The following Fedora 25 Security updates need testing: Age URL 186 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 85 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 29 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dbbbafea6 runc-1.0.0-7.git6394544.fc25.2 24 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec3c82e64d libstaroffice-0.0.3-3.fc25 24 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bcfa3569d6 libmwaw-0.3.11-3.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f68c93aaac kmail-16.12.3-2.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb1ecba1bc kf5-messagelib-16.12.3-2.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a11f853361 kdepim4-4.14.10-31.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-708adeb9b6 libsndfile-1.0.28-3.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb xen-4.7.2-7.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-63aca509fb zabbix-3.0.9-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7591a8e2c9 globus-xio-5.16-1.fc25 globus-net-manager-0.17-1.fc25 globus-gass-cache-program-6.7-1.fc25 globus-gass-copy-9.27-1.fc25 globus-gssapi-gsi-12.16-1.fc25 globus-gram-job-manager-14.36-1.fc25 globus-gridftp-server-12.2-1.fc25 globus-io-11.9-1.fc25 globus-xio-gsi-driver-3.11-1.fc25 globus-xio-pipe-driver-3.10-1.fc25 globus-xio-udt-driver-1.27-1.fc25 myproxy-6.1.28-1.fc25 globus-ftp-client-8.35-2.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-38113758e7 drupal7-7.56-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f7d6fbccc php-horde-Horde-Image-2.5.1-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff1b87765 webkitgtk4-2.16.5-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c57da6642 libmtp-1.1.13-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-372bb1edb3 libdb-5.3.28-24.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-75c571778e irssi-1.0.3-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-620085cede httpd-2.4.26-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-03954b6dc4 jetty-test-helper-3.1-3.fc25 jetty-alpn-8.1.11-2.v20170118.fc25 jetty-9.4.6-1.v20170531.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d3bc944153 pius-2.2.4-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a348b32eb5 libgcrypt-1.7.8-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-58cde32413 qt5-qtwebengine-5.9.0-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d04f7ddd73 dnsperf-2.1.0.0-3.fc25 bind-dyndb-ldap-10.1-2.fc25 bind-9.10.5-2.P2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-79886ea453 mosquitto-1.4.13-1.fc25
The following Fedora 25 Critical Path updates have yet to be approved: Age URL 29 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a83e0e61d6 fwupd-0.9.4-1.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd92718a5a pungi-4.1.16-3.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-82f4a3afee storaged-2.6.2-6.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-708adeb9b6 libsndfile-1.0.28-3.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb xen-4.7.2-7.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d90aa59a73 libguestfs-1.36.5-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0187b2a605 selinux-policy-3.13.1-225.19.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-80862de14e perl-Scalar-List-Utils-1.48-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-372bb1edb3 libdb-5.3.28-24.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff1b87765 webkitgtk4-2.16.5-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a348b32eb5 libgcrypt-1.7.8-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-92a040da1a rsync-3.1.2-4.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d8104c0ea6 hostname-3.15-8.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2a0a9f69f8 dbus-1.11.14-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-118505dd77 libsoup-2.56.0-3.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-de0dd8b845 gsm-1.0.17-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-82ed89323e libsolv-0.6.28-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-caf28c1846 flatpak-0.9.7-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d137386ea kernel-4.11.8-200.fc25
The following builds have been pushed to Fedora 25 updates-testing
LuxRender-1.6-16.fc25 bind-9.10.5-2.P2.fc25 bind-dyndb-ldap-10.1-2.fc25 dnscrypt-proxy-gui-1.11.10-1.fc25 dnsperf-2.1.0.0-3.fc25 edgar-1.27-1.fc25 embree-2.16.4-1.fc25 flacon-3.0.0-1.fc25 flatpak-0.9.7-1.fc25 gimagereader-3.2.3-1.fc25 groonga-7.0.4-1.fc25 kernel-4.11.8-200.fc25 libsolv-0.6.28-1.fc25 libtaskotron-0.4.21-1.fc25 mosquitto-1.4.13-1.fc25 ndctl-57.1-1.fc25 python-pydocstyle-2.0.0-1.fc25 python-pytoml-0.1.14-1.git7dea353.fc25 qcad-3.17.3.0-1.fc25 radicale-1.1.2-2.fc25 rkhunter-1.4.4-1.fc25 sugar-measure-101-1.fc25 thermald-1.6-6.fc25 wingpanel-indicator-datetime-2.0.2-1.fc25 xplayer-1.4.3-1.fc25
Details about builds:
================================================================================ LuxRender-1.6-16.fc25 (FEDORA-2017-9d612e19f0) Lux Renderer, an unbiased rendering system -------------------------------------------------------------------------------- Update Information:
Rebuild with embree 2.16.4. Release note ----------------- Bugfix in the ribbon intersector for hair primitives. Non-normalized rays caused wrong intersection distance to be reported. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1459537 - embree-2.16.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1459537 [ 2 ] Bug #1434810 - embree-2.16.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1434810 [ 3 ] Bug #1466767 - embree-2.16.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1466767 --------------------------------------------------------------------------------
================================================================================ bind-9.10.5-2.P2.fc25 (FEDORA-2017-d04f7ddd73) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information:
Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140 ---- Update to 10.1. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1466189 - CVE-2017-3142 bind: An error in TSIG authentication can permit unauthorized zone transfers https://bugzilla.redhat.com/show_bug.cgi?id=1466189 [ 2 ] Bug #1461302 - CVE-2017-3140 bind: Error processing RPZ rules leads to endless loop while handling query https://bugzilla.redhat.com/show_bug.cgi?id=1461302 [ 3 ] Bug #1466193 - CVE-2017-3143 bind: An error in TSIG authentication can permit unauthorized dynamic updates https://bugzilla.redhat.com/show_bug.cgi?id=1466193 --------------------------------------------------------------------------------
