The following Fedora 22 Security updates need testing:
Age URL
326
https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878
echoping-6.1-0.beta.r434svn.1.fc22
275
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185
ceph-deploy-1.5.25-1.fc22
208
https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781
python-kdcproxy-0.3.2-1.fc22
162
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22
156
https://bodhi.fedoraproject.org/updates/FEDORA-2015-05490fc42d
squid-3.4.13-3.fc22
150
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf
openstack-swift-2.2.0-6.fc22
120
https://bodhi.fedoraproject.org/updates/FEDORA-2015-0552500cd7
python-pygments-2.0.2-3.fc22
120
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d
miniupnpc-1.9-6.fc22
102
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
102
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
84
https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105
ImageMagick-6.9.2.7-1.fc22
69
https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22
43
https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0
thttpd-2.25b-37.fc22
31
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0
xulrunner-44.0-1.fc22
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b
xdelta-3.0.7-7.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0609474cf6
389-ds-base-1.3.4.8-1.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5cb344dd7e
community-mysql-5.6.29-1.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e21be93421 gummi-0.6.6-1.fc22
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-868c170507
mariadb-10.0.23-1.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494
mingw-nsis-2.50-1.fc22
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b20c4ec9d pcs-0.9.149-2.fc22
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7942ee2cc5
libssh2-1.5.0-2.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-dc9e8da03c
libssh-0.7.3-1.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-266406ab92
drupal6-6.38-1.fc22
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-45d4920315
drupal7-7.43-1.fc22
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffffab2aa9
libmodbus-3.0.6-1.fc22
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8121efdac xen-4.5.2-8.fc22
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5ac00e07c
kernel-4.4.3-200.fc22
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b19c75d748
tomcat-7.0.68-2.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5af8e27ce pcre-8.38-3.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-338a7e9925
graphite2-1.3.6-1.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff39572e31 exiv2-0.24-5.fc22
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
201
https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22
120
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f
libgphoto2-2.5.8-1.fc22
116
https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22
102
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
102
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
56
https://bodhi.fedoraproject.org/updates/FEDORA-2016-46b611abb8
httpd-2.4.18-1.fc22
31
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0
xulrunner-44.0-1.fc22
26
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64
mobile-broadband-provider-info-1.20151214-1.fc22
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e3261008b
htdig-3.2.0-0.21.b6.fc22
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bdc07e5732
kde-runtime-15.12.2-1.fc22 kdelibs-4.14.17-1.fc22
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d25f4327b1
kdepim-4.14.10-10.fc22 kdepim-runtime-4.14.10-6.fc22 kdepimlibs-4.14.10-8.fc22
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c865c44c3d
breeze-icon-theme-5.19.0-1.fc22 extra-cmake-modules-5.19.0-1.fc22 kf5-5.19.0-1.fc22
kf5-attica-5.19.0-1.fc22 kf5-baloo-5.19.0-1.fc22 kf5-bluez-qt-5.19.0-1.fc22
kf5-frameworkintegration-5.19.0-1.fc22 kf5-kactivities-5.19.0-1.fc22
kf5-kapidox-5.19.0-1.fc22 kf5-karchive-5.19.0-1.fc22 kf5-kauth-5.19.0-1.fc22
kf5-kbookmarks-5.19.0-1.fc22 kf5-kcmutils-5.19.0-1.fc22 kf5-kcodecs-5.19.0-1.fc22
kf5-kcompletion-5.19.0-1.fc22 kf5-kconfig-5.19.0-1.fc22 kf5-kconfigwidgets-5.19.0-1.fc22
kf5-kcoreaddons-5.19.0-1.fc22 kf5-kcrash-5.19.0-1.fc22 kf5-kdbusaddons-5.19.0-1.fc22
kf5-kdeclarative-5.19.0-2.fc22 kf5-kded-5.19.0-1.fc22 kf5-kdelibs4support-5.19.0-1.fc22
kf5-kdesignerplugin-5.19.0-1.fc22 kf5-kdesu-5.19.0-1.fc22 kf5-kdewebkit-5.19.0-1.fc22
kf5-kdnssd-5.19.0-1.fc22 kf5-kdoctools-5.19.0-1.fc22 kf5-kemoticons-5.19.0-1.fc22
kf5-kfilemetadata-5.19.0-1.fc22 kf5-kglobalaccel-5.19.0-1.fc22
kf5-kguiaddons-5.19.0-1.fc22 kf5-khtml
