The following Fedora 24 Security updates need testing:
Age URL
121
https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24
105
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f
chicken-4.11.0-3.fc24
56
https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea
compat-guile18-1.8.8-14.fc24
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df
jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2424eeca35
phpMyAdmin-4.6.5.1-2.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2460f713a1
php-php-gettext-1.0.12-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-302f840ecf
perl-DBD-MySQL-4.039-2.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-30f68ec06b
mcabber-1.0.4-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad6fc78dd
golang-1.6.4-2.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-60753c3dcd
roundcubemail-1.2.3-1.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a98c560116
tomcat-8.0.39-1.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3618d9ef6
python-tornado-4.4.2-1.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b000091725
php-simplesamlphp-saml2-2.3.3-1.fc24 php-simplesamlphp-saml2_1-1.10.3-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b465090499
ipsilon-2.0.2-2.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4dd1db1e7 lxc-2.0.6-2.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f
kernel-4.8.12-200.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b39fedec11
httpd-2.4.23-5.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e45a7e7b13 gd-2.2.3-5.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4e992b0ac
gstreamer-plugins-good-0.10.31-17.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4fff0cbc66
gstreamer1-plugins-base-1.8.3-2.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a17657197c
gstreamer-plugins-base-0.10.36-15.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3bc78de2b
gstreamer-plugins-bad-free-0.10.23-34.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ca6cc3ce3e
gstreamer1-plugins-bad-free-1.8.3-3.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0b80dcfe5a
openjpeg2-2.1.2-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-240fe757f8
mingw-openjpeg2-2.1.2-2.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
60
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9
pungi-4.1.10-1.fc24
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cddf0ec383
nss-3.27.0-1.3.fc24
15
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0006447a5
colord-1.3.4-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9b731e067
libimobiledevice-1.2.0-8.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e191e610
evolution-data-server-3.20.6-1.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-41ce1a19af
libbluray-0.9.3-3.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f
kernel-4.8.12-200.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-90bd4d7d33
selinux-policy-3.13.1-191.23.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0cfbb5a168
cairo-1.14.8-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4608795844
gnutls-3.4.17-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6008f6fd21 vim-8.0.124-2.fc24
The following builds have been pushed to Fedora 24 updates-testing
abiword-3.0.2-3.fc24
cairo-1.14.8-1.fc24
docker-1.10.3-55.gite03ddb8.fc24
drupal7-7.53-1.fc24
fedpkg-minimal-1.1.0-4.fc24
gnutls-3.4.17-1.fc24
grub2-2.02-0.38.fc24
homebank-5.1.2-1.fc24
layla-fonts-1.7-1.fc24
libecb-0.20161208-1.fc24
libxsmm-1.6.1-1.fc24
mingw-openjpeg2-2.1.2-2.fc24
nodejs-figures-1.7.0-2.fc24
openjpeg2-2.1.2-2.fc24
php-5.6.29-1.fc24
php-akamai-open-edgegrid-client-0.6.1-1.fc24
php-guzzlehttp-promises-1.3.0-1.fc24
php-mtdowling-jmespath-php-2.4.0-1.fc24
php-pecl-mongodb-1.1.10-1.fc24
php-zendframework-zend-expressive-1.0.4-1.fc24
python-idstools-0.5.4-1.fc24
python-pytest-spec-1.1.0-1.fc24
pywbem-0.9.1-1.fc24
qt5-qtstyleplugins-5.0.0-12.fc24
sunxi-tools-1.4.2-1.fc24
vim-8.0.124-2.fc24
Details about builds:
================================================================================
abiword-3.0.2-3.fc24 (FEDORA-2016-ffbf1200ab)
Word processing program
--------------------------------------------------------------------------------
Update Information:
Fix the black drawing regression with Gtk3.22 ---- Run ldconfig for libabiword
---- Update to 3.0.2 with fixes for GTK3 and Wayland
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390020 - [abiword] text body in abiword turns black all the time, e.g. when
losing focus
https://bugzilla.redhat.com/show_bug.cgi?id=1390020
[ 2 ] Bug #1387629 - abiword-3.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1387629
[ 3 ] Bug #1261693 - [abiword] corrupted dialog window "Set Language"
https://bugzilla.redhat.com/show_bug.cgi?id=1261693
[ 4 ] Bug #1287835 - abiword screen flickering
https://bugzilla.redhat.com/show_bug.cgi?id=1287835
[ 5 ] Bug #1288847 - [abrt] abiword: AP_UnixApp::catchSignals(): abiword killed by
SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1288847
[ 6 ] Bug #1295643 - [abrt] abiword: AP_UnixApp::catchSignals(): abiword killed by
SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1295643
[ 7 ] Bug #1326222 - abiword icon source is used instead of actual icon
https://bugzilla.redhat.com/show_bug.cgi?id=1326222
[ 8 ] Bug #1388609 - [abrt] abiword: AP_UnixApp::catchSignals(): abiword killed by
SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1388609
[ 9 ] Bug #1390367 - black window after start
