The following Fedora 24 Security updates need testing:
Age URL
55 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e339a7779 optipng-0.7.6-1.fc24
11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95edf19d8a squid-3.5.19-2.fc24
6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dfa325d31b community-mysql-5.7.12-1.fc24
4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d23d2712de roundcubemail-1.2.0-1.fc24
1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e5f722a9a7 docker-1.10.3-12.git4158ccc.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0d90ead5d7 GraphicsMagick-1.3.24-1.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c329fc4c32 nginx-1.10.1-1.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-aa49938267 pungi-4.0.15-2.fc24
1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f85aa7dd6b selinux-policy-3.13.1-190.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-775b61dc0e xorg-x11-drv-evdev-2.10.3-1.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-550dcbaa52 accountsservice-0.6.40-4.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e38c21c74b findutils-4.6.0-5.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6408de4c1d bluez-5.40-1.fc24
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3d4c0d27b6 clementine-1.3.1-2.fc24 sqlite-3.12.2-1.fc24
The following builds have been pushed to Fedora 24 updates-testing
GraphicsMagick-1.3.24-1.fc24
accountsservice-0.6.40-4.fc24
beep-1.3-16.fc24
bluez-5.40-1.fc24
certbot-0.7.0-1.fc24
clementine-1.3.1-2.fc24
composer-1.1.2-1.fc24
eclipse-cdt-9.0.0-0.7.gitdff6b3b.fc24
eclipse-gef-3.11.0-0.1gitd3e8eb2.fc24
engauge-digitizer-8.1-1.fc24
erlang-lucene_parser-1-1.fc24
findutils-4.6.0-5.fc24
flatpak-0.6.3-1.fc24
fldigi-3.23.10-1.fc24
keycloak-httpd-client-install-0.3-1.fc24
knot-resolver-1.0.0-1.fc24
libfabric-1.3.0-2.fc24
nginx-1.10.1-1.fc24
owncloud-9.0.2-1.fc24
pagure-2.2-1.fc24
pam_yubico-2.22-1.fc24
php-nette-database-2.3.9-1.fc24
php-sabre-dav-3.0.9-1.fc24
php-sabre-http-4.2.1-1.fc24
php-symfony-2.8.6-2.fc24
php-symfony-security-acl-2.8.0-1.fc24
php-zendframework-zend-mvc-2.7.8-1.fc24
pioneer-20160512-3.fc24
python-acme-0.7.0-1.fc24
qgnomeplatform-0.2-1.20160531git.fc24
qt5-qtdeclarative-5.6.0-11.fc24
rsibreak-0.12.3-1.fc24
salt-2015.5.10-2.fc24
seafile-5.1.2-3.fc24
sqlite-3.12.2-1.fc24
strace-4.12-1.fc24
ti-uim-0-0.4.a0236bc.fc24
xorg-x11-drv-evdev-2.10.3-1.fc24
Details about builds:
================================================================================
GraphicsMagick-1.3.24-1.fc24 (FEDORA-2016-0d90ead5d7)
An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:
New GraphicsMagick bugfix/security release, see also:
http://www.graphicsmagick.org/NEWS.html#may-30-2016
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1306148 - CVE-2016-2317 CVE-2016-2318 GraphicsMagick: SVG parsing issues
https://bugzilla.redhat.com/show_bug.cgi?id=1306148
[ 2 ] Bug #1340814 - CVE-2016-5118 ImageMagick: Remote code execution via filename
https://bugzilla.redhat.com/show_bug.cgi?id=1340814
[ 3 ] Bug #1333410 - GraphicsMagick: SVG converting issues
https://bugzilla.redhat.com/show_bug.cgi?id=1333410
--------------------------------------------------------------------------------
================================================================================
accountsservice-0.6.40-4.fc24 (FEDORA-2016-550dcbaa52)
D-Bus interfaces for querying and manipulating user account information
--------------------------------------------------------------------------------
Update Information:
Don't create /root/.cache at startup
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331926 - AVC denied accounts-daemon write access root
https://bugzilla.redhat.com/show_bug.cgi?id=1331926
--------------------------------------------------------------------------------
================================================================================
beep-1.3-16.fc24 (FEDORA-2016-368b7a4ca3)
Beep the PC speaker any number of ways
--------------------------------------------------------------------------------
Update Information:
`beep-1.3-16.fc*` adds documentation and helping files for non-root users to run
`beep` successfully. This includes: * Updated documentation in
`/usr/share/doc/beep/README.fedora` which explains the `sudo` based setup.
