The following Fedora 22 Security updates need testing: Age URL 336 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 285 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 217 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 172 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 160 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 129 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 112 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 112 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 93 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 79 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 52 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 41 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 29 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b19c75d748 tomcat-7.0.68-2.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5af8e27ce pcre-8.38-3.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-338a7e9925 graphite2-1.3.6-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e6807b3394 openssl-1.0.1k-14.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1fb63e3bf3 perl-5.20.3-329.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-baa32758d0 php-5.6.19-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e3ca94d88 exim-4.85.2-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0f490eea10 jenkins-1.609.3-6.fc22 jenkins-remoting-2.53.3-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-11537160e9 websvn-2.3.3-12.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7f334957cc hamster-time-tracker-2.0-0.5.rc1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-02ee5b4002 php-udan11-sql-parser-3.4.0-1.fc22 phpMyAdmin-4.5.5.1-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b004d6d8f7 python-django-1.8.11-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3954061e32 rubygem-actionpack-4.2.0-4.fc22 rubygem-actionview-4.2.0-5.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b40eb9e29 libecap-1.0.0-1.fc22 squid-3.5.10-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c71532c5e2 putty-0.67-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5b2c402bb1 firefox-45.0-4.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cad77a4576 samba-4.2.9-0.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb7bdd7063 php-pecl-http-2.5.6-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f44e89fe0 python-tgcaptcha2-0.3.1-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fde759f627 libotr-4.1.1-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9f4012116e drupal6-emfield-2.7-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-38b20aa50f xen-4.5.2-9.fc22
The following Fedora 22 Critical Path updates have yet to be approved: Age URL 211 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 129 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 126 https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22 112 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 112 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 65 https://bodhi.fedoraproject.org/updates/FEDORA-2016-46b611abb8 httpd-2.4.18-1.fc22 41 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 35 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab selinux-policy-3.13.1-128.28.fc22 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ac4553914 gvfs-1.24.3-1.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b37af739e7 spatialite-tools-4.2.0-20.fc22 sqlite-3.11.0-2.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b03252507 rpm-4.12.0.1-16.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5af8e27ce pcre-8.38-3.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a4155fbf34 sendmail-8.15.2-2.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9f7a319b77 pcmanfm-1.2.4-1.fc22 libfm-1.2.4-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f9789605ac NetworkManager-1.0.10-3.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1fb63e3bf3 perl-5.20.3-329.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0444d26e4 sqlite-3.11.0-3.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e6807b3394 openssl-1.0.1k-14.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-706c28d619 koji-1.10.1-3.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bf56b612e9 libbluray-0.9.2-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a9098ffb04 glibc-2.21-13.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-71be756bbe xfsprogs-4.3.0-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cad77a4576 samba-4.2.9-0.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5b2c402bb1 firefox-45.0-4.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5ac55135e nspr-4.12.0-1.fc22 nss-3.23.0-1.0.fc22 nss-softokn-3.23.0-1.0.fc22 nss-util-3.23.0-1.0.fc22
