The following Fedora 25 Security updates need testing:
Age URL
74
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b3ed5f170
chicken-4.11.0-3.fc25
25
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6dd3bc37c3
compat-guile18-1.8.8-14.fc25
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-38e5b05260
tomcat-8.0.38-1.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-301724f38e
mingw-libwebp-0.5.1-2.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0c4e822340
memcached-1.4.33-1.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4571bf555
python-django-1.9.11-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-89769648a0 curl-7.51.0-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0767ed2760
libgit2-0.24.3-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f9d466bcc
389-ds-base-1.3.5.15-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-762cb57c92
mingw-nettle-3.3-1.fc25 mingw-gnutls-3.5.5-2.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0a952a3bc0
tre-0.8.0-18.20140228gitc2f5d13.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ccb098630
ansible-2.2.0.0-3.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-35049d9d97
chromium-54.0.2840.90-3.fc25
chromium-native_client-54.0.2840.59-1.20161013git090f907.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc5006bef7 dracut-044-78.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
29
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6cb65ea55b
pungi-4.1.10-1.fc25
15
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bbf947ce05
libfm-1.2.4-8.D20161017git82b3a1a201.fc25
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b756078a17
menu-cache-1.0.1-3.D20161021git441f0ca9a1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5530aaa192
gnutls-3.5.6-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f751762b24
gstreamer1-plugins-good-1.10.0-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-53a72362be
gstreamer1-plugins-base-1.10.0-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-136b6ed301
gstreamer1-1.10.0-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6918573b8c
libpsl-0.14.0-2.fc25 publicsuffix-list-20161028-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9e359dff36
perl-5.24.0-378.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d96e9a5ca0 rpm-4.13.0-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3338fd2449
ntfs-3g-2016.2.22-3.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-89769648a0 curl-7.51.0-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d1908bac81
selinux-policy-3.13.1-222.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6d0ee59e4e
openssh-7.3p1-5.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc5006bef7 dracut-044-78.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ebd1f64113
flatpak-0.6.13-2.fc25
The following builds have been pushed to Fedora 25 updates-testing
calamares-2.4.4-4.fc25
chromium-54.0.2840.90-3.fc25
chromium-native_client-54.0.2840.59-1.20161013git090f907.fc25
dracut-044-78.fc25
freemind-1.0.1-13.fc25
gammaray-2.6.0-1.fc25
google-noto-fonts-20161022-1.fc25
groonga-6.1.0-1.fc25
homebank-5.1.1-1.fc25
jide-oss-2.7.6-14.1340svn.fc25
jsonassert-1.4.0-1.fc25
openssh-7.3p1-5.fc25
php-horde-Horde-Core-2.27.2-1.fc25
php-horde-Horde-Service-Weather-2.5.0-1.fc25
pidgin-groupchat-typing-notifications-0-1.git33a75f9.fc25
prosody-0.9.11-1.fc25
python-keystoneauth1-2.12.1-1.fc25
python-peewee-2.8.2-2.fc25
python-wtf-peewee-0.2.6-1.fc25
shogun-data-0.11-1.fc25
suricata-3.1.3-1.fc25
Details about builds:
================================================================================
calamares-2.4.4-4.fc25 (FEDORA-2016-301680e699)
Installer from a live CD/DVD/USB to disk
--------------------------------------------------------------------------------
Update Information:
An update of Calamares to the latest upstream release, version 2.4.4. What is
new in 2.4.3 compared to the calamares-2.4.2-3 packages: * fixed user creation
so it obeys the list of default groups for new users; * added Deepin support to
the `displaymanager` module; * fixed an issue which could cause a failed install
with LUKS if other LUKS partitions are already present. What is new in 2.4.4
compared to 2.4.3: * improved EFI system partition flag management (this
removes a dependency on sgdisk); * improved parsing of SDDM configuration; *
support for selecting visible groups by default in the `netinstall` module; *
added option of updating the packages database before performing package
operations (a no-op with `dnf`); * added support for `try_install` and
`try_remove` entries in the `packages` module configuration; * fixed failure in
`unpackfs` module that completely broke installation on UEFI on Fedora (caused
by inability to write extended attributes to a filesystem which doesn���t support
them). These packages additionally contain the following fixes: * a `Requires:
grub2-efi-modules` was added to the x86_64 package. This is needed to be able to
run `grub2-install` on UEFI systems, which is necessary because Calamares does
not currently support `shim`. * backported fix for another UEFI installation
failure, this time in the `bootloader` module, where it was improperly building
a directory name, causing a copy operation to fail. * backported fix for the
check for available Internet connection on startup, which was always succeeding
even with no Internet available. (Note: The default configuration enables this
check, but allows the installation to proceed even without Internet connection.
