The following Fedora 23 Security updates need testing:
Age URL
132
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
90
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
63
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
54
https://bodhi.fedoraproject.org/updates/FEDORA-2015-abf9659276
php-PHPMailer-5.2.14-1.fc23
13
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
13
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-29995fbd42
privoxy-3.0.23-3.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2256c80a94
openstack-swift-2.3.0-3.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe5b9da308
openstack-heat-2015.1.2-2.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2f25d12c51
kernel-4.3.4-300.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-25ab518a58
nodejs-is-my-json-valid-2.12.4-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b02ad4e424
ecryptfs-utils-109-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554
xulrunner-44.0-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5a5c85c5a8
prosody-0.9.10-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e55278763e
phpMyAdmin-4.5.4.1-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4509765b4b
gsi-openssh-7.1p2-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2ec7f779f2
claws-mail-3.13.2-1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2f25d12c51
kernel-4.3.4-300.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554
xulrunner-44.0-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9f1ca30913
perl-IO-Socket-SSL-2.023-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-72f953d453
openssh-7.1p2-3.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-69c039b644 taglib-1.10-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8caca0b06d
rpm-4.13.0-0.rc1.10.fc23
The following builds have been pushed to Fedora 23 updates-testing
batctl-2016.0-1.fc23
konsole5-15.12.1-2.fc23
libburn-1.4.2-2.fc23
milkytracker-0.90.86-1.fc23
mote-0.4.3-2.fc23
perl-IO-Socket-SSL-2.023-1.fc23
phpMyAdmin-4.5.4.1-1.fc23
Details about builds:
================================================================================
batctl-2016.0-1.fc23 (FEDORA-2016-3a11fbab22)
B.A.T.M.A.N. advanced control and management tool
--------------------------------------------------------------------------------
Update Information:
Update to 2016.0 See changelog at
https://www.open-mesh.org/projects/open-
mesh/wiki/2016-01-19-batman-adv-2016-0-release
--------------------------------------------------------------------------------
================================================================================
konsole5-15.12.1-2.fc23 (FEDORA-2016-2335bd3bb5)
KDE Terminal emulator
--------------------------------------------------------------------------------
Update Information:
Include candidate fix for konsole not respecting geometry settings.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1244269 - Konsole geometry settings fail to function
https://bugzilla.redhat.com/show_bug.cgi?id=1244269
--------------------------------------------------------------------------------
================================================================================
libburn-1.4.2-2.fc23 (FEDORA-2016-1f3ed3545a)
Library for reading, mastering and writing optical discs
--------------------------------------------------------------------------------
Update Information:
libburn 1.4.2.pl01 ================== * Bug fix: cdrskin "failed to attach
fifo" when burning from stdin. Regression of 1.4.2, rev 5522.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1294947 - k3b does not work with cdrskin
https://bugzilla.redhat.com/show_bug.cgi?id=1294947
--------------------------------------------------------------------------------
================================================================================
milkytracker-0.90.86-1.fc23 (FEDORA-2016-dabc67c2c5)
Module tracker software for creating music
--------------------------------------------------------------------------------
Update Information:
Updated to new upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1270882 - Please bundle the libzzip library included with MilkyTracker in
order to fix broken zip support
https://bugzilla.redhat.com/show_bug.cgi?id=1270882
--------------------------------------------------------------------------------
================================================================================
mote-0.4.3-2.fc23 (FEDORA-2016-a626e1e51c)
A MeetBot log wrangler, providing a user-friendly interface for Fedora's logs
--------------------------------------------------------------------------------
Update Information:
Update 0.4.3
--------------------------------------------------------------------------------
================================================================================
perl-IO-Socket-SSL-2.023-1.fc23 (FEDORA-2016-9f1ca30913)
Perl library for transparent SSL
--------------------------------------------------------------------------------
Update Information:
Current upstream release, with compatibility fix for openssl 1.0.2f.