The following builds have been pushed to Fedora 22 updates-testing
EekBoek-2.02.05-1.fc22 check-mk-1.2.6p16-3.fc22 cycle-0.3.1-20.fc22 dnf-1.1.7-2.fc22 dnf-plugins-core-0.1.17-1.fc22 drupal6-ctools-1.15-1.fc22 drupal6-emfield-2.7-1.fc22 drupal6-login_destination-2.13-1.fc22 drupal6-pathauto-2.1-1.fc22 eclipse-mdt-ocl-6.0.2-1.fc22 eclipse-mdt-uml2-5.1.2-1.fc22 eclipse-mpc-1.4.2-1.fc22 fail2ban-0.9.4-2.fc22 lcgdm-dav-0.17.1-1.fc22 libotr-4.1.1-1.fc22 libsolv-0.6.19-2.fc22 openchange-2.2-11.fc22 php-pecl-http-2.5.6-1.fc22 python-behave-1.2.5-10.fc22 python-tgcaptcha2-0.3.1-1.fc22 python3-cherrypy-5.0.1-2.fc22 samba-4.2.9-0.fc22 xen-4.5.2-9.fc22
Details about builds:
================================================================================ EekBoek-2.02.05-1.fc22 (FEDORA-2016-96083aba0f) Bookkeeping software for small and medium-size businesses -------------------------------------------------------------------------------- Update Information:
Upgrade to upstream 2.02.05 (emergency bugfix). --------------------------------------------------------------------------------
================================================================================ check-mk-1.2.6p16-3.fc22 (FEDORA-2016-0e64e01ee8) A new general purpose Nagios-plugin for retrieving data -------------------------------------------------------------------------------- Update Information:
Make sure the /etc/nagios/auth.serials,htpasswd.users files are not overwritten at package update. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1316086 - check-mk: use %config(noreplace) for /etc/nagios/htpasswd.users https://bugzilla.redhat.com/show_bug.cgi?id=1316086 --------------------------------------------------------------------------------
================================================================================ cycle-0.3.1-20.fc22 (FEDORA-2016-e6ea8154d5) Calendar program for women -------------------------------------------------------------------------------- Update Information:
Delayed attempt for a gift for the International Women's Day. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1315836 - cycle crashes upon use (after wxPython 3.0 transition) https://bugzilla.redhat.com/show_bug.cgi?id=1315836 --------------------------------------------------------------------------------
================================================================================ dnf-1.1.7-2.fc22 (FEDORA-2016-f673381075) Package manager forked from Yum, using libsolv as a dependency resolver -------------------------------------------------------------------------------- Update Information:
Regular DNF bugfix release. ---- Update to 0.6.15 ---- Enable bzip2 support -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1227014 - dnf makecache is extremely slow https://bugzilla.redhat.com/show_bug.cgi?id=1227014 [ 2 ] Bug #1226647 - libsolv: RFE: Enable support for bzip2 compression https://bugzilla.redhat.com/show_bug.cgi?id=1226647 [ 3 ] Bug #1024701 - [rfe] debuginfo-install plugin: add passive feature to keep debuginfo packages in sync https://bugzilla.redhat.com/show_bug.cgi?id=1024701 [ 4 ] Bug #1302214 - Translation incomplete of the download plugin https://bugzilla.redhat.com/show_bug.cgi?id=1302214 [ 5 ] Bug #1302217 - dnf metadata expiration message does not fit on screen https://bugzilla.redhat.com/show_bug.cgi?id=1302217 [ 6 ] Bug #1303149 - dnf history info failing https://bugzilla.redhat.com/show_bug.cgi?id=1303149 [ 7 ] Bug #1302934 - Malformed translations in 1.1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1302934 [ 8 ] Bug #1306304 - [perf] cache installed set of packages in query (for updates) https://bugzilla.redhat.com/show_bug.cgi?id=1306304 [ 9 ] Bug #1268818 - dnf -v group list not mentioned in man page https://bugzilla.redhat.com/show_bug.cgi?id=1268818 [ 10 ] Bug #1283432 - dnf group list --installed / --available https://bugzilla.redhat.com/show_bug.cgi?id=1283432 [ 11 ] Bug #1258503 - regression in dnf, requires network access for history https://bugzilla.redhat.com/show_bug.cgi?id=1258503 [ 12 ] Bug #1305356 - dnf groupinstall does not install packages, only marks them https://bugzilla.redhat.com/show_bug.cgi?id=1305356 [ 13 ] Bug #1286477 - DNF creates /etc/yum/repos.d instead of /etc/dnf/repos.d when no repodir is present/configured https://bugzilla.redhat.com/show_bug.cgi?id=1286477 --------------------------------------------------------------------------------