================================================================================ bind-dyndb-ldap-10.1-2.fc25 (FEDORA-2017-d04f7ddd73) LDAP back-end plug-in for BIND -------------------------------------------------------------------------------- Update Information:
Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140 ---- Update to 10.1. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1466189 - CVE-2017-3142 bind: An error in TSIG authentication can permit unauthorized zone transfers https://bugzilla.redhat.com/show_bug.cgi?id=1466189 [ 2 ] Bug #1461302 - CVE-2017-3140 bind: Error processing RPZ rules leads to endless loop while handling query https://bugzilla.redhat.com/show_bug.cgi?id=1461302 [ 3 ] Bug #1466193 - CVE-2017-3143 bind: An error in TSIG authentication can permit unauthorized dynamic updates https://bugzilla.redhat.com/show_bug.cgi?id=1466193 --------------------------------------------------------------------------------
================================================================================ dnscrypt-proxy-gui-1.11.10-1.fc25 (FEDORA-2017-83c4275946) GUI wrapper for dnscrypt-proxy -------------------------------------------------------------------------------- Update Information:
enhancements; -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1464281 - dnscrypt-proxy-gui-1.11.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1464281 --------------------------------------------------------------------------------
================================================================================ dnsperf-2.1.0.0-3.fc25 (FEDORA-2017-d04f7ddd73) Benchmarking authorative and recursing DNS servers -------------------------------------------------------------------------------- Update Information:
Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140 ---- Update to 10.1. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1466189 - CVE-2017-3142 bind: An error in TSIG authentication can permit unauthorized zone transfers https://bugzilla.redhat.com/show_bug.cgi?id=1466189 [ 2 ] Bug #1461302 - CVE-2017-3140 bind: Error processing RPZ rules leads to endless loop while handling query https://bugzilla.redhat.com/show_bug.cgi?id=1461302 [ 3 ] Bug #1466193 - CVE-2017-3143 bind: An error in TSIG authentication can permit unauthorized dynamic updates https://bugzilla.redhat.com/show_bug.cgi?id=1466193 --------------------------------------------------------------------------------
================================================================================ edgar-1.27-1.fc25 (FEDORA-2017-02b25dd600) A platform game -------------------------------------------------------------------------------- Update Information:
* Added new music for the Laboratory * Updated German translation * Fixed a problem where Evil Edgar could get blocked by monsters during his first cutscene * Increased the size of the safe dial image * Health potions now restore 5 health points * Boulders spin more realistically * The Gargoyle now hovers lower down during his second phase attack * Fixed a memory leak when saving PNG images --------------------------------------------------------------------------------
================================================================================ embree-2.16.4-1.fc25 (FEDORA-2017-9d612e19f0) Collection of high-performance ray tracing kernels developed at Intel -------------------------------------------------------------------------------- Update Information:
Rebuild with embree 2.16.4. Release note ----------------- Bugfix in the ribbon intersector for hair primitives. Non-normalized rays caused wrong intersection distance to be reported. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1459537 - embree-2.16.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1459537 [ 2 ] Bug #1434810 - embree-2.16.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1434810 [ 3 ] Bug #1466767 - embree-2.16.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1466767 --------------------------------------------------------------------------------
================================================================================ flacon-3.0.0-1.fc25 (FEDORA-2017-b2cd696648) Audio File Encoder -------------------------------------------------------------------------------- Update Information:
new version 3.0.0 --------------------------------------------------------------------------------
================================================================================ flatpak-0.9.7-1.fc25 (FEDORA-2017-caf28c1846) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information:
Update to 0.9.7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1466970 - flatpak-0.9.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1466970 --------------------------------------------------------------------------------
================================================================================ gimagereader-3.2.3-1.fc25 (FEDORA-2017-d87c19c4d9) A front-end to tesseract-ocr -------------------------------------------------------------------------------- Update Information:
Update to version 3.2.3, see https://github.com/manisandro/gImageReader/releases/tag/v3.2.3 for details. ---- Update to version 3.2.2, see https://github.com/manisandro/gImageReader/releases/tag/v3.2.2 for details. --------------------------------------------------------------------------------
================================================================================ groonga-7.0.4-1.fc25 (FEDORA-2017-f24b73cb74) An Embeddable Fulltext Search Engine -------------------------------------------------------------------------------- Update Information:
new upstream release --------------------------------------------------------------------------------
================================================================================ kernel-4.11.8-200.fc25 (FEDORA-2017-0d137386ea) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 4.11.8 update contains a number of important fixes across the tree --------------------------------------------------------------------------------
================================================================================ libsolv-0.6.28-1.fc25 (FEDORA-2017-82ed89323e) Package dependency solver -------------------------------------------------------------------------------- Update Information:
