The following Fedora 24 Security updates need testing:
Age URL
90
https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df
jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24
59
https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08
squid-3.5.23-1.fc24
52
https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24
15
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba9c6a3634
quagga-0.99.24.1-5.fc24
15
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba
runc-1.0.0-5.rc2.gitc91b5be.fc24
12
https://bodhi.fedoraproject.org/updates/FEDORA-2017-22828d4bdb redis-3.2.7-1.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a5b89363f
libwmf-0.2.8.4-50.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d5fb74cd2e
zoneminder-1.28.1-8.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-fa4e441e03
netpbm-10.77.00-3.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-404f1a29fc
mingw-gtk-vnc-0.7.0-1.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a9e6a5c249
gtk-vnc-0.7.0-1.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-27099c270a
bind-9.10.4-3.P6.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9b2cf468d5 vim-8.0.324-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-abbfa3f1a9
python-cjson-1.1.0-9.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3893b6e15b
mingw-wavpack-5.1.0-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bf34bc83ba
python-tqdm-4.11.2-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-844445f2aa mupdf-1.10a-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-40d29c8e84
kopete-16.12.2-2.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-33cb46c6b0
diffoscope-77-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-624e2eeda0
mujs-0-8.20170124git4006739.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-13b5cb36c3
plasma-desktop-5.8.5-4.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1abcbe695
webkitgtk4-2.14.5-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-05e32fe278 xrdp-0.9.1-3.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-787bc0d5b4
kernel-4.9.10-100.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f9f3a78148
suricata-3.2.1-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4ee7018c1 xen-4.6.4-7.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-19c5440abe
tomcat-8.0.41-1.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-176122b6c4
ntfs-3g-2016.2.22-4.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-85415b3949 lua-5.3.4-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9b2cf468d5 vim-8.0.324-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-acb5ebda45 audit-2.7.2-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-748d61bdb8
dbus-1.11.10-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-787bc0d5b4
kernel-4.9.10-100.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a8dc348834 pcre-8.40-2.fc24
The following builds have been pushed to Fedora 24 updates-testing
cargo-0.16.0-1.fc24
copyq-2.9.0-1.fc24
dbus-1.11.10-1.fc24
dnssec-trigger-0.13-1.fc24
gdouros-alexander-fonts-7.17-1.fc24
gdouros-anaktoria-fonts-7.17-1.fc24
gdouros-aroania-fonts-7.17-1.fc24
gdouros-asea-fonts-7.17-1.fc24
gdouros-avdira-fonts-7.17-1.fc24
glusterfs-3.8.9-1.fc24
gomtree-0.3.1-1.fc24
magic-8.1.149-1.fc24
masscan-1.0.3-7.fc24
mate-power-manager-1.16.2-1.fc24
openstack-java-sdk-3.1.2-1.fc24
perl-Thread-Queue-3.12-1.fc24
php-pecl-amqp-1.8.0-1.fc24
proftpd-1.3.5d-3.fc24
python-openqa_client-1.3.0-1.fc24
resultsdb_conventions-2.0.1-1.fc24
rust-1.15.1-1.fc24.1
shigofumi-0.8-1.fc24
suricata-3.2.1-1.fc24
targetd-0.8.5-1.fc24
tomcat-8.0.41-1.fc24
vnstat-1.17-1.fc24
xen-4.6.4-7.fc24
xrootd-4.6.0-4.fc24
youtube-dl-2017.02.16-1.fc24
Details about builds:
================================================================================
cargo-0.16.0-1.fc24 (FEDORA-2017-9e7217f11d)
Rust's package manager and build tool
--------------------------------------------------------------------------------
Update Information:
New versions of Rust and Cargo -- see the release notes for [1.15](https://blog
.rust-lang.org/2017/02/02/Rust-1.15.html) and [1.15.1](https://blog.rust-
lang.org/2017/02/09/Rust-1.15.1.html).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422930 - dnf upgrade yielded non-functioning compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1422930
--------------------------------------------------------------------------------
================================================================================
copyq-2.9.0-1.fc24 (FEDORA-2017-e7279b835d)
