The following Fedora 24 Security updates need testing:
Age URL
66
https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24
50
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f
chicken-4.11.0-3.fc24
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d61c4f72da
chromium-53.0.2785.143-1.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-be779371b4
perl-Image-Info-1.38-6.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-53e8aa35f6
ghostscript-9.20-2.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-282507c3e9
libass-0.13.4-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bc51f4636f
libgit2-0.24.2-2.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e57edc4cc
glibc-arm-linux-gnu-2.24-2.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea
compat-guile18-1.8.8-14.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4b5897686
epiphany-3.20.4-1.fc24 webkitgtk4-2.14.1-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-57b72e526c
jasper-1.900.3-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-34209c3a8e
guile-2.0.13-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7a30285647 php-5.6.27-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b9cb75981a
php-pecl-zip-1.13.5-1.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9
pungi-4.1.10-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c9d0d9a4f mpfr-3.1.5-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79b5ab3437 pcre-8.39-4.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e51ac2b4f5
thunderbird-45.4.0-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-57b72e526c
jasper-1.900.3-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8c47413113 libXi-1.7.7-2.fc24
The following builds have been pushed to Fedora 24 updates-testing
389-admin-1.1.45-1.fc24
389-ds-base-1.3.5.14-1.fc24
SDL_mng-0.2.7-2.fc24
appstream-data-24-8.fc24
atomic-reactor-1.6.17-1.fc24
certbot-0.9.3-1.fc24
dmlite-0.8.1-1.fc24
dpm-dsi-1.9.10-1.fc24
dpm-xrootd-3.6.2-1.fc24
eclipse-4.6.1-5.fc24
eclipse-mpc-1.5.2-1.fc24
evince-3.20.1-2.fc24
foomatic-4.0.12-7.fc24
gimagereader-3.1.99-1.fc24
heketi-3.0.0-1.fc24
lnst-12-1.fc24
magic-8.1.108-1.fc24
mpfr-3.1.5-1.fc24
openqa-4.4-21.20161006git1ad6190.fc24
osbs-client-0.32-1.fc24
pcre-8.39-4.fc24
perl-Time-Local-1.240-1.fc24
php-5.6.27-1.fc24
php-doctrine-cache-1.6.0-1.fc24
php-pecl-zip-1.13.5-1.fc24
pioneer-20160907-1.fc24
pymol-1.8.4-1.20161007svn4162.fc24
python-acme-0.9.3-1.fc24
python-certbot-apache-0.9.3-1.fc24
python-moksha-hub-1.4.7-1.fc24
python-pyroute2-0.4.10-1.fc24
python3-3.5.2-3.fc24
python3-docs-3.5.2-1.fc24
siril-0.9.4-2.fc24
taskotron-trigger-0.4.1-1.fc24
unity-gtk-module-0.0.0+16.10.20160913-3.fc24
xcircuit-3.9.56-1.fc24
xonsh-0.4.7-1.fc24
xscreensaver-5.36-1.fc24
Details about builds:
================================================================================
389-admin-1.1.45-1.fc24 (FEDORA-2016-b1ec7bb18a)
389 Administration Server (admin)
--------------------------------------------------------------------------------
Update Information:
bump version to 1.1.45
--------------------------------------------------------------------------------
================================================================================
389-ds-base-1.3.5.14-1.fc24 (FEDORA-2016-393bece9d3)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
Bump version to 1.3.5.14-1
--------------------------------------------------------------------------------
================================================================================
SDL_mng-0.2.7-2.fc24 (FEDORA-2016-feac8f6d28)
Simple DirectMedia Layer - MNG Loading Library
--------------------------------------------------------------------------------
Update Information:
Switched to using cmake
--------------------------------------------------------------------------------
================================================================================
appstream-data-24-8.fc24 (FEDORA-2016-74fb9e6d3c)
Fedora AppStream metadata
--------------------------------------------------------------------------------
Update Information:
New metadata version
--------------------------------------------------------------------------------
================================================================================
atomic-reactor-1.6.17-1.fc24 (FEDORA-2016-8c6bc09ba6)
Improved builder for Docker images
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1376236 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1376236
--------------------------------------------------------------------------------
================================================================================
certbot-0.9.3-1.fc24 (FEDORA-2016-1c6bd07afa)
A free, automated certificate authority client
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.2 of certbot
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343915 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1343915
[ 2 ] Bug #1382183 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1382183
--------------------------------------------------------------------------------
================================================================================
dmlite-0.8.1-1.fc24 (FEDORA-2016-4d8e75fe0d)
Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:
* bug fixes
--------------------------------------------------------------------------------
================================================================================
dpm-dsi-1.9.10-1.fc24 (FEDORA-2016-9db33c037f)
Disk Pool Manager (DPM) plugin for the Globus GridFTP server
--------------------------------------------------------------------------------
Update Information:
* new upstream release ---- * new upstream release
--------------------------------------------------------------------------------
================================================================================
dpm-xrootd-3.6.2-1.fc24 (FEDORA-2016-df046191cf)
XROOT interface to the Disk Pool Manager (DPM)
--------------------------------------------------------------------------------
Update Information:
* bug fixes ---- - fix wrong dependency to dmlite ---- * new upstream
release
--------------------------------------------------------------------------------
================================================================================