This can be customized in `welcome.conf`.) * backported a fix for an
installation failure on 32-bit UEFI firmware (upstream bug CAL-403). Calamares
can now perform native UEFI installations on UEFI systems, with the following
caveats: * The `grub2-efi-modules` package is required on the base image.
Fedora images do not typically include this package. Therefore, installing to
UEFI after a `dnf install calamares` on the booted live image will **not** work.
It will work only if you respin the image with Calamares (or at least with
`grub2-efi-modules`). This will be fixed if and when `shim` support is added. *
The installation will **not** work with UEFI "Secure Boot" enabled. You will
have to disable "Secure Boot" in your UEFI firmware settings. That, too, will
be
fixed if and when `shim` support is added. * Installing 32-bit Fedora on UEFI is
not really supported by the Fedora Project. With Calamares, it should work, but
installation on the common 64-bit UEFI firmware requires the x86_64 versions of
`grub2-efi`and `grub2-efi-modules`, which are not available in 32-bit Fedora
repositories, on the base image, whereas installation on 32-bit UEFI firmware
(for those who still have those) requires the 32-bit versions of `grub2-efi`and
`grub2-efi-modules` on the base image, which is typically not the case either
unless you spin your own. (The Calamares packages do not require `grub2-efi` nor
`grub2-efi-modules` on 32-bit and leave this decision to the spin/remix
maintainer.) Also note that `shim` does not support 32-bit at all (because there
is no "Secure Boot" on 32-bit UEFI firmwares), so you are stuck with
`grub2-install` and thus the `grub2-efi-modules` requirement. Note that the
changes to support LUKS full disk encryption with `dracut` (including the added
support for C++/Qt batch job plugins, used for the new `dracutlukscfg` module)
are now (since 2.4.3) included in the upstream release. (They have been
backported from the master branch to the 2.4.x stable branch upstream.) These
changes were already backported in the calamares-2.4.2-3 Fedora packages and are
thus not listed above.
--------------------------------------------------------------------------------
================================================================================
chromium-54.0.2840.90-3.fc25 (FEDORA-2016-35049d9d97)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184,
CVE-2016-5185, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5189,
CVE-2016-5186, CVE-2016-5191, CVE-2016-5190, CVE-2016-5193, CVE-2016-5194
Security fix for CVE-2016-5198 Update to new stable, 54.0.2840.90.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1384365 - CVE-2016-5194 chromium-browser: various fixes from internal audits
https://bugzilla.redhat.com/show_bug.cgi?id=1384365
[ 2 ] Bug #1384364 - CVE-2016-5193 chromium-browser: scheme bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1384364
[ 3 ] Bug #1384362 - CVE-2016-5190 chromium-browser: use after free in internals
https://bugzilla.redhat.com/show_bug.cgi?id=1384362
[ 4 ] Bug #1384361 - CVE-2016-5191 chromium-browser: universal xss in bookmarks
https://bugzilla.redhat.com/show_bug.cgi?id=1384361
[ 5 ] Bug #1384360 - CVE-2016-5186 chromium-browser: out of bounds read in devtools
https://bugzilla.redhat.com/show_bug.cgi?id=1384360
[ 6 ] Bug #1384358 - CVE-2016-5189 chromium-browser: url spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1384358
[ 7 ] Bug #1384357 - CVE-2016-5192 chromium-browser: cross-origin bypass in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384357
[ 8 ] Bug #1384355 - CVE-2016-5188 chromium-browser: ui spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1384355
[ 9 ] Bug #1384354 - CVE-2016-5187 chromium-browser: url spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1384354
[ 10 ] Bug #1384352 - CVE-2016-5185 chromium-browser: use after free in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384352
[ 11 ] Bug #1384350 - CVE-2016-5184 chromium-browser: use after free in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1384350
[ 12 ] Bug #1384349 - CVE-2016-5183 chromium-browser: use after free in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1384349
[ 13 ] Bug #1384348 - CVE-2016-5182 chromium-browser: heap overflow in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384348
[ 14 ] Bug #1384347 - CVE-2016-5181 chromium-browser: universal xss in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384347
[ 15 ] Bug #1391356 - CVE-2016-5198 chromium-browser: out of bounds memory access in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1391356
--------------------------------------------------------------------------------
================================================================================
chromium-native_client-54.0.2840.59-1.20161013git090f907.fc25 (FEDORA-2016-35049d9d97)
Google Native Client Toolchain
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184,
CVE-2016-5185, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5189,
CVE-2016-5186, CVE-2016-5191, CVE-2016-5190, CVE-2016-5193, CVE-2016-5194
Security fix for CVE-2016-5198 Update to new stable, 54.0.2840.90.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1384365 - CVE-2016-5194 chromium-browser: various fixes from internal audits
https://bugzilla.redhat.com/show_bug.cgi?id=1384365
[ 2 ] Bug #1384364 - CVE-2016-5193 chromium-browser: scheme bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1384364
[ 3 ] Bug #1384362 - CVE-2016-5190 chromium-browser: use after free in internals
https://bugzilla.redhat.com/show_bug.cgi?id=1384362
[ 4 ] Bug #1384361 - CVE-2016-5191 chromium-browser: universal xss in bookmarks
https://bugzilla.redhat.com/show_bug.cgi?id=1384361
[ 5 ] Bug #1384360 - CVE-2016-5186 chromium-browser: out of bounds read in devtools
