The following Fedora 23 Security updates need testing:
Age URL
158
https://bodhi.fedoraproject.org/updates/FEDORA-2015-12739
python-kdcproxy-0.3.2-1.fc23
112
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
98
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
86
https://bodhi.fedoraproject.org/updates/FEDORA-2015-66439aa9e2
openstack-glance-2015.1.2-1.fc23
69
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
42
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
41
https://bodhi.fedoraproject.org/updates/FEDORA-2015-28076d0830
thttpd-2.25b-35.fc23
41
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-36.fc23
33
https://bodhi.fedoraproject.org/updates/FEDORA-2015-abf9659276
php-PHPMailer-5.2.14-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6f20fac744
lighttpd-1.4.39-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-105b3b8804
salt-2015.5.8-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c82e5c322c
gajim-0.16.5-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-64c69ec297
libxmp-4.3.10-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3509d27585
nodejs-ws-1.0.1-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-902a2b18d8
shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ce812a1e0
kernel-4.3.3-300.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-558167a417 php-5.6.17-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-21f5261525
wordpress-4.4.1-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-971f4f3a50
wireshark-1.12.9-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-38e48069f8
prosody-0.9.9-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f048c43393
radicale-1.1.1-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9bba2bb01 qemu-2.4.1-5.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ce812a1e0
kernel-4.3.3-300.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-59825bca79 krb5-1.14-5.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-678f6610dd
librsvg2-2.40.13-1.fc23
The following builds have been pushed to Fedora 23 updates-testing
SDL2_image-2.0.1-1.fc23
SDL2_mixer-2.0.1-1.fc23
SDL2_net-2.0.1-1.fc23
SDL2_ttf-2.0.13-1.fc23
awscli-1.9.16-1.fc23
dosbox-0.74-17.fc23
eclib-20160101-1.fc23
enki-15.11.0-2.fc23
hadoop-2.4.1-12.fc23
kanatest-0.4.8-16.fc23
kde-connect-0.9-4.fc23
marsshooter-0.7.6-1.fc23
mbedtls-2.2.1-1.fc23
mycli-1.5.2-4.fc23
perl-WWW-Shorten-3.08-1.fc23
php-JsonSchema-1.6.0-1.fc23
php-pear-HTTP-OAuth-0.3.2-1.fc23
polyglot-chess-1.4-5.20140902gitf46ee06.fc23
qemu-2.4.1-5.fc23
radicale-1.1.1-1.fc23
xflr5-6.12-1.fc23
yash-2.40-1.fc23
Details about builds:
================================================================================
SDL2_image-2.0.1-1.fc23 (FEDORA-2016-ceb8831a8c)
Image loading library for SDL
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296751 - SDL2_image-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1296751
--------------------------------------------------------------------------------
================================================================================
SDL2_mixer-2.0.1-1.fc23 (FEDORA-2016-aa9e575c83)
Simple DirectMedia Layer - Sample Mixer Library
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296752 - SDL2_mixer-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1296752
[ 2 ] Bug #1295221 - SDL2_mixer-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1295221
--------------------------------------------------------------------------------
================================================================================
SDL2_net-2.0.1-1.fc23 (FEDORA-2016-e63ce2aa12)
SDL portable network library
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296753 - SDL2_net-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1296753
--------------------------------------------------------------------------------
================================================================================
SDL2_ttf-2.0.13-1.fc23 (FEDORA-2016-7e4ca5143b)
TrueType font rendering library for SDL2
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.13
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296754 - SDL2_ttf-2.0.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1296754
--------------------------------------------------------------------------------
================================================================================
awscli-1.9.16-1.fc23 (FEDORA-2016-40c8c8e087)
Universal Command Line Environment for AWS
--------------------------------------------------------------------------------
Update Information:
First version
--------------------------------------------------------------------------------
================================================================================
dosbox-0.74-17.fc23 (FEDORA-2016-5620730110)
x86/DOS emulator with sound and graphics
--------------------------------------------------------------------------------
Update Information:
This update should fix an issue where dosbox frequently crashes when run with
'cycles=auto' (a common configuration).
