The following Fedora 23 Security updates need testing:
Age URL
400
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
358
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
331
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
281
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
281
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
246
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
122
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547
nodejs-0.10.46-1.fc23
100
https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05
ecryptfs-utils-111-1.fc23
87
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23
77
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23
70
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
68
https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f
firewalld-0.4.3.3-1.fc23
53
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14
dhcpcd-6.11.3-1.fc23
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef
systemd-222-17.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456
libXfixes-5.0.3-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3
libXrandr-1.5.1-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381
libXtst-1.2.3-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23
libXrender-0.9.10-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801
libXvMC-1.0.10-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8
libXv-1.0.11-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8fd3891f8
perl-Image-Info-1.38-6.fc23
15
https://bodhi.fedoraproject.org/updates/FEDORA-2016-95407a836f
libass-0.13.4-1.fc23
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-17ea599651
compat-guile18-1.8.8-14.fc23
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ee56c530fa
epiphany-3.18.8-1.fc23 webkitgtk4-2.14.1-1.fc23
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b
dbus-1.10.12-1.fc23
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c065db2c1 libXi-1.7.7-2.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b6393acdd tor-0.2.8.9-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4094bd4ad6
tomcat-8.0.37-3.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c789ba91d
jasper-1.900.13-1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
97
https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23
libreport-2.6.4-3.fc23
70
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
31
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e
python-virtkey-0.63.0-1.fc23
24
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a
koji-1.10.1-13.fc23
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef
systemd-222-17.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3646279587
libgdata-0.17.5-2.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8
libXv-1.0.11-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801
libXvMC-1.0.10-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23
libXrender-0.9.10-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381
libXtst-1.2.3-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3
libXrandr-1.5.1-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456
libXfixes-5.0.3-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
15
https://bodhi.fedoraproject.org/updates/FEDORA-2016-95407a836f
libass-0.13.4-1.fc23
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2a91644580
thunderbird-45.4.0-1.fc23
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c065db2c1 libXi-1.7.7-2.fc23
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b
dbus-1.10.12-1.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6e25f5418b
gnome-settings-daemon-3.18.4-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79669f13cf
dmidecode-3.0-6.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3da7667d60
sane-backends-1.0.25-4.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-86a2119f42 nspr-4.13.1-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4379c6e6d6
libfm-1.2.4-8.D20161017git82b3a1a201.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b06386d473 pcre-8.39-6.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c789ba91d
jasper-1.900.13-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a8ab1b8bc
menu-cache-1.0.1-3.D20161021git441f0ca9a1.fc23
The following builds have been pushed to Fedora 23 updates-testing
fstrm-0.3.0-1.fc23
jasper-1.900.13-1.fc23
mingw-taglib-1.11.1-1.fc23
notmuch-0.23.1-1.fc23
pcre-8.39-6.fc23
pcre2-10.21-8.fc23
perl-DateTime-TimeZone-2.01-4.fc23
perl-Tangerine-0.23-1.fc23
perl-Unicode-Collate-1.15-1.fc23
perl-WWW-Form-UrlEncoded-0.23-2.fc23
php-fedora-autoloader-0.1.2-1.fc23
python-ripe-atlas-cousteau-1.3-1.fc23
python-socketIO-client-0.7.0-1.fc23
ripe-atlas-tools-2.0.2-1.fc23
rpmdeplint-1.2-2.fc23
tomcat-8.0.37-3.fc23
xcircuit-3.9.57-1.fc23
Details about builds:
================================================================================
fstrm-0.3.0-1.fc23 (FEDORA-2016-acf0ad23d3)
Frame Streams implementation in C
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1356981 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1356981
--------------------------------------------------------------------------------
================================================================================
jasper-1.900.13-1.fc23 (FEDORA-2016-6c789ba91d)
Implementation of the JPEG-2000 standard, Part 1
--------------------------------------------------------------------------------
Update Information:
New version of jasper is available (jasper-1.900.13). Security fix for
CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693. ---- New version
of jasper is available (1.900.3) ---- Security fix for CVE-2016-2089 ----
New version of jasper is available.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1385507 - CVE-2016-8693 jasper: Double free vulnerability in mem_close
https://bugzilla.redhat.com/show_bug.cgi?id=1385507
[ 2 ] Bug #1385503 - CVE-2016-8692 jasper: Divide by zero in jpc_dec_process_siz
https://bugzilla.redhat.com/show_bug.cgi?id=1385503
[ 3 ] Bug #1385502 - CVE-2016-8691 jasper: Divide by zero in jpc_dec_process_siz
https://bugzilla.redhat.com/show_bug.cgi?id=1385502
[ 4 ] Bug #1385499 - CVE-2016-8690 jasper: Null pointer dereference in bmp_getdata
triggered by crafted BMP image
https://bugzilla.redhat.com/show_bug.cgi?id=1385499
[ 5 ] Bug #1302636 - CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in
jas_matrix_clip()
https://bugzilla.redhat.com/show_bug.cgi?id=1302636
--------------------------------------------------------------------------------
================================================================================
mingw-taglib-1.11.1-1.fc23 (FEDORA-2016-d2f9d6ba8d)
Audio Meta-Data Library
--------------------------------------------------------------------------------
Update Information:
Update to 1.11.1
--------------------------------------------------------------------------------
================================================================================
notmuch-0.23.1-1.fc23 (FEDORA-2016-1298b09ef9)
System for indexing, searching, and tagging email
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1388085 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1388085
--------------------------------------------------------------------------------
================================================================================
pcre-8.39-6.fc23 (FEDORA-2016-b06386d473)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release documents an existing assert capture limitation. ---- This
release fixes optimization for patterns starting with lookaheads. It also
corrects internal options documentation in pcrepattern(3). ---- This release
fixes compilation of conditionals whena group name starts with "R". It also
corrects displaying a callout position in pcretest output if an escape sequence
is greater than \x{ff}. It also corrects misspelllings in pcrepattern(3) manual
page.
