The following Fedora 25 Security updates need testing: Age URL 289 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 188 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 127 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 82 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 78 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 29 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e66393536 libwpd-0.10.2-1.fc25 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11 gnome-shell-3.22.3-2.fc25 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-01ab87482e httpd-2.4.27-4.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0f24bb2a9 chromium-61.0.3163.100-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2aa4d11993 openvpn-2.4.4-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-89efe409a2 weechat-1.9.1-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e5ac0896e botan-1.10.17-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24 dnsmasq-2.76-4.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d345f250a nagios-4.3.4-3.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4dfebebd39 recode-3.6-43.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6bbb922009 check-mk-1.2.8p26-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8f7bca960b golang-1.7.6-3.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-caafcbd6b9 upx-3.94-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-042c59fab9 nodejs-forwarded-0.1.2-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-52f233a4f5 procmail-3.22-44.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-15987a1b7f SDL2_image-2.0.1-8.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-805d9423f8 poppler-0.45.0-9.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b7c4334524 libXfont-1.5.2-5.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3c5282ada7 rubygem-rmagick-2.16.0-8.fc25 ImageMagick-6.9.9.19-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-88a1f4854d sssd-1.15.3-5.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2b28a055f2 tnef-1.4.15-1.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 132 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 35 https://bodhi.fedoraproject.org/updates/FEDORA-2017-504aeb74ba rpcbind-0.2.4-7.rc2.fc25 31 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a44008dd1d python-pysocks-1.6.7-1.fc25 29 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2802f82ef1 webkitgtk4-2.18.0-1.fc25 29 https://bodhi.fedoraproject.org/updates/FEDORA-2017-27ed767ca1 upower-0.99.6-1.fc25 23 https://bodhi.fedoraproject.org/updates/FEDORA-2017-235298fa58 python-cryptography-2.0.2-2.fc25 python-cryptography-vectors-2.0.2-1.fc25 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2803ce4f5 linux-firmware-20170828-77.gitb78acc9.fc25 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11 gnome-shell-3.22.3-2.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b78dd48284 dbus-1.11.18-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3fc5429e7e iproute-4.12.0-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-eb81135947 menu-cache-1.0.2-7.D20170914git8c8534159d.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-655278f79b nspr-4.17.0-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-64612f6c45 vim-8.0.1171-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a45ef4d535 hwdata-0.305-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1391851bdb vte291-0.46.3-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8d6667b0ae sudo-1.8.21p2-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ad5b0243eb libguestfs-1.36.7-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0803060361 nss-3.33.0-1.0.fc25 nss-softokn-3.33.0-1.0.fc25 nss-util-3.33.0-1.0.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5324f52b3d koji-1.14.0-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24 dnsmasq-2.76-4.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-00cfac3370 pungi-4.1.19-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36afbbe07 p11-kit-0.23.9-2.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ae3e7ab916 glusterfs-3.10.6-3.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f7fefa567 firefox-56.0-5.