eclipse-4.6.1-5.fc24 (FEDORA-2016-df2350c7be)
An open, extensible IDE
--------------------------------------------------------------------------------
Update Information:
Failures to start up due to missing package "javax.el" is corrected and unless
the user specifies otherwise Eclipse now prefers to run on X11 by default
instead of Wayland until support for Wayland improves upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1384029 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1384029
[ 2 ] Bug #1384306 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1384306
[ 3 ] Bug #1255007 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1255007
--------------------------------------------------------------------------------
================================================================================
eclipse-mpc-1.5.2-1.fc24 (FEDORA-2016-df2350c7be)
Eclipse Marketplace Client
--------------------------------------------------------------------------------
Update Information:
Failures to start up due to missing package "javax.el" is corrected and unless
the user specifies otherwise Eclipse now prefers to run on X11 by default
instead of Wayland until support for Wayland improves upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1384029 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1384029
[ 2 ] Bug #1384306 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1384306
[ 3 ] Bug #1255007 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1255007
--------------------------------------------------------------------------------
================================================================================
evince-3.20.1-2.fc24 (FEDORA-2016-d4bb9e240b)
Document viewer
--------------------------------------------------------------------------------
Update Information:
- Resolves: rhbz#1365026 missing check of number of pages causing crash -
Resolves: rhbz#1329804 support opening file uris to help xdg-utils
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329804 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1329804
[ 2 ] Bug #1365026 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1365026
--------------------------------------------------------------------------------
================================================================================
foomatic-4.0.12-7.fc24 (FEDORA-2016-8adfae6d38)
Tools for using the foomatic database of printers and printer drivers
--------------------------------------------------------------------------------
Update Information:
Rebuild for ghostscript-9.20
--------------------------------------------------------------------------------
================================================================================
gimagereader-3.1.99-1.fc24 (FEDORA-2016-7c76926fd7)
A front-end to tesseract-ocr
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.99, see
https://github.com/manisandro/gImageReader/releases/tag/v3.1.99 for details.
--------------------------------------------------------------------------------
================================================================================
heketi-3.0.0-1.fc24 (FEDORA-2016-194d9bbbd3)
RESTful based volume management framework for GlusterFS
--------------------------------------------------------------------------------
Update Information:
Release 3 Final
--------------------------------------------------------------------------------
================================================================================
lnst-12-1.fc24 (FEDORA-2016-64f4c97770)
Common code for lnst-ctl and lnst-slave
--------------------------------------------------------------------------------
Update Information:
Updating to stable release 12 - This is going to be one of the final
releases supporting XML recipes
--------------------------------------------------------------------------------
================================================================================
magic-8.1.108-1.fc24 (FEDORA-2016-99c3ee4465)
A very capable VLSI layout tool
--------------------------------------------------------------------------------
Update Information:
New version 8.1.108 is released.
--------------------------------------------------------------------------------
================================================================================
mpfr-3.1.5-1.fc24 (FEDORA-2016-6c9d0d9a4f)
A C library for multiple-precision floating-point computations
--------------------------------------------------------------------------------
Update Information:
rebase
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1384480 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1384480
--------------------------------------------------------------------------------
================================================================================
openqa-4.4-21.20161006git1ad6190.fc24 (FEDORA-2016-3cc3b46a2e)
OS-level automated testing framework
--------------------------------------------------------------------------------
Update Information:
This update provides a newer git snapshot of openQA, with various changes from
upstream. The main reason for the update from our perspective is to include
[this
change](https://github.com/os-autoinst/openQA/pull/920), which is needed
to improve our handling of ARM test assets. This build has been live on staging
for a week or so now.
--------------------------------------------------------------------------------
================================================================================
osbs-client-0.32-1.fc24 (FEDORA-2016-b2b8e83f3c)
Python command line client for OpenShift Build Service
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1383851 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1383851
--------------------------------------------------------------------------------
================================================================================
pcre-8.39-4.fc24 (FEDORA-2016-79b5ab3437)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release fixes compilation of conditionals whena group name starts with
"R".
It also corrects displaying a callout position in pcretest output if an escape
sequence is greater than \x{ff}. It also corrects misspelllings in
pcrepattern(3) manual page.
