The following Fedora 25 Security updates need testing: Age URL 332 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 170 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 121 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 36 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7089c6e789 suricata-3.2.4-1.fc25 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-51f49ebbce apr-1.6.3-1.fc25 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f563b201ba apr-util-1.5.4-4.fc25 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-45ed341e61 httpd-2.4.29-1.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e67e4e45b poppler-0.45.0-10.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-481e4f6f8c ldns-1.6.17-22.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5bbb657c5 chromium-62.0.3202.89-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-55a3247cfd openssl-1.0.2m-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-077334783e webkitgtk4-2.18.3-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8575fbfe90 varnish-5.0.0-5.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f1535b86fa lucene4-4.10.4-11.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdfd888e2e git-2.9.5-3.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-580f91f6b0 qt5-qtwebengine-5.9.2-2.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5bcfedf10 mrbs-1.7.0-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d008ecf87a cacti-1.1.28-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed565f9ed0 jbig2dec-0.14-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e40e02e0dd moodle-3.1.9-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-78f0991378 openssh-7.4p1-5.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2076106713 fedora-arm-installer-2.0-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1fb805bfc2 xrdp-0.9.4-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f2577f2108 xen-4.7.4-1.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 174 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 54 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3fc5429e7e iproute-4.12.0-1.fc25 23 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b89e9f62d8 bind99-9.9.10-3.P3.fc25 21 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dbf347055a hwdata-0.306-1.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e82231f2c7 libglvnd-1.0.0-1.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e67e4e45b poppler-0.45.0-10.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-077334783e webkitgtk4-2.18.3-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-55a3247cfd openssl-1.0.2m-1.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-15b7f781f0 nss-3.34.0-1.0.fc25 nss-softokn-3.34.0-1.0.fc25 nss-util-3.34.0-1.0.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdfd888e2e git-2.9.5-3.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-78f0991378 openssh-7.4p1-5.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5c8aaa03b5 man-db-2.7.5-7.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebe7851cb1 pungi-4.1.20-3.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c04c80ee2d kernel-4.13.15-100.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1524498243 sssd-1.16.0-3.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4ac58bd7e5 groff-1.22.3-9.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-233f5a46a7 vim-8.0.1322-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f2577f2108 xen-4.7.4-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-47daeeebf1 linux-firmware-20171123-79.git90436ce.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf1dd0bb89 libtiff-4.0.9-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-779d5b7efb pcre2-10.23-11.fc25 The following builds have been pushed to Fedora 25 updates-testing acme-tiny-0.2-3.20170516gitaf025f5.fc25 fedora-arm-installer-2.0-1.fc25 gdeploy-2.0.6-1.fc25 gsi-openssh-7.4p1-6.fc25 libtaskotron-0.4.25-1.fc25 libtiff-4.0.9-1.fc25 linux-firmware-20171123-79.git90436ce.fc25 mailx-12.5-24.fc25 mint-x-icons-1.4.6-4.fc25 mint-y-icons-1.1.2-2.fc25 opusfile-0.10-1.fc25 pcre2-10.23-11.fc25 perl-Authen-SCRAM-0.006-1.fc25 qsstv-9.2.6-1.fc25 sane-backends-1.0.25-8.fc25 taskotron-trigger-0.4.9-1.fc25 xen-4.7.4-1.fc25 xrdp-0.9.4-2.fc25 Details about builds: ================================================================================ acme-tiny-0.2-3.20170516gitaf025f5.fc25 (FEDORA-2017-914865416c) Tiny auditable script to issue, renew Let's Encrypt certificates -------------------------------------------------------------------------------- Update Information: Let's Encrypt has changed their agreement. Admins should read the new agreement and update. Certs will not update until the package is updated (or you can patch the agreement url). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409345 - None https://bugzilla.redhat.com/show_bug.cgi?id=1409345 [ 2 ] Bug #1515781 - None https://bugzilla.redhat.com/show_bug.cgi?id=1515781 [ 3 ] Bug #1507333 - None https://bugzilla.redhat.com/show_bug.cgi?id=1507333 -------------------------------------------------------------------------------- ================================================================================ fedora-arm-installer-2.0-1.fc25 (FEDORA-2017-2076106713) Writes binary image files to any specified block device -------------------------------------------------------------------------------- Update Information: Update to 2.0, Initial support for aarch64 images and associated SBCs -------------------------------------------------------------------------------- References: [ 1 ] Bug #1464968 - CVE-2017-7496 fedora-arm-installer: Unsafe mount in /tmp allows privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=1464968 -------------------------------------------------------------------------------- ================================================================================ gdeploy-2.0.6-1.fc25 (FEDORA-2017-a6f033e5ae) Tool to deploy and manage GlusterFS cluster -------------------------------------------------------------------------------- Update Information: Add vdo support to gdeploy ---- Add geo-replication support to gdeploy ---- Remove the multiple display support, broken in Ansible-2.4 -------------------------------------------------------------------------------- ================================================================================ gsi-openssh-7.4p1-6.fc25 (FEDORA-2017-179b49c627) An implementation of the SSH protocol with GSI authentication -------------------------------------------------------------------------------- Update Information: Sync with openssh package. -------------------------------------------------------------------------------- ================================================================================ libtaskotron-0.4.25-1.fc25 (FEDORA-2017-bc380bfdb5) Taskotron Support Library -------------------------------------------------------------------------------- Update Information: - update yumrepoinfo - update to latest testcloud API - add `pull_request` item type -------------------------------------------------------------------------------- ================================================================================ libtiff-4.0.9-1.fc25 (FEDORA-2017-cf1dd0bb89) Library of functions for manipulating TIFF format image files -------------------------------------------------------------------------------- Update Information: New upstream version **4.0.9**. http://libtiff.maptools.org/v4.0.9.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514863 - libtiff-4.0.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1514863 -------------------------------------------------------------------------------- ================================================================================ linux-firmware-20171123-79.git90436ce.fc25 (FEDORA-2017-47daeeebf1) Firmware files used by the Linux kernel -------------------------------------------------------------------------------- Update Information: - Updated Intel GPU, amdgpu, iwlwifi, mvebu wifi, liquidio, QCom a530 & Venus, mlxsw, qed - Add iwlwifi 9000 series -------------------------------------------------------------------------------- ================================================================================ mailx-12.5-24.fc25 (FEDORA-2017-e478e56990) Enhanced implementation of the mailx command -------------------------------------------------------------------------------- Update Information: Add missing linear whitespace to `mailx-12.5-encsplit.patch`. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1515591 - mailx 12.5-23 break mail addresses https://bugzilla.redhat.com/show_bug.cgi?id=1515591 -------------------------------------------------------------------------------- ================================================================================ mint-x-icons-1.4.6-4.fc25 (FEDORA-2017-64e0211250) Icon theme for Linux Mint -------------------------------------------------------------------------------- Update Information: - New upstream release - Fix dangling-relative-symlinks - Re-add the NetworkManager related icons - Simplify scriptlets -------------------------------------------------------------------------------- References: [ 1 ] Bug #1515233 - mint-x-icons-1.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1515233 -------------------------------------------------------------------------------- ================================================================================ mint-y-icons-1.1.2-2.fc25 (FEDORA-2017-61eb2b4608) The Mint-Y icon theme -------------------------------------------------------------------------------- Update Information: - New upstream release - Backported new action and app icons from upstream - Add explicit Requires on {gnome,hicolor}-icon-theme - Simplify scriptlets -------------------------------------------------------------------------------- References: [ 1 ] Bug #1515227 - mint-y-icons-1.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1515227 -------------------------------------------------------------------------------- ================================================================================ opusfile-0.10-1.fc25 (FEDORA-2017-b49954b8d3) A high-level API for decoding and seeking within .opus files -------------------------------------------------------------------------------- Update Information: Update to 0.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1507432 - out-of-bounds read in opusfile-0.9 https://bugzilla.redhat.com/show_bug.cgi?id=1507432 -------------------------------------------------------------------------------- ================================================================================ pcre2-10.23-11.fc25 (FEDORA-2017-779d5b7efb) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes multi-line matching in pcregrep tool. -------------------------------------------------------------------------------- ================================================================================ perl-Authen-SCRAM-0.006-1.fc25 (FEDORA-2017-571ece7ded) Salted Challenge Response Authentication Mechanism (RFC 5802) -------------------------------------------------------------------------------- Update Information: This release fixes normalization when doing SASLprep. It also adds caching computation of digested passwords to improve client performance. -------------------------------------------------------------------------------- ================================================================================ qsstv-9.2.6-1.fc25 (FEDORA-2017-3c999c41f6) Qt-based slow-scan TV and fax -------------------------------------------------------------------------------- Update Information: * Changed the .pro file for autodetecing correct libopenjpg2 (DL1JBE -Tom) * ftp transfer - initialize bug fix (VK6MN- Mike) * Help manual -> path correction and corrected some typo's (DJ0MBA- Marinus) * SSTV initialize bug fix (Adrian) * Camera support for Raspberry PI Cam * fixed audio loopback use * fixed transmission after stop, image was not restarted at top -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428966 - "Repeater" config Dialog has no function https://bugzilla.redhat.com/show_bug.cgi?id=1428966 [ 2 ] Bug #1514286 - qsstv-9.2.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1514286 -------------------------------------------------------------------------------- ================================================================================ sane-backends-1.0.25-8.fc25 (FEDORA-2017-bb5fb20f33) Scanner access software -------------------------------------------------------------------------------- Update Information: 1515762 - saned manpage incomplete and exists when saned is not installed -------------------------------------------------------------------------------- ================================================================================ taskotron-trigger-0.4.9-1.fc25 (FEDORA-2017-4adce1f988) Triggering Taskotron jobs via fedmsg -------------------------------------------------------------------------------- Update Information: Added consumer for Github's Pull Requests ---- Fixing issue where branch parameter was not being passed correctly and added MBS consumer ---- Fixes a bug in finding cloud images due to hard codded values -------------------------------------------------------------------------------- ================================================================================ xen-4.7.4-1.fc25 (FEDORA-2017-f2577f2108) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: update to xen-4.7.4 update Source0 location ---- fix an issue in patch for [XSA-240, CVE-2017-15595] that might be a security issue fix for [XSA-243, CVE-2017-15592] could cause hypervisor crash (DOS) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1499823 - CVE-2017-15592 xsa243 xen: x86: Incorrect handling of self-linear shadow mappings with translated guests (XSA-243) https://bugzilla.redhat.com/show_bug.cgi?id=1499823 [ 2 ] Bug #1499820 - CVE-2017-15595 xsa240 xen: Unlimited recursion in linear pagetable de-typing (XSA-240) https://bugzilla.redhat.com/show_bug.cgi?id=1499820 -------------------------------------------------------------------------------- ================================================================================ xrdp-0.9.4-2.fc25 (FEDORA-2017-1fb805bfc2) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information: Patch CVE-2017-16927. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1516761 - CVE-2017-16927 xrdp: Buffer-overflow in scp_v0s_accept function in session manager [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1516761 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
