The following Fedora 23 Security updates need testing:
Age URL
436
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
394
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
367
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
317
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
317
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
282
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
124
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23
113
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23
106
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
90
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14
dhcpcd-6.11.3-1.fc23
55
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
48
https://bodhi.fedoraproject.org/updates/FEDORA-2016-17ea599651
compat-guile18-1.8.8-14.fc23
32
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b89e991e63
nodejs-0.10.48-1.fc23
22
https://bodhi.fedoraproject.org/updates/FEDORA-2016-272fa6b96e dracut-043-67.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d2828a4793
firewalld-0.4.4.1-1.fc23
13
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2edfd75312
zathura-pdf-mupdf-0.3.0-3.fc23 mujs-0-6.20161031gita0ceaf5.fc23
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5afe06026b
jenkins-1.625.3-5.fc23 jenkins-remoting-2.62.3-1.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1ca07cdcde p7zip-16.02-2.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e8a8561ee7
ntp-4.2.6p5-43.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-68b71978a1 xen-4.5.5-4.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-10ec03ed27
dpkg-1.17.27-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7fc142da66
phpMyAdmin-4.6.5.1-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a571b97ebb
php-php-gettext-1.0.12-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4896f20b3
roundcubemail-1.2.3-1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
133
https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23
libreport-2.6.4-3.fc23
106
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
67
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e
python-virtkey-0.63.0-1.fc23
60
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a
koji-1.10.1-13.fc23
55
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
40
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79669f13cf
dmidecode-3.0-6.fc23
39
https://bodhi.fedoraproject.org/updates/FEDORA-2016-86a2119f42 nspr-4.13.1-1.fc23
24
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0906f64ec8 rpm-4.13.0-1.fc23
22
https://bodhi.fedoraproject.org/updates/FEDORA-2016-272fa6b96e dracut-043-67.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c72c2c5531
dnsmasq-2.76-2.fc23
15
https://bodhi.fedoraproject.org/updates/FEDORA-2016-62b8930463
pciutils-3.5.2-1.fc23
13
https://bodhi.fedoraproject.org/updates/FEDORA-2016-03d76071b6
nss-3.27.0-1.3.fc23
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c33289a2c6
breeze-icon-theme-5.27.0-2.fc23 extra-cmake-modules-5.27.0-1.fc23 kf5-5.27.0-1.fc23
kf5-attica-5.27.0-1.fc23 kf5-baloo-5.27.0-1.fc23 kf5-bluez-qt-5.27.0-1.fc23
kf5-frameworkintegration-5.27.0-1.fc23 kf5-kactivities-5.27.0-1.fc23
kf5-kactivities-stats-5.27.0-1.fc23 kf5-kapidox-5.27.0-1.fc23 kf5-karchive-5.27.0-1.fc23
kf5-kauth-5.27.0-1.fc23 kf5-kbookmarks-5.27.0-1.fc23 kf5-kcmutils-5.27.0-1.fc23
kf5-kcodecs-5.27.0-1.fc23 kf5-kcompletion-5.27.0-1.fc23 kf5-kconfig-5.27.0-1.fc23
kf5-kconfigwidgets-5.27.0-1.fc23 kf5-kcoreaddons-5.27.0-1.fc23 kf5-kcrash-5.27.0-1.fc23
kf5-kdbusaddons-5.27.0-1.fc23 kf5-kdeclarative-5.27.0-1.fc23 kf5-kded-5.27.0-1.fc23
kf5-kdelibs4support-5.27.0-1.fc23 kf5-kdesignerplugin-5.27.0-1.fc23
kf5-kdesu-5.27.0-1.fc23 kf5-kdewebkit-5.27.0-1.fc23 kf5-kdnssd-5.27.0-1.fc23
kf5-kdoctools-5.27.0-1.fc23 kf5-kemoticons-5.27.0-1.fc23 kf5-kfilemetadata-5.27.0-1.fc23
kf5-kglobalaccel-5.27.0-1.fc23 kf5-kguiad
dons-5.27.0-1.fc23 kf5-khtml-5.27.0-1.fc23 kf5-ki18n-5.27.0-1.fc23
kf5-kiconthemes-5.27.0-1.fc23 kf5-kidletime-5.27.0-1.fc23 kf5-kimageformats-5.27.0-1.fc23
kf5-kinit-5.27.0-1.fc23 kf5-kio-5.27.0-1.fc23 kf5-kitemmodels-5.27.0-1.fc23
kf5-kitemviews-5.27.0-1.fc23 kf5-kjobwidgets-5.27.0-1.fc23 kf5-kjs-5.27.0-1.fc23
kf5-kjsembed-5.27.0-1.fc23 kf5-kmediaplayer-5.27.0-1.fc23 kf5-knewstuff-5.27.0-1.fc23
kf5-knotifications-5.27.0-1.fc23 kf5-knotifyconfig-5.27.0-1.fc23
kf5-kpackage-5.27.0-1.fc23 kf5-kparts-5.27.0-1.fc23 kf5-kpeople-5.27.0-1.fc23
kf5-kplotting-5.27.0-1.fc23 kf5-kpty-5.27.0-4.fc23 kf5-kross-5.27.0-1.fc23
kf5-krunner-5.27.0-1.fc23 kf5-kservice-5.27.0-1.fc23 kf5-ktexteditor-5.27.0-1.fc23
kf5-ktextwidgets-5.27.0-1.fc23 kf5-kunitconversion-5.27.0-1.fc23 kf5-kwallet-5.27.0-1.fc23
kf5-kwayland-5.27.0-1.fc23 kf5-kwidgetsaddons-5.27.0-1.fc23
kf5-kwindowsystem-5.27.0-1.fc23 kf5-kxmlgui-5.27.0-1.fc23 kf5-kxmlrpcclient-5.27.0-1.fc23
kf5-modemmanager-qt-5.27.0-1.fc23 kf5-networkmanager-qt
-5.27.0-1.fc23 kf5-plasma-5.27.0-1.fc23 kf5-solid-5.27.0-1.fc23 kf5-sonnet-5.27.0-1.fc23
kf5-threadweaver-5.27.0-1.fc23 oxygen-icon-theme-5.27.0-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b5b28b69e2
mod_perl-2.0.10-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8ec81aeba6
dbus-1.10.14-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79a059792b vim-8.0.104-2.fc23
The following builds have been pushed to Fedora 23 updates-testing
LinLog-0.5-2.fc23
antimony-0.9.3-0.1.20161128git41a770.fc23
chrony-2.4.1-1.fc23
dbus-1.10.14-1.fc23
dnf-plugin-system-upgrade-0.7.1-2.fc23
lout-3.40-5.fc23
man-pages-cs-0.18.20090209-20.fc23