https://bugzilla.redhat.com/show_bug.cgi?id=1384360
[ 6 ] Bug #1384358 - CVE-2016-5189 chromium-browser: url spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1384358
[ 7 ] Bug #1384357 - CVE-2016-5192 chromium-browser: cross-origin bypass in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384357
[ 8 ] Bug #1384355 - CVE-2016-5188 chromium-browser: ui spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1384355
[ 9 ] Bug #1384354 - CVE-2016-5187 chromium-browser: url spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1384354
[ 10 ] Bug #1384352 - CVE-2016-5185 chromium-browser: use after free in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384352
[ 11 ] Bug #1384350 - CVE-2016-5184 chromium-browser: use after free in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1384350
[ 12 ] Bug #1384349 - CVE-2016-5183 chromium-browser: use after free in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1384349
[ 13 ] Bug #1384348 - CVE-2016-5182 chromium-browser: heap overflow in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384348
[ 14 ] Bug #1384347 - CVE-2016-5181 chromium-browser: universal xss in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1384347
[ 15 ] Bug #1391356 - CVE-2016-5198 chromium-browser: out of bounds memory access in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1391356
--------------------------------------------------------------------------------
================================================================================
dracut-044-78.fc25 (FEDORA-2016-cc5006bef7)
Initramfs generator using udev
--------------------------------------------------------------------------------
Update Information:
- fixed permissions of initramfs file, if microcode is prepended
(CVE-2016-8637)
--------------------------------------------------------------------------------
================================================================================
freemind-1.0.1-13.fc25 (FEDORA-2016-dc18fa725d)
Free mind mapping software
--------------------------------------------------------------------------------
Update Information:
Add more missing classpath entries (jgoodies-common, avalon-framework-*)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387276 - Doesn't start
https://bugzilla.redhat.com/show_bug.cgi?id=1387276
--------------------------------------------------------------------------------
================================================================================
gammaray-2.6.0-1.fc25 (FEDORA-2016-c533b983b8)
A tool for examining internals of Qt applications
--------------------------------------------------------------------------------
Update Information:
Update to latest GammaRay 2.6.0
--------------------------------------------------------------------------------
================================================================================
google-noto-fonts-20161022-1.fc25 (FEDORA-2016-ab40953942)
Hinted and Non Hinted OpenType fonts for Unicode scripts
--------------------------------------------------------------------------------
Update Information:
This is an update that provides Noto Mono and additional serif fonts for
Bengali, Devanagari, Gujarati, Malayalam, Kannada, Telugu and Tamil License
changed to OFL.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1321685 - New Noto Mono font is missing
https://bugzilla.redhat.com/show_bug.cgi?id=1321685
--------------------------------------------------------------------------------
================================================================================
groonga-6.1.0-1.fc25 (FEDORA-2016-804f331aaf)
An Embeddable Fulltext Search Engine
--------------------------------------------------------------------------------
Update Information:
http://groonga.org/en/blog/2016/10/29/groonga-6.1.0.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1389745 - groonga-6.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1389745
--------------------------------------------------------------------------------
================================================================================
homebank-5.1.1-1.fc25 (FEDORA-2016-8b54a45f50)
Free easy personal accounting for all
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream version 5.1.1 ---- - Rebuilt for new upstream
version 5.1, fixes rhbz #1383215 #1385629 - Added libsoup-devel as new BR - More
details at
http://homebank.free.fr/ChangeLog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1383215 - [abrt] homebank: gtk_widget_get_ancestor(): homebank killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1383215
[ 2 ] Bug #1385629 - homebank-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1385629
--------------------------------------------------------------------------------
================================================================================
jide-oss-2.7.6-14.1340svn.fc25 (FEDORA-2016-0799481bb5)
Swing component library built on top of Java/Swing
--------------------------------------------------------------------------------
Update Information:
add maven pom (rhbz#1244709)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1244709 - Add maven pom
https://bugzilla.redhat.com/show_bug.cgi?id=1244709
--------------------------------------------------------------------------------
================================================================================
jsonassert-1.4.0-1.fc25 (FEDORA-2016-15dbccbf42)
JUnit extension to write JSON unit tests
--------------------------------------------------------------------------------
Update Information:
Initial import (#1390156).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390156 - Review Request: jsonassert - JUnit extension to write JSON unit
tests
https://bugzilla.redhat.com/show_bug.cgi?id=1390156
