The following Fedora 25 Security updates need testing:
Age URL
85
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9ed1b89530
mbedtls-2.4.2-1.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-837115524e
cloud-init-0.7.8-6.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-06f4b88ceb
php-onelogin-php-saml-2.10.5-1.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9801754fd7
drupal8-8.2.7-1.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2a12a29d9
kernel-4.10.4-200.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-25ffd5b236
webkitgtk4-2.16.0-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd15ca5490
empathy-3.12.13-2.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d219f0e5fc sscg-2.0.4-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-42ebcac2b5 erlang-19.3-2.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
15
https://bodhi.fedoraproject.org/updates/FEDORA-2017-803e6bacb4
pungi-4.1.13-1.fc25
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7799a1cc7c
appliance-tools-008.0-4.fc25 livecd-tools-24.2-1.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-eb8924136a sssd-1.15.2-1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4c043011f
iproute-4.10.0-1.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-25ffd5b236
webkitgtk4-2.16.0-1.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c824da25f nss-3.29.3-1.0.fc25
nss-softokn-3.29.3-1.0.fc25 nss-util-3.29.3-1.0.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2a12a29d9
kernel-4.10.4-200.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-877a8cad15 llvm-3.9.1-2.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a85ea344c6 mesa-13.0.4-3.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-992c684acb pcre2-10.23-4.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8e8c12076a
python3-3.5.3-4.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c0cb900dc8
xorg-x11-drv-libinput-0.23.0-3.fc25
The following builds have been pushed to Fedora 25 updates-testing
autoconf-archive-2017.03.21-1.fc25
cldr-emoji-annotation-31.0.0_1-1.fc25
erlang-19.3-2.fc25
fontsquirrel-crete-round-fonts-0-0.1.20111222.fc25
gap-pkg-xmod-2.59-1.fc25
gnome-shell-extension-freon-23-2.fc25
golang-github-chmduquesne-rollinghash-2.0.2-1.1.git043b8fd.fc25
iftop-1.0-0.14.pre4.fc25
jss-4.4.0-3.fc25
lldb-3.9.1-1.fc25.2
lnst-13-1.fc25
mint-x-icons-1.4.1-1.fc25
mkvtoolnix-9.9.0-1.fc25
mod_lookup_identity-0.9.9-1.fc25
mozilla-noscript-5.0.2-1.fc25
openscap-1.2.14-1.fc25
pcre2-10.23-4.fc25
perl-DBIx-RunSQL-0.16-1.fc25
plplot-5.11.1-13.fc25
python-ansible-tower-cli-3.1.2-1.fc25
python3-3.5.3-4.fc25
rpcbind-0.2.4-5.fc25
sscg-2.0.4-1.fc25
tomcatjss-7.2.1-2.fc25
unbound-1.6.0-6.fc25
vdr-epg2vdr-1.1.52-1.fc25
xorg-x11-drv-libinput-0.23.0-3.fc25
yagf-0.9.5-4.fc25
Details about builds:
================================================================================
autoconf-archive-2017.03.21-1.fc25 (FEDORA-2017-abf2344dad)
The Autoconf Macro Archive
--------------------------------------------------------------------------------
Update Information:
Update to 2017.03.21 (#1434626)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434626 - autoconf-archive-2017.03.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1434626
--------------------------------------------------------------------------------
================================================================================
cldr-emoji-annotation-31.0.0_1-1.fc25 (FEDORA-2017-260f5cf351)
Emoji annotation files in CLDR
--------------------------------------------------------------------------------
Update Information:
Pulled annotation files from CLDR Release 31.
