- ================================================================================ tigervnc-1.7.1-4.fc24 (FEDORA-2017-a66ca10c22) A TigerVNC remote display system -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396. Add systemd unit file for Xvnc. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438703 - CVE-2017-7396 tigervnc: SecurityServer and ClientServer memory leaks https://bugzilla.redhat.com/show_bug.cgi?id=1438703 [ 2 ] Bug #1438701 - CVE-2017-7395 tigervnc: Integer overflow in SMsgReader::readClientCutText https://bugzilla.redhat.com/show_bug.cgi?id=1438701 [ 3 ] Bug #1438700 - CVE-2017-7394 tigervnc: Server crash via long usernames https://bugzilla.redhat.com/show_bug.cgi?id=1438700 [ 4 ] Bug #1438697 - CVE-2017-7393 tigervnc: Double free via crafted fences https://bugzilla.redhat.com/show_bug.cgi?id=1438697 [ 5 ] Bug #1438694 - CVE-2017-7392 tigervnc: SSecurityVeNCrypt memory leak https://bugzilla.redhat.com/show_bug.cgi?id=1438694 -------------------------------------------------------------------------------- ================================================================================ tnef-1.4.14-1.fc24 (FEDORA-2017-7de130a80d) Extract files from email attachments like WINMAIL.DAT -------------------------------------------------------------------------------- Update Information: Release 1.4.14 includes security bug fixes introduced in 1.4.13 and a further bug fix. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427434 - CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1427434 -------------------------------------------------------------------------------- ================================================================================ tripwire-2.4.3.5-1.fc24 (FEDORA-2017-3e7578a2b8) IDS (Intrusion Detection System) -------------------------------------------------------------------------------- Update Information: update to 2.4.3.5 -------------------------------------------------------------------------------- ================================================================================ xen-4.6.5-5.fc24 (FEDORA-2017-03dc811be6) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Qemu: 9pfs: host memory leakage via v9fs_create [CVE-2017-7377] (#1437873) ---- add additional patch for [XSA-206] (#1436690) ---- xenstore denial of service via repeated update [XSA-206] (#1436690) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437871 - CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create https://bugzilla.redhat.com/show_bug.cgi?id=1437871 [ 2 ] Bug #1434741 - CVE-2017-7228 xsa212 xen: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212) https://bugzilla.redhat.com/show_bug.cgi?id=1434741 [ 3 ] Bug #1433879 - xsa206 xen: xenstore denial of service via repeated update (XSA-206) https://bugzilla.redhat.com/show_bug.cgi?id=1433879 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
