The following Fedora 23 Security updates need testing:
Age URL
160
https://bodhi.fedoraproject.org/updates/FEDORA-2015-12739
python-kdcproxy-0.3.2-1.fc23
113
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
100
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
87
https://bodhi.fedoraproject.org/updates/FEDORA-2015-66439aa9e2
openstack-glance-2015.1.2-1.fc23
71
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
44
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
43
https://bodhi.fedoraproject.org/updates/FEDORA-2015-28076d0830
thttpd-2.25b-35.fc23
43
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-36.fc23
35
https://bodhi.fedoraproject.org/updates/FEDORA-2015-abf9659276
php-PHPMailer-5.2.14-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-105b3b8804
salt-2015.5.8-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c82e5c322c
gajim-0.16.5-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-64c69ec297
libxmp-4.3.10-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3509d27585
nodejs-ws-1.0.1-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-902a2b18d8
shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-558167a417 php-5.6.17-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-21f5261525
wordpress-4.4.1-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f048c43393
radicale-1.1.1-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3784096ef
mbedtls-2.2.1-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-38e48069f8
prosody-0.9.9-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-69e506e02d
perl-PathTools-3.60-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a576196426
owncloud-8.0.10-1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-59825bca79 krb5-1.14-5.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-69e506e02d
perl-PathTools-3.60-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-faf70f2302 bash-4.3.42-3.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d704a7f93e
gnutls-3.4.8-1.fc23
The following builds have been pushed to Fedora 23 updates-testing
bash-4.3.42-3.fc23
coreboot-utils-4.2-1.fc23
dcap-2.47.10-1.fc23
docker-compose-1.5.2-3.fc23
fontopia-1.1-2.fc23
gnutls-3.4.8-1.fc23
gofer-2.7.1-1.fc23
kde-wallpapers-15.08.3-2.fc23
mk-files-20151111-1.fc23
nordugrid-arc-5.0.5-1.fc23
nordugrid-arc-doc-2.0.6-1.fc23
ocserv-0.10.11-1.fc23
owncloud-8.0.10-1.fc23
perl-Date-Holidays-DE-1.7-1.fc23
perl-PathTools-3.60-2.fc23
plasma-workspace-5.5.3-4.fc23
plasma-workspace-wallpapers-5.5.3-2.fc23
prosody-0.9.9-2.fc23
python-cryptography-1.2.1-1.fc23
python-fedora-0.7.1-1.fc23
python-ivi-0.14.9-3.fc23
python-libcloud-0.20.0-1.fc23
rubygem-sequel-4.30.0-1.fc23
vdr-2.2.0-8.fc23
wine-1.9.1-1.fc23
wordwarvi-1.1-1.git6beed31.fc23
xdelta-3.0.11-2.fc23
Details about builds:
================================================================================
bash-4.3.42-3.fc23 (FEDORA-2016-faf70f2302)
The GNU Bourne Again shell
--------------------------------------------------------------------------------
Update Information:
Adding more utils to wrap around, based on an older bugzilla mentioned in the
related BZ.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297166 - hash, type, and ulimit are missing from /usr/bin
https://bugzilla.redhat.com/show_bug.cgi?id=1297166
--------------------------------------------------------------------------------
================================================================================
coreboot-utils-4.2-1.fc23 (FEDORA-2016-fd23347dd9)
Various utilities from coreboot project
--------------------------------------------------------------------------------
Update Information:
Update to utilities from the coreboot 4.2 release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1239412 - coreboot-utils: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1239412
[ 2 ] Bug #1260802 - update to coreboot 4.1 GA stable release
https://bugzilla.redhat.com/show_bug.cgi?id=1260802
--------------------------------------------------------------------------------
================================================================================
dcap-2.47.10-1.fc23 (FEDORA-2016-94282ec4a0)
Client Tools for dCache
--------------------------------------------------------------------------------
Update Information:
New release with IPv6 fixes.