--------------------------------------------------------------------------------
================================================================================
erlang-19.3-2.fc25 (FEDORA-2017-42ebcac2b5)
General-purpose programming language and runtime environment
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-10253 ---- * Ver. 19.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433986 - CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1433986
[ 2 ] Bug #1432265 - erlang-19.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1432265
--------------------------------------------------------------------------------
================================================================================
fontsquirrel-crete-round-fonts-0-0.1.20111222.fc25 (FEDORA-2017-9fb0e0df17)
General purpose warm slab serif font
--------------------------------------------------------------------------------
Update Information:
Crete Round is a warm slab serif providing a hint of softness to texts. It
started as a tailored version of the original Crete fonts -
www.type-
together.com/Crete - created specially to serve as corporate typeface for the
type design competition Letter2 -
www.letter2.org. Crete Round is more
independent from the original with modified terminals and serifs to create two
new fonts that deliver a more contemporary and functional appearance. The tall
x-height, low contrast and sturdy slabs prove to be surprisingly efficient for
web use. This font supports 128 languages and has 416 glyphs.
--------------------------------------------------------------------------------
================================================================================
gap-pkg-xmod-2.59-1.fc25 (FEDORA-2017-2ede6d5784)
Crossed Modules and Cat1-Groups for GAP
--------------------------------------------------------------------------------
Update Information:
Changes in version 2.59: - added property IsEndomorphismPreCat1 - modified
IsomorphismPerm2dGroup for PreCat1 objects - "first author" -> "second
author"
in manual.xml (issue #4)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434637 - gap-pkg-xmod-v2.59 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1434637
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-freon-23-2.fc25 (FEDORA-2017-f2d129a325)
GNOME Shell extension to display system temperature, voltage, and fan speed
--------------------------------------------------------------------------------
Update Information:
Revised package description. Add EPEL 7 branch, since this extension supports
versions of GNOME Shell as old as 3.12.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1396790 - Review Request: gnome-shell-extension-freon - GNOME Shell extension
to display system temperature, voltage, and fan speed
https://bugzilla.redhat.com/show_bug.cgi?id=1396790
--------------------------------------------------------------------------------
================================================================================
golang-github-chmduquesne-rollinghash-2.0.2-1.1.git043b8fd.fc25 (FEDORA-2017-a05961130f)
Some rolling checksum implementations in go
--------------------------------------------------------------------------------
Update Information:
Update to new upstream snapshot (043b8fdecc9816f0011a056f6d92f9a091ab63dd) and
adapt Provides for the renamed / added go subpackages.
--------------------------------------------------------------------------------
================================================================================
iftop-1.0-0.14.pre4.fc25 (FEDORA-2017-adf16ebea4)
Command line tool that displays bandwidth usage on an interface
--------------------------------------------------------------------------------
Update Information:
- Added patch from upstream to fix DNS resolution (#1120254, #1309755)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1309755 - ip6.arpa lookup failure uses previous successful lookup
https://bugzilla.redhat.com/show_bug.cgi?id=1309755
--------------------------------------------------------------------------------
================================================================================
jss-4.4.0-3.fc25 (FEDORA-2017-7e05785516)
Java Security Services (JSS)
--------------------------------------------------------------------------------
Update Information:
Bugzilla Bug #1434535 - JSS 4.4.0 is incompatible with versions of pki-base <
10.4.0 ---- Bugzilla Bug #1432568 - JSS 4.4.0 is incompatible with versions of
tomcatjss < 7.2.1 ---- Bugzilla Bug #1431937 - Rebase jss to 4.4.0 in Fedora
25+
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434535 - JSS 4.4.0 is incompatible with versions of pki-base < 10.4.0
https://bugzilla.redhat.com/show_bug.cgi?id=1434535
[ 2 ] Bug #1432568 - JSS 4.4.0 is incompatible with versions of tomcatjss < 7.2.1
https://bugzilla.redhat.com/show_bug.cgi?id=1432568
[ 3 ] Bug #1431937 - Rebase jss to 4.4.0 in Fedora 25+
https://bugzilla.redhat.com/show_bug.cgi?id=1431937
--------------------------------------------------------------------------------
================================================================================
lldb-3.9.1-1.fc25.2 (FEDORA-2017-4ed6584beb)
Next generation high-performance debugger
--------------------------------------------------------------------------------
Update Information:
A few bug fixes for lldb. ---- Adjust python sys.path so lldb can find
readline.so
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433463 - lldb scripting support gives errors
https://bugzilla.redhat.com/show_bug.cgi?id=1433463
[ 2 ] Bug #1434470 - lldd package dependencies may be incorrect [Was lldb failed to
start because of unfound library symbols]
https://bugzilla.redhat.com/show_bug.cgi?id=1434470
--------------------------------------------------------------------------------
================================================================================
lnst-13-1.fc25 (FEDORA-2017-8274337a4b)
Common code for lnst-ctl and lnst-slave
--------------------------------------------------------------------------------
Update Information:
Updating to stable release 13. This is most likely the final stable release
before removing XML recipe support.