-5.19.0-
1.fc22 kf5-ki18n-5.19.0-1.fc22 kf5-kiconthemes-5.19.0-1.fc22 kf5-kidletime-5.19.0-1.fc22
kf5-kimageformats-5.19.0-1.fc22 kf5-kinit-5.19.0-1.fc22 kf5-kio-5.19.0-1.fc22
kf5-kitemmodels-5.19.0-1.fc22 kf5-kitemviews-5.19.0-1.fc22 kf5-kjobwidgets-5.19.0-1.fc22
kf5-kjs-5.19.0-1.fc22 kf5-kjsembed-5.19.0-1.fc22 kf5-kmediaplayer-5.19.0-1.fc22
kf5-knewstuff-5.19.0-1.fc22 kf5-knotifications-5.19.0-1.fc22
kf5-knotifyconfig-5.19.0-1.fc22 kf5-kpackage-5.19.0-1.fc22 kf5-kparts-5.19.0-1.fc22
kf5-kpeople-5.19.0-1.fc22 kf5-kplotting-5.19.0-1.fc22 kf5-kpty-5.19.0-1.fc22
kf5-kross-5.19.0-1.fc22 kf5-krunner-5.19.0-1.fc22 kf5-kservice-5.19.0-1.fc22
kf5-ktexteditor-5.19.0-1.fc22 kf5-ktextwidgets-5.19.0-1.fc22
kf5-kunitconversion-5.19.0-1.fc22 kf5-kwallet-5.19.0-1.fc22
kf5-kwidgetsaddons-5.19.0-1.fc22 kf5-kwindowsystem-5.19.0-1.fc22 kf5-kxmlgui-5.19.0-1.fc22
kf5-kxmlrpcclient-5.19.0-1.fc22 kf5-modemmanager-qt-5.19.0-1.fc22
kf5-networkmanager-qt-5.19.0-1.fc22 kf5-plasma-5.19.0-2.fc22 kf5-solid-5.19.
0-1.fc22
kf5-sonnet-5.19.0-1.fc22 kf5-threadweaver-5.19.0-1.fc22 oxygen-icon-theme-5.19.0-3.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab
selinux-policy-3.13.1-128.28.fc22
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ac4553914 gvfs-1.24.3-1.fc22
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7942ee2cc5
libssh2-1.5.0-2.fc22
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-636c7a6056
gamin-0.1.10-22.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-dc9e8da03c
libssh-0.7.3-1.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5317e8cfe
thunderbird-38.6.0-3.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b37af739e7
spatialite-tools-4.2.0-20.fc22 sqlite-3.11.0-2.fc22
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5ac00e07c
kernel-4.4.3-200.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff39572e31 exiv2-0.24-5.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b03252507
rpm-4.12.0.1-16.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5af8e27ce pcre-8.38-3.fc22
The following builds have been pushed to Fedora 22 updates-testing
3dprinter-udev-rules-0.1-1.fc22
bugyou_plugins-0.1-1.fc22
cherrytree-0.36.6-1.fc22
djview4-4.10.6-1.fc22
exiv2-0.24-5.fc22
gkrellm-2.3.6-0.1.rc1.git20160226.fc22
gkrellm-sun-1.0.0-20.fc22
graphite2-1.3.6-1.fc22
lilypond-2.19.37-1.fc22
lilypond-doc-2.19.37-1.fc22
nacl-arm-newlib-2.1.0-3.git373135e.fc22
oz-0.15.0-1.fc22
pcre-8.38-3.fc22
perl-App-a2p-1.007-6.fc22
python-behave-1.2.5-9.fc22
python-zanata2fedmsg-0.2-1.fc22
rpm-4.12.0.1-16.fc22
transmission-2.90-1.fc22
yad-0.34.2-1.fc22
Details about builds:
================================================================================
3dprinter-udev-rules-0.1-1.fc22 (FEDORA-2016-86837fdc16)
Rules for udev to give regular users access to operate 3D printers
--------------------------------------------------------------------------------
Update Information:
Rules for udev to give regular users access to operate 3D printers
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312296 - Review Request: 3dprinter-udev-rules - Rules for udev to give
regular users access to operate 3D printers
https://bugzilla.redhat.com/show_bug.cgi?id=1312296
--------------------------------------------------------------------------------
================================================================================
bugyou_plugins-0.1-1.fc22 (FEDORA-2016-2780aa93c2)
Plugins for Bugyou
--------------------------------------------------------------------------------
Update Information:
Initial packaging.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1309782 - Review Request: bugyou_plugins - Plugins and Services for Bugyou
https://bugzilla.redhat.com/show_bug.cgi?id=1309782
--------------------------------------------------------------------------------
================================================================================
cherrytree-0.36.6-1.fc22 (FEDORA-2016-c2f25dd8f3)
Hierarchical note taking application
--------------------------------------------------------------------------------
Update Information:
update to cherrytree-0.36.6 ---- update to 0.36.5 ---- Update to 0.36.4
---- update to cherrytree 0.36.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1311778 - cherrytree-0.36.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1311778
[ 2 ] Bug #1309140 - cherrytree-0.36.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1309140
[ 3 ] Bug #1160249 - cherrytree-0.36.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1160249
[ 4 ] Bug #1301941 - cherrytree-0.36.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1301941