================================================================================ dnf-plugins-core-0.1.17-1.fc22 (FEDORA-2016-f673381075) Core Plugins for DNF -------------------------------------------------------------------------------- Update Information:
Regular DNF bugfix release. ---- Update to 0.6.15 ---- Enable bzip2 support -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1227014 - dnf makecache is extremely slow https://bugzilla.redhat.com/show_bug.cgi?id=1227014 [ 2 ] Bug #1226647 - libsolv: RFE: Enable support for bzip2 compression https://bugzilla.redhat.com/show_bug.cgi?id=1226647 [ 3 ] Bug #1024701 - [rfe] debuginfo-install plugin: add passive feature to keep debuginfo packages in sync https://bugzilla.redhat.com/show_bug.cgi?id=1024701 [ 4 ] Bug #1302214 - Translation incomplete of the download plugin https://bugzilla.redhat.com/show_bug.cgi?id=1302214 [ 5 ] Bug #1302217 - dnf metadata expiration message does not fit on screen https://bugzilla.redhat.com/show_bug.cgi?id=1302217 [ 6 ] Bug #1303149 - dnf history info failing https://bugzilla.redhat.com/show_bug.cgi?id=1303149 [ 7 ] Bug #1302934 - Malformed translations in 1.1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1302934 [ 8 ] Bug #1306304 - [perf] cache installed set of packages in query (for updates) https://bugzilla.redhat.com/show_bug.cgi?id=1306304 [ 9 ] Bug #1268818 - dnf -v group list not mentioned in man page https://bugzilla.redhat.com/show_bug.cgi?id=1268818 [ 10 ] Bug #1283432 - dnf group list --installed / --available https://bugzilla.redhat.com/show_bug.cgi?id=1283432 [ 11 ] Bug #1258503 - regression in dnf, requires network access for history https://bugzilla.redhat.com/show_bug.cgi?id=1258503 [ 12 ] Bug #1305356 - dnf groupinstall does not install packages, only marks them https://bugzilla.redhat.com/show_bug.cgi?id=1305356 [ 13 ] Bug #1286477 - DNF creates /etc/yum/repos.d instead of /etc/dnf/repos.d when no repodir is present/configured https://bugzilla.redhat.com/show_bug.cgi?id=1286477 --------------------------------------------------------------------------------
================================================================================ drupal6-ctools-1.15-1.fc22 (FEDORA-2016-9615972926) Primarily a set of APIs and tools to improve the developer experience -------------------------------------------------------------------------------- Update Information:
### 6.x-1.15 This is an incremental bugfix release for ctools, particularly for newer versions of php 5. (5.4+) ctools is now in bug and security only maintenance mode. Any future feature requests should be made in the 7.x or preferably, the 8.x branch. #### Changes since 6.x-1.14: * #1334894 by mikeytown2: Warning: Invalid argument supplied for foreach() in views_content_views_content_type_render() * #2599688 by jansete: Strict warning: Declaration of views_content_plugin_display_panel_pane::options_submit() should be compatible with views_plugin_display::options_submit(&$form, &$form_state) * Fix 'Only variables should be passed by reference' error -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1293745 - drupal6-ctools-1.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1293745 --------------------------------------------------------------------------------
================================================================================ drupal6-emfield-2.7-1.fc22 (FEDORA-2016-9f4012116e) An engine for modules to integrate various 3rd party media content providers -------------------------------------------------------------------------------- Update Information:
### 6.x-2.7 Fixes [Embedded Media Field - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2016-004](https://www.drupal.org/node/2666446) #### Changes since 6.x-2.6: * by dalin: Ensure that width and height are always numbers. * #1868588 by tangent: URL detection regex does not match hyphens / breaks HTML markup -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1306475 - drupal6-emfield-2.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1306475 --------------------------------------------------------------------------------
================================================================================ drupal6-login_destination-2.13-1.fc22 (FEDORA-2016-8213f2636a) Control where users are directed to once they login -------------------------------------------------------------------------------- Update Information:
