The following Fedora 25 Security updates need testing: Age URL 279 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 178 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 117 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 71 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 67 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 18 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e66393536 libwpd-0.10.2-1.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b97f9d82dc libmspack-0.6-0.1.alpha.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-581be259ef samba-4.5.14-0.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11 gnome-shell-3.22.3-2.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-01ab87482e httpd-2.4.27-4.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0f24bb2a9 chromium-61.0.3163.100-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-19c1fd28f5 MySQL-zrm-3.0-17.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fc4a6bd3e9 poppler-0.45.0-6.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-66aa5d1d33 git-2.9.5-2.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2008fdd7e2 perl-5.24.3-389.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-66d9113c7a ImageMagick-6.9.9.15-1.fc25 rubygem-rmagick-2.16.0-7.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2aa4d11993 openvpn-2.4.4-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c933656a2 firefox-56.0-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-238961d86d tor-0.2.9.12-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-89efe409a2 weechat-1.9.1-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-26a53ccbdf WebCalendar-1.2.9-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb10391ad mingw-poppler-0.45.0-4.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 121 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 24 https://bodhi.fedoraproject.org/updates/FEDORA-2017-504aeb74ba rpcbind-0.2.4-7.rc2.fc25 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a44008dd1d python-pysocks-1.6.7-1.fc25 19 https://bodhi.fedoraproject.org/updates/FEDORA-2017-27ed767ca1 upower-0.99.6-1.fc25 18 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2802f82ef1 webkitgtk4-2.18.0-1.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2803ce4f5 linux-firmware-20170828-77.gitb78acc9.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-00cfac3370 pungi-4.1.17-4.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-235298fa58 python-cryptography-2.0.2-2.fc25 python-cryptography-vectors-2.0.2-1.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-31d7cd5eab pyOpenSSL-16.2.0-2.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c8a36f37e audit-2.7.8-1.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd488c853f libsolv-0.6.29-2.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11 gnome-shell-3.22.3-2.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-581be259ef samba-4.5.14-0.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-103ec7f899 cups-2.2.0-10.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-66aa5d1d33 git-2.9.5-2.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fc4a6bd3e9 poppler-0.45.0-6.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b78dd48284 dbus-1.11.18-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2008fdd7e2 perl-5.24.3-389.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-655278f79b nspr-4.17.0-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-64612f6c45 vim-8.0.1171-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a45ef4d535 hwdata-0.305-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3fc5429e7e iproute-4.12.0-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c933656a2 firefox-56.0-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-eb81135947 menu-cache-1.0.2-7.D20170914git8c8534159d.fc25 The following builds have been pushed to Fedora 25 updates-testing Cython-0.27.1-1.fc25 banshee-2.6.2-27.fc25 cfitsio-3.370-10.fc25 compose-utils-0.1.17-1.fc25 cppcodec-0-0.20171002.git.65e512d.fc25 gdouros-symbola-fonts-10.0-1.fc25 gsequencer-1.0.0-1.fc25 hwdata-0.305-1.fc25 imapsync-1.836-1.fc25 logstalgia-1.0.8-1.fc25 mingw-poppler-0.45.0-4.fc25 mycli-1.13.1-1.fc25 nspr-4.17.0-1.fc25 php-cs-fixer-2.2.8-1.fc25 python-fedmsg-meta-fedora-infrastructure-0.22.0-1.fc25 rho-0.0.28-1.fc25 tio-1.24-2.fc25 vim-8.0.1171-1.fc25 youtube-dl-2017.10.01-1.fc25 Details about builds: ================================================================================ Cython-0.27.1-1.fc25 (FEDORA-2017-2dbe0946e0) A language for writing Python extension modules -------------------------------------------------------------------------------- Update Information: Update from 0.25.2 to 0.27.1, see changelog at https://github.com/cython/cython/blob/master/CHANGES.rst -------------------------------------------------------------------------------- ================================================================================ banshee-2.6.2-27.fc25 (FEDORA-2017-beaa7ab9c0) Easily import, manage, and play selections from your music collection -------------------------------------------------------------------------------- Update Information: fix .pc files in banshee-devel to have correct deps -------------------------------------------------------------------------------- ================================================================================ cfitsio-3.370-10.fc25 (FEDORA-2017-927057dc4a) Library for manipulating FITS data files -------------------------------------------------------------------------------- Update Information: Bugfix update to fix a crash with hcompress, backported fix from current cfitsio release. Cannot upgrade to newer release due to ABI changes. -------------------------------------------------------------------------------- ================================================================================ compose-utils-0.1.17-1.fc25 (FEDORA-2017-0f7bc4acd5) Utilities for working with composes -------------------------------------------------------------------------------- Update Information: Fix partial compose copy for paths ending with slash. -------------------------------------------------------------------------------- ================================================================================ cppcodec-0-0.20171002.git.65e512d.fc25 (FEDORA-2017-562d12d827) Header-only C++11 library to encode/decode base64/base64url/base32/base32hex/hex -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438775 - Review Request: cppcodec - Header-only C++11 library to encode/decode base64/base64url/base32/base32hex/hex https://bugzilla.redhat.com/show_bug.cgi?id=1438775 -------------------------------------------------------------------------------- ================================================================================ gdouros-symbola-fonts-10.0-1.fc25 (FEDORA-2017-819bca3ec9) A symbol font -------------------------------------------------------------------------------- Update Information: Update to version 10.0 -------------------------------------------------------------------------------- ================================================================================ gsequencer-1.0.0-1.fc25 (FEDORA-2017-896fc897cf) Advanced Gtk+ Sequencer audio processing engine -------------------------------------------------------------------------------- Update Information: provide patch to fix libgsequencer API reference manual -------------------------------------------------------------------------------- ================================================================================ hwdata-0.305-1.fc25 (FEDORA-2017-a45ef4d535) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information: Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ================================================================================ imapsync-1.836-1.fc25 (FEDORA-2017-700b1cfc2e) Tool to migrate email between IMAP servers -------------------------------------------------------------------------------- Update Information: Update to 1.836 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1497439 - imapsync-1.836 is available https://bugzilla.redhat.com/show_bug.cgi?id=1497439 -------------------------------------------------------------------------------- ================================================================================ logstalgia-1.0.8-1.fc25 (FEDORA-2017-a4438be495) Web server access log visualizer -------------------------------------------------------------------------------- Update Information: Update to latest upstream release logstalgia 1.0.8. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1497186 - logstalgia-1.0.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1497186 -------------------------------------------------------------------------------- ================================================================================ mingw-poppler-0.45.0-4.fc25 (FEDORA-2017-ccb10391ad) MinGW Windows Poppler library -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2017-14520. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494582 - CVE-2017-14520 poppler: Floating point exception in Splash::scaleImageYuXd() function in Splash.cc https://bugzilla.redhat.com/show_bug.cgi?id=1494582 -------------------------------------------------------------------------------- ================================================================================ mycli-1.13.1-1.fc25 (FEDORA-2017-78217acc2a) Interactive CLI for MySQL Database with auto-completion and syntax highlighting -------------------------------------------------------------------------------- Update Information: Update to latest upstream release mycli 1.13.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494810 - mycli 1.13.0 released https://bugzilla.redhat.com/show_bug.cgi?id=1494810 [ 2 ] Bug #1494825 - mycli-1.13.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1494825 -------------------------------------------------------------------------------- ================================================================================ nspr-4.17.0-1.fc25 (FEDORA-2017-655278f79b) Netscape Portable Runtime -------------------------------------------------------------------------------- Update Information: This updates nspr package to the upstream release 4.17. -------------------------------------------------------------------------------- ================================================================================ php-cs-fixer-2.2.8-1.fc25 (FEDORA-2017-60f7fedf27) A tool to automatically fix PHP code style -------------------------------------------------------------------------------- Update Information: Changelog for v2.2.8 -------------------- * bug #3052 Fix false positive warning about paths overridden by provided as command arguments (kubawerlos) * bug #3058 IsNullFixer - fix whitespace handling (roukmoute) * bug #3072 IsNullFixer - fix non_yoda_style edge case (keradus) * bug #3088 Drop dedicated Phar stub (keradus) * bug #3100 NativeFunctionInvocationFixer - Fix test if previous token is already namespace separator (SpacePossum) * bug #3104 DoctrineAnnotationIndentationFixer - Fix str_repeat() error (julienfalque) * minor #3038 Support PHP 7.2 (SpacePossum, keradus) * minor #3064 Fix couple of typos (KKSzymanowski) * minor #3078 ConfigurationResolver - hide context while including config file (keradus) * minor #3080 Direct function call instead of by string (kubawerlos) * minor #3085 CiIntegrationTest - skip when no git is available (keradus) * minor #3087 phar-stub.php - allow PHP 7.2 (keradus) -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.22.0-1.fc25 (FEDORA-2017-c9ab39d9f4) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: Update to 0.22.0 Changelog available at: https://github.com/fedora-infra/fedmsg _meta_fedora_infrastructure/blob/dcf6ee2ea004f7106a3b851bf2e05e11de2e4d30/CHANGE LOG.rst#0220 ---- Update to 0.20.0 Change log at : https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0200 ---- Update to 0.19.0 Release note at: https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0190 -------------------------------------------------------------------------------- ================================================================================ rho-0.0.28-1.fc25 (FEDORA-2017-b81927c3d7) An SSH system profiler -------------------------------------------------------------------------------- Update Information: # Testing Rho To set up Rho, you create profiles that control how to run each scan. - Authentication profiles contain user credentials for a user with sufficient authority to complete the scan (for example, a root user or one with root-level access obtained through -sudo privilege escalation). - Network profiles contain network identifiers (for example, a hostname, IP address, or range of IP addresses) and the authentication profiles to be used for a scan. Complete the following steps, repeating them as necessary to access all parts of your environment that you want to scan: 1. Create at least one authentication profile with root-level access to Rho: ``` rho auth add --name auth_name --username root_name(--sshkeyfile key_file | --password) ``` a. At the Rho vault password prompt, create a new Rho vault password. This password is required to access the encrypted Rho data, such as authentication and network profiles, scan data, and other information. b. If you did not use the sshkeyfile option to provide an SSH key for the username value, enter the password of the user with root-level access at the connection password prompt. For example, for an authentication profile where the authentication profile name is roothost1, the user with root-level access is root, and the SSH key for the user is in the path ~/.ssh/id_rsa, you would enter the following command: ``` rho auth add --name roothost1 --username root --sshkeyfile ~/.ssh/id_rsa ``` You can also use the sudo-password option to create an authentication profile for a user with root-level access who requires a password to obtain this privilege. You can use the sudo-password option with either the sshkeyfile or the password option. For example, for an authentication profile where the authentication profile name is sudouser1, the user with root-level access is sysadmin, and the access is obtained through the password option, you would enter the following command: ``` rho auth add --name sudouser1 --username sysadmin --password --sudo-password ``` After you enter this command, you are prompted to enter two passwords. First, you would enter the connection password for the username user, and then you would enter the password for the sudo command. 2. Create at least one network profile that specifies one or more network identifiers, such as a host name, an IP address, a list of IP addresses, or an IP range, and one or more authentication profiles to be used for the scan: ``` rho profile add --name profile_name --hosts host_name_or_file --auth auth_name ``` For example, for a network profile where the name of the network profile is mynetwork, the network to be scanned is the 192.0.2.0/24 subnet, and the authentication profiles that are used to run the scan are roothost1 and roothost2, you would enter the following command: ``` rho profile add --name mynetwork --hosts 192.0.2.[1:254] --auth roothost1 roothost2 ``` You can also use a file to pass in the network identifiers. If you use a file to enter multiple network identifiers, such as multiple individual IP addresses, enter each on a single line. For example, for a network profile where the path to this file is /home/user1/hosts_file, you would enter the following command: ``` rho profile add --name mynetwork --hosts /home/user1/hosts_file --auth roothost1 roothost2 ``` # Running a scan Run the scan by using the scan command, specifying a network profile for the profile option and a location to store the output as a file in the comma-separated variables (CSV) format for the reportfile option: ``` rho scan --profile profile_name --reportfile filename.csv ``` For example, if you want to use the network profile mynetwork and save the report as mynetwork_scan1.csv, you would enter the following command: ``` rho scan --profile mynetwork --reportfile mynetwork_scan1.csv ``` -------------------------------------------------------------------------------- ================================================================================ tio-1.24-2.fc25 (FEDORA-2017-0dac0d8afe) Simple TTY terminal I/O application -------------------------------------------------------------------------------- Update Information: Tio is a simple TTY terminal application which features a straightforward commandline interface to easily connect to TTY devices for basic input/output. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1497549 - Review Request: tio - Simple TTY terminal I/O application https://bugzilla.redhat.com/show_bug.cgi?id=1497549 -------------------------------------------------------------------------------- ================================================================================ vim-8.0.1171-1.fc25 (FEDORA-2017-64612f6c45) The VIM editor -------------------------------------------------------------------------------- Update Information: The newest upstream commit -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2017.10.01-1.fc25 (FEDORA-2017-ae0b3ef2b2) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to latest release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494888 - youtube-dl-2017.10.01 is available https://bugzilla.redhat.com/show_bug.cgi?id=1494888 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