--------------------------------------------------------------------------------
================================================================================
perl-Time-Local-1.240-1.fc24 (FEDORA-2016-7764609a1b)
Efficiently compute time from local and GMT time
--------------------------------------------------------------------------------
Update Information:
This release improves tests, a build script and code legibility. Ve deliver it
mainly to provide up-to-date version string.
--------------------------------------------------------------------------------
================================================================================
php-5.6.27-1.fc24 (FEDORA-2016-7a30285647)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
13 Oct 2016 - **PHP version 5.6.27** **Core:** * Fixed bug php#73025 (Heap
Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb) * Fixed bug
php#73058 (crypt broken when salt is 'too' long). (Anatol) * Fixed bug php#72703
(Out of bounds global memory read in BF_crypt triggered by password_verify).
(Anatol) * Fixed bug php#73189 (Memcpy negative size parameter
php_resolve_path). (Stas) * Fixed bug php#73147 (Use After Free in
unserialize()). (Stas) **BCmath:** * Fixed bug php#73190 (memcpy negative
parameter _bc_new_num_ex). (Stas) **DOM:** * Fixed bug php#73150 (missing NULL
check in dom_document_save_html). (Stas) **Ereg:** * Fixed bug php#73284 (heap
overflow in php_ereg_replace function). (Stas) **Filter:** * Fixed bug
php#72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and
FILTER_FLAG_NO_PRIV_RANGE). (julien) * Fixed bug php#67167 (Wrong return value
from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE). (levim, cmb) * Fixed bug
php#73054 (default option ignored when object passed to int filter). (cmb)
**GD:** * Fixed bug php#67325 (imagetruecolortopalette: white is duplicated in
palette). (cmb) * Fixed bug php#50194 (imagettftext broken on transparent
background w/o alphablending). (cmb) * Fixed bug php#73003 (Integer Overflow in
gdImageWebpCtx of gd_webp.c). (trylab, cmb) * Fixed bug php#53504 (imagettfbbox
gives incorrect values for bounding box). (Mark Plomer, cmb) * Fixed bug
php#73157 (imagegd2() ignores 3rd param if 4 are given). (cmb) * Fixed bug
php#73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb) * Fixed bug
php#73159 (imagegd2(): unrecognized formats may result in corrupted files).
(cmb) * Fixed bug php#73161 (imagecreatefromgd2() may leak memory). (cmb)
**Intl:** * Fixed bug php#73218 (add mitigation for ICU int overflow). (Stas)
**Imap:** * Fixed bug php#73208 (integer overflow in imap_8bit caused heap
corruption). (Stas) **Mbstring:** * Fixed bug php#72994 (mbc_to_code() out of
bounds read). (Laruence, cmb) * Fixed bug php#66964 (mb_convert_variables()
cannot detect recursion). (Yasuo) * Fixed bug php#72992
(mbstring.internal_encoding doesn't inherit default_charset). (Yasuo) * Fixed
bug php#73082 (string length overflow in mb_encode_* function). (Stas)
**PCRE:** * Fixed bug php#73174 (heap overflow in php_pcre_replace_impl).
(Stas) **Opcache:** * Fixed bug php#72590 (Opcache restart with
kill_all_lockers does not work). (Keyur) (julien backport) **OpenSSL:** *
Fixed bug php#73072 (Invalid path SNI_server_certs causes segfault). (Jakub
Zelenka) * Fixed bug php#73275 (crash in openssl_encrypt function). (Stas) *
Fixed bug php#73276 (crash in openssl_random_pseudo_bytes function). (Stas)
**Session:** * Fixed bug php#68015 (Session does not report invalid uid for
files save handler). (Yasuo) * Fixed bug php#73100 (session_destroy null
dereference in ps_files_path_create). (cmb) **SimpleXML:** * Fixed bug
php#73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas)
**SPL:** * Fixed bug php#73073 (CachingIterator null dereference when convert
to string). (Stas) **Standard:** * Fixed bug php#73240 (Write out of bounds at
number_format). (Stas) * Fixed bug php#73017 (memory corruption in wordwrap
function). (Stas) **Stream:** * Fixed bug php#73069 (readfile() mangles files
larger than 2G). (Laruence)
--------------------------------------------------------------------------------
================================================================================
php-doctrine-cache-1.6.0-1.fc24 (FEDORA-2016-058944745b)
Doctrine Cache
--------------------------------------------------------------------------------
Update Information:
### v1.6.0 * 109: Cleanup: drop unsupported php versions * 112: Native APCu
support * 115: Add APCu cache provider * 117: Added MultiPutCache interface and
implementations for drivers that support it * 130: Added support for stats and
ttl on ArrayCache
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295634 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1295634
--------------------------------------------------------------------------------
================================================================================
php-pecl-zip-1.13.5-1.fc24 (FEDORA-2016-b9cb75981a)
A ZIP archive management extension
--------------------------------------------------------------------------------
Update Information:
**Version 1.13.5** - Fixed bug php#72660 (NULL Pointer dereference in
zend_virtual_cwd). (Laruence) - Fixed bug php#68302 (impossible to compile php
with zip support). (cmb) - Fixed bug php#70752 (Depacking with wrong password
leaves 0 length files). (cmb)
--------------------------------------------------------------------------------
================================================================================
pioneer-20160907-1.fc24 (FEDORA-2016-d5f5a9f08b)
A game of lonely space adventure
--------------------------------------------------------------------------------
Update Information:
20160907 release.
