The following Fedora 23 Security updates need testing:
Age URL
284
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
242
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
214
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
165
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
165
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
130
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
49
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940
squid-3.5.10-4.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-34a6b65583 php-5.6.23-1.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4f3c77ef90
php-pecl-zip-1.13.3-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9df3915036
phpMyAdmin-4.6.3-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0b966047e1 krb5-1.14.1-7.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3093027736
mediawiki-1.26.3-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547
nodejs-0.10.46-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-16e8d38f57
gsi-openssh-7.1p2-2.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ef784cf9f7
python3-3.4.3-9.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d126bb1b74 gd-2.1.1-8.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9
kernel-4.5.7-202.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d97547150a
nodejs-ws-1.1.1-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f0552e1341
libreoffice-5.0.6.2-9.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d2d6890690
xerces-c-3.1.4-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-87e8468465
mingw-xerces-c-3.1.4-1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
25
https://bodhi.fedoraproject.org/updates/FEDORA-2016-28873e4832
vim-7.4.1868-1.fc23
25
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad11727bf
PackageKit-1.1.1-2.fc23 appstream-data-23-11.fc23 fwupd-0.7.1-1.fc23
gnome-software-3.20.3-1.fc23.1 json-glib-1.2.0-1.fc23 libappstream-glib-0.5.14-1.fc23
libgusb-0.2.9-1.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c9c2badcb
selinux-policy-3.13.1-158.20.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9bc854cca texinfo-6.0-3.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-001588074b
libfm-1.2.4-4.D20160618gitb22c0995e7.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-06b36c0134
lxsession-0.5.2-10.D20160417git9f8d613332.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f637b89dda
samba-4.3.10-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0b966047e1 krb5-1.14.1-7.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-abff7c6423
kde-settings-23-12.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-99671098b1 qt-4.8.7-18.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4b66e3011c
lxpanel-0.8.2-2.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9
kernel-4.5.7-202.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-20e8af4a21 audit-2.6.1-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d126bb1b74 gd-2.1.1-8.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d55470177d
libwnck3-3.18.0-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5e71233527
dmidecode-3.0-4.fc23
The following builds have been pushed to Fedora 23 updates-testing
ansible-lint-3.1.0-1.fc23
btrfs-sxbackup-0.6.9-1.fc23
dmidecode-3.0-4.fc23
flatpak-0.6.6-1.fc23
fldigi-3.23.12-1.fc23
flmsg-3.00.01-1.fc23
geary-0.11.1-1.fc23
kubernetes-1.2.0-0.24.git4a3f9c5.fc23
libreoffice-5.0.6.2-9.fc23
libwnck3-3.18.0-1.fc23
mingw-tk-8.6.4-2.fc23
mingw-xerces-c-3.1.4-1.fc23
nfdump-1.6.15-2.fc23
ngspice-26-4.fc23
nodejs-ws-1.1.1-1.fc23
pychess-0.12.4-5.fc23
qgit-2.6-2.fc23
rabbitmq-server-3.6.2-4.fc23
the_silver_searcher-0.32.0-1.fc23
xerces-c-3.1.4-1.fc23
Details about builds:
================================================================================
ansible-lint-3.1.0-1.fc23 (FEDORA-2016-14d168dec4)
Best practices checker for Ansible
--------------------------------------------------------------------------------
Update Information:
Fixed typo in previous changelog entry ---- Fixed typo in previous changelog
entry ---- Update to 3.0.0 release
--------------------------------------------------------------------------------
================================================================================
btrfs-sxbackup-0.6.9-1.fc23 (FEDORA-2016-0d6a7dc291)
Incremental btrfs snapshot backups with push/pull support via SSH
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1347484 - btrfs-sxbackup-0.6.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1347484
[ 2 ] Bug #1350287 - btrfs-sxbackup-0.6.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1350287
--------------------------------------------------------------------------------
================================================================================
dmidecode-3.0-4.fc23 (FEDORA-2016-5e71233527)
Tool to analyse BIOS DMI data
--------------------------------------------------------------------------------
Update Information:
Applied out-a-tree patch from Petr Oros: dmidecode: Unmask LRDIMM in memory type