--------------------------------------------------------------------------------
================================================================================
djview4-4.10.6-1.fc22 (FEDORA-2016-d3ad2dd8b9)
DjVu viewer
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release djview 4.10.6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312984 - djview4-4.10.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1312984
--------------------------------------------------------------------------------
================================================================================
exiv2-0.24-5.fc22 (FEDORA-2016-ff39572e31)
Exif and Iptc metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
Avoid possible XML entity expansion security issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #888769 - exiv2: embedded copy of exempi should be compiled with
BanAllEntityUsage
https://bugzilla.redhat.com/show_bug.cgi?id=888769
--------------------------------------------------------------------------------
================================================================================
gkrellm-2.3.6-0.1.rc1.git20160226.fc22 (FEDORA-2016-9be2619671)
Multiple stacked system monitors in one process
--------------------------------------------------------------------------------
Update Information:
- Update to a gkrellm-2.3.6-rc git snapshot bringing in various fixes - Fix
crash after sun-plugin has been disabled (rhbz#1231394) - Add appdata
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1231394 - [abrt] gkrellm: exit(): gkrellm killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1231394
[ 2 ] Bug #1312561 - Review Request: gkrellm-sun - Sun clock plugin for GKrellM
https://bugzilla.redhat.com/show_bug.cgi?id=1312561
--------------------------------------------------------------------------------
================================================================================
gkrellm-sun-1.0.0-20.fc22 (FEDORA-2016-9be2619671)
Sun clock plugin for GKrellM
--------------------------------------------------------------------------------
Update Information:
- Update to a gkrellm-2.3.6-rc git snapshot bringing in various fixes - Fix
crash after sun-plugin has been disabled (rhbz#1231394) - Add appdata
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1231394 - [abrt] gkrellm: exit(): gkrellm killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1231394
[ 2 ] Bug #1312561 - Review Request: gkrellm-sun - Sun clock plugin for GKrellM
https://bugzilla.redhat.com/show_bug.cgi?id=1312561
--------------------------------------------------------------------------------
================================================================================
graphite2-1.3.6-1.fc22 (FEDORA-2016-338a7e9925)
Font rendering capabilities for complex non-Roman writing systems
--------------------------------------------------------------------------------
Update Information:
Unspecified security fixes ---- Security fix for CVE-2016-1521, CVE-2016-1522,
CVE-2016-1523 and CVE-2016-1526
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1305806 - CVE-2016-1521 graphite2: Two out-of-bound read vulnerabilities
triggered by crafted fonts [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1305806
[ 2 ] Bug #1308591 - CVE-2016-1526 graphite2: Out-of-bounds read vulnerability in
TfUtil:LocaLookup [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1308591
[ 3 ] Bug #1305814 - CVE-2016-1523 graphite2: Heap-based buffer overflow in context item
handling functionality [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1305814
[ 4 ] Bug #1305811 - CVE-2016-1522 graphite2: Null pointer dereference and out-of-bounds
access vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1305811
--------------------------------------------------------------------------------
================================================================================
lilypond-2.19.37-1.fc22 (FEDORA-2016-10d6919970)
A typesetting system for music notation
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
lilypond-doc-2.19.37-1.fc22 (FEDORA-2016-10d6919970)
HTML documentation for LilyPond
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
nacl-arm-newlib-2.1.0-3.git373135e.fc22 (FEDORA-2016-9a083ecdf1)
C library intended for use on embedded systems
--------------------------------------------------------------------------------
Update Information:
New package: nacl-arm-newlib - C library intended for use on embedded systems
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1270375 - Review Request: nacl-arm-newlib - C library intended for use on
embedded systems
https://bugzilla.redhat.com/show_bug.cgi?id=1270375