### 6.x-2.13 #### Changes since 6.x-2.12: NOTE: the upgrade will be seamless - no db schema changes made ( D6 module version does not have its own db tables ) See [#2611674: Number of fixed issues - 9, feeling - priceless! 6.x version issues screenshot](https://www.drupal.org/node/2611674) for a screenshot with all the bugs for D6 finally fixed! This release fixes all known bugs! NOTE2: Added a new setting on login_destination's settings page: "use_drupal_goto". Here is some explanation: - turn on/off the drupal_goto invocation - OFF by default - we need use_drupal_goto == ON, if we want to use absolute urls on login redirect, at least until some better way is found - if we have it ON, it will break modules like content_profile_registration from the content_profile package. It's ok for you to leave it ON if you don't use that module. As always test, and double test. We tried to make it as flexible as we can, giving you control over the drupal_goto usage + sane defaults (its OFF by default). Changes: * #1508152 by rsvelko: add new setting: "use_drupal_goto" * #1793540 by stewart.adam, rsvelko: Should check if force_password_change module is enabled when checking if redirection is valid * better function naming: login_destination_apply_redirect -> __login_destination_should_we_redirect * #1577904 by rsvelko: Correct the onscreen PHP Snippet example rewrote login_destination_redirect_to_path_and_query to make it handle array/string queries and rawurlencode query/path only when needed settings page rearranged a bit: move the destination fieldgroup to become first, and the condtition fieldgroup -> second * better absolute url detection * #1307478 by chriscohen, rsvelko: Notice: Undefined property: stdClass::$force_password_change in login_destination_apply_redirect() * minor edits like: better README language, stripping CVS keywords, remove trailing whitespace -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1289080 - drupal6-login_destination-2.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1289080 --------------------------------------------------------------------------------
================================================================================ drupal6-pathauto-2.1-1.fc22 (FEDORA-2016-21d7628629) Provides a mechanism to automatically generate aliases -------------------------------------------------------------------------------- Update Information:
### 6.x-2.1 #### Changes since 6.x-2.0: * Fixed pathauto_alias_uniquify() did not use pathauto_truncate_utf8(). * #2423077 by Dave Reid, TuWebO: Fixed wrong parameters passed to truncate_utf8() from pathauto_alias_uniquify(). * #1899806: Fixed URL segments with empty tokens inbetween separator resulted in duplicated backslashes in Pathauto alias. * #1565850: Added hook_pathauto_pattern_alter(). Simplify invocations of pathauto_cleanstring() by both accepting $options['langauge'] and $options['langcode']. * Bug #973908: Fix pathauto_cleanstring() lacks language context. * Updated PATHAUTO_PREG_CLASS_UNICODE_WORD_BOUNDARY to match the Drupal 7 value. * #1003490: Renamed 'Bulk update' tab to 'Bulk generate' to better reflect actual functionality. * #1574700 by jgSnell, fletchgqc: Clarified transliteration help text means US-ASCII instead of ASCII-96. * #2174603: Added support for an $options['force'] parameter in pathauto_*_update_alias() callbacks that ignores the $object->path['pathauto'] value and will always perform aliasing. * #1834666 by greggles: Update README.txt maintainers * #1796920: Fixed pathauto_action_info() did not define the required 'hooks' property for each action. * #1189844: Added hook_action_info() support for bulk updating nodes, terms, and users with Views Bulk Operations. * Prevent core bug #600836 (infinite batch errors) if new entities are added while the batch processes are running. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1300492 - drupal6-pathauto-2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1300492 --------------------------------------------------------------------------------
================================================================================ eclipse-mdt-ocl-6.0.2-1.fc22 (FEDORA-2016-9d59138913) Implementation of the OCL OMG meta-model for Eclipse -------------------------------------------------------------------------------- Update Information:
Update to Mars.2 releases of modeling frameworks. --------------------------------------------------------------------------------
================================================================================ eclipse-mdt-uml2-5.1.2-1.fc22 (FEDORA-2016-9d59138913) Implementation of the UML2 OMG meta-model for Eclipse -------------------------------------------------------------------------------- Update Information:
Update to Mars.2 releases of modeling frameworks. --------------------------------------------------------------------------------