Advanced clipboard manager
--------------------------------------------------------------------------------
Update Information:
Upstreame release rhbz#1423475
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1423475 - copyq-v2.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1423475
--------------------------------------------------------------------------------
================================================================================
dbus-1.11.10-1.fc24 (FEDORA-2017-748d61bdb8)
D-BUS message bus
--------------------------------------------------------------------------------
Update Information:
Update to 1.11.10
--------------------------------------------------------------------------------
================================================================================
dnssec-trigger-0.13-1.fc24 (FEDORA-2017-321d2aec03)
Tool for dynamic reconfiguration of validating resolver Unbound
--------------------------------------------------------------------------------
Update Information:
- update to the latest stable upstream release 0.13 - Fixes for couple of fedora
issues were merged upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1423337 - dnssec-trigger: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1423337
[ 2 ] Bug #1317196 - [abrt] dnssec-trigger:
subprocess.py:1457:_execute_child:FileNotFoundError: [Errno 2] No such file or directory:
'/etc/init.d/NetworkManager'
https://bugzilla.redhat.com/show_bug.cgi?id=1317196
--------------------------------------------------------------------------------
================================================================================
gdouros-alexander-fonts-7.17-1.fc24 (FEDORA-2017-e72352e221)
A Greek typeface inspired by Alexander Wilson
--------------------------------------------------------------------------------
Update Information:
Update to 7.17
--------------------------------------------------------------------------------
================================================================================
gdouros-anaktoria-fonts-7.17-1.fc24 (FEDORA-2017-eca281d547)
A font based on "Grecs du roi" and the "First Folio Edition of
Shakespeare"
--------------------------------------------------------------------------------
Update Information:
Update to 7.17
--------------------------------------------------------------------------------
================================================================================
gdouros-aroania-fonts-7.17-1.fc24 (FEDORA-2017-048649ca66)
A font based on Victor Julius Scholderer's "New Hellenic"
--------------------------------------------------------------------------------
Update Information:
Update to 7.17
--------------------------------------------------------------------------------
================================================================================
gdouros-asea-fonts-7.17-1.fc24 (FEDORA-2017-0795b4cdc5)
Asea is an etude on the dominant typeface of Greek typography
--------------------------------------------------------------------------------
Update Information:
Update to 7.17
--------------------------------------------------------------------------------
================================================================================
gdouros-avdira-fonts-7.17-1.fc24 (FEDORA-2017-146da4ca07)
A font based on elements created by Demetrios Damilas (late 15th c.)
--------------------------------------------------------------------------------
Update Information:
Update to 7.17
--------------------------------------------------------------------------------
================================================================================
glusterfs-3.8.9-1.fc24 (FEDORA-2017-b0626ae17d)
Distributed File System
--------------------------------------------------------------------------------
Update Information:
GlusterFS 3.8.9 GA
--------------------------------------------------------------------------------
================================================================================
gomtree-0.3.1-1.fc24 (FEDORA-2017-7c37227c8d)
Go CLI tool for mtree support
--------------------------------------------------------------------------------
Update Information:
bump to v0.3.1
--------------------------------------------------------------------------------
================================================================================
magic-8.1.149-1.fc24 (FEDORA-2017-77f3f690ae)
A very capable VLSI layout tool
--------------------------------------------------------------------------------
Update Information:
New version 8.1.149 is released.
