The following Fedora 24 Security updates need testing:
Age URL
121
https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24
104
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f
chicken-4.11.0-3.fc24
56
https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea
compat-guile18-1.8.8-14.fc24
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df
jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2424eeca35
phpMyAdmin-4.6.5.1-2.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2460f713a1
php-php-gettext-1.0.12-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-302f840ecf
perl-DBD-MySQL-4.039-2.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-30f68ec06b
mcabber-1.0.4-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad6fc78dd
golang-1.6.4-2.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-60753c3dcd
roundcubemail-1.2.3-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a98c560116
tomcat-8.0.39-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3618d9ef6
python-tornado-4.4.2-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b000091725
php-simplesamlphp-saml2-2.3.3-1.fc24 php-simplesamlphp-saml2_1-1.10.3-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b465090499
ipsilon-2.0.2-2.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4dd1db1e7 lxc-2.0.6-2.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f
kernel-4.8.12-200.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b39fedec11
httpd-2.4.23-5.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e45a7e7b13 gd-2.2.3-5.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4e992b0ac
gstreamer-plugins-good-0.10.31-17.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4fff0cbc66
gstreamer1-plugins-base-1.8.3-2.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a17657197c
gstreamer-plugins-base-0.10.36-15.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3bc78de2b
gstreamer-plugins-bad-free-0.10.23-34.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ca6cc3ce3e
gstreamer1-plugins-bad-free-1.8.3-3.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
59
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9
pungi-4.1.10-1.fc24
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cddf0ec383
nss-3.27.0-1.3.fc24
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0006447a5
colord-1.3.4-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9b731e067
libimobiledevice-1.2.0-8.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e191e610
evolution-data-server-3.20.6-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-41ce1a19af
libbluray-0.9.3-3.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f
kernel-4.8.12-200.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-90bd4d7d33
selinux-policy-3.13.1-191.23.fc24
The following builds have been pushed to Fedora 24 updates-testing
accumulo-1.6.6-13.fc24
amanda-3.4.1-1.fc24
atomic-reactor-1.6.19-4.fc24
azureus-5.7.2.0-2.fc24
bubblewrap-0.1.4-5.fc24
cabal-rpm-0.10.1-2.fc24
cjdns-18-4.fc24
composer-1.2.4-1.fc24
crash-7.1.7-1.fc24
elemental-0.87.5-2.fc24
fedpkg-1.26-1.fc24
freemind-1.0.1-14.fc24
grub2-2.02-0.35.fc24
gstreamer-plugins-bad-free-0.10.23-34.fc24
gstreamer1-plugins-bad-free-1.8.3-3.fc24
hsqldb-2.3.3-5.fc24
libinput-1.5.3-1.fc24
madplay-0.15.2b-11.fc24
openvpn-2.3.14-1.fc24
osbs-client-0.33-2.fc24
php-jeremeamia-superclosure-2.3.0-1.fc24
python-docker-squash-1.0.5-2.fc24
python-dockerfile-parse-0.0.5-7.fc24
qrmumps-2.0-4.fc24
rpkg-1.47-2.fc24
tor-0.2.8.10-1.fc24
viennacl-1.7.1-3.fc24
vulkan-1.0.30.0-2.fc24
wordpress-4.7-1.fc24
xrootd-4.5.0-1.fc24
Details about builds:
================================================================================
accumulo-1.6.6-13.fc24 (FEDORA-2016-b0ce493148)
A software platform for processing vast amounts of data
--------------------------------------------------------------------------------
Update Information:
Add /etc/hadoop and protobuf-java to classpath, and fix incorrect error messages
when calling systemctl stop.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1132725 - Monitor service sub-package not built with Accumulo
https://bugzilla.redhat.com/show_bug.cgi?id=1132725
--------------------------------------------------------------------------------
================================================================================
amanda-3.4.1-1.fc24 (FEDORA-2016-d77b59754e)
A network-capable tape backup solution
--------------------------------------------------------------------------------
Update Information:
new upstream release 3.4.1 ---- Add BuildRequires dependency with dump and
xfsdump packages ---- Optimization of amount of installed depended packages
---- amanda-3.4 is available
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1398045 - amanda-3.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1398045
[ 2 ] Bug #1395445 - Can't backup or restore XFS filesystems
https://bugzilla.redhat.com/show_bug.cgi?id=1395445
[ 3 ] Bug #1386434 - amanda-3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1386434
--------------------------------------------------------------------------------
================================================================================
atomic-reactor-1.6.19-4.fc24 (FEDORA-2016-9dd5a5bfb8)
Improved builder for Docker images
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream with fixes for koji kerberos auth in exit_koji_promote
plugin.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1304907 - atomic-reactor-1.6.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1304907
[ 2 ] Bug #1394431 - atomic-reactor-1.6.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1394431
--------------------------------------------------------------------------------
================================================================================
azureus-5.7.2.0-2.fc24 (FEDORA-2016-47199cdc12)
A BitTorrent Client
--------------------------------------------------------------------------------
Update Information:
Add GDK_BACKEND=x11 to startup-script to workaround issues with SWT and Wayland
--------------------------------------------------------------------------------
================================================================================
bubblewrap-0.1.4-5.fc24 (FEDORA-2016-07ceb486c2)
Core execution tool for unprivileged containers
--------------------------------------------------------------------------------
Update Information:
Fixes rpm-ostree's use of bubblewrap.