--------------------------------------------------------------------------------
================================================================================
pcre2-10.21-8.fc23 (FEDORA-2016-b52c369c50)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release documents an existing assert capture limitination. ---- This
release fixes compilation of conditionals when a group name starts with "R". It
fixes optimization for patterns starting with lookaheads. It also corrects
displaying a callout position in pcretest output if an escape sequence is
greater than \x{ff}. It also corrects internal options documentation and
misspelllings in pcrepattern(3) manual page.
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-TimeZone-2.01-4.fc23 (FEDORA-2016-d90955a1ae)
Time zone object base class and factory
--------------------------------------------------------------------------------
Update Information:
Updated to 2016h Olson database
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387452 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1387452
--------------------------------------------------------------------------------
================================================================================
perl-Tangerine-0.23-1.fc23 (FEDORA-2016-a8c32d2b9f)
Analyse perl files and report module-related information
--------------------------------------------------------------------------------
Update Information:
A new version of Tangerine is available. This release introduces support for
Test::Needs.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387944 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1387944
--------------------------------------------------------------------------------
================================================================================
perl-Unicode-Collate-1.15-1.fc23 (FEDORA-2016-7afe1b7357)
Unicode Collation Algorithm
--------------------------------------------------------------------------------
Update Information:
This release adds support for Uyghur cyrilic locale. It also corrects license
declaration and improves tests.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387849 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1387849
--------------------------------------------------------------------------------
================================================================================
perl-WWW-Form-UrlEncoded-0.23-2.fc23 (FEDORA-2016-47be4f58ae)
Parser and builder for application/x-www-form-urlencoded
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1382922 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1382922
--------------------------------------------------------------------------------
================================================================================
php-fedora-autoloader-0.1.2-1.fc23 (FEDORA-2016-1e758eff5c)
Fedora Autoloader
--------------------------------------------------------------------------------
Update Information:
Static [
PSR-4](http://www.php-fig.org/psr/psr-4/), [PSR-0](http://www.php-
fig.org/psr/psr-0/), and classmap autoloader. Includes loader for required and
optional dependencies.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1386735 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1386735
--------------------------------------------------------------------------------
================================================================================
python-ripe-atlas-cousteau-1.3-1.fc23 (FEDORA-2016-3daa97675f)
Python wrapper for RIPE Atlas API
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387639 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1387639
[ 2 ] Bug #1387810 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1387810
--------------------------------------------------------------------------------
================================================================================
python-socketIO-client-0.7.0-1.fc23 (FEDORA-2016-30e3f66103)
A socket.io client library for Python
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1357170 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1357170
--------------------------------------------------------------------------------
================================================================================
ripe-atlas-tools-2.0.2-1.fc23 (FEDORA-2016-3daa97675f)
The official command line client for RIPE Atlas
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387639 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1387639
[ 2 ] Bug #1387810 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1387810
--------------------------------------------------------------------------------
================================================================================
rpmdeplint-1.2-2.fc23 (FEDORA-2016-81618719a7)
Tool to find errors in RPM packages in the context of their dependency graph
--------------------------------------------------------------------------------
Update Information:
Rpmdeplint is a tool to find errors in RPM packages in the context of their
dependency graph.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1385441 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1385441
--------------------------------------------------------------------------------
================================================================================
tomcat-8.0.37-3.fc23 (FEDORA-2016-4094bd4ad6)
Apache Servlet/JSP Engine, RI for Servlet 3.1/JSP 2.3 API
--------------------------------------------------------------------------------
Update Information:
This updates includes a rebase from tomcat 8.0.36 up to 8.0.37 which resolves
one CVE: * rhbz#1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable
based on user supplied Proxy request header and includes two additional CVE
fixes along with one bug fix: * rhbz#1383210 CVE-2016-5425 tomcat: Local
privilege escalation via systemd-tmpfiles service * rhbz#1383216 - CVE-2016-6325
tomcat: tomcat writable config files allow privilege escalation * rhbz#1370262 -
catalina.out is no longer in use in the main package, but still gets rotated
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user
supplied Proxy request header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1375581
[ 2 ] Bug #1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege
escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1383216
[ 3 ] Bug #1383210 - CVE-2016-5425 tomcat: Local privilege escalation via
systemd-tmpfiles service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1383210
[ 4 ] Bug #1370262 - catalina.out is no longer in use in the main package, but still
gets rotated
https://bugzilla.redhat.com/show_bug.cgi?id=1370262
--------------------------------------------------------------------------------
================================================================================
xcircuit-3.9.57-1.fc23 (FEDORA-2016-5a8b23d333)
Electronic circuit schematic drawing program
--------------------------------------------------------------------------------
Update Information:
New version 3.9.57 is released.
--------------------------------------------------------------------------------