--------------------------------------------------------------------------------
================================================================================
openssh-7.3p1-5.fc25 (FEDORA-2016-6d0ee59e4e)
An open source implementation of SSH protocol versions 1 and 2
--------------------------------------------------------------------------------
Update Information:
This update provieds compatibility with new OpenSSL 1.1.0 and fixes issue with
dropping all the privileges for chrooted users.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1386755 - openssh: root is not root when logged in via sshd
https://bugzilla.redhat.com/show_bug.cgi?id=1386755
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Core-2.27.2-1.fc25 (FEDORA-2016-9acc2eadea)
Horde Core Framework libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Core 2.27.2** * [mjr] Prevent building invalid HTML when building an
email from a SMART_REPLY (Bug #14500). ---- **Horde_Core 2.27.1** * [jan]
Allow administrators to log in if preference backend is not available. * [mjr]
Log message headers on error when sending email via ActiveSync. * [jan] Fix
warning if an old locale is longer than 255 characters (Bug #14489). * [jan] Fix
abbreviated Norwegian month names in JavaScript to include trailing dot (Bug
#14488). * [jan] Fix reading session data from the command line with PHP 7.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Service-Weather-2.5.0-1.fc25 (FEDORA-2016-c220c15671)
Horde Weather Provider
--------------------------------------------------------------------------------
Update Information:
**Horde_Service_Weather 2.5.0** * [mjr] Replace defunct data source for surface
station data (Bug #14502). ---- ** Horde_Service_Weather 2.4.1** * [jan]
Update location of METAR stations.
--------------------------------------------------------------------------------
================================================================================
pidgin-groupchat-typing-notifications-0-1.git33a75f9.fc25 (FEDORA-2016-e11a1fd11d)
Adds typing notifications for group chats in Pidgin
--------------------------------------------------------------------------------
Update Information:
Initial upload.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1392227 - Review Request: pidgin-groupchat-typing-notifications - Adds typing
notifications for group chats in Pidgin
https://bugzilla.redhat.com/show_bug.cgi?id=1392227
--------------------------------------------------------------------------------
================================================================================
prosody-0.9.11-1.fc25 (FEDORA-2016-9f40e3a281)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.11 ============== A summary of changes in this release: * HTTP
parser: Improve buffering of incoming HTTP data and add size limits (#603) *
sessionmanager: Fix for an issue which caused people to be kicked from
conferences if mod_smacks was enabled (#648) * Dependencies: Workaround for
compatibility with LuaSec 0.6 (#749) * MUC: Accept missing form as "instant
room" request (#377) * C2S: Fix issues with destroying disconnected
connections (#590, #641) * mod_privacy: Fix selection of the top resource(s)
(#694) * mod_presence: Make sure both users get each others presence after
adding each other (#673) * mod_http_files: Fix traceback when serving a non-
wildcard path (#611) * mod_http_files: Preserve a trailing slash in paths
(#639) * util.datamanager: Fix error handling (#632) * net.server_event: Fix
internal socket API to allow writing from socket.ondrain callback (#661) *
net.server_event: Fix timeout (commit) * net.server_event: Fix traceback due
to write during TLS handshake (commit) * net.server_event: Fix buffer length
check (commit)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1391802 - prosody-0.9.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1391802
--------------------------------------------------------------------------------
================================================================================
python-keystoneauth1-2.12.1-1.fc25 (FEDORA-2016-4c303e91f1)
Authentication Library for OpenStack Clients
--------------------------------------------------------------------------------
Update Information:
Update to 2.12.1
--------------------------------------------------------------------------------
================================================================================
python-peewee-2.8.2-2.fc25 (FEDORA-2016-d9f382c53b)
A small, expressive orm
--------------------------------------------------------------------------------
Update Information:
Update python-peewee to 2.8.2 Update python-wtf-peewee to 0.2.6
--------------------------------------------------------------------------------
================================================================================
python-wtf-peewee-0.2.6-1.fc25 (FEDORA-2016-d9f382c53b)
WTForms integration for peewee models
--------------------------------------------------------------------------------
Update Information:
Update python-peewee to 2.8.2 Update python-wtf-peewee to 0.2.6
--------------------------------------------------------------------------------
================================================================================
shogun-data-0.11-1.fc25 (FEDORA-2016-a063f87dbf)
Data-files for the SHOGUN machine learning toolbox
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
================================================================================
suricata-3.1.3-1.fc25 (FEDORA-2016-306434e9eb)
Intrusion Detection System
--------------------------------------------------------------------------------
Update Information:
This release improves DNS logging accuracy. Other than that it is mostly a
collection of smaller fixes.
--------------------------------------------------------------------------------