--------------------------------------------------------------------------------
================================================================================
masscan-1.0.3-7.fc24 (FEDORA-2017-b3f33501e7)
This is the fastest Internet port scanner
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1307763 - masscan: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1307763
--------------------------------------------------------------------------------
================================================================================
mate-power-manager-1.16.2-1.fc24 (FEDORA-2017-716390223a)
MATE power management service
--------------------------------------------------------------------------------
Update Information:
- update to 1.16.2
--------------------------------------------------------------------------------
================================================================================
openstack-java-sdk-3.1.2-1.fc24 (FEDORA-2017-f1011fb9f9)
OpenStack Java SDK
--------------------------------------------------------------------------------
Update Information:
update to openstack-java-sdk-3.1.2
--------------------------------------------------------------------------------
================================================================================
perl-Thread-Queue-3.12-1.fc24 (FEDORA-2017-b74c381b22)
Thread-safe queues
--------------------------------------------------------------------------------
Update Information:
This release fixes a dead lock when using dequeue_nb, enqueue, and queue size
limit. It also prevents from calling dequeue methids if count is bigger than
limit.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1423058 - perl-Thread-Queue-3.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1423058
--------------------------------------------------------------------------------
================================================================================
php-pecl-amqp-1.8.0-1.fc24 (FEDORA-2017-dd4ca9b873)
Communicate with any AMQP compliant server
--------------------------------------------------------------------------------
Update Information:
**Version 1.8.0** * Add SSL connection support (Bogdan Padalko) * Support for
server method handling: confirms (publisher acknowledgments) and basic.return
(Bogdan Padalko) * Add support for pkg-config (Remi Collet) * Preserve AMQP
server error code for exceptions (Bogdan Padalko) * Add AMQPChannel::close()
(Bogdan Padalko) * Fix segfault when deleting an unknown exchange (Bogdan
Padalko) * Fix segfault with PHPUnit and xdebug for PHP 7 (Bogdan Padalko) * Add
publisher confirms (Bogdan Padalko)
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.5d-3.fc24 (FEDORA-2017-0036ee2265)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update is an attempt to fix segfaults when using mod_sftp. *
http://bugs.proftpd.org/show_bug.cgi?id=4287 *
https://github.com/proftpd/proftpd/issues/408
--------------------------------------------------------------------------------
================================================================================
python-openqa_client-1.3.0-1.fc24 (FEDORA-2017-b52500052e)
Python client library for openQA API
--------------------------------------------------------------------------------
Update Information:
This update introduces a new package containing the [Python client
library](https://github.com/os-autoinst/openQA-python-client) for the
[openQA](http://open.qa) web API. It handles authentication for administrative
requests, and provides a couple of convenience functions for job queries. This
library is already used for scheduling jobs, forwarding results to
[
Wikitcms](https://fedoraproject.org/wiki/Wikitcms) and
[
ResultsDB](https://fedoraproject.org/wiki/ResultsDB) and generating the
'compose check report' emails and [nightly compose finder
page](https://www.happyassassin.net/nightlies.html), but had not formerly been
packaged.
--------------------------------------------------------------------------------
================================================================================
resultsdb_conventions-2.0.1-1.fc24 (FEDORA-2017-a72d888945)
Library defining conventions for ResultsDB results
--------------------------------------------------------------------------------
Update Information:
This update introduces a new package for
[resultsdb_conventions](https://pagure.io/taskotron/resultsdb_conventions),
which is intended both to define shared 'conventions' for reporting results to
[
ResultsDB](https://fedoraproject.org/wiki/ResultsDB) and to ease the process of
reporting results that comply with these conventions. Currently it provides a
Python library enabling convenient result reporting for tests related to
distribution composes with [
productmd](https://github.com/release-
engineering/productmd)-type metadata, which is used by
[fedora_openqa](https://pagure.io/fedora-qa/fedora_openqa) and
[autocloudreporter](https://pagure.io/fedora-qa/autocloudreporter) to forward
results to ResultsDB in a consistent format.