================================================================================ eclipse-mpc-1.4.2-1.fc22 (FEDORA-2016-1711f51eba) Eclipse Marketplace Client -------------------------------------------------------------------------------- Update Information:
Update to Mars.2 release. --------------------------------------------------------------------------------
================================================================================ fail2ban-0.9.4-2.fc22 (FEDORA-2016-10b5fefb0d) Daemon to ban hosts that cause multiple authentication errors -------------------------------------------------------------------------------- Update Information:
Update to 0.9.4: Fixes: roundcube-auth jail typo for logpath Fix dnsToIp resolver for fqdn with large list of IPs (gh-1164) filter.d /apache-badbots.conf Updated useragent string regex adding escape for + filter.d/mysqld-auth.conf Updated "Access denied ..." regex for MySQL 5.6 and later (gh-1211, gh-1332) filter.d/sshd.conf Updated "Auth fail" regex for OpenSSH 5.9 and later Treat failed and killed execution of commands identically (only different log messages), which addresses different behavior on different exit codes of dash and bash (gh-1155) Fix jail.conf.5 man's section (gh-1226) Fixed default banaction for allports jails like pam-generic, recidive, etc with new default variable banaction_allports (gh-1216) Fixed fail2ban-regex stops working on invalid (wrong encoded) character for python version < 3.x (gh-1248) Use postfix_log logpath for postfix-rbl jail filters.d/postfix.conf - add 'Sender address rejected: Domain not found' failregex use fail2ban_agent as user-agent in actions badips, blocklist_de, etc (gh-1271) Fix ignoring the sender option by action_mw, action_mwl and action_c_mwl Changed filter.d/asterisk regex for "Call from ..." (few vulnerable now) Removed compression and rotation count from logrotate (inherit them from the global logrotate config) New Features: New interpolation feature for definition config readers - <known/parameter> (means last known init definition of filters or actions with name parameter). This interpolation makes possible to extend a parameters of stock filter or action directly in jail inside jail.local file, without creating a separately filter.d/*.local file. As extension to interpolation %(known/parameter)s, that does not works for filter and action init parameters New actions: nftables-multiport and nftables-allports - filtering using nftables framework. Note: it requires a pre-existing chain for the filtering rule. New filters: openhab - domotic software authentication failure with the rest api and web interface (gh-1223) nginx-limit-req - ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) murmur - ban hosts that repeatedly attempt to connect to murmur/mumble-server with an invalid server password or certificate. haproxy-http-auth - filter to match failed HTTP Authentications against a HAProxy server New jails: murmur - bans TCP and UDP from the bad host on the default murmur port. sshd filter got new failregex to match "maximum authentication attempts exceeded" (introduced in openssh 6.8) Added filter for Mac OS screen sharing (VNC) daemon Enhancements: Do not rotate empty log files Added new date pattern with year after day (e.g. Sun Jan 23 2005 21:59:59) http://bugs.debian.org/798923 Added openSUSE path configuration (Thanks Johannes Weberhofer) Allow to split ignoreip entries by ',' as well as by ' ' (gh-1197) Added a timeout (3 sec) to urlopen within badips.py action (Thanks M. Maraun) Added check against atacker's Googlebot PTR fake records (Thanks Pablo Rodriguez Fernandez) Enhance filter against atacker's Googlebot PTR fake records (gh-1226) Nginx log paths extended (prefixed with "*" wildcard) (gh-1237) Added filter for openhab domotic software authentication failure with the rest api and web interface (gh-1223) Add *_backend options for services to allow distros to set the default backend per service, set default to systemd for Fedora as appropriate Performance improvements while monitoring large number of files (gh-1265). Use associative array (dict) for monitored log files to speed up lookup operations. Thanks @kshetragia Specified that fail2ban is PartOf iptables.service firewalld.service in .service file -- would reload fail2ban if those services are restarted Provides new default fail2ban_version and interpolation variable fail2ban_agent in jail.conf Enhance filter 'postfix' to ban incoming SMTP client with no fqdn hostname, and to support multiple instances of postfix having varying suffix (gh-1331) (Thanks Tom Hendrikx) files/gentoo-initd to use start-stop-daemon to robustify restarting the service -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1269226 - fail2ban does not work out of box in a minimal Fedora 22 install https://bugzilla.redhat.com/show_bug.cgi?id=1269226 [ 2 ] Bug #1262476 - if firewalld is restarted (either manually, or due to a package update), fail2ban will stop working https://bugzilla.redhat.com/show_bug.cgi?id=1262476 --------------------------------------------------------------------------------
