The following Fedora 24 Security updates need testing:
Age URL
119
https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24
102
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f
chicken-4.11.0-3.fc24
54
https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea
compat-guile18-1.8.8-14.fc24
16
https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df
jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c198d15316
ntp-4.2.6p5-43.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2424eeca35
phpMyAdmin-4.6.5.1-2.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2460f713a1
php-php-gettext-1.0.12-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-302f840ecf
perl-DBD-MySQL-4.039-2.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c52762efb1
gstreamer-plugins-bad-free-0.10.23-33.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-30f68ec06b
mcabber-1.0.4-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad6fc78dd
golang-1.6.4-2.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-60753c3dcd
roundcubemail-1.2.3-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a98c560116
tomcat-8.0.39-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3618d9ef6
python-tornado-4.4.2-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b000091725
php-simplesamlphp-saml2-2.3.3-1.fc24 php-simplesamlphp-saml2_1-1.10.3-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b465090499
ipsilon-2.0.2-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4dd1db1e7 lxc-2.0.6-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f
kernel-4.8.12-200.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
57
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9
pungi-4.1.10-1.fc24
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cddf0ec383
nss-3.27.0-1.3.fc24
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0006447a5
colord-1.3.4-1.fc24
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-71f117dc02 pyxdg-0.25-10.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9b731e067
libimobiledevice-1.2.0-8.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e191e610
evolution-data-server-3.20.6-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-41ce1a19af
libbluray-0.9.3-3.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f
kernel-4.8.12-200.fc24
The following builds have been pushed to Fedora 24 updates-testing
COPASI-4.18.136-1.fc24
appstream-data-24-11.fc24
bibus-1.5.2-1.fc24
cpuid-20161201-1.fc24
ibus-typing-booster-1.5.14-1.fc24
ipsilon-2.0.2-2.fc24
kernel-4.8.12-200.fc24
libabigail-1.0-0.8.rc6.3.fc24
libvmi-0.11.0-1.20161202gitb9b020c.fc24
lxc-2.0.6-2.fc24
mariadb-10.1.19-6.fc24
mozjs45-45.5.1-1.fc24
mup-6.5-1.fc24
netpbm-10.76.00-2.fc24
ocl-icd-2.2.10-1.fc24
perl-Net-GitHub-0.86-1.fc24
php-cs-fixer-2.0.0-1.fc24
php-horde-Horde-Auth-2.2.1-1.fc24
php-horde-Horde-Core-2.27.4-1.fc24
php-horde-Horde-Crypt-2.7.4-1.fc24
php-horde-Horde-Imap-Client-2.29.11-1.fc24
php-horde-Horde-Vfs-2.3.4-1.fc24
picojson-1.3.0-1.fc24
purple-hangouts-0-41.20161128hg4c2de0f.fc24
python-adal-0.4.3-1.fc24
python-pkgconfig-1.2.2-1.fc24
python-pyvo-0.4.1-2.20161020git823b14a.fc24
tcsh-6.19.00-12.fc24
terminator-1.90-5.fc24
vdr-epg-daemon-1.1.66-1.fc24
xosview-1.19-1.fc24
Details about builds:
================================================================================
COPASI-4.18.136-1.fc24 (FEDORA-2016-f41a3f985e)
Biochemical network simulator
--------------------------------------------------------------------------------
Update Information:
- Update to build-136 (stable release)
--------------------------------------------------------------------------------
================================================================================
appstream-data-24-11.fc24 (FEDORA-2016-272a13f93f)
Fedora AppStream metadata
--------------------------------------------------------------------------------
Update Information:
New metadata version
--------------------------------------------------------------------------------
================================================================================
bibus-1.5.2-1.fc24 (FEDORA-2016-3312806090)
Bibliographic and reference management software
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream release 1.5.2, fixes rhbz #757675 - Added patch to
fixes rhbz #1190916 (thanks to Scott Talbert)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #757675 - bibus-1.5.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=757675
[ 2 ] Bug #1190916 - bibus: deprecation warning with wxPython 3.0
https://bugzilla.redhat.com/show_bug.cgi?id=1190916
--------------------------------------------------------------------------------
================================================================================
cpuid-20161201-1.fc24 (FEDORA-2016-546b7aae31)
Dumps information about the CPU(s)
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version 20161201 (rhbz#1400731)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400731 - cpuid-20161201.src is available
https://bugzilla.redhat.com/show_bug.cgi?id=1400731
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-1.5.14-1.fc24 (FEDORA-2016-f798173d42)
A typing booster engine for the IBus platform
--------------------------------------------------------------------------------
Update Information:
update to 1.5.14; Fix "delete whitespace when committing punctuation" problem
in
firefox
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1399192 - Problem using ibus-typing-booster in firefox: When typing
"word . " the space between "word" and ". " is not deleted
and the cursor ends up after "word "
https://bugzilla.redhat.com/show_bug.cgi?id=1399192
--------------------------------------------------------------------------------
================================================================================
ipsilon-2.0.2-2.fc24 (FEDORA-2016-b465090499)
An Identity Provider Server
--------------------------------------------------------------------------------