https://bugzilla.redhat.com/show_bug.cgi?id=1390367
[ 10 ] Bug #1391574 - [abrt] abiword: AP_UnixApp::catchSignals(int)(): abiword killed by
SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1391574
[ 11 ] Bug #1398773 - Paging up or down causes black screen and flickering - clicking
reveals text
https://bugzilla.redhat.com/show_bug.cgi?id=1398773
--------------------------------------------------------------------------------
================================================================================
cairo-1.14.8-1.fc24 (FEDORA-2016-0cfbb5a168)
A 2D graphics library
--------------------------------------------------------------------------------
Update Information:
cairo 1.14.8 release. For details, see
https://lists.cairographics.org/archives/cairo/2016-December/027816.html
--------------------------------------------------------------------------------
================================================================================
docker-1.10.3-55.gite03ddb8.fc24 (FEDORA-2016-6e972cb2cf)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
built docker @projectatomic/docker-1.10 commit e03ddb8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402548 - Docker storage setup packaging seems to be wrong
https://bugzilla.redhat.com/show_bug.cgi?id=1402548
--------------------------------------------------------------------------------
================================================================================
drupal7-7.53-1.fc24 (FEDORA-2016-8d035a0fa4)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/project/drupal/releases/7.53
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402612 - drupal7-7.53 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1402612
--------------------------------------------------------------------------------
================================================================================
fedpkg-minimal-1.1.0-4.fc24 (FEDORA-2016-33a17e8e35)
Script to allow fedpkg fetch to work
--------------------------------------------------------------------------------
Update Information:
This update provides handling for the new sources format created as part of the
flag day changes.
--------------------------------------------------------------------------------
================================================================================
gnutls-3.4.17-1.fc24 (FEDORA-2016-4608795844)
A TLS protocol implementation
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
================================================================================
grub2-2.02-0.38.fc24 (FEDORA-2016-a098b75b13)
Bootloader with support for Linux, Multiboot and more
--------------------------------------------------------------------------------
Update Information:
This is a backport of the fixes in F25 and rawhide.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1347291 - Booting from Windows 10 entry ends with 'relocation failed'
error
https://bugzilla.redhat.com/show_bug.cgi?id=1347291
[ 2 ] Bug #1226325 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1226325
[ 3 ] Bug #1261926 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1261926
[ 4 ] Bug #1292615 - Double free when kernel does not match EFI secure boot keys
https://bugzilla.redhat.com/show_bug.cgi?id=1292615
[ 5 ] Bug #1400476 - Nightly compose, ppc64le ISO fails to boot with error "( 700 )
Program Exception [ 0 ]"
https://bugzilla.redhat.com/show_bug.cgi?id=1400476
--------------------------------------------------------------------------------
================================================================================
homebank-5.1.2-1.fc24 (FEDORA-2016-43706828a6)
Free easy personal accounting for all
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream version 5.1.2 2016-12-08 Maxime Doyen Made 5.1.2
release. * wish : #1645126 remember the size of columns in the main window *
wish : #1639862 multiple edit transactions date * wish : #1638023 remind
scheduled listview column width * wish : #916690 qif option (info to desc;
payee to desc) * wish : #462919 option to choose to import OFX name to payee
or memo * bugfix: import, new account don't have currency, result display NaN
* bugfix: import, amount was not displaying decimal part * bugfix: import,
dialog to choose child xfer was popup when no match found * bugfix: txn dialog,
after input a split amount/category widget were not disabled * bugfix: #1645001
import shows rounded amount but import correctly * bugfix: #1640885 txn changes
in detail list cannot be saved * bugfix: #1638064 balance report may show wrong
values
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402616 - homebank-5.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1402616
--------------------------------------------------------------------------------
================================================================================
layla-fonts-1.7-1.fc24 (FEDORA-2016-4a1858cfed)
A collection of traditional Arabic fonts
--------------------------------------------------------------------------------
Update Information:
Fixed the font lookup tables
--------------------------------------------------------------------------------
================================================================================
libecb-0.20161208-1.fc24 (FEDORA-2016-95e84f7d0b)
Compiler built-ins
--------------------------------------------------------------------------------
Update Information:
This release improves documentation.