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-41e6f8d803 breeze-icon-theme-5.38.0-2.fc25 extra-cmake-modules-5.38.0-2.fc25 kf5-5.38.0-1.fc25 kf5-attica-5.38.0-1.fc25 kf5-baloo-5.38.0-1.fc25 kf5-bluez-qt-5.38.0-1.fc25 kf5-frameworkintegration-5.38.0-1.fc25 kf5-kactivities-5.38.0-1.fc25 kf5-kactivities-stats-5.38.0-1.fc25 kf5-kapidox-5.38.0-1.fc25 kf5-karchive-5.38.0-1.fc25 kf5-kauth-5.38.0-1.fc25 kf5-kbookmarks-5.38.0-1.fc25 kf5-kcmutils-5.38.0-1.fc25 kf5-kcodecs-5.38.0-1.fc25 kf5-kcompletion-5.38.0-1.fc25 kf5-kconfig-5.38.0-5.fc25 kf5-kconfigwidgets-5.38.0-1.fc25 kf5-kcoreaddons-5.38.0-1.fc25 kf5-kcrash-5.38.0-1.fc25 kf5-kdbusaddons-5.38.0-1.fc25 kf5-kdeclarative-5.38.0-1.fc25 kf5-kded-5.38.0-1.fc25 kf5-kdelibs4support-5.38.0-1.fc25 kf5-kdesignerplugin-5.38.0-1.fc25 kf5-kdesu-5.38.0-1.fc25 kf5-kdewebkit-5.38.0-1.fc25 kf5-kdnssd-5.38.0-1.fc25 kf5-kdoctools-5.38.0-1.fc25 kf5-kemoticons-5.38.0-1.fc25 kf5-kfilemetadata-5.38.0-1.fc25 kf5-kglobalaccel-5.38.1-1.fc25 kf5-kguiad dons-5.38.0-1.fc25 kf5-khtml-5.38.0-1.fc25 kf5-ki18n-5.38.0-1.fc25 kf5-kiconthemes-5.38.0-1.fc25 kf5-kidletime-5.38.0-1.fc25 kf5-kimageformats-5.38.0-1.fc25 kf5-kinit-5.38.0-1.fc25 kf5-kio-5.38.0-1.fc25 kf5-kitemmodels-5.38.0-1.fc25 kf5-kitemviews-5.38.0-1.fc25 kf5-kjobwidgets-5.38.0-1.fc25 kf5-kjs-5.38.0-1.fc25 kf5-kjsembed-5.38.0-1.fc25 kf5-kmediaplayer-5.38.0-1.fc25 kf5-knewstuff-5.38.0-1.fc25 kf5-knotifications-5.38.0-1.fc25 kf5-knotifyconfig-5.38.0-1.fc25 kf5-kpackage-5.38.0-1.fc25 kf5-kparts-5.38.0-1.fc25 kf5-kpeople-5.38.0-1.fc25 kf5-kplotting-5.38.0-1.fc25 kf5-kpty-5.38.0-1.fc25 kf5-kross-5.38.0-1.fc25 kf5-krunner-5.38.0-1.fc25 kf5-kservice-5.38.0-1.fc25 kf5-ktexteditor-5.38.0-2.fc25 kf5-ktextwidgets-5.38.0-1.fc25 kf5-kunitconversion-5.38.0-1.fc25 kf5-kwallet-5.38.0-1.fc25 kf5-kwayland-5.38.0-1.fc25 kf5-kwidgetsaddons-5.38.0-1.fc25 kf5-kwindowsystem-5.38.0-1.fc25 kf5-kxmlgui-5.38.0-1.fc25 kf5-kxmlrpcclient-5.38.0-1.fc25 kf5-modemmanager-qt-5.38.0-1.fc25 kf5-networkmanager-qt -5.38.0-1.fc25 kf5-plasma-5.38.0-1.fc25 kf5-solid-5.38.0-1.fc25 kf5-sonnet-5.38.0-1.fc25 kf5-syntax-highlighting-5.38.0-1.fc25 kf5-threadweaver-5.38.0-1.fc25 oxygen-icon-theme-5.38.0-2.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d00e4db6a selinux-policy-3.13.1-225.23.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d9b3c4003 ding-libs-0.6.1-34.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-48f0da57ca python3-3.5.4-2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-805d9423f8 poppler-0.45.0-9.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a2017ed263 python-productmd-1.8-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b763f774a4 spice-0.14.0-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-88a1f4854d sssd-1.15.3-5.fc25 The following builds have been pushed to Fedora 25 updates-testing ImageMagick-6.9.9.19-1.fc25 arc-gui-clients-0.4.6-13.fc25 banshee-community-extensions-2.4.0-19.fc25 cinnamon-screensaver-3.4.3-1.fc25 elementary-theme-5.1.1-1.fc25 gpxsee-4.15-2.fc25 hercules-3.13-1.fc25 libXfont-1.5.2-5.fc25 perl-Digest-SHA-5.98-1.fc25 perl-Perl-Critic-Pulp-95-1.fc25 rubygem-rmagick-2.16.0-8.fc25 snapd-2.28.4-1.fc25 snapd-glib-1.23-1.fc25 spice-0.14.0-1.fc25 spice-protocol-0.12.13-2.fc25 sssd-1.15.3-5.fc25 syncthing-0.14.39-1.fc25 tnef-1.4.15-1.fc25 Details about builds: ================================================================================ ImageMagick-6.9.9.19-1.fc25 (FEDORA-2017-3c5282ada7) An X application for displaying and manipulating images -------------------------------------------------------------------------------- Update Information: 6.9.9-19 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1500681 - Use of uninitialized data causing compare to have random results https://bugzilla.redhat.com/show_bug.cgi?id=1500681 -------------------------------------------------------------------------------- ================================================================================ arc-gui-clients-0.4.6-13.fc25 (FEDORA-2017-86b5908dd0) ARC Graphical Clients -------------------------------------------------------------------------------- Update Information: Minor bugfix. -------------------------------------------------------------------------------- ================================================================================ banshee-community-extensions-2.4.0-19.fc25 (FEDORA-2017-f73fd7141d) Collection of extensions for the media player Banshee -------------------------------------------------------------------------------- Update Information: - Use dbus-sharp 2 - Disable jamendo, lyrics and karaoke. Require missing Banshee.WebBrowser -------------------------------------------------------------------------------- References: [ 1 ] Bug #1490334 - banshee-community-extensions conflicts with latest banshee https://bugzilla.redhat.com/show_bug.cgi?id=1490334 -------------------------------------------------------------------------------- ================================================================================ cinnamon-screensaver-3.4.3-1.fc25 (FEDORA-2017-efdf564c2b) Cinnamon Screensaver -------------------------------------------------------------------------------- Update Information: Update to 3.4.3 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1501269 - lock screen locks only 1 monitor ! https://bugzilla.redhat.com/show_bug.cgi?id=1501269 [ 2 ] Bug #1488790 - Session unlocked after resuming from hibernate, private data visible, login screen missing