Update Information:
New Ipsilon 2.0 release. ---- Main changes since 1.2: Security fix for
���CVE-2016-8638 OpenID Connect 2.0 OAuth 2 User portal with consent management
Authorization plugin support Support for adding an instance to the web root Lots
of bugfixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1348585 - Ipsilon form config contains wrong PAM service file
https://bugzilla.redhat.com/show_bug.cgi?id=1348585
[ 2 ] Bug #1346336 - New ipsilon-idp.conf doesn't work with mod_nss installed
https://bugzilla.redhat.com/show_bug.cgi?id=1346336
[ 3 ] Bug #1396973 - CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1396973
[ 4 ] Bug #1391445 - Using ipsilon-client-install --saml-auth produces Alias /protected
/usr/share/ipsilon/ui/saml2sp
https://bugzilla.redhat.com/show_bug.cgi?id=1391445
--------------------------------------------------------------------------------
================================================================================
kernel-4.8.12-200.fc24 (FEDORA-2016-5ec2475e3f)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.8.12 stable update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400804 - CVE-2016-9777 Kernel: kvm: out of bounds memory access via vcpu_id
https://bugzilla.redhat.com/show_bug.cgi?id=1400804
[ 2 ] Bug #1400468 - CVE-2016-9756 Kernel: kvm: stack memory information leakage
https://bugzilla.redhat.com/show_bug.cgi?id=1400468
[ 3 ] Bug #1400904 - CVE-2016-9755 kernel: netfilter: Out-of-bounds write due to a
signedness issue when defragmenting ipv6 packets
https://bugzilla.redhat.com/show_bug.cgi?id=1400904
--------------------------------------------------------------------------------
================================================================================
libabigail-1.0-0.8.rc6.3.fc24 (FEDORA-2016-f9c3004560)
Set of ABI analysis tools
--------------------------------------------------------------------------------
Update Information:
Fix upstream Bug 20927 - Segfault when abidiff is invoked with $HOME empty ----
Fix an issue where some suppressed diff nodes are still visible in change
reports ---- Update to upstream 1.0.rc6 tarball
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1352547 - Missing pyxdg as Requires in libabigail-1.0-0.8.rc5.3.fc24
https://bugzilla.redhat.com/show_bug.cgi?id=1352547
[ 2 ] Bug #19658 - None
https://bugzilla.redhat.com/show_bug.cgi?id=19658
--------------------------------------------------------------------------------
================================================================================
libvmi-0.11.0-1.20161202gitb9b020c.fc24 (FEDORA-2016-89e8cb8ae0)
A library for performing virtual-machine introspection
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
================================================================================
lxc-2.0.6-2.fc24 (FEDORA-2016-b4dd1db1e7)
Linux Resource Containers
--------------------------------------------------------------------------------
Update Information:
Update LXC to the latest stable version. See
[
here](https://linuxcontainers.org/lxc/news/) for the list of changes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1398242 - CVE-2016-8649 lxc: lxc-attach to malicious container allows access
to host
https://bugzilla.redhat.com/show_bug.cgi?id=1398242
--------------------------------------------------------------------------------
================================================================================
mariadb-10.1.19-6.fc24 (FEDORA-2016-96c333c654)
A community developed branch of MySQL
--------------------------------------------------------------------------------
Update Information:
Related: 1382988 1400233 1399847 1396945
--------------------------------------------------------------------------------
================================================================================
mozjs45-45.5.1-1.fc24 (FEDORA-2016-1f8c89fc81)
JavaScript interpreter and libraries
--------------------------------------------------------------------------------
Update Information:
Update to latest minor version.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400598 - mozjs45-45.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1400598
--------------------------------------------------------------------------------
================================================================================
mup-6.5-1.fc24 (FEDORA-2016-062f3e6246)
A music notation program that can also generate MIDI files
--------------------------------------------------------------------------------
Update Information:
Update to Mup 6.5
--------------------------------------------------------------------------------
================================================================================
netpbm-10.76.00-2.fc24 (FEDORA-2016-ec2eae2554)
A library for handling different graphics file formats
--------------------------------------------------------------------------------
Update Information:
add missing directives about bundled libraries jasper and jbigkit ---- New
version of netpbm is available (10.76.00)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1395716 - netpbm sources contains bunndled jbigkit and jasper libraries
https://bugzilla.redhat.com/show_bug.cgi?id=1395716
[ 2 ] Bug #1393713 - netpbm-10.76.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1393713
--------------------------------------------------------------------------------
================================================================================
ocl-icd-2.2.10-1.fc24 (FEDORA-2016-a97196bed3)
OpenCL ICD Bindings
--------------------------------------------------------------------------------
Update Information:
Update to 2.2.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401270 - ocl-icd-2.2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1401270
--------------------------------------------------------------------------------
================================================================================