detail
--------------------------------------------------------------------------------
================================================================================
flatpak-0.6.6-1.fc23 (FEDORA-2016-47b1efdf38)
Application deployment framework for desktop apps
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.6
--------------------------------------------------------------------------------
================================================================================
fldigi-3.23.12-1.fc23 (FEDORA-2016-c4e35547a4)
Digital modem program for Linux
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1346520 - fldigi-3.23.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1346520
--------------------------------------------------------------------------------
================================================================================
flmsg-3.00.01-1.fc23 (FEDORA-2016-c4e35547a4)
Fast Light Message Amateur Radio Forms Manager
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1346520 - fldigi-3.23.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1346520
--------------------------------------------------------------------------------
================================================================================
geary-0.11.1-1.fc23 (FEDORA-2016-7a2fb3caf1)
A lightweight email program designed around conversations
--------------------------------------------------------------------------------
Update Information:
#### Geary 0.11.1 - 27 June 2016 #### * Fix frequent crashes on 32-bit/i686
OS installations * Fix error connecting to certain
Outlook\.com accounts *
Find special folders with lower case names * Find Exchange Sent and Deleted
special folders * Don't create Archive folders for GMail accounts * Use
HTTPS for accessing
Gravatar\.com * Fix text not show when only plain text and
image parts * Fix crash when is:foo is not translated * Make English
versions of search ops always work * Allow to:me and from:me to be translated
separately * Fix date typo in NEWS * Updated UI translations The list of
changes including credits can be found
[
here](https://download.gnome.org/sources/geary/0.11/geary-0.11.1.news).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1337903 - geary fails to initialize: unknown tokenizer: unicodesn
https://bugzilla.redhat.com/show_bug.cgi?id=1337903
--------------------------------------------------------------------------------
================================================================================
kubernetes-1.2.0-0.24.git4a3f9c5.fc23 (FEDORA-2016-f612484f9e)
Container cluster management
--------------------------------------------------------------------------------
Update Information:
Be more verbose about devel subpackage ---- Own /run/kubernetes directory
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1269449 - Summary for kubernetes-devel package should be more informative
https://bugzilla.redhat.com/show_bug.cgi?id=1269449
[ 2 ] Bug #1264699 - kubernetes do not respect tpmfiles.d policy
https://bugzilla.redhat.com/show_bug.cgi?id=1264699
--------------------------------------------------------------------------------
================================================================================
libreoffice-5.0.6.2-9.fc23 (FEDORA-2016-f0552e1341)
Free Software Productivity Suite
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-4324
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1351197 - CVE-2016-4324 libreoffice: Dereference of invalid STL iterator on
processing RTF file
https://bugzilla.redhat.com/show_bug.cgi?id=1351197
--------------------------------------------------------------------------------
================================================================================
libwnck3-3.18.0-1.fc23 (FEDORA-2016-d55470177d)
Window Navigator Construction Kit
--------------------------------------------------------------------------------
Update Information:
update to latest upstream releases
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1347757 - libwnck3 needs updating to latest upstream version
https://bugzilla.redhat.com/show_bug.cgi?id=1347757
--------------------------------------------------------------------------------
================================================================================
mingw-tk-8.6.4-2.fc23 (FEDORA-2016-9ba96d7d65)
MinGW Windows graphical toolkit for the Tcl scripting language
--------------------------------------------------------------------------------
Update Information:
Update to 8.6.4 and build mingw64-tk
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1269746 - Please build mingw64-tk
https://bugzilla.redhat.com/show_bug.cgi?id=1269746
--------------------------------------------------------------------------------
================================================================================
mingw-xerces-c-3.1.4-1.fc23 (FEDORA-2016-87e8468465)
MingGW Windows validating XML parser
--------------------------------------------------------------------------------
Update Information:
MinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and
CVE-2016-4463
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1348845 - CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested
DTD
https://bugzilla.redhat.com/show_bug.cgi?id=1348845
[ 2 ] Bug #1310699 - CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted
XML input
https://bugzilla.redhat.com/show_bug.cgi?id=1310699
[ 3 ] Bug #1312231 - CVE-2016-0729 xerces-c: parser crashes on malformed input
https://bugzilla.redhat.com/show_bug.cgi?id=1312231
--------------------------------------------------------------------------------
================================================================================
nfdump-1.6.15-2.fc23 (FEDORA-2016-76dac84a5e)
NetFlow collecting and processing tools
--------------------------------------------------------------------------------
Update Information:
Remove superfluous debug output.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1350764 - nfdump built with debug output enabled
https://bugzilla.redhat.com/show_bug.cgi?id=1350764
--------------------------------------------------------------------------------
================================================================================
ngspice-26-4.fc23 (FEDORA-2016-a8d80244f6)
A mixed level/signal circuit simulator
--------------------------------------------------------------------------------
Update Information:
Some function in ngspice may not work without installing tclspice because
tclspice configuration overwrote ngspice configuration during make install
process. This new rpm should fix this issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1311869 - wrong codemodel paths in /usr/share/ngspice/scripts/spinit
https://bugzilla.redhat.com/show_bug.cgi?id=1311869
--------------------------------------------------------------------------------
================================================================================
nodejs-ws-1.1.1-1.fc23 (FEDORA-2016-d97547150a)
Web socket client, server and console for nodejs
--------------------------------------------------------------------------------
Update Information:
Security fix - Update to 1.1.1 (#1351230,1351231)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1351230 - nodejs-ws: DoS due to excessively large websocket message
https://bugzilla.redhat.com/show_bug.cgi?id=1351230
--------------------------------------------------------------------------------
================================================================================
pychess-0.12.4-5.fc23 (FEDORA-2016-0c189e807e)
Chess game for GNOME
--------------------------------------------------------------------------------
Update Information:
python-gobject is required for pychess to work properly. ---- gtksourceview3
is needed ---- Move to supported version, Bug fixes
--------------------------------------------------------------------------------
================================================================================
qgit-2.6-2.fc23 (FEDORA-2016-b3ec4cf195)
GUI browser for git repositories
--------------------------------------------------------------------------------
Update Information:
use correct compiler flags ---- - updated to 2.6 - switched to Qt 5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1351438 - Patch to build with $RPM_OPT_FLAGS
https://bugzilla.redhat.com/show_bug.cgi?id=1351438
[ 2 ] Bug #1336144 - Build QGit v2.6 with Qt5
https://bugzilla.redhat.com/show_bug.cgi?id=1336144
--------------------------------------------------------------------------------
================================================================================
rabbitmq-server-3.6.2-4.fc23 (FEDORA-2016-1ec5eeea50)
The RabbitMQ server
--------------------------------------------------------------------------------
Update Information:
* Fixed failure during slave promotion * Restored compatibility with resource-
agents
--------------------------------------------------------------------------------
================================================================================
the_silver_searcher-0.32.0-1.fc23 (FEDORA-2016-3b747a6e46)
Super-fast text searching tool (ag)
--------------------------------------------------------------------------------
Update Information:
update to 0.32.0 ---- Build for RHEL6(EPEL)
--------------------------------------------------------------------------------
================================================================================
xerces-c-3.1.4-1.fc23 (FEDORA-2016-d2d6890690)
Validating XML Parser
--------------------------------------------------------------------------------
Update Information:
Update to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1348845 - CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested
DTD
https://bugzilla.redhat.com/show_bug.cgi?id=1348845
[ 2 ] Bug #1310699 - CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted
XML input
https://bugzilla.redhat.com/show_bug.cgi?id=1310699
--------------------------------------------------------------------------------