The following Fedora 23 Security updates need testing:
Age URL
408
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
365
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
338
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
289
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
288
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
254
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
95
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23
84
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23
77
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
75
https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f
firewalld-0.4.3.3-1.fc23
61
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14
dhcpcd-6.11.3-1.fc23
27
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-17ea599651
compat-guile18-1.8.8-14.fc23
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ee56c530fa
epiphany-3.18.8-1.fc23 webkitgtk4-2.14.1-1.fc23
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b
dbus-1.10.12-1.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c789ba91d
jasper-1.900.13-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4094bd4ad6
tomcat-8.0.38-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-21f0de504c libXi-1.7.8-2.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f7a079f775
kdepimlibs-4.14.10-15.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-568c7ff4f6
quagga-0.99.24.1-3.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b89e991e63
nodejs-0.10.48-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-012de4c97e
chromium-54.0.2840.71-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-da6b1d277b xen-4.5.5-3.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
104
https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23
libreport-2.6.4-3.fc23
77
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
38
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e
python-virtkey-0.63.0-1.fc23
32
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a
koji-1.10.1-13.fc23
27
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b
dbus-1.10.12-1.fc23
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79669f13cf
dmidecode-3.0-6.fc23
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3da7667d60
sane-backends-1.0.25-4.fc23
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-86a2119f42 nspr-4.13.1-1.fc23
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4379c6e6d6
libfm-1.2.4-8.D20161017git82b3a1a201.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a8ab1b8bc
menu-cache-1.0.1-3.D20161021git441f0ca9a1.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b06386d473 pcre-8.39-6.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c789ba91d
jasper-1.900.13-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f7a079f775
kdepimlibs-4.14.10-15.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-21f0de504c libXi-1.7.8-2.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a0a575d718
libraw1394-2.1.2-1.fc23
The following builds have been pushed to Fedora 23 updates-testing
amanda-3.4-3.fc23
calcurse-4.2.1-1.fc23
dovecot-2.2.26.0-1.fc23
gnome-chemistry-utils-0.14.15-1.fc23
gnuchess-6.2.4-1.fc23
goffice-0.10.32-2.fc23
lighttpd-1.4.43-1.fc23
mediawriter-4.0.0-2.fc23
petsc-3.7.4-12.fc23
php-Analog-1.0.9-1.fc23
python-line_profiler-2.0-1.fc23
python-scour-0.35-2.fc23
whois-5.2.13-1.fc23
Details about builds:
================================================================================
amanda-3.4-3.fc23 (FEDORA-2016-c496e020d0)
A network-capable tape backup solution
--------------------------------------------------------------------------------
Update Information:
amanda-3.4 is available
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1386434 - amanda-3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1386434
--------------------------------------------------------------------------------
================================================================================
calcurse-4.2.1-1.fc23 (FEDORA-2016-c47ed8d538)
Text-based personal organizer
--------------------------------------------------------------------------------
Update Information:
4.2.1
--------------------------------------------------------------------------------
================================================================================
dovecot-2.2.26.0-1.fc23 (FEDORA-2016-00d74f60c5)
Secure imap and pop3 server
--------------------------------------------------------------------------------
Update Information:
* dovecot and pigeonhole updated * master: Removed hardcoded 511 backlog limit
for listen(). The kernel should limit this as needed. * doveadm import:
Source user is now initialized the same as target user. Added -U parameter to
override the source user. * Mailbox names are no longer limited to 16 hierarchy
levels. We'll check another way to make sure mailbox names can't grow larger
than 4096 bytes. + Added a concept of "alternative usernames" by returning
user_* extra field(s) in passdb. doveadm proxy list shows these alt usernames
in "doveadm proxy list" output. "doveadm director&proxy kick"
adds -f
<passdb field> parameter. The alt usernames don't have to be unique, so this
allows creation of user groups and kicking them in one command. + auth:
passdb/userdb dict allows now %variables in key settings. + auth: If passdb
returns noauthenticate=yes extra field, assume that it only set extra fields
and authentication wasn't actually performed. + auth: passdb static now
supports password={scheme} prefix. + auth, login_log_format_elements: Added
%{local_name} variable, which expands to TLS SNI hostname if given. + imapc:
Added imapc_max_line_length to limit maximum memory usage. + imap, pop3: Added
rawlog_dir setting to store IMAP/POP3 traffic logs. This replaces at least
partially the rawlog plugin. + dsync: Added dsync_features=empty-header-
workaround setting. This makes incremental dsyncs work better for servers
that randomly return empty headers for mails. When an empty header is seen
for an existing mail, dsync assumes that it matches the local mail. +
doveadm sync/backup: Added -I <max size> parameter to skip too large mails.
