The following Fedora 24 Security updates need testing:
Age URL
173
https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24
71
https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df
jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24
40
https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08
squid-3.5.23-1.fc24
33
https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24
17
https://bodhi.fedoraproject.org/updates/FEDORA-2017-19b0fe001d
runc-1.0.0-3.rc2.gitc91b5be.fc24
10
https://bodhi.fedoraproject.org/updates/FEDORA-2017-08207fe48b
python-crypto-2.6.1-13.fc24
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2e7217e2a
irssi-0.8.21-1.fc24
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5a823376be
percona-xtrabackup-2.3.6-1.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d7ef286d1
drupal7-title-1.0-0.7.alpha9.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-294c23bb1d
phpMyAdmin-4.6.6-1.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6681f94e10
moodle-3.1.4-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6cc158c193
kernel-4.9.6-100.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-338a3f27e5
wordpress-4.7.2-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-484fae685d
flatpak-0.8.2-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f44f2b8c8
mariadb-10.1.21-1.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
19
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7585703fbe
selinux-policy-3.13.1-191.24.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6cc158c193
kernel-4.9.6-100.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2b2696b823 vim-8.0.238-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bfe67455ae
libtiff-4.0.7-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a18a784b84
wpa_supplicant-2.5-6.fc24 wpa_supplicant-2.5-6.fc24
The following builds have been pushed to Fedora 24 updates-testing
abi-compliance-checker-2.0-1.fc24
arc-theme-20161119-2.fc24
cinnamon-3.2.8-3.fc24
dnscrypt-proxy-gui-1.5.7-1.fc24
inn-2.6.1-3.fc24
kio-gdrive-1.1.0-1.fc24
lxc-2.0.7-1.fc24
ndoutils-2.1.2-1.fc24
python-markdown-2.6.8-1.fc24
rpcbind-0.2.3-17.rc2.fc24
vulkan-1.0.39.0-1.fc24
Details about builds:
================================================================================
abi-compliance-checker-2.0-1.fc24 (FEDORA-2017-08ab29cd50)
An ABI Compliance Checker
--------------------------------------------------------------------------------
Update Information:
#### Version 2.0 (January 28, 2017) **Improvements** * Code refactoring *
Works faster on big libraries * Added a module to create ABI dump from AST tree
* Added a module to create AST dump * Added a module to parse GCC AST * Added a
module to find system files and automatically generate include paths * Added a
module to mangle C++ symbols * Added a module to read ELF binaries * Added a
module to handle type attributes * Added a module to handle XML descriptors *
Added a module to filter symbols * Added a module to handle input data * Added a
module for logging * Extended test suite * Partial support for GCC 6 * Improved
support for Solaris * Compare versioned data types **New Options** * Added
-filter option: a path to XML descriptor with skip_* rules to filter analyzed
symbols in the report * Added -keep-cxx option to check _ZS*, _ZNS* and _ZNKS*
symbols * Bug Fixes * Fixed automatic generation of include paths * Fixed report
for removed virtual symbols * Fixed XML-format ABI dumps * Fixed source-
compatibility reports * Fixed counter of checked data types * Fixed lists of
affected symbols * Fixed analysis of standard C++ libraries * Fixed analysis of
added and removed virtual methods * Fixed style of the report * Fixed analysis
of alias symbols * Uncover changed typedefs properly * Fixed
Parameter_From_Register and Parameter_To_Register rules * Fixed analysis of data
types derived from template instances * Enable -headers-only option
automatically if header file is used as input library descriptor * Fixed
analysis of template instances * Fixed analysis of static data * Fixed error
message if modules are not installed * Fixed analysis of versioned symbols *
Fixed -ext option * Fixed -use-dumps option * Fixed -debug option * Fixed
console output **Other** * Removed support for too old ABI dumps
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1417412 - abi-compliance-checker-2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1417412
--------------------------------------------------------------------------------
================================================================================
arc-theme-20161119-2.fc24 (FEDORA-2017-7285b1e3e5)
Flat theme with transparent elements
--------------------------------------------------------------------------------
Update Information:
* Add Patch0: fix missing gradient warning
--------------------------------------------------------------------------------
================================================================================
cinnamon-3.2.8-3.fc24 (FEDORA-2017-f64191b1b0)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
* Add patch to use fedora-icon as default menu-icon
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1268718 - Use fedora logo in menu applet
https://bugzilla.redhat.com/show_bug.cgi?id=1268718
--------------------------------------------------------------------------------
================================================================================
dnscrypt-proxy-gui-1.5.7-1.fc24 (FEDORA-2017-e9df0bc6a5)
GUI wrapper for dnscrypt-proxy
--------------------------------------------------------------------------------
Update Information:
added test for respond speed; added exclusion from server list;
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413946 - dnscrypt-proxy-gui-1.3.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1413946
--------------------------------------------------------------------------------
================================================================================
inn-2.6.1-3.fc24 (FEDORA-2017-0a04196fd1)
The InterNetNews system, an Usenet news server
--------------------------------------------------------------------------------
Update Information:
* __nnrpd__ now uses -0000 as the time zone for Date: and Injection-Date: header
fields it generates. It was previously using +0000, wrongly systematically
indicating a local time zone at Universal Time when _localtime_ is set to false
(which is the default) in _readers.conf_. The +0000 time zone will now be used
only if _localtime_ is set to true and UTC is really the local time zone of the
server. * Julien Elie has implemented in __nnrpd__ the new COMPRESS command
described in draft-murchison-nntp-compress that extends the NNTP protocol to
allow a connection to be effectively and efficiently compressed. News clients
that also support that extension will be able to benefit from that bandwidth
optimization and improvement in speed. Moreover, using COMPRESS is more secure
than TLS-level compression, as far as authentication credentials are concerned.