http://pioneerspacesim.net/download#changelog
--------------------------------------------------------------------------------
================================================================================
pymol-1.8.4-1.20161007svn4162.fc24 (FEDORA-2016-d7a6d91430)
PyMOL Molecular Graphics System
--------------------------------------------------------------------------------
Update Information:
- update to 1.8.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1382199 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1382199
--------------------------------------------------------------------------------
================================================================================
python-acme-0.9.3-1.fc24 (FEDORA-2016-1c6bd07afa)
Python library for the ACME protocol
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.2 of certbot
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343915 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1343915
[ 2 ] Bug #1382183 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1382183
--------------------------------------------------------------------------------
================================================================================
python-certbot-apache-0.9.3-1.fc24 (FEDORA-2016-1c6bd07afa)
The apache plugin for certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.2 of certbot
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343915 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1343915
[ 2 ] Bug #1382183 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1382183
--------------------------------------------------------------------------------
================================================================================
python-moksha-hub-1.4.7-1.fc24 (FEDORA-2016-3bc25f4a3d)
Hub components for Moksha
--------------------------------------------------------------------------------
Update Information:
Enhancements and bugfixes to the STOMP backend.
--------------------------------------------------------------------------------
================================================================================
python-pyroute2-0.4.10-1.fc24 (FEDORA-2016-32c2ab8f8e)
Pure Python netlink library
--------------------------------------------------------------------------------
Update Information:
devlink fd leak fix ---- critical fd leak fix ---- uplift to 0.4.x ----
separate Python2 and Python3 packages
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1309389 - python-pyroute2: Provide a Python 3 subpackage
https://bugzilla.redhat.com/show_bug.cgi?id=1309389
--------------------------------------------------------------------------------
================================================================================
python3-3.5.2-3.fc24 (FEDORA-2016-cd0636887f)
Version 3 of the Python programming language aka Python 3000
--------------------------------------------------------------------------------
Update Information:
Updating Python to a new subminor release with multitude of bugfixes. Since
we're updating a live Fedora, I'd like to wait at least 2 weeks in updates-
testing.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1383060 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1383060
[ 2 ] Bug #1379897 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1379897
--------------------------------------------------------------------------------
================================================================================
python3-docs-3.5.2-1.fc24 (FEDORA-2016-cd0636887f)
Documentation for the Python 3 programming language
--------------------------------------------------------------------------------
Update Information:
Updating Python to a new subminor release with multitude of bugfixes. Since
we're updating a live Fedora, I'd like to wait at least 2 weeks in updates-
testing.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1383060 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1383060
[ 2 ] Bug #1379897 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1379897
--------------------------------------------------------------------------------
================================================================================
siril-0.9.4-2.fc24 (FEDORA-2016-e4a425ce77)
Astronomical image processing software
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1371502 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1371502
--------------------------------------------------------------------------------
================================================================================
taskotron-trigger-0.4.1-1.fc24 (FEDORA-2016-5727de3374)
Triggering Taskotron jobs via fedmsg
--------------------------------------------------------------------------------
Update Information:
Add docker support. Remove mongoquery bundle. ---- Initial build of taskotron-
trigger in Fedora repos
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1341099 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1341099
--------------------------------------------------------------------------------
================================================================================
unity-gtk-module-0.0.0+16.10.20160913-3.fc24 (FEDORA-2016-cdb63d04cd)
GTK+ module for exporting old-style menus as GMenuModels
--------------------------------------------------------------------------------
Update Information:
- Drop dependency on glib2 and gtk-doc, own the dir in the package instead -
Updated Url-tag
--------------------------------------------------------------------------------
================================================================================
xcircuit-3.9.56-1.fc24 (FEDORA-2016-177a8dea81)
Electronic circuit schematic drawing program
--------------------------------------------------------------------------------
Update Information:
New version 3.9.56 is released.
--------------------------------------------------------------------------------
================================================================================
xonsh-0.4.7-1.fc24 (FEDORA-2016-a82fe9b737)
A general purpose, Python-ish shell
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.4.7
--------------------------------------------------------------------------------
================================================================================
xscreensaver-5.36-1.fc24 (FEDORA-2016-9910999694)
X screen saver and locker
--------------------------------------------------------------------------------
Update Information:
New version 5.36 is released.
--------------------------------------------------------------------------------