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.5.4.1-1.fc23 (FEDORA-2016-e55278763e)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.5.4.1 (2016-01-28) =============================== - Error with
PMA 4.4.15.3 - Remove hard dependency on phpseclib phpMyAdmin 4.5.4
(2016-01-28) ============================= - live data edit of big sets is not
working - Table list not saved in db QBE bookmarked search - While 'changing a
column', query fails with a syntax error after the 'CHARSET=' keyword - Avoid
syntax error in javascript messages on invalid PHP setting for max_input_vars -
Properly handle errors in upacking zip archive - Set PHP's internal encoding to
UTF-8 - Fixed Kanji encoding in some specific cases - Check whether iconv works
before using it - Avoid conversion of MySQL error messages - Undefined index:
parameters - Undefined index: field_name_orig - Undefined index: host - 'Add to
central columns' (per column button) does nothing - SQL duplicate entry error
trying to INSERT in designer_settings table - Fix handling of databases with dot
in a name - Fix hiding of page content behind menu - FROM clause not generated
after loading search bookmark - Fix creating/editing VIEW with DEFINER
containing special chars - Do not invoke FLUSH PRIVILEGES when server in --skip-
grant-tables - Misleading message for configuration storage - Table pagination
does nothing when session expired - Index comments not working properly - Better
handle local storage errors - Improve detection of privileges for privilege
adjusting - Undefined property: stdClass::$releases at version check when
disabled in config - SQL comment and variable stripped from bookmark on save -
Gracefully handle errors in regex based javascript search - [Security] Multiple
full path disclosure vulnerabilities, see PMASA-2016-1 - [Security] Unsafe
generation of CSRF token, see PMASA-2016-2 - [Security] Multiple XSS
vulnerabilities, see PMASA-2016-3 - [Security] Insecure password generation in
JavaScript, see PMASA-2016-4 - [Security] Unsafe comparison of CSRF token, see
PMASA-2016-5 - [Security] Multiple full path disclosure vulnerabilities, see
PMASA-2016-6 - [Security] XSS vulnerability in normalization page, see
PMASA-2016-7 - [Security] Full path disclosure vulnerability in SQL parser, see
PMASA-2016-8 - [Security] XSS vulnerability in SQL editor, see PMASA-2016-9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302686 - CVE-2016-2045 phpMyAdmin: XSS vulnerability in SQL editor
(PMASA-2016-9)
https://bugzilla.redhat.com/show_bug.cgi?id=1302686
[ 2 ] Bug #1302685 - CVE-2016-2044 phpMyAdmin: Full path disclosure vulnerability in SQL
parser (PMASA-2016-8)
https://bugzilla.redhat.com/show_bug.cgi?id=1302685
[ 3 ] Bug #1302684 - CVE-2016-2043 phpMyAdmin: XSS vulnerability in normalization page
(PMASA-2016-7)
https://bugzilla.redhat.com/show_bug.cgi?id=1302684
[ 4 ] Bug #1302682 - CVE-2016-2042 phpMyAdmin: Multiple full path disclosure
vulnerabilities (PMASA-2016-6)
https://bugzilla.redhat.com/show_bug.cgi?id=1302682
[ 5 ] Bug #1302681 - CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token
(PMASA-2016-5)
https://bugzilla.redhat.com/show_bug.cgi?id=1302681
[ 6 ] Bug #1302680 - CVE-2016-1927 phpMyAdmin: Insecure password generation in
JavaScript (PMASA-2016-4)
https://bugzilla.redhat.com/show_bug.cgi?id=1302680
[ 7 ] Bug #1302679 - CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities
(PMASA-2016-3)
https://bugzilla.redhat.com/show_bug.cgi?id=1302679
[ 8 ] Bug #1302677 - CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token
(PMASA-2016-2)
https://bugzilla.redhat.com/show_bug.cgi?id=1302677
[ 9 ] Bug #1302676 - CVE-2016-2038 phpMyAdmin: Multiple full path disclosure
vulnerabilities (PMASA-2016-1)
https://bugzilla.redhat.com/show_bug.cgi?id=1302676
--------------------------------------------------------------------------------