* The default value for the _tlscompression_ parameter in _inn.conf_ has
changed. TLS-level compression is now disabled by default, to comply with the
best current practices for a secure use of TLS in application protocols like
NNTP. Using the new COMPRESS command is recommended. * The tlscompression
parameter in inn.conf now also permits to disable TLS-level compression with
OpenSSL 0.9.8. It previously had an effect only when OpenSSL 1.0.0 or later was
used. * __rnews__ no longer segfaults at startup when started setuid news.
Thanks to Marcus Jodorf for the bug report. * Fixed slow __nnrpd__ responses for
a few NNTP commands. The TCP_NODELAY option was unconditionally set whereas only
BSD/OS systems needed it. Thanks to Christian Mock for having discovered that. *
Articles containing a Received: or a Posted: header field are no longer rejected
by __nnrpd__ at injection time. * Articles containing control characters or
whitespace-only content lines in their headers are now rejected by __nnrpd__ at
injection time. * OpenSSL 1.1.0 support has been added to INN. * When an
encryption layer is negotiated during a successful use of the STARTTLS command,
or after a successful authentication using a SASL mechanism that negotiates an
encryption layer, __nnrpd__ now updates the permissions of the news client
according to the new secure state of his connection (that is to say auth blocks
in _readers.conf_ using the _require_ssl_ parameter are taken into account).
Previously, only connections on a dedicated port (usually 563) were taking
benefit from that parameter. Thanks to Steve Crook for the bug report. * When a
data integrity layer was negotiated during a successful SASL authentication,
__nnrpd__ was wrongly reseting any knowledge obtained from the client, such as
the current newsgroup and article number. This behaviour now applies only when
an encryption layer is negotiated. * __nntpsend__ now correctly waits until all
of the child __innxmit__ processes exit before it does. It was causing
__nntpsend__ to fail to work properly on systems that use systemd, because when
it exits prematurely, systemd kills all of the processes it launched, including
the __innxmit__ processes. Thanks to Jonathan Kamens for the patch.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1395717 - Cannot run /usr/libexec/news/innd as non-root user because innd
segfaults
https://bugzilla.redhat.com/show_bug.cgi?id=1395717
[ 2 ] Bug #1403810 - inn-2.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403810
--------------------------------------------------------------------------------
================================================================================
kio-gdrive-1.1.0-1.fc24 (FEDORA-2017-1adf6e93e9)
An Google Drive KIO slave for KDE
--------------------------------------------------------------------------------
Update Information:
update version 1.1 ---- Initial version of the package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387669 - Review Request: kio-gdrive - KDE Dolphin Google Drive access
https://bugzilla.redhat.com/show_bug.cgi?id=1387669
--------------------------------------------------------------------------------
================================================================================
lxc-2.0.7-1.fc24 (FEDORA-2017-e13a4d97f1)
Linux Resource Containers
--------------------------------------------------------------------------------
Update Information:
Update to LXC 2.0.7. The detailed changelog can be found here:
https://linuxcontainers.org/lxc/news/.
--------------------------------------------------------------------------------
================================================================================
ndoutils-2.1.2-1.fc24 (FEDORA-2017-0e71fac10e)
Stores all configuration and event data from Nagios in a database
--------------------------------------------------------------------------------
Update Information:
- Update ndoutils to 2.1.2. - Rebuild RHEL/CentOS support for Nagios 4.x.
--------------------------------------------------------------------------------
================================================================================
python-markdown-2.6.8-1.fc24 (FEDORA-2017-1403390204)
Markdown implementation in Python
--------------------------------------------------------------------------------
Update Information:
Update to Markdown 2.6.8.
--------------------------------------------------------------------------------
================================================================================
rpcbind-0.2.3-17.rc2.fc24 (FEDORA-2017-44ec8c7a0e)
Universal Addresses to RPC Program Number Mapper
--------------------------------------------------------------------------------
Update Information:
Corrected boot dependency in the systemd files that was causing ypbind to fail
to start ---- Create a systemd dependency for tmpfiles-setup.service
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1415496 - rpcbind fails at boot
https://bugzilla.redhat.com/show_bug.cgi?id=1415496
[ 2 ] Bug #1401561 - rpcbind-0.2.4-1.fc25 fails to start at boot
https://bugzilla.redhat.com/show_bug.cgi?id=1401561
[ 3 ] Bug #1372463 - rpcbind-0.2.3-11.rc1.fc24 update sometimes does not restart statd
or ypbind properly
https://bugzilla.redhat.com/show_bug.cgi?id=1372463
[ 4 ] Bug #1415896 - rpcbind fails at startup
https://bugzilla.redhat.com/show_bug.cgi?id=1415896
--------------------------------------------------------------------------------
================================================================================
vulkan-1.0.39.0-1.fc24 (FEDORA-2017-2be15f4e97)
Vulkan loader and validation layers
--------------------------------------------------------------------------------
Update Information:
Update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1415054 - Vulkan loader package is out-of-date
https://bugzilla.redhat.com/show_bug.cgi?id=1415054
--------------------------------------------------------------------------------