mimedefang-2.79-1.fc23
perl-Image-ExifTool-10.36-1.fc23
php-php-gettext-1.0.12-1.fc23
phpMyAdmin-4.6.5.1-2.fc23
roundcubemail-1.2.3-1.fc23
scap-security-guide-0.1.31-1.fc23
screengrab-1.2.1-1.fc23
vim-8.0.104-2.fc23
Details about builds:
================================================================================
LinLog-0.5-2.fc23 (FEDORA-2016-04ff89e9db)
A ham radio logbook for Linux
--------------------------------------------------------------------------------
Update Information:
Update desktop file to correct for upstream rename of binary. ---- Regexp for
time value changed, leading zero now required, corresponding to adif
spezification Printing of qsl cards now respects printer resolution. Time of qso
was not printed any longer on qsl card. ( Due to changes in qt ? ). Now fixed.
You can store now eQsl cards in your database. Fixed two format bugs in date and
time format.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1397763 - update 0.5
https://bugzilla.redhat.com/show_bug.cgi?id=1397763
--------------------------------------------------------------------------------
================================================================================
antimony-0.9.3-0.1.20161128git41a770.fc23 (FEDORA-2016-888d043786)
Computer-aided design CAD tool
--------------------------------------------------------------------------------
Update Information:
- Update to 0.9.3b (commit b9f01e)
--------------------------------------------------------------------------------
================================================================================
chrony-2.4.1-1.fc23 (FEDORA-2016-e62d5b25ee)
An NTP client/server
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest bugfix release and fix of an AVC denial when the
chrony-wait service is enabled.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1350815 - systemctl restart chrony-wait causes AVC denials
https://bugzilla.redhat.com/show_bug.cgi?id=1350815
--------------------------------------------------------------------------------
================================================================================
dbus-1.10.14-1.fc23 (FEDORA-2016-8ec81aeba6)
D-BUS message bus
--------------------------------------------------------------------------------
Update Information:
Update to 1.10.14
--------------------------------------------------------------------------------
================================================================================
dnf-plugin-system-upgrade-0.7.1-2.fc23 (FEDORA-2016-d5f5cda49d)
System Upgrade plugin for DNF
--------------------------------------------------------------------------------
Update Information:
Make sure that the main package with the systemd service is always installed if
the dnf plugin is.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1395686 - missing dependency on dnf-plugin-system-upgrade prevents dnf
system-upgrade reboot from working
https://bugzilla.redhat.com/show_bug.cgi?id=1395686
--------------------------------------------------------------------------------
================================================================================
lout-3.40-5.fc23 (FEDORA-2016-e5149d72e5)
A document formatting system
--------------------------------------------------------------------------------
Update Information:
Unification of SPEC file and rebuild in all supported branches.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1201246 - Upgrade to 3.40
https://bugzilla.redhat.com/show_bug.cgi?id=1201246
--------------------------------------------------------------------------------
================================================================================
man-pages-cs-0.18.20090209-20.fc23 (FEDORA-2016-9ff3543b97)
Czech man pages from the Linux Documentation Project
--------------------------------------------------------------------------------
Update Information:
Add deprecation warning to all man pages
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1324481 - The Czech manpages are outdated
https://bugzilla.redhat.com/show_bug.cgi?id=1324481
--------------------------------------------------------------------------------
================================================================================
mimedefang-2.79-1.fc23 (FEDORA-2016-a46c366067)
E-Mail filtering framework using Sendmail's Milter interface
--------------------------------------------------------------------------------
Update Information:
MIMEDefang 2.79 =============== * Add the --data-dump option to scripts
/mimedefang-util * Improve Postfix compatibility by trying to get QueueID
after first RCPT command, and if not found, at the EOH milter phase * Make
mimedefang-multiplexor exit with a successful return code upon receipt of
SIGTERM * Use 64-bit variables where supported for some statstics counters
that could overflow with only 32-bit variables, yielding incorrect statistics
* Fix configure.in to correctly detect that an embedded Perl interpreter can be
destroyed/recreated on systems that need the -pthread GCC flag
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1380052 - mimedefang-2.79 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1380052
--------------------------------------------------------------------------------
================================================================================
perl-Image-ExifTool-10.36-1.fc23 (FEDORA-2016-9565540a61)
Utility for reading and writing image meta info
--------------------------------------------------------------------------------
Update Information:
Update to 10.36, latest stable release.