perl-Net-GitHub-0.86-1.fc24 (FEDORA-2016-9a8d470105)
Perl interface for
github.com
--------------------------------------------------------------------------------
Update Information:
Rebase to upstream version 0.86.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401295 - perl-Net-GitHub-0.86 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1401295
--------------------------------------------------------------------------------
================================================================================
php-cs-fixer-2.0.0-1.fc24 (FEDORA-2016-eff2120f31)
A tool to automatically fix PHP code style
--------------------------------------------------------------------------------
Update Information:
The PHP Coding Standards Fixer tool fixes most issues in your code when you want
to follow the PHP coding standards as defined in the PSR-1 and PSR-2 documents
and many more. If you are already using a linter to identify coding standards
problems in your code, you know that fixing them by hand is tedious, especially
on large projects. This tool does not only detect them, but also fixes them for
you.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1391951 - Review Request: php-cs-fixer - A tool to automatically fix PHP code
style
https://bugzilla.redhat.com/show_bug.cgi?id=1391951
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Auth-2.2.1-1.fc24 (FEDORA-2016-8177e2f7e6)
Horde Authentication API
--------------------------------------------------------------------------------
Update Information:
**Horde_Auth 2.2.1** * [jan] Use more efficient database access in SQL backend.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Core-2.27.4-1.fc24 (FEDORA-2016-fd50a3e144)
Horde Core Framework libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Core 2.27.4** * [mjr] Fix Google Map API warnings (Bug #14525,
arjen+horde). * [jan] Catch errors from NoSQL preference backend. * [jan] Make
'hostspec' parameter for MongoDB configuration optional again on PHP 7. * [jan]
Fix session preference driver. * [jan] Don't pollute DB DSN with unknown
parameters when using Cyrsql authentication driver. * [mjr] Refresh mailbox list
when retrieving for ActiveSync.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Crypt-2.7.4-1.fc24 (FEDORA-2016-71d1c3ee11)
Horde Cryptography API
--------------------------------------------------------------------------------
Update Information:
**Horde_Crypt 2.7.4** * [mjr] Ensure version information is output in ASCII
armored output. * [jan] Fix parsing inline signed PGP messages with PHP 7+ (Bug
#14352).
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Imap-Client-2.29.11-1.fc24 (FEDORA-2016-1a6a2e09c5)
Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:
**Horde_Imap_Client 2.29.11** * [mjr] Fix failed connections when using unix
sockets (Thomas Jarosch).
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Vfs-2.3.4-1.fc24 (FEDORA-2016-2a743ca7f0)
Virtual File System API
--------------------------------------------------------------------------------
Update Information:
**Horde_Vfs 2.3.4** * [jan] Use more efficient database access in SQL backend.
--------------------------------------------------------------------------------
================================================================================
picojson-1.3.0-1.fc24 (FEDORA-2016-fc70ad2cda)
A header-file-only, JSON parser / serializer in C++
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new release 1.3.0 + spec clean updisabled empty debuginfo - Fixes
rhbz #1114328 rhbz #1175221 and rhbz #1307862
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1307862 - picojson: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1307862
[ 2 ] Bug #1114328 - picojson-debuginfo is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1114328
[ 3 ] Bug #1175221 - picojson-1.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1175221
--------------------------------------------------------------------------------
================================================================================
purple-hangouts-0-41.20161128hg4c2de0f.fc24 (FEDORA-2016-42ab93d743)
Hangouts plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated to latest snapshot.
--------------------------------------------------------------------------------
================================================================================
python-adal-0.4.3-1.fc24 (FEDORA-2016-9bfe9babc1)
ADAL for Python
--------------------------------------------------------------------------------
Update Information:
###ADAL for Python 0.4.3 * Fixes logger bug to ensure proper logging * Updates
dependency to exclude the requests package 2.12.* * Introduces a new switch to
override the default behavior ###ADAL for Python 0.4.2 * Fix decoding
exception when decoding id_token with non-ASCII characters on Python 2.x * Minor
adjustment on version string handling ###ADAL for Python 0.4.1 * Fix encoding
exceptions on formatting error text * Minor typo fixes in sample code ###ADAL
for Python 0.4.0 * Support login using federated credentials through protocols
of wstrust 1.3 or 2005 * Support http tracing through proxies by exposing the
environment variable of ADAL_PYTHON_SSL_NO_VERIFY ###ADAL for Python 0.3.0 *
Support device code flow, required for accounts with 2FA enforced, or MSA
accounts such as live id * Support service principal with certificate. * Support
token cache. * Remove all JS style of callbacks for better code readability and
maintainability. * Improve 'AuthenticationContext' class to be consistent with
ADAL node and C# versions. * Add samples showing how to use the ADAL in correct
ways. Convenient methods in init.py were removed as it has no integrations with
cache and used client id belonging to other client app. * Update readme with
common authentication flows and smooth package installations. * Update for US
Government and German Government Authority.