--------------------------------------------------------------------------------
================================================================================
cabal-rpm-0.10.1-2.fc24 (FEDORA-2016-4272b21283)
RPM packaging tool for Haskell Cabal-based packages
--------------------------------------------------------------------------------
Update Information:
Update to 0.10.1: updates for latest ghc-rpm-macros * no longer need to remove
License files from docdir * use new ghc_fix_rpath macro
--------------------------------------------------------------------------------
================================================================================
cjdns-18-4.fc24 (FEDORA-2016-4375ca0087)
The privacy-friendly network without borders
--------------------------------------------------------------------------------
Update Information:
Fix builds on ppc64 and s390x. For other arches, there are only some doc
updates.
--------------------------------------------------------------------------------
================================================================================
composer-1.2.4-1.fc24 (FEDORA-2016-f4ec950e65)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.2.4** - 2016-12-06 * Fixed regression in output handling of
scripts from 1.2.3 * Fixed support for LibreSSL detection as lib-openssl *
Fixed issue with Zend Guard in the autoloader bootstrapping * Fixed support
for loading partial provider repositories ---- **Version 1.2.3** * Fixed
bug in HgDriver failing to identify BitBucket repositories * Fixed support
for loading partial provider repositories
--------------------------------------------------------------------------------
================================================================================
crash-7.1.7-1.fc24 (FEDORA-2016-dbb90a7756)
Kernel analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore
dumpfiles
--------------------------------------------------------------------------------
Update Information:
Support for CONFIG_RANDOMIZE_BASE (KASLR) in Linux 4.7 and later kernels
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1386909 - crash 7.1.6 doesn't handle kernel 4.7.7-200.fc24 when relocated
past ~400MB
https://bugzilla.redhat.com/show_bug.cgi?id=1386909
--------------------------------------------------------------------------------
================================================================================
elemental-0.87.5-2.fc24 (FEDORA-2016-563959753e)
Library for distributed-memory dense/sparse-direct linear algebra
--------------------------------------------------------------------------------
Update Information:
The initial push for elemental packages :)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1389971 - Review Request: elemental - distributed-memory dense and
sparse-direct linear algebra and optimizatio
https://bugzilla.redhat.com/show_bug.cgi?id=1389971
--------------------------------------------------------------------------------
================================================================================
fedpkg-1.26-1.fc24 (FEDORA-2016-a383ccbf57)
Fedora utility for working with dist-git
--------------------------------------------------------------------------------
Update Information:
Changelog of rpkg,
https://pagure.io/rpkg/blob/master/f/CHANGELOG.rst Changelog
of fedpkg,
https://pagure.io/fedpkg/blob/master/f/CHANGELOG.rst
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #714726 - change --root option to --mock-config to fedpkg mockbuild
https://bugzilla.redhat.com/show_bug.cgi?id=714726
[ 2 ] Bug #841516 - fedpkg scratch-build error message should be improved to tell you
how to do a scratch build without pushing
https://bugzilla.redhat.com/show_bug.cgi?id=841516
[ 3 ] Bug #1325775 - Working on branch without remote tracking branch fails due to
unpushed changes
https://bugzilla.redhat.com/show_bug.cgi?id=1325775
[ 4 ] Bug #1203757 - The description of fedpkg verify-files in the man page and help
text is misleading
https://bugzilla.redhat.com/show_bug.cgi?id=1203757
[ 5 ] Bug #1169663 - Build stops with "Could not execute scratch_build: There are
unpushed changes in your repo" when there are no unpushed changes in the current
branch
https://bugzilla.redhat.com/show_bug.cgi?id=1169663
--------------------------------------------------------------------------------
================================================================================
freemind-1.0.1-14.fc24 (FEDORA-2016-62f1561769)
Free mind mapping software
--------------------------------------------------------------------------------
Update Information:
Add batik-all to classpath (Resolves rhbz#1402128)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402128 - batik jar issue: svg export breaks if icon present
https://bugzilla.redhat.com/show_bug.cgi?id=1402128
--------------------------------------------------------------------------------
================================================================================
grub2-2.02-0.35.fc24 (FEDORA-2016-a098b75b13)
Bootloader with support for Linux, Multiboot and more
--------------------------------------------------------------------------------