--------------------------------------------------------------------------------
================================================================================
libxsmm-1.6.1-1.fc24 (FEDORA-2016-043d784a2b)
Small dense or sparse matrix multiplications and convolutions for x86_64
--------------------------------------------------------------------------------
Update Information:
New release ---- New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400167 - libxsmm-1.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1400167
[ 2 ] Bug #1389016 - Review Request: libxsmm - Library for small matrix-matrix
multiplications on Intel x86_64 (e.g. for cp2k)
https://bugzilla.redhat.com/show_bug.cgi?id=1389016
--------------------------------------------------------------------------------
================================================================================
mingw-openjpeg2-2.1.2-2.fc24 (FEDORA-2016-240fe757f8)
MinGW Windows openjpeg2 library
--------------------------------------------------------------------------------
Update Information:
This update adds a patch to fix CVE-2016-9573 and CVE-2016-9572.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402720 - CVE-2016-9573 CVE-2016-9572 mingw-openjpeg2: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1402720
--------------------------------------------------------------------------------
================================================================================
nodejs-figures-1.7.0-2.fc24 (FEDORA-2016-90ece6d3a9)
Unicode symbols with Windows CMD fallbacks
--------------------------------------------------------------------------------
Update Information:
Update to address items from package review
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295295 - uglify task fails: An error occurred while processing a template:
<template function> has no method 'indexOf'
https://bugzilla.redhat.com/show_bug.cgi?id=1295295
--------------------------------------------------------------------------------
================================================================================
openjpeg2-2.1.2-2.fc24 (FEDORA-2016-0b80dcfe5a)
C-Library for JPEG 2000
--------------------------------------------------------------------------------
Update Information:
This updates adds a patch to fix CVE-2016-9573 and CVE-2016-9572.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402718 - CVE-2016-9573 CVE-2016-9572 openjpeg2: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1402718
--------------------------------------------------------------------------------
================================================================================
php-5.6.29-1.fc24 (FEDORA-2016-0272d7b5d1)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
08 Dec 2016 - **PHP version 5.6.29** **Mysqlnd:** * Fixed bug php#64526 (Add
missing mysqlnd.* parameters to php.ini-*). (cmb) **Opcache:** * Fixed bug
php#73402 (Opcache segfault when using class constant to call a method).
(Laruence) * Fixed bug php#69090 (check cached files permissions) **OpenSSL**
* Fixed bug php#72776 (Invalid parameter in memcpy function trough
openssl_pbkdf2). (Jakub Zelenka) **Postgres:** * Fixed bug php#73498
(Incorrect SQL generated for pg_copy_to()). (Craig Duncan) **SOAP:** * Fixed
bug php#73452 (Segfault (Regression for php#69152)). (Dmitry) **SQLite3:** *
Fixed bug php#73530 (Unsetting result set may reset other result set). (cmb)
**Standard:** * Fixed bug php#73297 (HTTP stream wrapper should ignore HTTP 100
Continue). (rowan dot collins at gmail dot com) **WDDX:** * Fixed bug
php#73631 (Memory leak due to invalid wddx stack processing). (bughunter at
fosec dot vn).