--------------------------------------------------------------------------------
================================================================================
eclib-20160101-1.fc23 (FEDORA-2016-f617775199)
Library for Computations on Elliptic Curves
--------------------------------------------------------------------------------
Update Information:
eclib-20160101-1.fc23: - No non-trivial changes to code, and none to the
library interface. - Various obsolete compiler flags have been removed, and
documentation updated (see github issue #10). - A new configure option
--disable-mpfp has been added but the behavior with the default is unchanged.
--------------------------------------------------------------------------------
================================================================================
enki-15.11.0-2.fc23 (FEDORA-2016-35eb73f03b)
Text editor for programmers
--------------------------------------------------------------------------------
Update Information:
obsoletes plugins subpackage, fixes functionality of menu
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1292724 - Enki not usable without plugins
https://bugzilla.redhat.com/show_bug.cgi?id=1292724
[ 2 ] Bug #1281876 - Review Request: enki - Extensible text editor for programmers
https://bugzilla.redhat.com/show_bug.cgi?id=1281876
--------------------------------------------------------------------------------
================================================================================
hadoop-2.4.1-12.fc23 (FEDORA-2016-182ae3df92)
A software platform for processing vast amounts of data
--------------------------------------------------------------------------------
Update Information:
Fixed the bug inhibiting the tomcat@httpfs service to start.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295968 - hadoop-httpfs service does not start
https://bugzilla.redhat.com/show_bug.cgi?id=1295968
--------------------------------------------------------------------------------
================================================================================
kanatest-0.4.8-16.fc23 (FEDORA-2016-d99975c856)
Hiragana and Katakana drill tool
--------------------------------------------------------------------------------
Update Information:
kanatest on Fedora 23 does not launch and immediately segfaults at the startup.
This new rpm should fix this issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296655 - [abrt] kanatest: gtk_icon_source_set_pixbuf(): kanatest killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1296655
--------------------------------------------------------------------------------
================================================================================
kde-connect-0.9-4.fc23 (FEDORA-2016-f034164e15)
KDE Connect client for communication with smartphones
--------------------------------------------------------------------------------
Update Information:
New kdeconnect-0.9g release
--------------------------------------------------------------------------------
================================================================================
marsshooter-0.7.6-1.fc23 (FEDORA-2016-859b9f2a75)
M.A.R.S. - A Ridiculous Shooter
--------------------------------------------------------------------------------
Update Information:
- Switch to new upstream:
https://github.com/jwrdegoede/M.A.R.S. - Update to
0.7.6 release: - Replace a few non-free fonts and sound files which accidentally
slipped in with free alternatives - Add appdata
--------------------------------------------------------------------------------
================================================================================
mbedtls-2.2.1-1.fc23 (FEDORA-2016-b3784096ef)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 2.2.1 Release notes:
https://tls.mbed.org/tech-
updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released ----
- Update to 2.2.0 Release notes:
https://tls.mbed.org/tech-
updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-polarssl.1.2.18-released
--------------------------------------------------------------------------------
================================================================================
mycli-1.5.2-4.fc23 (FEDORA-2016-fe605bc905)
Interactive CLI for MySQL Database with auto-completion and syntax highlighting
--------------------------------------------------------------------------------
Update Information:
New package: mycli.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295108 - Review Request: mycli - Nice command line interface for MySQL
Database with auto-completion and syntax highlighting
https://bugzilla.redhat.com/show_bug.cgi?id=1295108
--------------------------------------------------------------------------------
================================================================================
perl-WWW-Shorten-3.08-1.fc23 (FEDORA-2016-c3402a3a0e)
Interface to URL shortening sites
--------------------------------------------------------------------------------
Update Information:
Upgrade to 3.08 (bz#1296197)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296197 - Upgrade perl-WWW-Shorten to 3.08
https://bugzilla.redhat.com/show_bug.cgi?id=1296197
--------------------------------------------------------------------------------
================================================================================
php-JsonSchema-1.6.0-1.fc23 (FEDORA-2016-45a064537d)
PHP implementation of JSON schema
--------------------------------------------------------------------------------
Update Information:
**Version1.6.0** * 142 Optional extra arguments for custom error messages * 143
Add constraint factory * 192 Create .gitattributes * 194 bugfix:
patternProperties raised errors when the pattern has slashes * 202 Fix
CollectionConstraint to allow uniqueItems to be false * 204 Fix path output for
required properties * 206 An email is a string, not much else. * 207 Fix non-6
digit microsecond date time formats * 209 RefResolver::$depth restoration after
JsonDecodingException **Version1.5.0** * 182 Fix #93 ($ref to local definition
not working)
--------------------------------------------------------------------------------
================================================================================
php-pear-HTTP-OAuth-0.3.2-1.fc23 (FEDORA-2016-67e86e67b4)
Implementation of the OAuth spec
--------------------------------------------------------------------------------
Update Information:
**Version 0.3.2** * Fixed PEAR#20426. Authorization header values parsed
incorrectly * Added composer support.