https://bugzilla.redhat.com/show_bug.cgi?id=1488790 [ 3 ] Bug #1483523 - [abrt] cinnamon-screensaver: manager.py:210:on_despawn_stage_complete:AttributeError: 'NoneType' object has no attribute 'destroy_stage' https://bugzilla.redhat.com/show_bug.cgi?id=1483523 [ 4 ] Bug #1471468 - [abrt] cinnamon-screensaver: on_client_setup_complete(): logindClient.py:61:on_client_setup_complete:TypeError: Argument 3 does not allow None as a value https://bugzilla.redhat.com/show_bug.cgi?id=1471468 -------------------------------------------------------------------------------- ================================================================================ elementary-theme-5.1.1-1.fc25 (FEDORA-2017-f7b71b0df8) elementary GTK+ Stylesheet -------------------------------------------------------------------------------- Update Information: Update to version 5.1.1. -------------------------------------------------------------------------------- ================================================================================ gpxsee-4.15-2.fc25 (FEDORA-2017-3e4bc1aa15) GPS log file viewer and analyzer -------------------------------------------------------------------------------- Update Information: **GPXSee** is a Qt-based GPS log file viewer and analyzer that supports GPX, TCX, KML, FIT, IGC and NMEA files. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1500524 - Review Request: gpxsee - GPS log file viewer and analyzer https://bugzilla.redhat.com/show_bug.cgi?id=1500524 -------------------------------------------------------------------------------- ================================================================================ hercules-3.13-1.fc25 (FEDORA-2017-f09a233c26) Hercules S/370, ESA/390, and z/Architecture emulator -------------------------------------------------------------------------------- Update Information: - updated to 3.13 - http://www.hercules-390.eu/hercnew.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1497378 - hercules-3.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1497378 -------------------------------------------------------------------------------- ================================================================================ libXfont-1.5.2-5.fc25 (FEDORA-2017-b7c4334524) X.Org X11 libXfont runtime library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-13720 and CVE-2017-13722 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1500693 - CVE-2017-13722 libXfont: Insufficient input validation in pcfread.c https://bugzilla.redhat.com/show_bug.cgi?id=1500693 [ 2 ] Bug #1500690 - CVE-2017-13720 libXfont: Insufficient input validation in fontdir.c https://bugzilla.redhat.com/show_bug.cgi?id=1500690 -------------------------------------------------------------------------------- ================================================================================ perl-Digest-SHA-5.98-1.fc25 (FEDORA-2017-c6c152239d) Perl extension for SHA-1/224/256/384/512 -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1501270 - perl-Digest-SHA-5.98 is available https://bugzilla.redhat.com/show_bug.cgi?id=1501270 -------------------------------------------------------------------------------- ================================================================================ perl-Perl-Critic-Pulp-95-1.fc25 (FEDORA-2017-c806aee216) Some add-on perlcritic policies -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1501402 - perl-Perl-Critic-Pulp-95 is available https://bugzilla.redhat.com/show_bug.cgi?id=1501402 -------------------------------------------------------------------------------- ================================================================================ rubygem-rmagick-2.16.0-8.fc25 (FEDORA-2017-3c5282ada7) Ruby binding to ImageMagick -------------------------------------------------------------------------------- Update Information: 6.9.9-19 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1500681 - Use of uninitialized data causing compare to have random results https://bugzilla.redhat.com/show_bug.cgi?id=1500681 -------------------------------------------------------------------------------- ================================================================================ snapd-2.28.4-1.fc25 (FEDORA-2017-49756ddcb4) A transactional software package manager -------------------------------------------------------------------------------- Update Information: Updates snapd to v2.28 series. Upstream highlights: * New "post-refresh" hook * Initial base snap support for non-Ubuntu based snaps * Polkit integration * Full xdg-open support via `snap userd` * Full bash-completion * New `snap switch` command * Snap service management Full details on release notes at https://forum.snapcraft.io/t/2421 In addition, snapd in Fedora no longer mandates `squashfs.ko` to be available and loaded to work. In the event it is not available, it will fall back to squashfuse transparently. This means it is now possible to use snapd in cloud and container environments, where the kernel is out of the user's control. Updates snapd-glib to v2.23. Upstream highlights: * Fix `snapd-login-service` crash * Improve failure handling when snapd socket read/writes fail In addition, a fix was backported to fix a runtime assertion when snapd socket is `NULL`. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1495852 - snapd-2.28.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1495852 [ 2 ] Bug #1492087 - snapd-glib-1.23 is available https://bugzilla.redhat.com/show_bug.cgi?id=1492087 [ 3 ] Bug #1501141 - snapd-2.28.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1501141 -------------------------------------------------------------------------------- ================================================================================ snapd-glib-1.23-1.fc25 (FEDORA-2017-49756ddcb4) Library providing a GLib interface to snapd -------------------------------------------------------------------------------- Update Information: Updates snapd to v2.28 series. Upstream highlights: * New "post-refresh" hook * Initial base snap support for non-Ubuntu based snaps * Polkit integration * Full xdg-open support via `snap userd` * Full bash-completion * New `snap switch` command * Snap service management Full details on release notes at https://forum.snapcraft.io/t/2421 In addition, snapd in Fedora no longer mandates `squashfs.ko` to be available and loaded to work. In the event it is not available, it will fall back to squashfuse transparently. This means it is now possible to use snapd in cloud and container environments, where the kernel is out of the user's control. Updates snapd-glib to v2.23. Upstream highlights: * Fix `snapd-login-service` crash * Improve failure handling when snapd socket read/writes fail In addition, a fix was backported to fix a runtime assertion when snapd socket is `NULL`. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1495852 - snapd-2.28.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1495852 [ 2 ] Bug #1492087 - snapd-glib-1.23 is available https://bugzilla.redhat.com/show_bug.cgi?id=1492087 [ 3 ] Bug #1501141 - snapd-2.28.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1501141 -------------------------------------------------------------------------------- ================================================================================ spice-0.14.0-1.fc25 (FEDORA-2017-b763f774a4) Implements the SPICE protocol -------------------------------------------------------------------------------- Update Information: Update to new stable release -------------------------------------------------------------------------------- ================================================================================ spice-protocol-0.12.13-2.fc25 (FEDORA-2017-fe31406661) Spice protocol header files -------------------------------------------------------------------------------- Update Information: Update to latest stable release, needed for spice-server ---- Update to 0.12.13 release -------------------------------------------------------------------------------- ================================================================================ sssd-1.15.3-5.fc25 (FEDORA-2017-88a1f4854d) System Security Services Daemon -------------------------------------------------------------------------------- Update Information: Security fix for [CVE-2017-12173] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1498173 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database https://bugzilla.redhat.com/show_bug.cgi?id=1498173 -------------------------------------------------------------------------------- ================================================================================ syncthing-0.14.39-1.fc25 (FEDORA-2017-40ee7af119) Continuous File Synchronization -------------------------------------------------------------------------------- Update Information: Update to version 0.14.39. -------------------------------------------------------------------------------- ================================================================================ tnef-1.4.15-1.fc25 (FEDORA-2017-2b28a055f2) Extract files from email attachments like WINMAIL.DAT -------------------------------------------------------------------------------- Update Information: Update to 1.4.15. Fixes CVE-2017-8911 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427435 - CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1427435 [ 2 ] Bug #1451259 - CVE-2017-8911 tnef: Integer underflow in unicode_to_utf8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1451259 [ 3 ] Bug #1451258 - CVE-2017-8911 tnef: Integer underflow in unicode_to_utf8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1451258 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
