The following Fedora 25 Security updates need testing: Age URL 100 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-06f4b88ceb php-onelogin-php-saml-2.10.5-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99ad80f109 python-sleekxmpp-1.3.2-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-674d306f51 icecat-52.0.1-5.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd002b77c xorgxrdp-0.2.1-1.fc25 xrdp-0.9.2-3.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed4c9b605b php-horde-Horde-Crypt-2.7.6-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf1944f480 libpng15-1.5.28-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bad9942e42 libpng12-1.2.57-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab3acddd21 libtiff-4.0.7-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-054729ab08 xen-4.7.2-5.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cc029be02d tnef-1.4.14-1.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea86a8123b pungi-4.1.14-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a11057f70e ca-certificates-2017.2.11-1.1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-85b7d7129b flatpak-0.9.2-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a40dca1e21 gtk3-3.22.11-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aa46c8d9e0 tigervnc-1.7.1-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-37931b24eb cups-2.2.0-8.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5987ec3b8a libdrm-2.4.77-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab3acddd21 libtiff-4.0.7-4.fc25 The following builds have been pushed to Fedora 25 updates-testing GeoIP-GeoLite-data-2017.04-1.fc25 bugzilla-5.0.3-4.fc25 cacti-1.1.2-1.fc25 cups-2.2.0-8.fc25 dictd-1.12.1-14.fc25 dkms-2.3-4.20170313git974d838.fc25 dnfdragora-1.0.0-14.git20170405.cca9412.fc25 erlang-19.3.1-1.fc25 glibmm24-2.50.1-1.fc25 golang-github-calmh-du-1.0.1-1.fc25 golang-github-calmh-xdr-2.0.1-1.fc25 kompose-0.5.0-0.1.fc25 libdrm-2.4.77-1.fc25 libmediainfo-0.7.94-1.fc25 libtiff-4.0.7-4.fc25 libzen-0.4.35-1.fc25 lldpd-0.9.7-5.fc25 mediainfo-0.7.94-1.fc25 mod_lookup_identity-1.0.0-1.fc25 nfs-ganesha-2.4.5-1.fc25 nfs-utils-2.1.1-3.rc1.fc25 perl-Bot-BasicBot-0.90-1.fc25 perl-Test-Harness-3.39-1.fc25 perl-WWW-OrangeHRM-Client-0.10.3-1.fc25 python-faker-0.7.10-1.fc25 python-paho-mqtt-1.2.1-1.fc25 python-websockets-3.3-1.fc25 qemu-2.7.1-5.fc25 tigervnc-1.7.1-4.fc25 tnef-1.4.14-1.fc25 tripwire-2.4.3.5-1.fc25 xen-4.7.2-5.fc25 xonotic-0.8.2-2.fc25 Details about builds: ================================================================================ GeoIP-GeoLite-data-2017.04-1.fc25 (FEDORA-2017-9e084b541c) Free GeoLite IP geolocation country database -------------------------------------------------------------------------------- Update Information: April 2017 database update. -------------------------------------------------------------------------------- ================================================================================ bugzilla-5.0.3-4.fc25 (FEDORA-2017-f2f561c439) Bug tracking system -------------------------------------------------------------------------------- Update Information: This update of bugzilla fixes a number of small issues. The apache configuration has been amended to allow .htaccess file in Bugzilla's filetree, dependencies have been added and a fix has been backported from upstream to make bugzilla stop emitting warnings. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1403588 - /usr/share/bugzilla/assets/.htaccess: Require not allowed here https://bugzilla.redhat.com/show_bug.cgi?id=1403588 [ 2 ] Bug #1425077 - Deprecated use of Slurp https://bugzilla.redhat.com/show_bug.cgi?id=1425077 [ 3 ] Bug #1423283 - bugzilla: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1423283 -------------------------------------------------------------------------------- ================================================================================ cacti-1.1.2-1.fc25 (FEDORA-2017-90a0f034ad) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Update to 1.1.2 Release notes: http://www.cacti.net/release_notes_1_1_2.php -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438425 - cacti-1.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438425 -------------------------------------------------------------------------------- ================================================================================ cups-2.2.0-8.fc25 (FEDORA-2017-37931b24eb) CUPS printing system -------------------------------------------------------------------------------- Update Information: Updated cups-resolv_reload.patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437065 - CUPS does not recognize changes to /etc/resolv.conf until CUPS restart https://bugzilla.redhat.com/show_bug.cgi?id=1437065 -------------------------------------------------------------------------------- ================================================================================ dictd-1.12.1-14.fc25 (FEDORA-2017-91c3605490) DICT protocol (RFC 2229) server and command-line client -------------------------------------------------------------------------------- Update Information: Unify SPEC file to one version for all distributions. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1116553 - Make available for EPEL-6 https://bugzilla.redhat.com/show_bug.cgi?id=1116553 -------------------------------------------------------------------------------- ================================================================================ dkms-2.3-4.20170313git974d838.fc25 (FEDORA-2017-479d0d652a) Dynamic Kernel Module Support Framework -------------------------------------------------------------------------------- Update Information: Do not attempt to always install the "base" kernel-devel package even if the correct variant is already installed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1421106 - Switch from Requires kernel-devel to kernel-devel-uname-r https://bugzilla.redhat.com/show_bug.cgi?id=1421106 [ 2 ] Bug #1436840 - on i386, dkms specifically requires kernel-devel and not kernel-PAE-devel https://bugzilla.redhat.com/show_bug.cgi?id=1436840 -------------------------------------------------------------------------------- ================================================================================ dnfdragora-1.0.0-14.git20170405.cca9412.fc25 (FEDORA-2017-790958037b) DNF package-manager based on libYui abstraction -------------------------------------------------------------------------------- Update Information: * Updated to snapshot fixing maximum recursion depth exceeded * Updated to snapshot fixing several translations * Updated to snapshot with improved icons and some fixed translations -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 -------------------------------------------------------------------------------- ================================================================================ erlang-19.3.1-1.fc25 (FEDORA-2017-9330b0c270) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information: * Ver. 19.3.1 -------------------------------------------------------------------------------- ================================================================================ glibmm24-2.50.1-1.fc25 (FEDORA-2017-b8a057f824) C++ interface for the GLib library -------------------------------------------------------------------------------- Update Information: glibmm 2.50.1 release. For details, see https://mail.gnome.org/archives/ftp- release-list/2017-April/msg00003.html -------------------------------------------------------------------------------- ================================================================================ golang-github-calmh-du-1.0.1-1.fc25 (FEDORA-2017-9345fbbe3b) Disk Usage Information library for Go -------------------------------------------------------------------------------- Update Information: Update to version 1.0.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439413 - golang-github-calmh-du-v1.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1439413 -------------------------------------------------------------------------------- ================================================================================ golang-github-calmh-xdr-2.0.1-1.fc25 (FEDORA-2017-39b2f0be1f) XDR enc/decoder for Go -------------------------------------------------------------------------------- Update Information: Update to version 2.0.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439422 - golang-github-calmh-xdr-v2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1439422 -------------------------------------------------------------------------------- ================================================================================ kompose-0.5.0-0.1.fc25 (FEDORA-2017-f75505a9f3) Tool to move from 'docker-compose' to Kubernetes -------------------------------------------------------------------------------- Update Information: Update to kompose version 0.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1435032 - kompose-v0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1435032 -------------------------------------------------------------------------------- ================================================================================ libdrm-2.4.77-1.fc25 (FEDORA-2017-5987ec3b8a) Direct Rendering Manager runtime library -------------------------------------------------------------------------------- Update Information: Update to 2.4.77 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438788 - libdrm-2.4.77 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438788 -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.94-1.fc25 (FEDORA-2017-acf906d16f) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Updae to last MediaInfo release. -------------------------------------------------------------------------------- ================================================================================ libtiff-4.0.7-4.fc25 (FEDORA-2017-ab3acddd21) Library of functions for manipulating TIFF format image files -------------------------------------------------------------------------------- Update