--------------------------------------------------------------------------------
================================================================================
polyglot-chess-1.4-5.20140902gitf46ee06.fc23 (FEDORA-2016-b099b47360)
Polyglot chess opening book program
--------------------------------------------------------------------------------
Update Information:
initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1197333 - Review Request: polyglot-chess - Polyglot chess opening book
program
https://bugzilla.redhat.com/show_bug.cgi?id=1197333
--------------------------------------------------------------------------------
================================================================================
qemu-2.4.1-5.fc23 (FEDORA-2016-e9bba2bb01)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
* CVE-2015-7549: pci: null pointer dereference issue (bz #1291138) *
CVE-2015-8558: DoS by infinite loop in ehci_advance_state (bz #1291309) *
CVE-2015-8666: Heap-based buffer overrun during VM migration (bz #1294027) *
CVE-2015-8744: vmxnet3: fix crash with short packets (bz #1295440) *
CVE-2015-8745: vmxnet3: don't assert reading registers in bar0 (bz #1295442)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1291137 - CVE-2015-7549 Qemu: pci: null pointer dereference issue
https://bugzilla.redhat.com/show_bug.cgi?id=1291137
[ 2 ] Bug #1277983 - CVE-2015-8558 Qemu: usb: infinite loop in ehci_advance_state
results in DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1277983
[ 3 ] Bug #1283722 - CVE-2015-8666 Qemu: acpi: heap based buffer overrun during VM
migration
https://bugzilla.redhat.com/show_bug.cgi?id=1283722
[ 4 ] Bug #1270871 - CVE-2015-8744 Qemu: net: vmxnet3: incorrect l2 header validation
leads to a crash via assert(2) call
https://bugzilla.redhat.com/show_bug.cgi?id=1270871
[ 5 ] Bug #1270876 - CVE-2015-8745 Qemu: net: vmxnet3: reading IMR registers leads to a
crash via assert(2) call
https://bugzilla.redhat.com/show_bug.cgi?id=1270876
--------------------------------------------------------------------------------
================================================================================
radicale-1.1.1-1.fc23 (FEDORA-2016-f048c43393)
A simple CalDAV (calendar) and CardDAV (contact) server
--------------------------------------------------------------------------------
Update Information:
Version 1.1.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295836 - CVE-2015-8747 CVE-2015-8748 radicale: Multiple security issues
fixed in 1.1
https://bugzilla.redhat.com/show_bug.cgi?id=1295836
--------------------------------------------------------------------------------
================================================================================
xflr5-6.12-1.fc23 (FEDORA-2016-89a0d4b2cd)
Analysis tool for airfoils, wings and planes
--------------------------------------------------------------------------------
Update Information:
Update to version 6.12, see
http://sourceforge.net/projects/xflr5/files/6.12/ReleaseNotes.txt for details.
--------------------------------------------------------------------------------
================================================================================
yash-2.40-1.fc23 (FEDORA-2016-3c26ae5b42)
Yet Another SHell
--------------------------------------------------------------------------------
Update Information:
New version 2.40 is released.
--------------------------------------------------------------------------------