+ doveadm sync/backup: Fixed -t parameter and added -e for "end date". +
doveadm mailbox metadata: Added -s parameter to allow accessing server
metadata by using empty mailbox name. + Added "doveadm service status" and
"doveadm process status" commands. + director: Added director_flush_socket.
See
http://wiki2.dovecot.org/Director#Flush_socket + doveadm director flush: Users
are now moved only max 100 at a time to avoid load spikes. --max-parallel
parameter overrides this. + Added FILE_LOCK_SLOW_WARNING_MSECS environment,
which logs a warning if any lock is waited on or kept for this many
milliseconds. - master process's listener socket was leaked to all child
processes. This might have allowed untrusted processes to capture and prevent
"doveadm service stop" comands from working. - login proxy: Fixed crash when
outgoing SSL connections were hanging. - auth: userdb fields weren't passed to
auth-workers, so %{userdb:*} from previous userdbs didn't work there. -
auth: Each userdb lookup from cache reset its TTL. - auth: Fixed auth_bind=yes
+ sasl_bind=yes to work together - auth: Blocking userdb lookups reset extra
fields set by previous userdbs. - auth: Cache keys didn't include
%{passdb:*} and %{userdb:*} - auth-policy: Fixed crash due to using already-
freed memory if policy lookup takes longer than auth request exists. - lib-
auth: Unescape passdb/userdb extra fields. Mainly affected returning extra
fields with LFs or TABs. - lmtp_user_concurrency_limit>0 setting was logging
unnecessary anvil errors. - lmtp_user_concurrency_limit is now checked
before quota check with lmtp_rcpt_check_quota=yes to avoid unnecessary quota
work. - lmtp: %{userdb:*} variables didn't work in mail_log_prefix -
autoexpunge settings for mailboxes with wildcards didn't work when namespace
prefix was non-empty. - Fixed writing >2GB to iostream-temp files (used by fs-
compress, fs-metawrap, doveadm-http) - director: Ignore duplicates in
director_servers setting. - director: Many fixes related to connection
handshaking, user moving and error handling. - director: Don't break with
shutdown_clients=no - zlib, IMAP BINARY: Fixed internal caching when accessing
multiple newly created mails. They all had UID=0 and the next mail could have
wrongly used the previously cached mail. - doveadm stats reset wasn't reseting
all the stats. - auth_stats=yes: Don't update num_logins, since it doubles them
when using with mail stats. - quota count: Fixed deadlocks when updating
vsize header. - dict-quota: Fixed crashes happening due to memory corruption.
- dict proxy: Fixed various timeout-related bugs. - doveadm proxying: Fixed -A
and -u wildcard handling. - doveadm proxying: Fixed hangs and bugs related to
printing. - imap: Fixed wrongly triggering assert-crash in
client_check_command_hangs. - imap proxy: Don't send ID command pipelined with
nopipelining=yes - imap-hibernate: Don't execute quota_over_script or
last_login after un-hibernation. - imap-hibernate: Don't un-hibernate if
client sends DONE+IDLE in one IP packet. - imap-hibernate: Fixed various
failures when un-hibernating. - fts: fts_autoindex=yes was broken in 2.2.25
unless fts_autoindex_exclude settings existed. - fts-solr: Fixed searching
multiple mailboxes (patch by x16a0) - doveadm fetch body.snippet wasn't working
in 2.2.25. Also fixed a crash with certain emails. - pop3-migration + dbox:
Various fixes related to POP3 UIDL optimization in 2.2.25. - pop3-migration:
Fixed "truncated email header" workaround.