Update Information:
This is a backport of the fixes in F25 and rawhide.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1347291 - Booting from Windows 10 entry ends with 'relocation failed'
error
https://bugzilla.redhat.com/show_bug.cgi?id=1347291
[ 2 ] Bug #1226325 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1226325
[ 3 ] Bug #1261926 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1261926
[ 4 ] Bug #1292615 - Double free when kernel does not match EFI secure boot keys
https://bugzilla.redhat.com/show_bug.cgi?id=1292615
--------------------------------------------------------------------------------
================================================================================
gstreamer-plugins-bad-free-0.10.23-34.fc24 (FEDORA-2016-a3bc78de2b)
GStreamer streaming media framework "bad" plug-ins
--------------------------------------------------------------------------------
Update Information:
vmncdec: Sanity-check width/height before using it ---- Remove insecure nsf
plugin (#1395126)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1395126 - CVE-2016-9447 gstreamer-plugins-bad-free: Memory corruption flaw in
NSF decoder
https://bugzilla.redhat.com/show_bug.cgi?id=1395126
--------------------------------------------------------------------------------
================================================================================
gstreamer1-plugins-bad-free-1.8.3-3.fc24 (FEDORA-2016-ca6cc3ce3e)
GStreamer streaming media framework "bad" plugins
--------------------------------------------------------------------------------
Update Information:
Fix h264 and h265 parser size checks
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401946 - CVE-2016-9809 CVE-2016-9812 CVE-2016-9813
gstreamer1-plugins-bad-free: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1401946
--------------------------------------------------------------------------------
================================================================================
hsqldb-2.3.3-5.fc24 (FEDORA-2016-679d245f42)
HyperSQL Database Engine
--------------------------------------------------------------------------------
Update Information:
Fix broken link to servlet.jar (Resolves rhbz#1400405)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400405 - /var/lib/hsqldb/lib/servlet.jar: broken symbolic link to
servlet.jar
https://bugzilla.redhat.com/show_bug.cgi?id=1400405
--------------------------------------------------------------------------------
================================================================================
libinput-1.5.3-1.fc24 (FEDORA-2016-e44811a750)
Input device library
--------------------------------------------------------------------------------
Update Information:
libinput 1.5.3
--------------------------------------------------------------------------------
================================================================================
madplay-0.15.2b-11.fc24 (FEDORA-2016-35125c4963)
MPEG audio decoder and player
--------------------------------------------------------------------------------
Update Information:
- Import from rpmfusion
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401961 - Review Request: madplay - MPEG audio decoder and player
https://bugzilla.redhat.com/show_bug.cgi?id=1401961
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.14-1.fc24 (FEDORA-2016-0617647f85)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
2.3.14
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
--------------------------------------------------------------------------------
================================================================================
osbs-client-0.33-2.fc24 (FEDORA-2016-f5c6f0fa1d)
Python command line client for OpenShift Build Service
--------------------------------------------------------------------------------
Update Information:
- Update to latest upstream release - Patch for koji krb5 enablement - Patch to
enable site-specific plugin configurations
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401622 - JSON object issues when running osbs-3
https://bugzilla.redhat.com/show_bug.cgi?id=1401622
[ 2 ] Bug #1394438 - osbs-client-0.33 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1394438
--------------------------------------------------------------------------------
================================================================================
php-jeremeamia-superclosure-2.3.0-1.fc24 (FEDORA-2016-0d4542a57a)
Serialize Closure objects, including their context and binding
--------------------------------------------------------------------------------
Update Information:
**Version 2.3.0** * Added support for PHP Parser 3 and PHP 7.1. *
Identify failed serialization with signature option. Packaging change: *
switch to fedora/autoloader
--------------------------------------------------------------------------------
================================================================================
python-docker-squash-1.0.5-2.fc24 (FEDORA-2016-271130347c)
Docker layer squashing tool
--------------------------------------------------------------------------------
Update Information:
Upstream release 1.0.5.