--------------------------------------------------------------------------------
================================================================================
php-php-gettext-1.0.12-1.fc23 (FEDORA-2016-a571b97ebb)
Gettext emulation in PHP
--------------------------------------------------------------------------------
Update Information:
php-gettext 1.0.12 ================== * Security fix for potential code
injection bug (LP#1515334) * Do not assume mbstring functions are always
there, pass text through if they aren't (LP#734494)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1367462 - php-php-gettext: Arbitrary code execution in select_string,
ngettext and npgettext count parameter
https://bugzilla.redhat.com/show_bug.cgi?id=1367462
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.6.5.1-2.fc23 (FEDORA-2016-7fc142da66)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.6.5.1 (2016-11-26) =============================== A patch-level
release fixing two small issues: * an issue affecting a small number of users
using $cfg['Servers'][$i]['hide_db'] or
$cfg['Servers'][$i]['only_db']. * an
issue affecting the create table dialog where the partition selection tool was
overzealous and made it difficult to create a new table. There are also minor
improvements to the Czech language file. phpMyAdmin 4.6.5 (2016-11-25)
============================= A release containing security fixes and bug
fixes. Aside from the security improvements, many bugs have been fixed
including: * Fix for expanding in navigation pane * Reintroduced a
simplified version of PmaAbsoluteUri directive (needed with reverse proxies) *
Fix editing of ENUM/SET/DECIMAL field structures * Improvements to the parser
And many, many more. Please see the ChangeLog for full details of bugs fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1399197 - CVE-2016-4412 phpMyAdmin: Multiple vulnerabilities fixed in
4.0.10.18, 4.4.15.9 and 4.6.5 versions
https://bugzilla.redhat.com/show_bug.cgi?id=1399197
--------------------------------------------------------------------------------
================================================================================
roundcubemail-1.2.3-1.fc23 (FEDORA-2016-b4896f20b3)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
**Version 1.2.3** - Searching in both contacts and groups when LDAP addressbook
with group_filters option is used - Fix vulnerability in handling of mail()'s
5th argument - Fix To: header encoding in mail sent with mail() method (#5475) -
Fix flickering of header topline in min-mode (#5426) - Fix bug where folders
list would scroll to top when clicking on subscription checkbox (#5447) - Fix
decoding of GB2312/GBK text when iconv is not installed (#5448) - Fix regression
where creation of default folders wasn't functioning without prefix (#5460) -
Enigma: Fix bug where last records on keys list were hidden (#5461) - Enigma:
Fix key search with keyword containing non-ascii characters (#5459) - Fix bug
where deleting folders with subfolders could fail in some cases (#5466) - Fix
bug where IMAP password could be exposed via error message (#5472) - Fix bug
where it wasn't possible to store more that 2MB objects in memcache/apc, Added
memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452) - Fix
"Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508) - Fix
storing "empty" values in rcube_cache/rcube_cache_shared (#5519) - Fix missing
content check when image resize fails on attachment thumbnail generation (#5485)
- Fix displaying attached images with wrong Content-Type specified (#5527)
--------------------------------------------------------------------------------
================================================================================
scap-security-guide-0.1.31-1.fc23 (FEDORA-2016-8ad41cc4f9)
Security guidance and baselines in SCAP formats
--------------------------------------------------------------------------------
Update Information:
update to the latest upstream release
--------------------------------------------------------------------------------
================================================================================
screengrab-1.2.1-1.fc23 (FEDORA-2016-643c82b484)
Screen grabber
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
================================================================================
vim-8.0.104-2.fc23 (FEDORA-2016-79a059792b)
The VIM editor
--------------------------------------------------------------------------------
Update Information:
Do not ship vim.desktop
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1398212 - Don't install vim.desktop file
https://bugzilla.redhat.com/show_bug.cgi?id=1398212
--------------------------------------------------------------------------------