* Example _sudoers_ configuration file at `/etc/sudoers.d/beep` which the
system admin must adapt for their local system's needs. * Shell aliases for
`beep` to allow non-root users to run `beep` from the shell via `sudo -n`,
for both _sh_ and _csh_ type shells. If you do not set up _sudoers_, the
behaviour of `beep` is the same: As root, running `beep` beeps. As non-root
user, running `beep` produces an error message. The error message is just a
different one now, produced by `sudo`.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1133231 - beep only works for root
https://bugzilla.redhat.com/show_bug.cgi?id=1133231
--------------------------------------------------------------------------------
================================================================================
bluez-5.40-1.fc24 (FEDORA-2016-6408de4c1d)
Bluetooth utilities
--------------------------------------------------------------------------------
Update Information:
Update to 5.40 bugfix relesae
--------------------------------------------------------------------------------
================================================================================
certbot-0.7.0-1.fc24 (FEDORA-2016-b2b998fb4f)
A free, automated certificate authority client
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.0
--------------------------------------------------------------------------------
================================================================================
clementine-1.3.1-2.fc24 (FEDORA-2016-3d4c0d27b6)
A music player and library organizer
--------------------------------------------------------------------------------
Update Information:
Updated to version 3.12.2 (https://sqlite.org/releaselog/3_12_2.html)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1323540 - [abrt] clementine: logging::MessageHandler(): clementine killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1323540
--------------------------------------------------------------------------------
================================================================================
composer-1.1.2-1.fc24 (FEDORA-2016-31f7380f4e)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.1.2** - 2016-05-31 * Fixed degraded mode issue when accessing
packagist.org * Fixed GitHub access_token being added on subsequent requests
in case of redirections * Fixed exclude-from-classmap not working in some
circumstances * Fixed openssl warning preventing the use of config command for
disabling tls
--------------------------------------------------------------------------------
================================================================================
eclipse-cdt-9.0.0-0.7.gitdff6b3b.fc24 (FEDORA-2016-66e4af5a88)
Eclipse C/C++ Development Tools (CDT) plugin
--------------------------------------------------------------------------------
Update Information:
Add missing Requires of eclipse-launchbar
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1340953 - Eclipse CDT Standalone Debugger crashes.
https://bugzilla.redhat.com/show_bug.cgi?id=1340953
--------------------------------------------------------------------------------
================================================================================
eclipse-gef-3.11.0-0.1gitd3e8eb2.fc24 (FEDORA-2016-32858854e4)
Graphical Editing Framework (GEF) Eclipse plug-in
--------------------------------------------------------------------------------
Update Information:
Update to Neon pre-release to sync with rest of the Eclipse stack.
