The following Fedora 25 Security updates need testing: Age URL 304 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 202 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 142 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 96 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 92 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 35 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11 gnome-shell-3.22.3-2.fc25 30 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0f24bb2a9 chromium-61.0.3163.100-1.fc25 21 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d345f250a nagios-4.3.4-3.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-805d9423f8 poppler-0.45.0-9.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4709b0d8b xen-4.7.3-7.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6967efb3f0 thunderbird-52.4.0-2.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7089c6e789 suricata-3.2.4-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8cca61e2fa libextractor-1.6-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e2071419d seamonkey-2.49.1-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-38830f1443 lame-3.100-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8258f76154 modulemd-1.3.2-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-150762f6be glusterfs-3.10.6-4.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f499ee7b12 tomcat-8.0.47-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1492e4844 java-1.8.0-openjdk-1.8.0.151-1.b12.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd6659d4d4 systemd-231-19.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c582c1e728 nodejs-6.11.5-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-51f49ebbce apr-1.6.3-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f563b201ba apr-util-1.5.4-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-45ed341e61 httpd-2.4.29-1.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 146 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 36 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2803ce4f5 linux-firmware-20170828-77.gitb78acc9.fc25 35 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11 gnome-shell-3.22.3-2.fc25 25 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3fc5429e7e iproute-4.12.0-1.fc25 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-41e6f8d803 breeze-icon-theme-5.38.0-2.fc25 extra-cmake-modules-5.38.0-2.fc25 kf5-5.38.0-1.fc25 kf5-attica-5.38.0-1.fc25 kf5-baloo-5.38.0-1.fc25 kf5-bluez-qt-5.38.0-1.fc25 kf5-frameworkintegration-5.38.0-1.fc25 kf5-kactivities-5.38.0-1.fc25 kf5-kactivities-stats-5.38.0-1.fc25 kf5-kapidox-5.38.0-1.fc25 kf5-karchive-5.38.0-1.fc25 kf5-kauth-5.38.0-1.fc25 kf5-kbookmarks-5.38.0-1.fc25 kf5-kcmutils-5.38.0-1.fc25 kf5-kcodecs-5.38.0-1.fc25 kf5-kcompletion-5.38.0-1.fc25 kf5-kconfig-5.38.0-5.fc25 kf5-kconfigwidgets-5.38.0-1.fc25 kf5-kcoreaddons-5.38.0-1.fc25 kf5-kcrash-5.38.0-1.fc25 kf5-kdbusaddons-5.38.0-1.fc25 kf5-kdeclarative-5.38.0-1.fc25 kf5-kded-5.38.0-1.fc25 kf5-kdelibs4support-5.38.0-1.fc25 kf5-kdesignerplugin-5.38.0-1.fc25 kf5-kdesu-5.38.0-1.fc25 kf5-kdewebkit-5.38.0-1.fc25 kf5-kdnssd-5.38.0-1.fc25 kf5-kdoctools-5.38.0-1.fc25 kf5-kemoticons-5.38.0-1.fc25 kf5-kfilemetadata-5.38.0-1.fc25 kf5-kglobalaccel-5.38.1-1.fc25 kf5-kguiad dons-5.38.0-1.fc25 kf5-khtml-5.38.0-1.fc25 kf5-ki18n-5.38.0-1.fc25 kf5-kiconthemes-5.38.0-1.fc25 kf5-kidletime-5.38.0-1.fc25 kf5-kimageformats-5.38.0-1.fc25 kf5-kinit-5.38.0-1.fc25 kf5-kio-5.38.0-1.fc25 kf5-kitemmodels-5.38.0-1.fc25 kf5-kitemviews-5.38.0-1.fc25 kf5-kjobwidgets-5.38.0-1.fc25 kf5-kjs-5.38.0-1.fc25 kf5-kjsembed-5.38.0-1.fc25 kf5-kmediaplayer-5.38.0-1.fc25 kf5-knewstuff-5.38.0-1.fc25 kf5-knotifications-5.38.0-1.fc25 kf5-knotifyconfig-5.38.0-1.fc25 kf5-kpackage-5.38.0-1.fc25 kf5-kparts-5.38.0-1.fc25 kf5-kpeople-5.38.0-1.fc25 kf5-kplotting-5.38.0-1.fc25 kf5-kpty-5.38.0-1.fc25 kf5-kross-5.38.0-1.fc25 kf5-krunner-5.38.0-1.fc25 kf5-kservice-5.38.0-1.fc25 kf5-ktexteditor-5.38.0-2.fc25 kf5-ktextwidgets-5.38.0-1.fc25 kf5-kunitconversion-5.38.0-1.fc25 kf5-kwallet-5.38.0-1.fc25 kf5-kwayland-5.38.0-1.fc25 kf5-kwidgetsaddons-5.38.0-1.fc25 kf5-kwindowsystem-5.38.0-1.fc25 kf5-kxmlgui-5.38.0-1.fc25 kf5-kxmlrpcclient-5.38.0-1.fc25 kf5-modemmanager-qt-5.38.0-1.fc25 kf5-networkmanager-qt -5.38.0-1.fc25 kf5-plasma-5.38.0-1.fc25 kf5-solid-5.38.0-1.fc25 kf5-sonnet-5.38.0-1.fc25 kf5-syntax-highlighting-5.38.0-1.fc25 kf5-threadweaver-5.38.0-1.fc25 oxygen-icon-theme-5.38.0-2.fc25 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d00e4db6a selinux-policy-3.13.1-225.23.