================================================================================ lcgdm-dav-0.17.1-1.fc22 (FEDORA-2016-18b16ef1ee) HTTP/DAV front end to the DPM/LFC services -------------------------------------------------------------------------------- Update Information:
New upstream release 0.17.1 --------------------------------------------------------------------------------
================================================================================ libotr-4.1.1-1.fc22 (FEDORA-2016-fde759f627) Off-The-Record Messaging library and toolkit -------------------------------------------------------------------------------- Update Information:
Updated to 4.1.1 for CVE-2016-2851 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1315247 https://bugzilla.redhat.com/show_bug.cgi?id=1315247 --------------------------------------------------------------------------------
================================================================================ libsolv-0.6.19-2.fc22 (FEDORA-2016-f673381075) Package dependency solver -------------------------------------------------------------------------------- Update Information:
Regular DNF bugfix release. ---- Update to 0.6.15 ---- Enable bzip2 support -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1227014 - dnf makecache is extremely slow https://bugzilla.redhat.com/show_bug.cgi?id=1227014 [ 2 ] Bug #1226647 - libsolv: RFE: Enable support for bzip2 compression https://bugzilla.redhat.com/show_bug.cgi?id=1226647 [ 3 ] Bug #1024701 - [rfe] debuginfo-install plugin: add passive feature to keep debuginfo packages in sync https://bugzilla.redhat.com/show_bug.cgi?id=1024701 [ 4 ] Bug #1302214 - Translation incomplete of the download plugin https://bugzilla.redhat.com/show_bug.cgi?id=1302214 [ 5 ] Bug #1302217 - dnf metadata expiration message does not fit on screen https://bugzilla.redhat.com/show_bug.cgi?id=1302217 [ 6 ] Bug #1303149 - dnf history info failing https://bugzilla.redhat.com/show_bug.cgi?id=1303149 [ 7 ] Bug #1302934 - Malformed translations in 1.1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1302934 [ 8 ] Bug #1306304 - [perf] cache installed set of packages in query (for updates) https://bugzilla.redhat.com/show_bug.cgi?id=1306304 [ 9 ] Bug #1268818 - dnf -v group list not mentioned in man page https://bugzilla.redhat.com/show_bug.cgi?id=1268818 [ 10 ] Bug #1283432 - dnf group list --installed / --available https://bugzilla.redhat.com/show_bug.cgi?id=1283432 [ 11 ] Bug #1258503 - regression in dnf, requires network access for history https://bugzilla.redhat.com/show_bug.cgi?id=1258503 [ 12 ] Bug #1305356 - dnf groupinstall does not install packages, only marks them https://bugzilla.redhat.com/show_bug.cgi?id=1305356 [ 13 ] Bug #1286477 - DNF creates /etc/yum/repos.d instead of /etc/dnf/repos.d when no repodir is present/configured https://bugzilla.redhat.com/show_bug.cgi?id=1286477 --------------------------------------------------------------------------------
================================================================================ openchange-2.2-11.fc22 (FEDORA-2016-eb8dbeb3e5) Provides access to Microsoft Exchange servers using native protocols -------------------------------------------------------------------------------- Update Information:
Rebuild against newer samba --------------------------------------------------------------------------------
================================================================================ php-pecl-http-2.5.6-1.fc22 (FEDORA-2016-bb7bdd7063) Extended HTTP support -------------------------------------------------------------------------------- Update Information:
**Version 2.5.6** * Fix php-bug php#71719: Buffer overflow in HTTP url parsing functions (Mike, rc0r) * Fix gh-issue #28: Possible null pointer dereference in php_http_url_mod() (rc0r) * Fix gh-issue #22: Fix PHP5 config.w32 (Jan Ehrhardt) * Fix gh-issue #20: setSslOptions notice with curl 7.43 (Mike, Vitaliy Demidov) --------------------------------------------------------------------------------
================================================================================ python-behave-1.2.5-10.fc22 (FEDORA-2016-1e9dfedc85) Tools for the behavior-driven development, Python style -------------------------------------------------------------------------------- Update Information:
