The following Fedora 25 Security updates need testing: Age URL 305 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 203 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 143 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 97 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 93 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 36 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11 gnome-shell-3.22.3-2.fc25 31 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0f24bb2a9 chromium-61.0.3163.100-1.fc25 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d345f250a nagios-4.3.4-3.fc25 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-805d9423f8 poppler-0.45.0-9.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6967efb3f0 thunderbird-52.4.0-2.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7089c6e789 suricata-3.2.4-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8cca61e2fa libextractor-1.6-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e2071419d seamonkey-2.49.1-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-38830f1443 lame-3.100-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8258f76154 modulemd-1.3.2-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-150762f6be glusterfs-3.10.6-4.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f499ee7b12 tomcat-8.0.47-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1492e4844 java-1.8.0-openjdk-1.8.0.151-1.b12.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd6659d4d4 systemd-231-19.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c582c1e728 nodejs-6.11.5-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-51f49ebbce apr-1.6.3-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f563b201ba apr-util-1.5.4-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-45ed341e61 httpd-2.4.29-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-de8a421dcd wget-1.19.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-95327e44ec community-mysql-5.7.20-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdaaf6ea12 php-7.0.25-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4aa57d753 xen-4.7.3-8.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 147 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 37 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2803ce4f5 linux-firmware-20170828-77.gitb78acc9.fc25 36 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11 gnome-shell-3.22.3-2.fc25 26 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3fc5429e7e iproute-4.12.0-1.fc25 17 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d00e4db6a selinux-policy-3.13.1-225.23.fc25 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-805d9423f8 poppler-0.45.0-9.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6967efb3f0 thunderbird-52.4.0-2.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b005e95422 audit-2.8.1-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-038e288658 libguestfs-1.36.10-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4dc8e5a70f kobo-0.7.0-3.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c20585902 livecd-tools-25.0-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-577896c07b corosync-2.4.3-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dda3824566 webkitgtk4-2.18.1-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-150762f6be glusterfs-3.10.6-4.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c07be0d13d libdrm-2.4.85-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c0d71e8998 nss-softokn-3.33.0-1.1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c140fb767 gnome-online-accounts-3.22.7-2.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c7e6d7da2b gnome-software-3.22.7-4.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-af9174446e kernel-4.13.9-100.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4aa57d753 xen-4.7.3-8.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd6659d4d4 systemd-231-19.fc25 The following builds have been pushed to Fedora 25 updates-testing R-3.4.2-1.fc25 community-mysql-5.7.20-1.fc25 fedfind-3.7.1-1.fc25 golang-github-tjfoc-gmsm-1.0.1-1.20171023.git9d99fac.fc25 mate-session-manager-1.18.2-1.fc25 php-7.0.25-1.fc25 rkward-0.6.5-10.fc25 rpy-2.8.6-4.fc25 wget-1.19.2-1.fc25 xen-4.7.3-8.fc25 Details about builds: ================================================================================ R-3.4.2-1.fc25 (FEDORA-2017-9c9aaab6db) A language for data analysis and graphics -------------------------------------------------------------------------------- Update Information: Update R to 3.4.2, rebuild rpy and rkward to sync. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1497191 - R-3.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1497191 -------------------------------------------------------------------------------- ================================================================================ community-mysql-5.7.20-1.fc25 (FEDORA-2017-95327e44ec) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information: A quarter year regular dose of fixed CVE's. https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html . rhbz#1497694: Fix owner and perms on log file in post script CVE fixes: rhbz#1503701 CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 Others: Move all test binaries to -test package Dont ship unneeded man pages on systemd platforms Remove mysql_config_editor from -devel package, shipped in client -------------------------------------------------------------------------------- References: [ 1 ] Bug #1503701 - CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 community-mysql: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1503701 [ 2 ] Bug #1497694 - mysqld service not working by default after bd72127 https://bugzilla.redhat.com/show_bug.cgi?id=1497694 [ 3 ] Bug #1503357 - community-mysql-5.7.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1503357 -------------------------------------------------------------------------------- ================================================================================ fedfind-3.7.1-1.fc25 (FEDORA-2017-dc8ebfd6c0) Fedora compose and image finder -------------------------------------------------------------------------------- Update Information: This new version of fedfind improves handling of various new compose types introduced by release engineering. The new nightly modular composes from master branch, now versioned `Bikeshed` rather than `Rawhide`, are handled with a new `BikeshedModularNightly` class. 'updates' and 'updates-testing' composes are explicitly not supported (`get_release` will raise a `ValueError` with a specific text for these) as they do not contain images and so fedfind can't do much with them. Note that the `fedfind.helpers.parse_cid` function is entirely rewritten in support of this; the new version is much more capable and accurate and should handle all compose IDs the previous version handled correctly, but please report any issues you find. -------------------------------------------------------------------------------- ================================================================================ golang-github-tjfoc-gmsm-1.0.1-1.20171023.git9d99fac.fc25 (FEDORA-2017-20c0d32691) GM SM2/3/4 library based on Golang -------------------------------------------------------------------------------- Update Information: Initial package for fedora. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1506331 - Review Request: golang-github-tjfoc-gmsm - GM SM2/3/4 library based on Golang https://bugzilla.redhat.com/show_bug.cgi?id=1506331 -------------------------------------------------------------------------------- ================================================================================ mate-session-manager-1.18.2-1.fc25 (FEDORA-2017-f6c8fc312c) MATE Desktop session manager -------------------------------------------------------------------------------- Update Information: - update to 1.18.2 -------------------------------------------------------------------------------- ================================================================================ php-7.0.25-1.fc25 (FEDORA-2017-cdaaf6ea12) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: **PHP version 7.0.25** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null pointer dereference in zend_mm_alloc_small()). (Laruence) * Fixed bug php#75236 (infinite loop when printing an error-message). (Andrea) * Fixed bug php#75252 (Incorrect token formatting on two parse errors in one request). (Nikita) * Fixed bug php#75220 (Segfault when calling is_callable on parent). (andrewnester) * Fixed bug php#75290 (debug info of Closures of internal functions contain garbage argument names). (Andrea) **Apache2Handler:** * Fixed bug php#75311 (error: 'zend_hash_key' has no member named 'arKey' in apache2handler). (mcarbonneaux) **Date:** * Fixed bug php#75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick) **Intl:** * Fixed bug php#75318 (The parameter of UConverter::getAliases() is not optional). (cmb) **mcrypt:** * Fixed bug php#72535 (arcfour encryption stream filter crashes php). (Leigh) **PCRE:** * Fixed bug php#75207 (applied upstream patch for CVE-2016-1283). (Anatol) **litespeed:** * Fixed bug php#75248 (Binary directory doesn't get created when building only litespeed SAPI). (petk) * Fixed bug php#75251 (Missing program prefix and suffix). (petk) **SPL:** * Fixed bug php#73629 (SplDoublyLinkedList::setIteratorMode masks intern flags). (J. Jeising, cmb) -------------------------------------------------------------------------------- ================================================================================ rkward-0.6.5-10.fc25 (FEDORA-2017-9c9aaab6db) Graphical frontend for R language -------------------------------------------------------------------------------- Update Information: Update R to 3.4.2, rebuild rpy and rkward to sync. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1497191 - R-3.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1497191 -------------------------------------------------------------------------------- ================================================================================ rpy-2.8.6-4.fc25 (FEDORA-2017-9c9aaab6db) Python interface to the R language -------------------------------------------------------------------------------- Update Information: Update R to 3.4.2, rebuild rpy and rkward to sync. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1497191 - R-3.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1497191 -------------------------------------------------------------------------------- ================================================================================ wget-1.19.2-1.fc25 (FEDORA-2017-de8a421dcd) A utility for retrieving files using the HTTP or FTP protocols -------------------------------------------------------------------------------- Update Information: new upstream release with CVE fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1505445 - CVE-2017-13090 wget: Heap-based buffer overflow in HTTP protocol handling https://bugzilla.redhat.com/show_bug.cgi?id=1505445 [ 2 ] Bug #1505444 - CVE-2017-13089 wget: Stack-based buffer overflow in HTTP protocol handling https://bugzilla.redhat.com/show_bug.cgi?id=1505444 -------------------------------------------------------------------------------- ================================================================================ xen-4.7.3-8.fc25 (FEDORA-2017-c4aa57d753) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: pin count / page reference race in grant table code [XSA-236, CVE-2017-15597] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1499815 - CVE-2017-15597 xsa236 xen: pin count / page reference race in grant table code (XSA-236) https://bugzilla.redhat.com/show_bug.cgi?id=1499815 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