--------------------------------------------------------------------------------
================================================================================
gnome-chemistry-utils-0.14.15-1.fc23 (FEDORA-2016-e80a796d2f)
A set of chemical utilities
--------------------------------------------------------------------------------
Update Information:
Added lasem support and updated to latest upstream release: *
https://wiki.gnome.org/Projects/Lasem *
https://savannah.nongnu.org/forum/forum.php?forum_id=8725
--------------------------------------------------------------------------------
================================================================================
gnuchess-6.2.4-1.fc23 (FEDORA-2016-5a668f6fc5)
The GNU chess program
--------------------------------------------------------------------------------
Update Information:
6.2.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1389898 - gnuchess-6.2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1389898
--------------------------------------------------------------------------------
================================================================================
goffice-0.10.32-2.fc23 (FEDORA-2016-e80a796d2f)
G Office support libraries
--------------------------------------------------------------------------------
Update Information:
Added lasem support and updated to latest upstream release: *
https://wiki.gnome.org/Projects/Lasem *
https://savannah.nongnu.org/forum/forum.php?forum_id=8725
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.43-1.fc23 (FEDORA-2016-9559e1b00d)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
1.4.43 ---- Split out mysql and gssapi authn modules. ---- 1.4.42, now with
upstream mod_geoip.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1385640 - lighttpd-1.4.42 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1385640
--------------------------------------------------------------------------------
================================================================================
mediawriter-4.0.0-2.fc23 (FEDORA-2016-b5af28b3f9)
Fedora Media Writer
--------------------------------------------------------------------------------
Update Information:
Update to 4.0.0 ---- Update to 3.97.2
--------------------------------------------------------------------------------
================================================================================
petsc-3.7.4-12.fc23 (FEDORA-2016-185beddccc)
Portable Extensible Toolkit for Scientific Computation
--------------------------------------------------------------------------------
Update Information:
- New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1350257 - Review Request: petsc - Portable Extensible Toolkit for Scientific
Computation
https://bugzilla.redhat.com/show_bug.cgi?id=1350257
--------------------------------------------------------------------------------
================================================================================
php-Analog-1.0.9-1.fc23 (FEDORA-2016-a989412a88)
PHP micro logging package
--------------------------------------------------------------------------------
Update Information:
Last upstream release, use fedora autoloader
--------------------------------------------------------------------------------
================================================================================
python-line_profiler-2.0-1.fc23 (FEDORA-2016-7097edfc68)
Line-by-line profiler for python
--------------------------------------------------------------------------------
Update Information:
Update line_profiler to version 2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387463 - python-line_profiler-2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1387463
--------------------------------------------------------------------------------
================================================================================
python-scour-0.35-2.fc23 (FEDORA-2016-3565264129)
An SVG scrubber
--------------------------------------------------------------------------------
Update Information:
Inital build of python-scour.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1389784 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1389784
[ 2 ] Bug #1389772 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1389772
--------------------------------------------------------------------------------
================================================================================
whois-5.2.13-1.fc23 (FEDORA-2016-9ab35cae21)
Improved WHOIS client
--------------------------------------------------------------------------------
Update Information:
This release updates disclaimer detection for
crsnic.net server. It adds records
for new ASN and IPv4 allocations and many new generic TLDs. It also updates
records for jobs., mobi., and bd. domains.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390038 - whois-5.2.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1390038
--------------------------------------------------------------------------------