--------------------------------------------------------------------------------
================================================================================
docker-compose-1.5.2-3.fc23 (FEDORA-2016-7a3b274c5c)
Multi-container orchestration for Docker
--------------------------------------------------------------------------------
Update Information:
Added missing dependency python-jsonschema
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297516 - pkg_resources.DistributionNotFound: The 'jsonschema'
distribution was not found and is required by docker-compose
https://bugzilla.redhat.com/show_bug.cgi?id=1297516
--------------------------------------------------------------------------------
================================================================================
fontopia-1.1-2.fc23 (FEDORA-2016-ca75e185d5)
The console font editor
--------------------------------------------------------------------------------
Update Information:
Fixed spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1293045 - Review Request: fontopia - the console font editor
https://bugzilla.redhat.com/show_bug.cgi?id=1293045
--------------------------------------------------------------------------------
================================================================================
gnutls-3.4.8-1.fc23 (FEDORA-2016-d704a7f93e)
A TLS protocol implementation
--------------------------------------------------------------------------------
Update Information:
New upstream release (#1297079)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297079 - gnutls-3.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1297079
--------------------------------------------------------------------------------
================================================================================
gofer-2.7.1-1.fc23 (FEDORA-2016-dd71d545d8)
A lightweight, extensible python agent
--------------------------------------------------------------------------------
Update Information:
Latest upstream. Contains both bug fixes and enhancements.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1001938 - ruby-gofer-0.74-1.el6.noarch has unresolved dependency
rubygem(qpid) >= 0:0.16.0
https://bugzilla.redhat.com/show_bug.cgi?id=1001938
[ 2 ] Bug #1156524 - [rfe] use dnf instead of yum
https://bugzilla.redhat.com/show_bug.cgi?id=1156524
--------------------------------------------------------------------------------
================================================================================
kde-wallpapers-15.08.3-2.fc23 (FEDORA-2016-5b3973db2d)
KDE Wallpapers
--------------------------------------------------------------------------------
Update Information:
Fix file conflict.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297390 - File conflict in plasma-workspace-wallpapers
https://bugzilla.redhat.com/show_bug.cgi?id=1297390
--------------------------------------------------------------------------------
================================================================================
mk-files-20151111-1.fc23 (FEDORA-2016-3b362e697b)
Support files for bmake, the NetBSD make(1) tool
--------------------------------------------------------------------------------
Update Information:
New upstream version
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-5.0.5-1.fc23 (FEDORA-2016-6be8b76124)
Advanced Resource Connector Grid Middleware
--------------------------------------------------------------------------------
Update Information:
NorduGrid ARC 15.03 update 6
http://www.nordugrid.org/arc/releases/15.03u6/release_notes_15.03u6.html
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-doc-2.0.6-1.fc23 (FEDORA-2016-6be8b76124)
Advanced Resource Connector Documentation
--------------------------------------------------------------------------------
Update Information:
NorduGrid ARC 15.03 update 6
http://www.nordugrid.org/arc/releases/15.03u6/release_notes_15.03u6.html
--------------------------------------------------------------------------------
================================================================================
ocserv-0.10.11-1.fc23 (FEDORA-2016-e2f8d76cf7)
OpenConnect SSL VPN server
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
================================================================================
owncloud-8.0.10-1.fc23 (FEDORA-2016-a576196426)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
This update provides the new upstream patch release of ownCloud (7.0.12 for EPEL
6, 8.0.10 for all other distributions). It also adds a 'well-known' redirect for
WebDAV (alongside the existing ones for CalDAV and CardDAV) - if you don't know
what this is, don't worry. These are bugfix updates which include fixes for some
security vulnerabilities rated 'low' and 'medium' by upstream. For full
details
on the changes, see the [upstream
changelog](https://www.owncloud.org/changelog)
and the security advisories: [OC-
SA-2016-001](https://owncloud.org/security/advisory/?id=oc-sa-2016-001), [OC-
SA-2016-002](https://owncloud.org/security/advisory/?id=oc-sa-2016-002), [OC-
SA-2016-003](https://owncloud.org/security/advisory/?id=oc-sa-2016-003), [OC-
SA-2016-004](https://owncloud.org/security/advisory/?id=oc-sa-2016-004).
--------------------------------------------------------------------------------
================================================================================
perl-Date-Holidays-DE-1.7-1.fc23 (FEDORA-2016-e6172fdbb7)
Perl module to determine German holidays
--------------------------------------------------------------------------------
Update Information:
Date::Holidays::DE v1.7 ======================= - Added reformation day as
one-time common federal holiday in 2017 - Thanks to Christoph Biedl
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297365 - Upgrade perl-Date-Holidays-DE to 1.7
https://bugzilla.redhat.com/show_bug.cgi?id=1297365
--------------------------------------------------------------------------------
================================================================================
perl-PathTools-3.60-2.fc23 (FEDORA-2016-69e506e02d)
PathTools Perl module (Cwd, File::Spec)
--------------------------------------------------------------------------------
Update Information:
This release fixes CVE-2015-8607 (losing taint flag in File::Spec::canonpath()
subroutine).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1293272 - CVE-2015-8607 perl-PathTools: Taint propagation flaw in
canonpath()
https://bugzilla.redhat.com/show_bug.cgi?id=1293272
--------------------------------------------------------------------------------
================================================================================
plasma-workspace-5.5.3-4.fc23 (FEDORA-2016-8be45c9c9f)
Plasma workspace, applications and applets
--------------------------------------------------------------------------------
Update Information:
Disable bootstrap build mode, add explicit reference to qdbus-qt5 in