--------------------------------------------------------------------------------
================================================================================
engauge-digitizer-8.1-1.fc24 (FEDORA-2016-cfdf687aa4)
Convert graphs or map files into numbers
--------------------------------------------------------------------------------
Update Information:
- Update to 8.1
--------------------------------------------------------------------------------
================================================================================
erlang-lucene_parser-1-1.fc24 (FEDORA-2016-4b6ddd3cde)
A library for Lucene-like query syntax parsing
--------------------------------------------------------------------------------
Update Information:
* Initial build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1336726 - Review Request: erlang-lucene_parser - A library for Lucene-like query syntax parsing
https://bugzilla.redhat.com/show_bug.cgi?id=1336726
--------------------------------------------------------------------------------
================================================================================
findutils-4.6.0-5.fc24 (FEDORA-2016-e38c21c74b)
The GNU versions of find utilities (find and xargs)
--------------------------------------------------------------------------------
Update Information:
- make sure that find -exec + passes all arguments (upstream bug #48030) -
clarify exit status handling of -exec cmd {} + in find(1) man page (#1325049)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1325049 - Documentation issue for '-exec {} +' syntax
https://bugzilla.redhat.com/show_bug.cgi?id=1325049
--------------------------------------------------------------------------------
================================================================================
flatpak-0.6.3-1.fc24 (FEDORA-2016-28555f5c00)
Application deployment framework for desktop apps
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.3
--------------------------------------------------------------------------------
================================================================================
fldigi-3.23.10-1.fc24 (FEDORA-2016-a91153d0d2)
Digital modem program for Linux
--------------------------------------------------------------------------------
Update Information:
=Version 3.23.10= 2016-05-23 David Freese <iam_w1hkj(a)w1hkj.com>
33ad2e6: logger c184758: Restore focus af25ef7: RsID button
ae93f9c: flmsg keepalive 5b367fb: 4bars b4b8df4: ASCII ctl chars
759e6cf: Suppress dockable macros 065ead7: Packet Prep 2016-04-13
Edouard Lafargue W6ELA <edouard(a)lafargue.name> 505c8b3: Portaudio Mono
2016-04-13 David Freese <iam_w1hkj(a)w1hkj.com> 68d9b32: FSQ message
files 2016-04-12 Robert Stiles <kk5vd(a)yahoo.com> 4ab48d4: KISS,
8PSK, FLARQ icon Modifications 2016-04-12 David Freese <iam_w1hkj(a)w1hkj.com>
76ab77c: FLARQ 9c04f07: focus behavior 2a3f4d4: PTT delays
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1314945 - fldigi-3.23.10.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1314945
--------------------------------------------------------------------------------
================================================================================
keycloak-httpd-client-install-0.3-1.fc24 (FEDORA-2016-1ad0de9c41)
Tools to configure Apache HTTPD as Keycloak client
--------------------------------------------------------------------------------
Update Information:
Initial upstream release
--------------------------------------------------------------------------------
================================================================================
knot-resolver-1.0.0-1.fc24 (FEDORA-2016-8c0eb27b8d)
Caching full DNS Resolver
--------------------------------------------------------------------------------
Update Information:
Final upstream release.
--------------------------------------------------------------------------------
================================================================================
libfabric-1.3.0-2.fc24 (FEDORA-2016-6eaf8d8982)
Open Fabric Interfaces
--------------------------------------------------------------------------------
Update Information:
Use psm/psm2 if possible on Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1340988 - Please rebuild libfabric to support psm and psm2
https://bugzilla.redhat.com/show_bug.cgi?id=1340988
--------------------------------------------------------------------------------
================================================================================
nginx-1.10.1-1.fc24 (FEDORA-2016-c329fc4c32)
A high performance web server and reverse proxy server
--------------------------------------------------------------------------------
Update Information:
update to upstream release 1.10.1 to fix CVE-2016-4450
--------------------------------------------------------------------------------
================================================================================
owncloud-9.0.2-1.fc24 (FEDORA-2016-a7d88ae655)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
Owncloud 9.0.2 update Please note this fixes the shipped nginx configuration so
that it works out the box with an install of owncloud-nginx ... if you have an
existing nginx based oC install please review your configuration after
installing the update. This also moves oC to its own php-fpm pool rather than
the default www one so that better segregation of configuration is possible
without impacting other PHP services.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1275826 - php-symfony-2.8.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1275826
[ 2 ] Bug #1261011 - owncloud-9.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1261011
[ 3 ] Bug #1332900 - owncloud-nginx ships a config that does not work
https://bugzilla.redhat.com/show_bug.cgi?id=1332900
--------------------------------------------------------------------------------