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-805d9423f8 poppler-0.45.0-9.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6967efb3f0 thunderbird-52.4.0-2.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4709b0d8b xen-4.7.3-7.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b005e95422 audit-2.8.1-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-038e288658 libguestfs-1.36.10-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4dc8e5a70f kobo-0.7.0-3.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c20585902 livecd-tools-25.0-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-577896c07b corosync-2.4.3-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dda3824566 webkitgtk4-2.18.1-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-150762f6be glusterfs-3.10.6-4.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c07be0d13d libdrm-2.4.85-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c0d71e8998 nss-softokn-3.33.0-1.1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c140fb767 gnome-online-accounts-3.22.7-2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c7e6d7da2b gnome-software-3.22.7-4.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-af9174446e kernel-4.13.9-100.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd6659d4d4 systemd-231-19.fc25 The following builds have been pushed to Fedora 25 updates-testing apr-1.6.3-1.fc25 apr-util-1.5.4-4.fc25 cacti-1.1.27-1.fc25 criu-3.6-1.fc25 esmtp-1.2-9.fc25 httpd-2.4.29-1.fc25 lightdm-gtk-2.0.3-3.fc25 mate-utils-1.18.3-1.fc25 nodejs-6.11.5-1.fc25 nova-agent-2.1.8-1.fc25 synergy-1.8.8-2.fc25 systemd-231-19.fc25 testcloud-0.1.15-1.fc25 voms-mysql-plugin-3.1.7-5.fc25 xpra-2.1.3-1.fc25 Details about builds: ================================================================================ apr-1.6.3-1.fc25 (FEDORA-2017-51f49ebbce) Apache Portable Runtime library -------------------------------------------------------------------------------- Update Information: Security fix + version update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1506524 - CVE-2017-12613 apr: Out-of-bounds array deref in apr_time_exp*() functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1506524 -------------------------------------------------------------------------------- ================================================================================ apr-util-1.5.4-4.fc25 (FEDORA-2017-f563b201ba) Apache Portable Runtime Utility library -------------------------------------------------------------------------------- Update Information: Security fix -------------------------------------------------------------------------------- References: [ 1 ] Bug #1506535 - CVE-2017-12618 apr-util: Out-of-bounds access in corrupted SDBM database [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1506535 -------------------------------------------------------------------------------- ================================================================================ cacti-1.1.27-1.fc25 (FEDORA-2017-51f132e3bb) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Update to 1.1.27 Release notes: https://www.cacti.net/release_notes.php?version=1.1.27 -------------------------------------------------------------------------------- ================================================================================ criu-3.6-1.fc25 (FEDORA-2017-6ce1ab4087) Tool for Checkpoint/Restore in User-space -------------------------------------------------------------------------------- Update Information: Update to 3.6 -------------------------------------------------------------------------------- ================================================================================ esmtp-1.2-9.fc25 (FEDORA-2017-899a3e06f5) User configurable send-only Mail Transfer Agent -------------------------------------------------------------------------------- Update Information: Deliver mail to user@hostname locally only if hostname is 'localhost' -------------------------------------------------------------------------------- References: [ 1 ] Bug #1491721 - fix for 1404768 causes breakage for MX only names https://bugzilla.redhat.com/show_bug.cgi?id=1491721 -------------------------------------------------------------------------------- ================================================================================ httpd-2.4.29-1.fc25 (FEDORA-2017-45ed341e61) Apache HTTP Server -------------------------------------------------------------------------------- Update Information: Version update ---- This is a release fixing a security fix applied upstream, known as "optionsbleed" in popular parlance. It is relevant for hosted and co- located instances of Fedora (and why wouldn't you?). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) https://bugzilla.redhat.com/show_bug.cgi?id=1490344 -------------------------------------------------------------------------------- ================================================================================ lightdm-gtk-2.0.3-3.fc25 (FEDORA-2017-f65e7e53a9) LightDM GTK Greeter -------------------------------------------------------------------------------- Update Information: - restore old order of indicators -------------------------------------------------------------------------------- References: [ 1 ] Bug #1506505 - lightdm-gtk lost shutdown button https://bugzilla.redhat.com/show_bug.cgi?id=1506505 -------------------------------------------------------------------------------- ================================================================================ mate-utils-1.18.3-1.fc25 (FEDORA-2017-655502c89b) MATE utility programs -------------------------------------------------------------------------------- Update Information: update to 1.18.3 -------------------------------------------------------------------------------- ================================================================================ nodejs-6.11.5-1.fc25 (FEDORA-2017-c582c1e728) JavaScript runtime -------------------------------------------------------------------------------- Update Information: # 2017-10-24, Version 6.11.5 'Boron' (LTS), @MylesBorins This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities. ## Notable Changes * zlib: * CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#95 -------------------------------------------------------------------------------- ================================================================================ nova-agent-2.1.8-1.fc25 (FEDORA-2017-ef85dac494) Agent for setting up clean servers on Xen -------------------------------------------------------------------------------- Update Information: ``` - Latest upstream ``` -------------------------------------------------------------------------------- References: [ 1 ] Bug #1506719 - nova-agent-2.1.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1506719 -------------------------------------------------------------------------------- ================================================================================ synergy-1.8.8-2.fc25 (FEDORA-2017-9089ebd535) Share mouse and keyboard between multiple computers over the network -------------------------------------------------------------------------------- Update Information: Upstream update to 1.8.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1372714 - Update to 1.8.8 https://bugzilla.redhat.com/show_bug.cgi?id=1372714 -------------------------------------------------------------------------------- ================================================================================ systemd-231-19.fc25 (FEDORA-2017-bd6659d4d4) A System and Service Manager -------------------------------------------------------------------------------- Update Information: - systemd-detect-virt QEMU CPUID logic update - Fix rfkill on some thinkpads - Fix systemd-resolved DOS with crafted NSEC packets (LP#1725351) (No need to reboot.) -------------------------------------------------------------------------------- ================================================================================ testcloud-0.1.15-1.fc25 (FEDORA-2017-ef27434eb4) Tool for running cloud images locally -------------------------------------------------------------------------------- Update Information: - replace arp with libvirt method (lose dep on net-tools) - fix test suite in spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1496158 - Remove dependency on net-tools https://bugzilla.redhat.com/show_bug.cgi?id=1496158 -------------------------------------------------------------------------------- ================================================================================ voms-mysql-plugin-3.1.7-5.fc25 (FEDORA-2017-ba7d48c9b3) VOMS server plugin for MySQL -------------------------------------------------------------------------------- Update Information: Packaging clean-up. -------------------------------------------------------------------------------- ================================================================================ xpra-2.1.3-1.fc25 (FEDORA-2017-dd4f85eee9) Remote display server for applications and desktops -------------------------------------------------------------------------------- Update Information: - Update to 2.1.3 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