--------------------------------------------------------------------------------
================================================================================
mint-x-icons-1.4.1-1.fc25 (FEDORA-2017-53fba42d89)
Icon theme for Linux Mint
--------------------------------------------------------------------------------
Update Information:
* New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434631 - mint-x-icons-1.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1434631
--------------------------------------------------------------------------------
================================================================================
mkvtoolnix-9.9.0-1.fc25 (FEDORA-2017-b12c24cf46)
Matroska container manipulation utilities
--------------------------------------------------------------------------------
Update Information:
## New features and enhancements * GUI: chapter editor: added a character set
selection in the preferences for text files. If a character set is selected
there, it will be used instead of asking the user when opening text chapter
files. Implements #1874. * GUI: multiplexer: added a column "character set" to
the "tracks, chapters and tags" list view showing the currently selected
character set for that track. Implements #1873. * mkvmerge: added an --engage
option "all_i_slices_are_key_frames" for treating all I slices of an
h.264/AVC
stream as key frames in pathological streams that lack real key frames.
Implements #1876. * GUI: running programs after jobs: added a new variable
MTX_INSTALLATION_DIRECTORY for the directory the MKVToolNix GUI executable is
located in. * mkvmerge: DVB subtitle tracks whose CodecPrivate data is only four
bytes long will now be fixed up to the proper five bytes by adding the
subtitling type byte. * mkvmerge: MP4 reader: "ctts" version 1 atoms are now
supported. ## Bug fixes * mkvmerge: AC-3 handling: some source files provide
timestamps for audio tracks only once every n audio frames. In such situations
mkvmerge was buffering too much data resulting in a single gap in the
timestamps of one frame duration after frame number n - 1 (the second audio
timestamp read from the source file was used one output frame too early).
Fixes #1864. * mkvmerge: MP4 reader: mkvmerge was only reading a small part of
MP4 DASH files where the first "moov" "mdat" atoms occur before the
first
"moof" atom. This is part of the fix for #1867. * mkvmerge: MP4 reader: edit
list ("edts" atoms) that are part of the "moof" atoms used in MP4
DASH files
weren't parsed. Instead the edit lists from the main track headers inside the
"moov" atom were used. This is part of the fix for #1867. * mkvmerge: MP4
reader: when an MP4 DASH file contained both normal chunk offset table
("stco"/"co64" atoms) in their regular "moov" atoms, a
sample-to-chunk table
("stsc" atom) whose last entry had a "samples per chunk" count
greater than 1
and DASH "trun" atoms, then mkvmerge was calculating wrong positions the
frame
content. This is part of the fix for #1867. * mkvmerge: MP4 reader: mkvmerge
couldn't deal with the key frame index table having duplicate entries. The
result was that only key frames up to and including the first duplicate entry
were marked as key frames in the output file. All other frames weren't, even
though some of them were referenced from the key frame table after the first
duplicate entry. This is part of the fix for #1867. * mkvmerge: MP4 reader:
when an MP4 file contained more than one copy of the "moov" atom (the track
headers etc.), mkvmerge was parsing them all adding tracks multiple times. Fix
for #1877. * mkvmerge: MP4 reader: fixed an integer overflow during the
timestamp calculation leading to files with wrong timestamps. Such files could
not be played back properly by most players. Fixes #1883. * mkvmerge: MPEG TS
reader: if the PMT lists a DVBSUB track, mkvmerge will now recognize it
without having to find a packet for it within the probed range. * mkvmerge:
splitting by parts (both the "timestamps" and the "frames"
variants): fixed
the calculation of track statistics tags. When calculating the duration the
skipped portions weren't taken into account leading to a too-high duration. As
a consequence the BPS tag (bits per second) was wrong, too. Fixes #1885. *
mkvmerge: reading files with DVB/HDMV TextSV subtitle tracks with invalid
CodecPrivate caused mkvmerge to abort with an error from boost::format about
the format string not having enough arguments. Fixes #1894. * mkvmerge: fixed
misdetection of certain AC-3 files as MP3 files which led to an error message
that "the demultiplexer could not be initialized". * mkvmerge: fixed huge
memory
consumption when appending big Matroska files with sparse tracks (e.g. forced
subtitle tracks). The Matroska reader will now queue at most 128 MB of data.