startplasmacompositor (wayland) script. ---- Pull in upstream fixes for
notification placement, xembedsniproxy
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297528 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1297528
--------------------------------------------------------------------------------
================================================================================
plasma-workspace-wallpapers-5.5.3-2.fc23 (FEDORA-2016-5b3973db2d)
Additional wallpapers for Plasma workspace
--------------------------------------------------------------------------------
Update Information:
Fix file conflict.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297390 - File conflict in plasma-workspace-wallpapers
https://bugzilla.redhat.com/show_bug.cgi?id=1297390
--------------------------------------------------------------------------------
================================================================================
prosody-0.9.9-2.fc23 (FEDORA-2016-38e48069f8)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.9 ============= A summary of changes: Security fixes
-------------- * Fix path traversal vulnerability in mod_http_files
(CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets
(CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix
traceback when deleting a user in some configurations (issue #496) * MUC:
restrict_room_creation could prevent users from joining rooms (issue #458) *
MUC: fix occasional dropping of iq stanzas sent privately between occupants *
Fix a potential memory leak in mod_pep Additions --------- * Add http:list()
command to telnet to view active HTTP services * Simplify IPv4/v6 address
selection code for outgoing s2s * Add support for importing SCRAM hashes from
ejabberd
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296984 - CVE-2016-1232 prosody: use of weak PRNG in generation of dialback
secrets
https://bugzilla.redhat.com/show_bug.cgi?id=1296984
[ 2 ] Bug #1296983 - CVE-2016-1231 prosody: path traversal vulnerability in
mod_http_files
https://bugzilla.redhat.com/show_bug.cgi?id=1296983
--------------------------------------------------------------------------------
================================================================================
python-cryptography-1.2.1-1.fc23 (FEDORA-2016-8351acc81f)
PyCA's cryptography library
--------------------------------------------------------------------------------
Update Information:
Update to v1.2.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1289599 - Regression: unresolved symbol EC_GFp_nistp224_method with
openssl-1.0.2e-1.fc23.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1289599
[ 2 ] Bug #1284148 - Error Contents: osrandom engine already registered
https://bugzilla.redhat.com/show_bug.cgi?id=1284148
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.7.1-1.fc23 (FEDORA-2016-fcfb7cff96)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
Fix a regression in the config parser.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297221 - [abrt] bodhi-client: bodhi.py:351:parse_file:TypeError:
getboolean() got an unexpected keyword argument 'raw'
https://bugzilla.redhat.com/show_bug.cgi?id=1297221
--------------------------------------------------------------------------------
================================================================================
python-ivi-0.14.9-3.fc23 (FEDORA-2016-1f2bdb73c8)
Python Interchangeable Virtual Instrument Library
--------------------------------------------------------------------------------
Update Information:
- New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1294275 - Review Request: python-ivi - Python Interchangeable Virtual
Instrument Library
https://bugzilla.redhat.com/show_bug.cgi?id=1294275
--------------------------------------------------------------------------------
================================================================================
python-libcloud-0.20.0-1.fc23 (FEDORA-2016-de7755e490)
A Python library to address multiple cloud provider APIs
--------------------------------------------------------------------------------
Update Information:
Release 0.20.0 with new features and improvements ---- Libcloud 0.18.0 release
with new features, improvements and bug-fixes.
--------------------------------------------------------------------------------
================================================================================
rubygem-sequel-4.30.0-1.fc23 (FEDORA-2016-6be3d5eb3d)
The Database Toolkit for Ruby
--------------------------------------------------------------------------------
Update Information:
Upgrade to sequel 4.30.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1287389 - rubygem-sequel-4.30.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1287389
--------------------------------------------------------------------------------
================================================================================
vdr-2.2.0-8.fc23 (FEDORA-2016-8b36d1422a)
Video Disk Recorder
--------------------------------------------------------------------------------
Update Information:
Dependency, service ordering, and LCN support fixes
--------------------------------------------------------------------------------
================================================================================
wine-1.9.1-1.fc23 (FEDORA-2016-68267e1cb0)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
Version 1.9.1 - A few more deferred fixes. - Support for debug registers on
x86-64. - More Shader Model 4 instructions. - Support for the Mingw ARM
toolchain. - Various bug fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297118 - wine-1.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1297118
--------------------------------------------------------------------------------
================================================================================
wordwarvi-1.1-1.git6beed31.fc23 (FEDORA-2016-53f83f9208)
Side-scrolling shoot 'em up '80s style arcade game
--------------------------------------------------------------------------------
Update Information:
- Upstream has moved to github - New upstream release 1.1 - Add appdata
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295112 - update 1.00
https://bugzilla.redhat.com/show_bug.cgi?id=1295112
--------------------------------------------------------------------------------
================================================================================
xdelta-3.0.11-2.fc23 (FEDORA-2016-10ae68c62f)
A binary file delta generator
--------------------------------------------------------------------------------
Update Information:
- Rebase to most recent stable version (3.0.11) - enable all testcases during
build - add support for '-S lzma' ---- New bugfix release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295527 - xdelta: error XD3_TOOFARBACK
https://bugzilla.redhat.com/show_bug.cgi?id=1295527
--------------------------------------------------------------------------------