--------------------------------------------------------------------------------
================================================================================
oz-0.15.0-1.fc22 (FEDORA-2016-e75caf4cc8)
Library and utilities for automated guest OS installs
--------------------------------------------------------------------------------
Update Information:
Release 0.15.0
--------------------------------------------------------------------------------
================================================================================
pcre-8.38-3.fc22 (FEDORA-2016-f5af8e27ce)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release fixes a heap buffer overflow in handling of nested duplicate named
groups with a nested back reference and a heap buffer overflow in pcretest
causing infinite loop when matching globally with an ovector less than 2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295385 - CVE-2016-1283 pcre: heap buffer overflow in handling of duplicate
named groups (8.39/14)
https://bugzilla.redhat.com/show_bug.cgi?id=1295385
[ 2 ] Bug #1312782 - pcre: Heap buffer overflow in pcretest causing infinite loop
https://bugzilla.redhat.com/show_bug.cgi?id=1312782
--------------------------------------------------------------------------------
================================================================================
perl-App-a2p-1.007-6.fc22 (FEDORA-2016-f16cd55ca4)
Awk to Perl translator
--------------------------------------------------------------------------------
Update Information:
This release fixes a buffer overflow when parsing long enough -n argument.
--------------------------------------------------------------------------------
================================================================================
python-behave-1.2.5-9.fc22 (FEDORA-2016-122393679c)
Tools for the behavior-driven development, Python style
--------------------------------------------------------------------------------
Update Information:
Fixed managing python3 builds.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1216989 - Please upgrade to 1.2.5 in F21+
https://bugzilla.redhat.com/show_bug.cgi?id=1216989
[ 2 ] Bug #1276923 - provide Python3 version of the package
https://bugzilla.redhat.com/show_bug.cgi?id=1276923
--------------------------------------------------------------------------------
================================================================================
python-zanata2fedmsg-0.2-1.fc22 (FEDORA-2016-a0718ab4df)
A web app bridging zanata webhooks to fedmsg
--------------------------------------------------------------------------------
Update Information:
Initial packaging.
--------------------------------------------------------------------------------
================================================================================
rpm-4.12.0.1-16.fc22 (FEDORA-2016-3b03252507)
The RPM package management system
--------------------------------------------------------------------------------
Update Information:
- Remove size limit when expanding macros (#1303034)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1303034 - rpm macro expansion works incorrectly when looping over a long list
using lua
https://bugzilla.redhat.com/show_bug.cgi?id=1303034
--------------------------------------------------------------------------------
================================================================================
transmission-2.90-1.fc22 (FEDORA-2016-ef7736419d)
A lightweight GTK+ BitTorrent client
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
http://www.transmissionbt.com/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312701 - transmission-2.90 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1312701
--------------------------------------------------------------------------------
================================================================================
yad-0.34.2-1.fc22 (FEDORA-2016-19f4c83647)
Display graphical dialogs from shell scripts or command line
--------------------------------------------------------------------------------
Update Information:
update to 0.34.2 ---- update to yad-0.34.1 ---- update to 0.34.0 ----
Update to yad-0.33.1 ---- update to 0.33.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312645 - yad-0.34.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1312645
[ 2 ] Bug #1310485 - yad-0.34.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1310485
[ 3 ] Bug #1297601 - yad-0.33.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1297601
[ 4 ] Bug #1296780 - yad-0.33.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1296780
--------------------------------------------------------------------------------