--------------------------------------------------------------------------------
================================================================================
rust-1.15.1-1.fc24.1 (FEDORA-2017-9e7217f11d)
The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
New versions of Rust and Cargo -- see the release notes for [1.15](https://blog
.rust-lang.org/2017/02/02/Rust-1.15.html) and [1.15.1](https://blog.rust-
lang.org/2017/02/09/Rust-1.15.1.html).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422930 - dnf upgrade yielded non-functioning compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1422930
--------------------------------------------------------------------------------
================================================================================
shigofumi-0.8-1.fc24 (FEDORA-2017-5bcbbd01b2)
Command line client for accessing the Czech Data Boxes
--------------------------------------------------------------------------------
Update Information:
This release fixes building when libmagic libary is too old. ---- This release
fixes a check for an empty password when changing the password. It fixes build
script. It updates documentation and it enables support for storing and
retrieving file types from file extended attributes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1423056 - shigofumi-0.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1423056
[ 2 ] Bug #1421889 - shigofumi-0.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1421889
--------------------------------------------------------------------------------
================================================================================
suricata-3.2.1-1.fc24 (FEDORA-2017-f9f3a78148)
Intrusion Detection System
--------------------------------------------------------------------------------
Update Information:
This is a new upstream feature and security release. Improvements include:
bypass; pre-filter -- fast packet keywords; TLS improvements; ICS protocol
additions: DNP3 CIP/ENIP; SHA1/SHA256 for file matching, logging & extraction;
NIC offloading disabled by default; unix socket enabled by default; and App
Layer stats. Documentation:
http://suricata.readthedocs.io/en/suricata-3.2/
--------------------------------------------------------------------------------
================================================================================
targetd-0.8.5-1.fc24 (FEDORA-2017-aa3de4265c)
Service to make storage remotely configurable
--------------------------------------------------------------------------------
Update Information:
Minor bug fixes and code clean-up, now runs on python3 run-time. Validates SSL
certificates are present at start up if daemon is using SSL.
--------------------------------------------------------------------------------
================================================================================
tomcat-8.0.41-1.fc24 (FEDORA-2017-19c5440abe)
Apache Servlet/JSP Engine, RI for Servlet 3.1/JSP 2.3 API
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-8745
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect
Processor sharing
https://bugzilla.redhat.com/show_bug.cgi?id=1403824
--------------------------------------------------------------------------------
================================================================================
vnstat-1.17-1.fc24 (FEDORA-2017-b182c138bc)
Console-based network traffic monitor
--------------------------------------------------------------------------------
Update Information:
Upgrade to 1.17 (#1423060)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1423060 - vnstat-v1.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1423060
--------------------------------------------------------------------------------
================================================================================
xen-4.6.4-7.fc24 (FEDORA-2017-d4ee7018c1)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
memory leak when destroying guest without PT devices [XSA-207] (#1422492) update
patches for XSA-208 after upstream revision (no functional change) ---- Qemu:
net: mcf_fec: infinite loop while receiving data in mcf_fec_receive
[CVE-2016-9776] Qemu: audio: memory leakage in ac97 [CVE-2017-5525] (#1414111)
Qemu: audio: memory leakage in es1370 device [CVE-2017-5526] (#1414211) oob
access in cirrus bitblt copy [XSA-208, CVE-2017-2615] (#1418243)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1418277 - xsa207 xen: memory leak when destroying guest without PT devices
(XSA-207)
https://bugzilla.redhat.com/show_bug.cgi?id=1418277
[ 2 ] Bug #1414108 - CVE-2017-5525 Qemu: audio: memory leakage in ac97 device
https://bugzilla.redhat.com/show_bug.cgi?id=1414108
[ 3 ] Bug #1414209 - CVE-2017-5526 Qemu: audio: memory leakage in es1370 device
https://bugzilla.redhat.com/show_bug.cgi?id=1414209
[ 4 ] Bug #1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt
copy backward mode
https://bugzilla.redhat.com/show_bug.cgi?id=1418200
--------------------------------------------------------------------------------
================================================================================
xrootd-4.6.0-4.fc24 (FEDORA-2017-e12389b771)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
New version 4.6.0, release notes are here:
https://github.com/xrootd/xrootd/blob/v4.6.0/docs/ReleaseNotes.txt
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2017.02.16-1.fc24 (FEDORA-2017-2759025f5b)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1420965 - youtube-dl cannot find pycrypto, even though it is installed
https://bugzilla.redhat.com/show_bug.cgi?id=1420965
[ 2 ] Bug #1418496 - youtube-dl-2017.02.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1418496
--------------------------------------------------------------------------------