The following Fedora 23 Security updates need testing: Age URL 172 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 129 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 102 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 53 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 52 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 41 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e4408f350 squid-3.5.10-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-641c8b4eb2 jenkins-1.625.3-3.fc23 jenkins-remoting-2.53.3-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e062971917 exim-4.86.2-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-657a1305aa websvn-2.3.3-12.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-db944c5072 hamster-time-tracker-2.0-0.5.rc1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-11183ea08d python-django-1.8.11-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f6af14570f rubygem-actionpack-4.2.3-5.fc23 rubygem-actionview-4.2.3-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-96379cb8d1 putty-0.67-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1587f6ba samba-4.3.6-0.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-474c1d8264 php-pecl-http-2.5.6-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d7dafbf27f python-tgcaptcha2-0.3.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8b4f643f3d libotr-4.1.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-592f23fb74 drupal6-emfield-2.7-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5cf6959198 mod_auth_mellon-0.11.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4504e9445 xen-4.5.2-9.fc23
The following Fedora 23 Critical Path updates have yet to be approved: Age URL 41 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5fb0d8ce68 sendmail-8.15.2-3.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0dd92d1ad pungi-4.0.7-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1587f6ba samba-4.3.6-0.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cf71a8f91b orc-0.4.25-1.fc23
The following builds have been pushed to Fedora 23 updates-testing
EekBoek-2.02.05-1.fc23 check-mk-1.2.6p16-3.fc23 cinnamon-2.8.7-1.fc23 cinnamon-desktop-2.8.1-1.fc23 cinnamon-settings-daemon-2.8.4-1.fc23 cycle-0.3.1-20.fc23 dnf-1.1.7-2.fc23 dnf-plugins-core-0.1.17-1.fc23 drupal6-ctools-1.15-1.fc23 drupal6-emfield-2.7-1.fc23 drupal6-login_destination-2.13-1.fc23 drupal6-pathauto-2.1-1.fc23 eclipse-mdt-ocl-6.0.2-1.fc23 eclipse-mdt-uml2-5.1.2-1.fc23 eclipse-mpc-1.4.2-1.fc23 eclipse-subclipse-1.10.11-2.fc23 fail2ban-0.9.4-2.fc23 fasd-1.0.1-2.fc23 lcgdm-dav-0.17.1-1.fc23 libotr-4.1.1-1.fc23 libreoffice-5.0.5.2-5.fc23 libsolv-0.6.19-2.fc23 mod_auth_mellon-0.11.1-1.fc23 muffin-2.8.5-1.fc23 nemo-2.8.7-1.fc23 openqa-4.3-19.fc23 owncloud-8.1.5-1.fc23 pdc-client-0.9.0-1.fc23 php-pecl-http-2.5.6-1.fc23 php-sabre-dav-2.1.6-1.fc23 php-sabre-vobject-3.4.6-1.fc23 playonlinux-4.2.10-7.fc23 python-behave-1.2.5-10.fc23 python-nmrglue-0.5-3.fc23 python-tgcaptcha2-0.3.1-1.fc23 python3-cherrypy-5.0.1-2.fc23 samba-4.3.6-0.fc23 tvtime-1.0.10-2.fc23 xen-4.5.2-9.fc23
Details about builds:
================================================================================ EekBoek-2.02.05-1.fc23 (FEDORA-2016-1c48379aac) Bookkeeping software for small and medium-size businesses -------------------------------------------------------------------------------- Update Information:
Upgrade to upstream 2.02.05 (emergency bugfix). --------------------------------------------------------------------------------
================================================================================ check-mk-1.2.6p16-3.fc23 (FEDORA-2016-2bd480c5eb) A new general purpose Nagios-plugin for retrieving data -------------------------------------------------------------------------------- Update Information:
Make sure the /etc/nagios/auth.serials,htpasswd.users files are not overwritten at package update. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1316086 - check-mk: use %config(noreplace) for /etc/nagios/htpasswd.users https://bugzilla.redhat.com/show_bug.cgi?id=1316086 --------------------------------------------------------------------------------
================================================================================ cinnamon-2.8.7-1.fc23 (FEDORA-2016-edf9de62a7) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information:
release update --------------------------------------------------------------------------------