--------------------------------------------------------------------------------
================================================================================
php-akamai-open-edgegrid-client-0.6.1-1.fc24 (FEDORA-2016-05840c5199)
Implements the Akamai {OPEN} EdgeGrid Authentication
--------------------------------------------------------------------------------
Update Information:
### 0.6.1 [04 Nov, 2016] * Install bin/http using composer * Cleanup tools and
composer setup * Shrink PHAR from 5.6MB to 370KB * Add support for `-A` short
flag for `--auth-type` on CLI to match httpie * Update dependencies
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1392697 - php-akamai-open-edgegrid-client-0.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1392697
--------------------------------------------------------------------------------
================================================================================
php-guzzlehttp-promises-1.3.0-1.fc24 (FEDORA-2016-b80d0ccc55)
Guzzle promises library
--------------------------------------------------------------------------------
Update Information:
## 1.3.0 - 2016-11-18 * Adds support for custom task queues. * Fixed coroutine
promise memory leak.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1396687 - php-guzzlehttp-promises-1.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1396687
--------------------------------------------------------------------------------
================================================================================
php-mtdowling-jmespath-php-2.4.0-1.fc24 (FEDORA-2016-0d230ae389)
Declaratively specify how to extract elements from a JSON document
--------------------------------------------------------------------------------
Update Information:
## 2.4.0 - 2016-12-03 * Added support for floats when interpreting data. *
Added a function_exists check to work around redeclaration issues.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401271 - php-mtdowling-jmespath-php-2.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1401271
--------------------------------------------------------------------------------
================================================================================
php-pecl-mongodb-1.1.10-1.fc24 (FEDORA-2016-b5462162d8)
MongoDB driver for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.1.10** * [PHPC-848] - Fix BSON encoding of immutable arrays and
documents with circular references
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-expressive-1.0.4-1.fc24 (FEDORA-2016-0e6c4fb347)
PSR-7 Middleware Microframework based on Stratigility
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.4** - 2016-12-07 - [#402](https://github.com/zendframework/zend-
expressive/pull/402) fixes how `Application::__invoke()` registers the error
handler designed to swallow deprecation notices, as introduced in 1.0.3. It
now checks to see if another error handler was previously registered, and, if
so, creates a composite handler that will delegate to the previous for all
other errors.
--------------------------------------------------------------------------------
================================================================================
python-idstools-0.5.4-1.fc24 (FEDORA-2016-736b58c885)
Snort and Suricata Rule and Event Utilities
--------------------------------------------------------------------------------
Update Information:
initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1398369 - Review Request: python-idstools - Snort and Suricata Rule and Event
Utilities
https://bugzilla.redhat.com/show_bug.cgi?id=1398369
--------------------------------------------------------------------------------
================================================================================
python-pytest-spec-1.1.0-1.fc24 (FEDORA-2016-d5f72513a2)
Pytest plugin to display test execution output like a SPECIFICATION
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
================================================================================
pywbem-0.9.1-1.fc24 (FEDORA-2016-45a953e432)
Python2 WBEM Client and Provider Interface
--------------------------------------------------------------------------------
Update Information:
*Upgrade to pywbem v0.9.1 * Enhancements * Added a section ���Prerequisite
operating system packages��� to the documentation that describes the prerequisite
packages by distribution. * Added git as an OS-level dependency for
development (it is used by GitPython when building the documentation). * Bug
fixes * Fixed the use of a variable before it was set in the
remove_destinations() method of class WBEMSubscriptionManager. * Fixed a
compatibility issue relative to pywbem 0.7.0, where the pywbem.Error class was
no longer available in the pywbem.cim_http namespace. It has been made available
in that namespace again, for compatibility reasons. Note that using sub-
namespaces of the pywbem namespace such as pywbem.cim_http has been deprecated
in pywbem 0.8.0. * Fixed a documentation issue where the description of
CIMError was not clear that the exception object itself can be accessed by index
and slice. * Fixed a documentation build error on Python 2.6, by pinning the
GitPython version to <=2.0.8, due to its use of unittest.case which is not
available on Python 2.6.
--------------------------------------------------------------------------------
================================================================================
qt5-qtstyleplugins-5.0.0-12.fc24 (FEDORA-2016-47a9be74be)
Classic Qt widget styles
--------------------------------------------------------------------------------
Update Information:
Pull in latest upstream fixes, omit qgtk2 platform/style plugins that conflict
with qt5-qtbase
--------------------------------------------------------------------------------
================================================================================
sunxi-tools-1.4.2-1.fc24 (FEDORA-2016-3d332c034b)
Tools to help hacking Allwinner (sunxi) based devices
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.2
--------------------------------------------------------------------------------
================================================================================
vim-8.0.124-2.fc24 (FEDORA-2016-6008f6fd21)
The VIM editor
--------------------------------------------------------------------------------
Update Information:
new upstream commit
--------------------------------------------------------------------------------