--------------------------------------------------------------------------------
================================================================================
python-pkgconfig-1.2.2-1.fc24 (FEDORA-2016-e4caaeb429)
A Python interface to the pkg-config command line tool
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.2
--------------------------------------------------------------------------------
================================================================================
python-pyvo-0.4.1-2.20161020git823b14a.fc24 (FEDORA-2016-3bd565d35e)
Access to remote data and services of the Virtual observatory (VO) using Python
--------------------------------------------------------------------------------
Update Information:
Added missing requirement for requests, added subpackage for documentation
--------------------------------------------------------------------------------
================================================================================
tcsh-6.19.00-12.fc24 (FEDORA-2016-ba395af532)
An enhanced version of csh, the C shell
--------------------------------------------------------------------------------
Update Information:
Pre-emptive fix for an issue that is currently being investigated as possible
security flaw. ---- Previously, using command 'rm *' while the tcsh option
'rmstar' was set resulted in tcsh getting stuck and not doing anything. This
bug has been been fixed.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1386129 - RM command with star argument to remove all does not work
https://bugzilla.redhat.com/show_bug.cgi?id=1386129
--------------------------------------------------------------------------------
================================================================================
terminator-1.90-5.fc24 (FEDORA-2016-77620715b6)
Store and run multiple GNOME terminals in one window
--------------------------------------------------------------------------------
Update Information:
add python-gobject to requires and clean up old gtk2 requires. ---- This
update brings the new Terminator release in version 1.90 to your box. The most
significant change is, that this release is now ported to GTK3 and uses libvte3.
A detailed changelog is available here:
http://bazaar.launchpad.net/~gnome-
terminator/terminator/gtk3/view/head:/ChangeLog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400474 - [abrt] terminator: __init__.py:122:require_version:ValueError:
Namespace Vte not available for version 2.91
https://bugzilla.redhat.com/show_bug.cgi?id=1400474
[ 2 ] Bug #1363792 - ncurses: 'tput reset' outputs ' ^[]104' after
terminal is cleared
https://bugzilla.redhat.com/show_bug.cgi?id=1363792
[ 3 ] Bug #1363928 - terminator shows duplicated key in in group terminals
https://bugzilla.redhat.com/show_bug.cgi?id=1363928
[ 4 ] Bug #1322052 - [abrt] terminator: paned.py:280:wrapcloseterm:AttributeError:
'NoneType' object has no attribute 'grab_focus'
https://bugzilla.redhat.com/show_bug.cgi?id=1322052
[ 5 ] Bug #1304583 - [abrt] terminator: invalid syntax (terminator, line 125)
https://bugzilla.redhat.com/show_bug.cgi?id=1304583
[ 6 ] Bug #1301382 - Terminator does not use KDE's default browser setting
https://bugzilla.redhat.com/show_bug.cgi?id=1301382
[ 7 ] Bug #1290183 - [abrt] terminator:
terminal.py:1143:ensure_visible_and_focussed:AttributeError: 'Terminal' object has
no attribute 'get_child'
https://bugzilla.redhat.com/show_bug.cgi?id=1290183
[ 8 ] Bug #1397825 - terminator-1.90 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1397825
--------------------------------------------------------------------------------
================================================================================
vdr-epg-daemon-1.1.66-1.fc24 (FEDORA-2016-75599d888f)
A daemon to download EPG data from internet and manage it in a mysql database
--------------------------------------------------------------------------------
Update Information:
Update 1.1.66 ---- Update 1.1.65 ---- Update to 1.1.64 ---- Update to
1.1.63 ---- Update to 1.1.61 ---- Update to 1.1.54 ---- Update to 1.1.53
---- Update to 1.1.52 ---- Update to 1.1.48 ---- Update to 1.1.47 ----
Update to 1.1.46 ---- Update to 1.1.44 ---- Update to 1.1.42 ---- Update
to 1.1.58 ---- Update to 1.1.55 ---- Update to 1.1.62
--------------------------------------------------------------------------------
================================================================================
xosview-1.19-1.fc24 (FEDORA-2016-f32296f646)
An X Window System utility for monitoring system resources
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream release 1.19, fixes rhbz #1401149 - Do not use
upstreamed patches (already in latest release)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401149 - xosview-1.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1401149
--------------------------------------------------------------------------------