- make peace with newer perl versions - fix memory leak in bindings - add `pool_best_solvables()` function - fix 64bit integer parsing from RPM headers --------------------------------------------------------------------------------
================================================================================ libtaskotron-0.4.21-1.fc25 (FEDORA-2017-ff47530b6a) Taskotron Support Library -------------------------------------------------------------------------------- Update Information:
- documentation improvements - DNF_REPO item type removed - default task artifact now points to artifacts root dir instead of task log - fix rpm deps handling via dnf on Fedora 26 (but only support package names and filepaths as deps in task formulas) --------------------------------------------------------------------------------
================================================================================ mosquitto-1.4.13-1.fc25 (FEDORA-2017-79886ea453) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information:
Fix CVE-2017-9868 (rhbz#1464946) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1464946 - CVE-2017-9868 mosquitto: World-readable persistence file possibly leaking sensitive information https://bugzilla.redhat.com/show_bug.cgi?id=1464946 --------------------------------------------------------------------------------
================================================================================ ndctl-57.1-1.fc25 (FEDORA-2017-34bf8d7ed9) Manage "libnvdimm" subsystem devices (Non-volatile Memory) -------------------------------------------------------------------------------- Update Information:
Release v57.1 --------------------------------------------------------------------------------
================================================================================ python-pydocstyle-2.0.0-1.fc25 (FEDORA-2017-4db0e57f0b) Python docstring style checker -------------------------------------------------------------------------------- Update Information:
Initial release in Fedora 25+ -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1409654 - Review Request: python-pydocstyle - Python docstring style checker https://bugzilla.redhat.com/show_bug.cgi?id=1409654 --------------------------------------------------------------------------------
================================================================================ python-pytoml-0.1.14-1.git7dea353.fc25 (FEDORA-2017-a84ddb9830) Parser for TOML -------------------------------------------------------------------------------- Update Information:
Update to 0.1.14 --------------------------------------------------------------------------------
================================================================================ qcad-3.17.3.0-1.fc25 (FEDORA-2017-a5ee1d8df7) Powerful 2D CAD system -------------------------------------------------------------------------------- Update Information:
- Update to 3.17.3.0 --------------------------------------------------------------------------------
================================================================================ radicale-1.1.2-2.fc25 (FEDORA-2017-7bc73f2219) A simple CalDAV (calendar) and CardDAV (contact) server -------------------------------------------------------------------------------- Update Information:
Remove PrivateDevices=true (RHBZ#1452328) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1452328 - SELinux prevents from start radicale.service https://bugzilla.redhat.com/show_bug.cgi?id=1452328 --------------------------------------------------------------------------------
================================================================================ rkhunter-1.4.4-1.fc25 (FEDORA-2017-f5e8476376) A host-based tool to scan for rootkits, backdoors and local exploits -------------------------------------------------------------------------------- Update Information:
New upstream release with various fixes. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1284403 - Logger is not being used correctly in /usr/bin/rkhunter https://bugzilla.redhat.com/show_bug.cgi?id=1284403 [ 2 ] Bug #1466318 - rkhunter-1.4.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1466318 --------------------------------------------------------------------------------
================================================================================ sugar-measure-101-1.fc25 (FEDORA-2017-d9665bcc81) Measure for Sugar -------------------------------------------------------------------------------- Update Information:
Release version 101 --------------------------------------------------------------------------------
================================================================================ thermald-1.6-6.fc25 (FEDORA-2017-bf62c5555b) Thermal Management daemon -------------------------------------------------------------------------------- Update Information:
* Replace fix for rhbz#1464548 from upstream commit * Add upstream patch to fix README * Add upstreamed patch to silence compiler warnings ---- * Add upstream patch to fix ThermalMonitor * Add several fixes from upstream -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1464548 - [abrt] thermald-monitor: ThermaldInterface::getLowestValidTripTempForZone(): ThermalMonitor killed by signal 11 https://bugzilla.redhat.com/show_bug.cgi?id=1464548 --------------------------------------------------------------------------------
================================================================================ wingpanel-indicator-datetime-2.0.2-1.fc25 (FEDORA-2017-e551b7c146) Datetime Indicator for wingpanel -------------------------------------------------------------------------------- Update Information:
Update to version 2.0.2. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1466780 - wingpanel-indicator-datetime-2.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1466780 --------------------------------------------------------------------------------
================================================================================ xplayer-1.4.3-1.fc25 (FEDORA-2017-38e91ecec3) A generic Media Player -------------------------------------------------------------------------------- Update Information:
* New upstream release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1467001 - xplayer-1.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467001 --------------------------------------------------------------------------------