Fixes #1893. * mkvmerge: MP4 reader: the timestamps of all multiplexed tracks
will now be 0-based properly. * mkvmerge: MP4 reader: the DTS-to-PTS offsets
given by the "ctts" atoms are now applied for all tracks containing a
"ctts"
atom, not just h.264 & h.265 tracks.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1424868 - mkvtoolnix-9.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1424868
--------------------------------------------------------------------------------
================================================================================
mod_lookup_identity-0.9.9-1.fc25 (FEDORA-2017-cffa2efc71)
Apache module to retrieve additional information about the authenticated user
--------------------------------------------------------------------------------
Update Information:
Rebase to new upstream version 0.9.9.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434814 - mod_lookup_identity-0.9.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1434814
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-5.0.2-1.fc25 (FEDORA-2017-44580bde9d)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
Changes since 2.9.5.3: * Fixed thumbnails broken even if
noscript.bgThumbs.allowed is true (thanks rick for reporting) * [e10s] Restored
absolutely positioned elements removal by mousedown + DEL key (broken by e10s) *
Absolutely positioned elements removal by mousedown + DEL key now working also
on whitelisted pages (controlled by noscript.eraseFloatingElements about:config
preference, thanks MegaWolf for RFE) * Fixed blocked XHR requests in frames not
reflected in the menu UI (thanks aocab and barbaz for reporting) * [Locale]
Improved nl translation (thanks Kris) * Fixed regression, some sites not being
shown in UI * Fixed recently blocked menu not working on e10s * Embedded
WebExtension * Dramatically Improved UI synchronization performance impact on
load-intensive web pages (thanks Rob Wu) * [e10s] Fixed permissions out of sync
when content processes are more than one (thanks Ian Fennel for report) *
[Surrogates] Update google-analytics replacement (thanks ng4never for reporting
and barbaz for implementation)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1429065 - mozilla-noscript-5.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1429065
--------------------------------------------------------------------------------
================================================================================
openscap-1.2.14-1.fc25 (FEDORA-2017-42e5b0ef0f)
Set of open source libraries enabling integration of the SCAP line of standards
--------------------------------------------------------------------------------
Update Information:
upgrade to the latest upstream release
--------------------------------------------------------------------------------
================================================================================
pcre2-10.23-4.fc25 (FEDORA-2017-992c684acb)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release closes serialization file in pcre2test after any error, it fixes a
memory leak in pcre2_serialize_decode() when the input is invalid, a potential
NULL dereference in pcre2_callout_enumerate() if called with a NULL pattern
pointer when Unicode support is available, and 32-bit error buffer size bug in
pcre2test.