Information: Security fix for: * **CVE-2016-10266** * **CVE-2016-10267** * **CVE-2016-10268** * **CVE-2016-10269** * **CVE-2016-10270** * **CVE-2016-10271** * **CVE-2016-10272** -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438472 - CVE-2016-10266 libtiff: Divide-by-zero in tif_read.c https://bugzilla.redhat.com/show_bug.cgi?id=1438472 [ 2 ] Bug #1438458 - CVE-2016-10272 libtiff: Heap-based buffer overflow in tif_next.c https://bugzilla.redhat.com/show_bug.cgi?id=1438458 [ 3 ] Bug #1438453 - CVE-2016-10271 libtiff: Heap-based buffer overflow in tif_fax3.c https://bugzilla.redhat.com/show_bug.cgi?id=1438453 [ 4 ] Bug #1438449 - CVE-2016-10267 libtiff: Divide-by-zero in tif_ojpeg.c https://bugzilla.redhat.com/show_bug.cgi?id=1438449 [ 5 ] Bug #1438447 - CVE-2016-10268 libtiff: Integer underflow in tiffcp.c https://bugzilla.redhat.com/show_bug.cgi?id=1438447 [ 6 ] Bug #1438443 - CVE-2016-10269 libtiff: Heap-based buffer overflow in tiff_unix.c https://bugzilla.redhat.com/show_bug.cgi?id=1438443 [ 7 ] Bug #1438441 - CVE-2016-10270 libtiff: Heap-based buffer overflow in tiff_read.c https://bugzilla.redhat.com/show_bug.cgi?id=1438441 -------------------------------------------------------------------------------- ================================================================================ libzen-0.4.35-1.fc25 (FEDORA-2017-acf906d16f) Shared library for libmediainfo and medianfo* -------------------------------------------------------------------------------- Update Information: Updae to last MediaInfo release. -------------------------------------------------------------------------------- ================================================================================ lldpd-0.9.7-5.fc25 (FEDORA-2017-77fac90af3) ISC-licensed implementation of LLDP -------------------------------------------------------------------------------- Update Information: New package for the LLDP daemon -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438853 - Review Request: lldpd - an ISC-licensed implementation of LLDP https://bugzilla.redhat.com/show_bug.cgi?id=1438853 -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.94-1.fc25 (FEDORA-2017-acf906d16f) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Updae to last MediaInfo release. -------------------------------------------------------------------------------- ================================================================================ mod_lookup_identity-1.0.0-1.fc25 (FEDORA-2017-2bcf178aad) Apache module to retrieve additional information about the authenticated user -------------------------------------------------------------------------------- Update Information: Rebase to new upstream version 1.0.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439711 - mod_lookup_identity-1.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1439711 -------------------------------------------------------------------------------- ================================================================================ nfs-ganesha-2.4.5-1.fc25 (FEDORA-2017-b1c73f9b1c) NFS-Ganesha is a NFS Server running in user space -------------------------------------------------------------------------------- Update Information: nfs-ganesha 2.4.5 GA -------------------------------------------------------------------------------- ================================================================================ nfs-utils-2.1.1-3.rc1.fc25 (FEDORA-2017-2174db6c24) NFS utilities and supporting clients and daemons for the kernel NFS server -------------------------------------------------------------------------------- Update Information: Added gssproxy server config file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431272 - Please ship gssproxy configuration snippet with NFS server https://bugzilla.redhat.com/show_bug.cgi?id=1431272 -------------------------------------------------------------------------------- ================================================================================ perl-Bot-BasicBot-0.90-1.fc25 (FEDORA-2017-5919906eae) Simple IRC bot base class -------------------------------------------------------------------------------- Update Information: This release fixes setting raw_nick on chainjoin. It also updates the documentation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439415 - perl-Bot-BasicBot-0.90 is available https://bugzilla.redhat.com/show_bug.cgi?id=1439415 -------------------------------------------------------------------------------- ================================================================================ perl-Test-Harness-3.39-1.fc25 (FEDORA-2017-61a688bf80) Run Perl standard test scripts with statistics -------------------------------------------------------------------------------- Update Information: This release fixes internal tests wheb builing on Perl without "." in @INC path. We deliver it only to provide an up-to-date version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439716 - perl-Test-Harness-3.39 is available https://bugzilla.redhat.com/show_bug.cgi?id=1439716 -------------------------------------------------------------------------------- ================================================================================ perl-WWW-OrangeHRM-Client-0.10.3-1.fc25 (FEDORA-2017-fa46b4c0df) Client for OrangeHRM -------------------------------------------------------------------------------- Update Information: This release fixes dispaying a time sheet status. -------------------------------------------------------------------------------- ================================================================================ python-faker-0.7.10-1.fc25 (FEDORA-2017-9876e71eaf) Faker is a Python package that generates fake data for you -------------------------------------------------------------------------------- Update Information: Version 0.7.10 and remove huge man page -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438776 - manpage faker.1.gz is huge https://bugzilla.redhat.com/show_bug.cgi?id=1438776 -------------------------------------------------------------------------------- ================================================================================ python-paho-mqtt-1.2.1-1.fc25 (FEDORA-2017-1368a69b54) A Python MQTT version 3.1/3.1.1 client class -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.2.1 -------------------------------------------------------------------------------- ================================================================================ python-websockets-3.3-1.fc25 (FEDORA-2017-d437c207c8) An implementation of the WebSocket Protocol for python with asyncio -------------------------------------------------------------------------------- Update Information: Update to 3.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437285 - python-websockets-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1437285 -------------------------------------------------------------------------------- ================================================================================ qemu-2.7.1-5.fc25 (FEDORA-2017-96a7189749) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: Worka round hangs with recent glib (bz #1435432) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1435432 - Emulated ISA serial port hangs randomly when sending lots of data from guest -> host https://bugzilla.redhat.com/show_bug.cgi?id=1435432 [ 2 ] Bug #761102 - Improve man page https://bugzilla.redhat.com/show_bug.cgi?id=761102 -------------------------------------------------------------------------------- ================================================================================ tigervnc-1.7.1-4.fc25 (FEDORA-2017-aa46c8d9e0) A TigerVNC remote display system -------------------------------------------------------------------------------- Update Information: Add systemd unit file for Xvnc. -------------------------------------------------------------------------------- ================================================================================ tnef-1.4.14-1.fc25 (FEDORA-2017-cc029be02d) Extract files from email attachments like WINMAIL.DAT -------------------------------------------------------------------------------- Update Information: Release 1.4.14 includes security bug fixes introduced in 1.4.13 and a further bug fix. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427434 - CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1427434 -------------------------------------------------------------------------------- ================================================================================ tripwire-2.4.3.5-1.fc25 (FEDORA-2017-f6038624d1) IDS (Intrusion Detection System) -------------------------------------------------------------------------------- Update Information: update to 2.4.3.5 -------------------------------------------------------------------------------- ================================================================================ xen-4.7.2-5.fc25 (FEDORA-2017-054729ab08) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Qemu: 9pfs: host memory leakage via v9fs_create [CVE-2017-7377] (#1437873) x86: broken check in memory_exchange() permits PV guest breakout [XSA-212, CVE-2017-7228] (#1438804) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437871 - CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create https://bugzilla.redhat.com/show_bug.cgi?id=1437871 [ 2 ] Bug #1434741 - CVE-2017-7228 xsa212 xen: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212) https://bugzilla.redhat.com/show_bug.cgi?id=1434741 -------------------------------------------------------------------------------- ================================================================================ xonotic-0.8.2-2.fc25 (FEDORA-2017-f2d32dbc45) Multiplayer, deathmatch oriented first person shooter -------------------------------------------------------------------------------- Update Information: Build dedicated server. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203793 - xonotic-dedicated fails to build https://bugzilla.redhat.com/show_bug.cgi?id=1203793 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx