The following Fedora 24 Security updates need testing: Age URL 121 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 105 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f chicken-4.11.0-3.fc24 56 https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea compat-guile18-1.8.8-14.fc24 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2424eeca35 phpMyAdmin-4.6.5.1-2.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2460f713a1 php-php-gettext-1.0.12-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-302f840ecf perl-DBD-MySQL-4.039-2.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-30f68ec06b mcabber-1.0.4-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad6fc78dd golang-1.6.4-2.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-60753c3dcd roundcubemail-1.2.3-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a98c560116 tomcat-8.0.39-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3618d9ef6 python-tornado-4.4.2-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b000091725 php-simplesamlphp-saml2-2.3.3-1.fc24 php-simplesamlphp-saml2_1-1.10.3-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b465090499 ipsilon-2.0.2-2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4dd1db1e7 lxc-2.0.6-2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f kernel-4.8.12-200.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b39fedec11 httpd-2.4.23-5.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e45a7e7b13 gd-2.2.3-5.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4e992b0ac gstreamer-plugins-good-0.10.31-17.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4fff0cbc66 gstreamer1-plugins-base-1.8.3-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a17657197c gstreamer-plugins-base-0.10.36-15.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3bc78de2b gstreamer-plugins-bad-free-0.10.23-34.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ca6cc3ce3e gstreamer1-plugins-bad-free-1.8.3-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0b80dcfe5a openjpeg2-2.1.2-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-240fe757f8 mingw-openjpeg2-2.1.2-2.fc24
The following Fedora 24 Critical Path updates have yet to be approved: Age URL 60 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9 pungi-4.1.10-1.fc24 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cddf0ec383 nss-3.27.0-1.3.fc24 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0006447a5 colord-1.3.4-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9b731e067 libimobiledevice-1.2.0-8.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e191e610 evolution-data-server-3.20.6-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41ce1a19af libbluray-0.9.3-3.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f kernel-4.8.12-200.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-90bd4d7d33 selinux-policy-3.13.1-191.23.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0cfbb5a168 cairo-1.14.8-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4608795844 gnutls-3.4.17-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6008f6fd21 vim-8.0.124-2.fc24
The following builds have been pushed to Fedora 24 updates-testing
abiword-3.0.2-3.fc24 cairo-1.14.8-1.fc24 docker-1.10.3-55.gite03ddb8.fc24 drupal7-7.53-1.fc24 fedpkg-minimal-1.1.0-4.fc24 gnutls-3.4.17-1.fc24 grub2-2.02-0.38.fc24 homebank-5.1.2-1.fc24 layla-fonts-1.7-1.fc24 libecb-0.20161208-1.fc24 libxsmm-1.6.1-1.fc24 mingw-openjpeg2-2.1.2-2.fc24 nodejs-figures-1.7.0-2.fc24 openjpeg2-2.1.2-2.fc24 php-5.6.29-1.fc24 php-akamai-open-edgegrid-client-0.6.1-1.fc24 php-guzzlehttp-promises-1.3.0-1.fc24 php-mtdowling-jmespath-php-2.4.0-1.fc24 php-pecl-mongodb-1.1.10-1.fc24 php-zendframework-zend-expressive-1.0.4-1.fc24 python-idstools-0.5.4-1.fc24 python-pytest-spec-1.1.0-1.fc24 pywbem-0.9.1-1.fc24 qt5-qtstyleplugins-5.0.0-12.fc24 sunxi-tools-1.4.2-1.fc24 vim-8.0.124-2.fc24
Details about builds:
================================================================================ abiword-3.0.2-3.fc24 (FEDORA-2016-ffbf1200ab) Word processing program -------------------------------------------------------------------------------- Update Information:
Fix the black drawing regression with Gtk3.22 ---- Run ldconfig for libabiword ---- Update to 3.0.2 with fixes for GTK3 and Wayland -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1390020 - [abiword] text body in abiword turns black all the time, e.g. when losing focus https://bugzilla.redhat.com/show_bug.cgi?id=1390020 [ 2 ] Bug #1387629 - abiword-3.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1387629 [ 3 ] Bug #1261693 - [abiword] corrupted dialog window "Set Language" https://bugzilla.redhat.com/show_bug.cgi?id=1261693 [ 4 ] Bug #1287835 - abiword screen flickering https://bugzilla.redhat.com/show_bug.cgi?id=1287835 [ 5 ] Bug #1288847 - [abrt] abiword: AP_UnixApp::catchSignals(): abiword killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1288847 [ 6 ] Bug #1295643 - [abrt] abiword: AP_UnixApp::catchSignals(): abiword killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1295643 [ 7 ] Bug #1326222 - abiword icon source is used instead of actual icon https://bugzilla.redhat.com/show_bug.cgi?id=1326222 [ 8 ] Bug #1388609 - [abrt] abiword: AP_UnixApp::catchSignals(): abiword killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1388609 [ 9 ] Bug #1390367 - black window after start https://bugzilla.redhat.com/show_bug.cgi?id=1390367 [ 10 ] Bug #1391574 - [abrt] abiword: AP_UnixApp::catchSignals(int)(): abiword killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1391574 [ 11 ] Bug #1398773 - Paging up or down causes black screen and flickering - clicking reveals text https://bugzilla.redhat.com/show_bug.cgi?id=1398773 --------------------------------------------------------------------------------
================================================================================ cairo-1.14.8-1.fc24 (FEDORA-2016-0cfbb5a168) A 2D graphics library -------------------------------------------------------------------------------- Update Information:
cairo 1.14.8 release. For details, see https://lists.cairographics.org/archives/cairo/2016-December/027816.html --------------------------------------------------------------------------------
================================================================================ docker-1.10.3-55.gite03ddb8.fc24 (FEDORA-2016-6e972cb2cf) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information:
built docker @projectatomic/docker-1.10 commit e03ddb8 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402548 - Docker storage setup packaging seems to be wrong https://bugzilla.redhat.com/show_bug.cgi?id=1402548 --------------------------------------------------------------------------------
================================================================================ drupal7-7.53-1.fc24 (FEDORA-2016-8d035a0fa4) An open-source content-management platform -------------------------------------------------------------------------------- Update Information:
https://www.drupal.org/project/drupal/releases/7.53 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402612 - drupal7-7.53 is available https://bugzilla.redhat.com/show_bug.cgi?id=1402612 --------------------------------------------------------------------------------
================================================================================ fedpkg-minimal-1.1.0-4.fc24 (FEDORA-2016-33a17e8e35) Script to allow fedpkg fetch to work -------------------------------------------------------------------------------- Update Information:
This update provides handling for the new sources format created as part of the flag day changes. --------------------------------------------------------------------------------
================================================================================ gnutls-3.4.17-1.fc24 (FEDORA-2016-4608795844) A TLS protocol implementation -------------------------------------------------------------------------------- Update Information:
New upstream release --------------------------------------------------------------------------------
================================================================================ grub2-2.02-0.38.fc24 (FEDORA-2016-a098b75b13) Bootloader with support for Linux, Multiboot and more -------------------------------------------------------------------------------- Update Information:
This is a backport of the fixes in F25 and rawhide. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1347291 - Booting from Windows 10 entry ends with 'relocation failed' error https://bugzilla.redhat.com/show_bug.cgi?id=1347291 [ 2 ] Bug #1226325 - None https://bugzilla.redhat.com/show_bug.cgi?id=1226325 [ 3 ] Bug #1261926 - None https://bugzilla.redhat.com/show_bug.cgi?id=1261926 [ 4 ] Bug #1292615 - Double free when kernel does not match EFI secure boot keys https://bugzilla.redhat.com/show_bug.cgi?id=1292615 [ 5 ] Bug #1400476 - Nightly compose, ppc64le ISO fails to boot with error "( 700 ) Program Exception [ 0 ]" https://bugzilla.redhat.com/show_bug.cgi?id=1400476 --------------------------------------------------------------------------------
================================================================================ homebank-5.1.2-1.fc24 (FEDORA-2016-43706828a6) Free easy personal accounting for all -------------------------------------------------------------------------------- Update Information:
- Rebuilt for new upstream version 5.1.2 2016-12-08 Maxime Doyen Made 5.1.2 release. * wish : #1645126 remember the size of columns in the main window * wish : #1639862 multiple edit transactions date * wish : #1638023 remind scheduled listview column width * wish : #916690 qif option (info to desc; payee to desc) * wish : #462919 option to choose to import OFX name to payee or memo * bugfix: import, new account don't have currency, result display NaN * bugfix: import, amount was not displaying decimal part * bugfix: import, dialog to choose child xfer was popup when no match found * bugfix: txn dialog, after input a split amount/category widget were not disabled * bugfix: #1645001 import shows rounded amount but import correctly * bugfix: #1640885 txn changes in detail list cannot be saved * bugfix: #1638064 balance report may show wrong values -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402616 - homebank-5.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1402616 --------------------------------------------------------------------------------
================================================================================ layla-fonts-1.7-1.fc24 (FEDORA-2016-4a1858cfed) A collection of traditional Arabic fonts -------------------------------------------------------------------------------- Update Information:
Fixed the font lookup tables --------------------------------------------------------------------------------
================================================================================ libecb-0.20161208-1.fc24 (FEDORA-2016-95e84f7d0b) Compiler built-ins -------------------------------------------------------------------------------- Update Information:
This release improves documentation. --------------------------------------------------------------------------------
================================================================================ libxsmm-1.6.1-1.fc24 (FEDORA-2016-043d784a2b) Small dense or sparse matrix multiplications and convolutions for x86_64 -------------------------------------------------------------------------------- Update Information:
New release ---- New package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1400167 - libxsmm-1.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400167 [ 2 ] Bug #1389016 - Review Request: libxsmm - Library for small matrix-matrix multiplications on Intel x86_64 (e.g. for cp2k) https://bugzilla.redhat.com/show_bug.cgi?id=1389016 --------------------------------------------------------------------------------
================================================================================ mingw-openjpeg2-2.1.2-2.fc24 (FEDORA-2016-240fe757f8) MinGW Windows openjpeg2 library -------------------------------------------------------------------------------- Update Information:
This update adds a patch to fix CVE-2016-9573 and CVE-2016-9572. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402720 - CVE-2016-9573 CVE-2016-9572 mingw-openjpeg2: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1402720 --------------------------------------------------------------------------------
================================================================================ nodejs-figures-1.7.0-2.fc24 (FEDORA-2016-90ece6d3a9) Unicode symbols with Windows CMD fallbacks -------------------------------------------------------------------------------- Update Information:
Update to address items from package review -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1295295 - uglify task fails: An error occurred while processing a template: <template function> has no method 'indexOf' https://bugzilla.redhat.com/show_bug.cgi?id=1295295 --------------------------------------------------------------------------------
================================================================================ openjpeg2-2.1.2-2.fc24 (FEDORA-2016-0b80dcfe5a) C-Library for JPEG 2000 -------------------------------------------------------------------------------- Update Information:
This updates adds a patch to fix CVE-2016-9573 and CVE-2016-9572. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402718 - CVE-2016-9573 CVE-2016-9572 openjpeg2: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1402718 --------------------------------------------------------------------------------
================================================================================ php-5.6.29-1.fc24 (FEDORA-2016-0272d7b5d1) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information:
08 Dec 2016 - **PHP version 5.6.29** **Mysqlnd:** * Fixed bug php#64526 (Add missing mysqlnd.* parameters to php.ini-*). (cmb) **Opcache:** * Fixed bug php#73402 (Opcache segfault when using class constant to call a method). (Laruence) * Fixed bug php#69090 (check cached files permissions) **OpenSSL** * Fixed bug php#72776 (Invalid parameter in memcpy function trough openssl_pbkdf2). (Jakub Zelenka) **Postgres:** * Fixed bug php#73498 (Incorrect SQL generated for pg_copy_to()). (Craig Duncan) **SOAP:** * Fixed bug php#73452 (Segfault (Regression for php#69152)). (Dmitry) **SQLite3:** * Fixed bug php#73530 (Unsetting result set may reset other result set). (cmb) **Standard:** * Fixed bug php#73297 (HTTP stream wrapper should ignore HTTP 100 Continue). (rowan dot collins at gmail dot com) **WDDX:** * Fixed bug php#73631 (Memory leak due to invalid wddx stack processing). (bughunter at fosec dot vn). --------------------------------------------------------------------------------
================================================================================ php-akamai-open-edgegrid-client-0.6.1-1.fc24 (FEDORA-2016-05840c5199) Implements the Akamai {OPEN} EdgeGrid Authentication -------------------------------------------------------------------------------- Update Information:
### 0.6.1 [04 Nov, 2016] * Install bin/http using composer * Cleanup tools and composer setup * Shrink PHAR from 5.6MB to 370KB * Add support for `-A` short flag for `--auth-type` on CLI to match httpie * Update dependencies -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1392697 - php-akamai-open-edgegrid-client-0.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1392697 --------------------------------------------------------------------------------
================================================================================ php-guzzlehttp-promises-1.3.0-1.fc24 (FEDORA-2016-b80d0ccc55) Guzzle promises library -------------------------------------------------------------------------------- Update Information:
## 1.3.0 - 2016-11-18 * Adds support for custom task queues. * Fixed coroutine promise memory leak. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1396687 - php-guzzlehttp-promises-1.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1396687 --------------------------------------------------------------------------------
================================================================================ php-mtdowling-jmespath-php-2.4.0-1.fc24 (FEDORA-2016-0d230ae389) Declaratively specify how to extract elements from a JSON document -------------------------------------------------------------------------------- Update Information:
## 2.4.0 - 2016-12-03 * Added support for floats when interpreting data. * Added a function_exists check to work around redeclaration issues. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1401271 - php-mtdowling-jmespath-php-2.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1401271 --------------------------------------------------------------------------------
================================================================================ php-pecl-mongodb-1.1.10-1.fc24 (FEDORA-2016-b5462162d8) MongoDB driver for PHP -------------------------------------------------------------------------------- Update Information:
**Version 1.1.10** * [PHPC-848] - Fix BSON encoding of immutable arrays and documents with circular references --------------------------------------------------------------------------------
================================================================================ php-zendframework-zend-expressive-1.0.4-1.fc24 (FEDORA-2016-0e6c4fb347) PSR-7 Middleware Microframework based on Stratigility -------------------------------------------------------------------------------- Update Information:
**Version 1.0.4** - 2016-12-07 - [#402](https://github.com/zendframework/zend- expressive/pull/402) fixes how `Application::__invoke()` registers the error handler designed to swallow deprecation notices, as introduced in 1.0.3. It now checks to see if another error handler was previously registered, and, if so, creates a composite handler that will delegate to the previous for all other errors. --------------------------------------------------------------------------------
================================================================================ python-idstools-0.5.4-1.fc24 (FEDORA-2016-736b58c885) Snort and Suricata Rule and Event Utilities -------------------------------------------------------------------------------- Update Information:
initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1398369 - Review Request: python-idstools - Snort and Suricata Rule and Event Utilities https://bugzilla.redhat.com/show_bug.cgi?id=1398369 --------------------------------------------------------------------------------
================================================================================ python-pytest-spec-1.1.0-1.fc24 (FEDORA-2016-d5f72513a2) Pytest plugin to display test execution output like a SPECIFICATION -------------------------------------------------------------------------------- Update Information:
New upstream release --------------------------------------------------------------------------------
================================================================================ pywbem-0.9.1-1.fc24 (FEDORA-2016-45a953e432) Python2 WBEM Client and Provider Interface -------------------------------------------------------------------------------- Update Information:
*Upgrade to pywbem v0.9.1 * Enhancements * Added a section ���Prerequisite operating system packages��� to the documentation that describes the prerequisite packages by distribution. * Added git as an OS-level dependency for development (it is used by GitPython when building the documentation). * Bug fixes * Fixed the use of a variable before it was set in the remove_destinations() method of class WBEMSubscriptionManager. * Fixed a compatibility issue relative to pywbem 0.7.0, where the pywbem.Error class was no longer available in the pywbem.cim_http namespace. It has been made available in that namespace again, for compatibility reasons. Note that using sub- namespaces of the pywbem namespace such as pywbem.cim_http has been deprecated in pywbem 0.8.0. * Fixed a documentation issue where the description of CIMError was not clear that the exception object itself can be accessed by index and slice. * Fixed a documentation build error on Python 2.6, by pinning the GitPython version to <=2.0.8, due to its use of unittest.case which is not available on Python 2.6. --------------------------------------------------------------------------------
================================================================================ qt5-qtstyleplugins-5.0.0-12.fc24 (FEDORA-2016-47a9be74be) Classic Qt widget styles -------------------------------------------------------------------------------- Update Information:
Pull in latest upstream fixes, omit qgtk2 platform/style plugins that conflict with qt5-qtbase --------------------------------------------------------------------------------
================================================================================ sunxi-tools-1.4.2-1.fc24 (FEDORA-2016-3d332c034b) Tools to help hacking Allwinner (sunxi) based devices -------------------------------------------------------------------------------- Update Information:
Update to 1.4.2 --------------------------------------------------------------------------------
================================================================================ vim-8.0.124-2.fc24 (FEDORA-2016-6008f6fd21) The VIM editor -------------------------------------------------------------------------------- Update Information:
new upstream commit --------------------------------------------------------------------------------