--------------------------------------------------------------------------------
================================================================================
python-dockerfile-parse-0.0.5-7.fc24 (FEDORA-2016-534da19ad5)
Python library for Dockerfile manipulation
--------------------------------------------------------------------------------
Update Information:
Handle parent ENV inheritance.
--------------------------------------------------------------------------------
================================================================================
qrmumps-2.0-4.fc24 (FEDORA-2016-2036a8c913)
A multithreaded multifrontal QR solver
--------------------------------------------------------------------------------
Update Information:
- New package (bz#1400261)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400261 - Review Request (rename): qrmumps - A multithreaded multifrontal QR
solver
https://bugzilla.redhat.com/show_bug.cgi?id=1400261
--------------------------------------------------------------------------------
================================================================================
rpkg-1.47-2.fc24 (FEDORA-2016-a383ccbf57)
Utility for interacting with rpm+git packaging systems
--------------------------------------------------------------------------------
Update Information:
Changelog of rpkg,
https://pagure.io/rpkg/blob/master/f/CHANGELOG.rst Changelog
of fedpkg,
https://pagure.io/fedpkg/blob/master/f/CHANGELOG.rst
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #714726 - change --root option to --mock-config to fedpkg mockbuild
https://bugzilla.redhat.com/show_bug.cgi?id=714726
[ 2 ] Bug #841516 - fedpkg scratch-build error message should be improved to tell you
how to do a scratch build without pushing
https://bugzilla.redhat.com/show_bug.cgi?id=841516
[ 3 ] Bug #1325775 - Working on branch without remote tracking branch fails due to
unpushed changes
https://bugzilla.redhat.com/show_bug.cgi?id=1325775
[ 4 ] Bug #1203757 - The description of fedpkg verify-files in the man page and help
text is misleading
https://bugzilla.redhat.com/show_bug.cgi?id=1203757
[ 5 ] Bug #1169663 - Build stops with "Could not execute scratch_build: There are
unpushed changes in your repo" when there are no unpushed changes in the current
branch
https://bugzilla.redhat.com/show_bug.cgi?id=1169663
--------------------------------------------------------------------------------
================================================================================
tor-0.2.8.10-1.fc24 (FEDORA-2016-7833cedce5)
Anonymizing overlay network for TCP
--------------------------------------------------------------------------------
Update Information:
update to upstream release 0.2.8.10
--------------------------------------------------------------------------------
================================================================================
viennacl-1.7.1-3.fc24 (FEDORA-2016-8fe5ca8d90)
Linear algebra and solver library using CUDA, OpenCL, and OpenMP
--------------------------------------------------------------------------------
Update Information:
new packages build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1289717 - Review Request: viennacl - Linear algebra and solver library using
CUDA, OpenCL, and OpenMP
https://bugzilla.redhat.com/show_bug.cgi?id=1289717
--------------------------------------------------------------------------------
================================================================================
vulkan-1.0.30.0-2.fc24 (FEDORA-2016-ef61c49157)
Vulkan loader and validation layers
--------------------------------------------------------------------------------
Update Information:
- Fix VkLayer undefined symbol: util_GetExtensionProperties
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402097 - validation layers not working
https://bugzilla.redhat.com/show_bug.cgi?id=1402097
--------------------------------------------------------------------------------
================================================================================
wordpress-4.7-1.fc24 (FEDORA-2016-4cb073fc37)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
See upstream announcement: [WordPress 4.7
���Vaughan���](https://wordpress.org/news/2016/12/vaughan/)
--------------------------------------------------------------------------------
================================================================================
xrootd-4.5.0-1.fc24 (FEDORA-2016-d27d977aa1)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
New version 4.5.0, release notes are here:
https://github.com/xrootd/xrootd/blob/v4.5.0/docs/ReleaseNotes.txt This build
includes support for OpenSSL 1.1.0 from:
https://github.com/xrootd/xrootd/pull/436
--------------------------------------------------------------------------------