================================================================================
pagure-2.2-1.fc24 (FEDORA-2016-12b1688984)
A git-centered forge
--------------------------------------------------------------------------------
Update Information:
Update to 2.2 ---- Update to 2.1.1
--------------------------------------------------------------------------------
================================================================================
pam_yubico-2.22-1.fc24 (FEDORA-2016-2e19bc36ef)
A Pluggable Authentication Module for yubikeys
--------------------------------------------------------------------------------
Update Information:
update to 2.22
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1336774 - Segfault locks us out of the servers
https://bugzilla.redhat.com/show_bug.cgi?id=1336774
[ 2 ] Bug #1334799 - F23/F24 - pam_yubico upgrade fails, incorrect use of REQUIRES
https://bugzilla.redhat.com/show_bug.cgi?id=1334799
[ 3 ] Bug #1338786 - pam_yubico-2.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1338786
--------------------------------------------------------------------------------
================================================================================
php-nette-database-2.3.9-1.fc24 (FEDORA-2016-d58305872d)
Nette Database Component
--------------------------------------------------------------------------------
Update Information:
**Released version 2.3.9** * Helpers::detectType() detects DATERANGE as text
* Structure::analyzeForeignKeys() fixed lowercased name #122
--------------------------------------------------------------------------------
================================================================================
php-sabre-dav-3.0.9-1.fc24 (FEDORA-2016-a7d88ae655)
WebDAV Framework for PHP
--------------------------------------------------------------------------------
Update Information:
Owncloud 9.0.2 update Please note this fixes the shipped nginx configuration so
that it works out the box with an install of owncloud-nginx ... if you have an
existing nginx based oC install please review your configuration after
installing the update. This also moves oC to its own php-fpm pool rather than
the default www one so that better segregation of configuration is possible
without impacting other PHP services.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1275826 - php-symfony-2.8.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1275826
[ 2 ] Bug #1261011 - owncloud-9.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1261011
[ 3 ] Bug #1332900 - owncloud-nginx ships a config that does not work
https://bugzilla.redhat.com/show_bug.cgi?id=1332900
--------------------------------------------------------------------------------
================================================================================
php-sabre-http-4.2.1-1.fc24 (FEDORA-2016-a7d88ae655)
Library for dealing with http requests and responses
--------------------------------------------------------------------------------
Update Information:
Owncloud 9.0.2 update Please note this fixes the shipped nginx configuration so
that it works out the box with an install of owncloud-nginx ... if you have an
existing nginx based oC install please review your configuration after
installing the update. This also moves oC to its own php-fpm pool rather than
the default www one so that better segregation of configuration is possible
without impacting other PHP services.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1275826 - php-symfony-2.8.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1275826
[ 2 ] Bug #1261011 - owncloud-9.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1261011
[ 3 ] Bug #1332900 - owncloud-nginx ships a config that does not work
https://bugzilla.redhat.com/show_bug.cgi?id=1332900
--------------------------------------------------------------------------------
================================================================================
php-symfony-2.8.6-2.fc24 (FEDORA-2016-a7d88ae655)
PHP framework for web projects
--------------------------------------------------------------------------------
Update Information:
Owncloud 9.0.2 update Please note this fixes the shipped nginx configuration so
that it works out the box with an install of owncloud-nginx ... if you have an
existing nginx based oC install please review your configuration after
installing the update. This also moves oC to its own php-fpm pool rather than
the default www one so that better segregation of configuration is possible
without impacting other PHP services.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1275826 - php-symfony-2.8.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1275826
[ 2 ] Bug #1261011 - owncloud-9.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1261011
[ 3 ] Bug #1332900 - owncloud-nginx ships a config that does not work
https://bugzilla.redhat.com/show_bug.cgi?id=1332900
--------------------------------------------------------------------------------
================================================================================
php-symfony-security-acl-2.8.0-1.fc24 (FEDORA-2016-a7d88ae655)
Symfony Security Component - ACL (Access Control List)
--------------------------------------------------------------------------------
Update Information:
Owncloud 9.0.2 update Please note this fixes the shipped nginx configuration so
that it works out the box with an install of owncloud-nginx ... if you have an
existing nginx based oC install please review your configuration after
installing the update. This also moves oC to its own php-fpm pool rather than
the default www one so that better segregation of configuration is possible
without impacting other PHP services.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1275826 - php-symfony-2.8.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1275826
[ 2 ] Bug #1261011 - owncloud-9.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1261011