Fixed Requires for python3-behave. Thank you Miro Hron��ok ---- Fixed managing python3 builds. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1216989 - Please upgrade to 1.2.5 in F21+ https://bugzilla.redhat.com/show_bug.cgi?id=1216989 [ 2 ] Bug #1276923 - provide Python3 version of the package https://bugzilla.redhat.com/show_bug.cgi?id=1276923 --------------------------------------------------------------------------------
================================================================================ python-tgcaptcha2-0.3.1-1.fc22 (FEDORA-2016-5f44e89fe0) TurboGears captcha plugin -------------------------------------------------------------------------------- Update Information:
Implemented nonces to prevent replay attack (DWF-2016-89000). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1316083 - tgcaptcha does not have any prevention against replay attacks https://bugzilla.redhat.com/show_bug.cgi?id=1316083 --------------------------------------------------------------------------------
================================================================================ python3-cherrypy-5.0.1-2.fc22 (FEDORA-2016-f2e80661b2) Pythonic, object-oriented web development framework -------------------------------------------------------------------------------- Update Information:
Updated to a new upstream version 5.0.1, added 2 patches for CherryPy to build against python 3.5 (>=fedora24), which changed some APIs. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1307958 - python3-cherrypy: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307958 [ 2 ] Bug #1292639 - python3-cherrypy-5.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1292639 --------------------------------------------------------------------------------
================================================================================ samba-4.2.9-0.fc22 (FEDORA-2016-cad77a4576) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information:
Update to Samba 4.2.9, fixes CVE-2015-7560 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1315942 - CVE-2015-7560 samba: Incorrect ACL get/set allowed on symlink path [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1315942 --------------------------------------------------------------------------------
================================================================================ xen-4.5.2-9.fc22 (FEDORA-2016-38b20aa50f) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information:
Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714 (#1296080) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1296060 - CVE-2016-1714 Qemu: nvram: OOB r/w access in processing firmware configurations https://bugzilla.redhat.com/show_bug.cgi?id=1296060 [ 2 ] Bug #1283934 - CVE-2016-1922 Qemu: i386: null pointer dereference in vapic_write() https://bugzilla.redhat.com/show_bug.cgi?id=1283934 [ 3 ] Bug #1284008 - CVE-2015-8613 Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info https://bugzilla.redhat.com/show_bug.cgi?id=1284008 [ 4 ] Bug #1298570 - CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines https://bugzilla.redhat.com/show_bug.cgi?id=1298570 [ 5 ] Bug #1299455 - Qemu: usb ehci out-of-bounds read in ehci_process_itd https://bugzilla.redhat.com/show_bug.cgi?id=1299455 [ 6 ] Bug #1301643 - CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write https://bugzilla.redhat.com/show_bug.cgi?id=1301643 [ 7 ] Bug #1303106 - CVE-2016-2841 Qemu: net: ne2000: infinite loop in ne2000_receive https://bugzilla.redhat.com/show_bug.cgi?id=1303106 [ 8 ] Bug #1303120 - CVE-2016-2538 Qemu: usb: integer overflow in remote NDIS control message handling https://bugzilla.redhat.com/show_bug.cgi?id=1303120 [ 9 ] Bug #1302299 - CVE-2016-2392 Qemu: usb: null pointer dereference in remote NDIS control message handling https://bugzilla.redhat.com/show_bug.cgi?id=1302299 [ 10 ] Bug #1304794 - CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1304794 [ 11 ] Bug #1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate() https://bugzilla.redhat.com/show_bug.cgi?id=1296567 [ 12 ] Bug #1300771 - CVE-2015-8817 CVE-2015-8818 Qemu: OOB access in address_space_rw leads to segmentation fault https://bugzilla.redhat.com/show_bug.cgi?id=1300771 [ 13 ] Bug #1314676 - CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to corruption https://bugzilla.redhat.com/show_bug.cgi?id=1314676 --------------------------------------------------------------------------------