--------------------------------------------------------------------------------
================================================================================
perl-DBIx-RunSQL-0.16-1.fc25 (FEDORA-2017-8404d88e83)
Run SQL commands from a file
--------------------------------------------------------------------------------
Update Information:
0.16 20170316 - Allow specifying the table formatter on the command line
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433157 - perl-DBIx-RunSQL-0.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1433157
--------------------------------------------------------------------------------
================================================================================
plplot-5.11.1-13.fc25 (FEDORA-2017-a94a6c787f)
Library of functions for making scientific plots
--------------------------------------------------------------------------------
Update Information:
- Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434323 - plplot in F25 is older than in F24
https://bugzilla.redhat.com/show_bug.cgi?id=1434323
--------------------------------------------------------------------------------
================================================================================
python-ansible-tower-cli-3.1.2-1.fc25 (FEDORA-2017-171bc9406a)
A CLI tool for Ansible Tower
--------------------------------------------------------------------------------
Update Information:
update
--------------------------------------------------------------------------------
================================================================================
python3-3.5.3-4.fc25 (FEDORA-2017-8e8c12076a)
Version 3 of the Python programming language aka Python 3000
--------------------------------------------------------------------------------
Update Information:
Fixed the %py_byte_compile macro so that packages that use it actually compile
their Python files.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433569 - %py_byte_compile doesn't work
https://bugzilla.redhat.com/show_bug.cgi?id=1433569
--------------------------------------------------------------------------------
================================================================================
rpcbind-0.2.4-5.fc25 (FEDORA-2017-66c84b1ba8)
Universal Addresses to RPC Program Number Mapper
--------------------------------------------------------------------------------
Update Information:
Try creating statdir once when opening lock file fails
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1421471 - failure to start: /run/rpcbind/rpcbind.lock: No such file or
directory
https://bugzilla.redhat.com/show_bug.cgi?id=1421471
[ 2 ] Bug #1401561 - rpcbind-0.2.4-1.fc25 fails to start at boot
https://bugzilla.redhat.com/show_bug.cgi?id=1401561
[ 3 ] Bug #1434380 - Fedora-Live-26 fails: dracut-pre-udev:
rpcbind:/run/rpcbind/rpcbind.lock No such file or directory
https://bugzilla.redhat.com/show_bug.cgi?id=1434380
[ 4 ] Bug #1420912 - rpcbind fails to start using vagrant
https://bugzilla.redhat.com/show_bug.cgi?id=1420912
[ 5 ] Bug #1415496 - rpcbind fails at boot
https://bugzilla.redhat.com/show_bug.cgi?id=1415496
--------------------------------------------------------------------------------
================================================================================
sscg-2.0.4-1.fc25 (FEDORA-2017-d219f0e5fc)
Simple SSL certificate generator
--------------------------------------------------------------------------------
Update Information:
Addresses a potential race-condition when the key and certificate share the same
file.
--------------------------------------------------------------------------------
================================================================================
tomcatjss-7.2.1-2.fc25 (FEDORA-2017-910557a400)
JSSE implementation using JSS for Tomcat
--------------------------------------------------------------------------------
Update Information:
Bugzilla Bug #1434541 - tomcatjss 7.2.1 is incompatible with versions of pki-
base < 10.4.0 ---- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.x in
Fedora 25+ ---- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.0 in
Fedora 25+ ---- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.0 in
Fedora 25+
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434541 - tomcatjss 7.2.1 is incompatible with versions of pki-base <
10.4.0
https://bugzilla.redhat.com/show_bug.cgi?id=1434541
--------------------------------------------------------------------------------
================================================================================
unbound-1.6.0-6.fc25 (FEDORA-2017-da6101466c)
Validating, recursive, and caching DNS(SEC) resolver
--------------------------------------------------------------------------------
Update Information:
Call make unbound-event-install to install unbound-event.h
--------------------------------------------------------------------------------
================================================================================
vdr-epg2vdr-1.1.52-1.fc25 (FEDORA-2017-e9d53cd316)
A plugin to retrieve EPG data from a mysql database into VDR
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.52 ---- Update to 1.1.50 ---- Update to 1.1.49 ---- Update
to 1.1.48 ---- Update to 1.1.47 ---- Update to 1.1.46
--------------------------------------------------------------------------------
================================================================================
xorg-x11-drv-libinput-0.23.0-3.fc25 (FEDORA-2017-c0cb900dc8)
Xorg X11 libinput input driver
--------------------------------------------------------------------------------
Update Information:
Send motion event immediately after proximity (#1433755)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433755 - Pen input works incorrectly after update
https://bugzilla.redhat.com/show_bug.cgi?id=1433755
--------------------------------------------------------------------------------
================================================================================
yagf-0.9.5-4.fc25 (FEDORA-2017-b9c8cb8a80)
Graphical front-end for cuneiform
--------------------------------------------------------------------------------
Update Information:
Possible fix for sigsegv.
--------------------------------------------------------------------------------