[ 3 ] Bug #1332900 - owncloud-nginx ships a config that does not work
https://bugzilla.redhat.com/show_bug.cgi?id=1332900
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-mvc-2.7.8-1.fc24 (FEDORA-2016-212bf62a7b)
Zend Framework Mvc component
--------------------------------------------------------------------------------
Update Information:
**zend-mvc 2.7.8** - 2016-05-31 - [#138](https://github.com/zendframework/zend-
mvc/pull/138) adds support for PHP 7 `Throwable`s within each of: -
`DispatchListener` - `MiddlewareListener` - The console
`RouteNotFoundStrategy` and `ExceptionStrategy` - The HTTP
`DefaultRenderingStrategy` and `RouteNotFoundStrategy`
--------------------------------------------------------------------------------
================================================================================
pioneer-20160512-3.fc24 (FEDORA-2016-85301993ca)
A game of lonely space adventure
--------------------------------------------------------------------------------
Update Information:
- New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1339158 - Review Request: pioneer - A game of lonely space adventure
https://bugzilla.redhat.com/show_bug.cgi?id=1339158
--------------------------------------------------------------------------------
================================================================================
python-acme-0.7.0-1.fc24 (FEDORA-2016-b2b998fb4f)
Python library for the ACME protocol
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.0
--------------------------------------------------------------------------------
================================================================================
qgnomeplatform-0.2-1.20160531git.fc24 (FEDORA-2016-a90d9b7157)
Qt Platform Theme aimed to accommodate Gnome settings
--------------------------------------------------------------------------------
Update Information:
Update to latest git snapshot.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1318802 - One specific Qt5 widget doesn't accommodate Gnome's font settings
https://bugzilla.redhat.com/show_bug.cgi?id=1318802
[ 2 ] Bug #1318787 - no font and no window scaling with Qt5.6.0, fonts too small
https://bugzilla.redhat.com/show_bug.cgi?id=1318787
--------------------------------------------------------------------------------
================================================================================
qt5-qtdeclarative-5.6.0-11.fc24 (FEDORA-2016-7e822d9239)
Qt5 - QtDeclarative component
--------------------------------------------------------------------------------
Update Information:
Include upstream workaround for a common crash condition.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1259472 - [abrt] plasma-workspace: KCrash::defaultCrashHandler(int)(): kscreenlocker_greet killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1259472
--------------------------------------------------------------------------------
================================================================================
rsibreak-0.12.3-1.fc24 (FEDORA-2016-2ef57508b4)
A small utility which bothers you at certain intervals
--------------------------------------------------------------------------------
Update Information:
Latest rsibreak release.
--------------------------------------------------------------------------------
================================================================================
salt-2015.5.10-2.fc24 (FEDORA-2016-ccea8c7735)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
Updated patch ---- Update to bugfix release 2015.5.10
--------------------------------------------------------------------------------
================================================================================
seafile-5.1.2-3.fc24 (FEDORA-2016-6aa664154f)
Cloud storage cli client
--------------------------------------------------------------------------------
Update Information:
Initial commit
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1160671 - Review Request: seafile - Cloud storage system
https://bugzilla.redhat.com/show_bug.cgi?id=1160671
--------------------------------------------------------------------------------
================================================================================
sqlite-3.12.2-1.fc24 (FEDORA-2016-3d4c0d27b6)
Library that implements an embeddable SQL database engine
--------------------------------------------------------------------------------
Update Information:
Updated to version 3.12.2 (https://sqlite.org/releaselog/3_12_2.html)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1323540 - [abrt] clementine: logging::MessageHandler(): clementine killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1323540
--------------------------------------------------------------------------------
================================================================================
strace-4.12-1.fc24 (FEDORA-2016-05bb01e38b)
Tracks and displays system calls associated with a running process
--------------------------------------------------------------------------------
Update Information:
v4.11-163-g972018f -> v4.12.
--------------------------------------------------------------------------------
================================================================================
ti-uim-0-0.4.a0236bc.fc24 (FEDORA-2016-4f1cc8b19c)
Texas Instruments User Mode Init manager
--------------------------------------------------------------------------------
Update Information:
Latest git snapshot
--------------------------------------------------------------------------------
================================================================================
xorg-x11-drv-evdev-2.10.3-1.fc24 (FEDORA-2016-775b61dc0e)
Xorg X11 evdev input driver
--------------------------------------------------------------------------------
Update Information:
evdev 2.10.3
--------------------------------------------------------------------------------