================================================================================ cinnamon-desktop-2.8.1-1.fc23 (FEDORA-2016-edf9de62a7) Shared code among cinnamon-session, nemo, etc -------------------------------------------------------------------------------- Update Information:
release update --------------------------------------------------------------------------------
================================================================================ cinnamon-settings-daemon-2.8.4-1.fc23 (FEDORA-2016-edf9de62a7) The daemon sharing settings from CINNAMON to GTK+/KDE applications -------------------------------------------------------------------------------- Update Information:
release update --------------------------------------------------------------------------------
================================================================================ cycle-0.3.1-20.fc23 (FEDORA-2016-a8a332c417) Calendar program for women -------------------------------------------------------------------------------- Update Information:
Delayed attempt for a gift for the International Women's Day. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1315836 - cycle crashes upon use (after wxPython 3.0 transition) https://bugzilla.redhat.com/show_bug.cgi?id=1315836 --------------------------------------------------------------------------------
================================================================================ dnf-1.1.7-2.fc23 (FEDORA-2016-0123ce82c1) Package manager forked from Yum, using libsolv as a dependency resolver -------------------------------------------------------------------------------- Update Information:
Regular DNF bugfix release. ---- Update to 0.6.15 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1313215 - got "IndexError: list index out of range " after ran dnf history command https://bugzilla.redhat.com/show_bug.cgi?id=1313215 [ 2 ] Bug #1227014 - dnf makecache is extremely slow https://bugzilla.redhat.com/show_bug.cgi?id=1227014 [ 3 ] Bug #1302217 - dnf metadata expiration message does not fit on screen https://bugzilla.redhat.com/show_bug.cgi?id=1302217 [ 4 ] Bug #1303149 - dnf history info failing https://bugzilla.redhat.com/show_bug.cgi?id=1303149 [ 5 ] Bug #1302934 - Malformed translations in 1.1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1302934 [ 6 ] Bug #1306304 - [perf] cache installed set of packages in query (for updates) https://bugzilla.redhat.com/show_bug.cgi?id=1306304 [ 7 ] Bug #1268818 - dnf -v group list not mentioned in man page https://bugzilla.redhat.com/show_bug.cgi?id=1268818 [ 8 ] Bug #1283432 - dnf group list --installed / --available https://bugzilla.redhat.com/show_bug.cgi?id=1283432 [ 9 ] Bug #1258503 - regression in dnf, requires network access for history https://bugzilla.redhat.com/show_bug.cgi?id=1258503 [ 10 ] Bug #1305356 - dnf groupinstall does not install packages, only marks them https://bugzilla.redhat.com/show_bug.cgi?id=1305356 [ 11 ] Bug #1286477 - DNF creates /etc/yum/repos.d instead of /etc/dnf/repos.d when no repodir is present/configured https://bugzilla.redhat.com/show_bug.cgi?id=1286477 [ 12 ] Bug #1024701 - [rfe] debuginfo-install plugin: add passive feature to keep debuginfo packages in sync https://bugzilla.redhat.com/show_bug.cgi?id=1024701 [ 13 ] Bug #1302214 - Translation incomplete of the download plugin https://bugzilla.redhat.com/show_bug.cgi?id=1302214 --------------------------------------------------------------------------------
================================================================================ dnf-plugins-core-0.1.17-1.fc23 (FEDORA-2016-0123ce82c1) Core Plugins for DNF -------------------------------------------------------------------------------- Update Information:
Regular DNF bugfix release. ---- Update to 0.6.15 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1313215 - got "IndexError: list index out of range " after ran dnf history command https://bugzilla.redhat.com/show_bug.cgi?id=1313215 [ 2 ] Bug #1227014 - dnf makecache is extremely slow https://bugzilla.redhat.com/show_bug.cgi?id=1227014 [ 3 ] Bug #1302217 - dnf metadata expiration message does not fit on screen https://bugzilla.redhat.com/show_bug.cgi?id=1302217 [ 4 ] Bug #1303149 - dnf history info failing https://bugzilla.redhat.com/show_bug.cgi?id=1303149 [ 5 ] Bug #1302934 - Malformed translations in 1.1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1302934 [ 6 ] Bug #1306304 - [perf] cache installed set of packages in query (for updates) https://bugzilla.redhat.com/show_bug.cgi?id=1306304 [ 7 ] Bug #1268818 - dnf -v group list not mentioned in man page https://bugzilla.redhat.com/show_bug.cgi?id=1268818 [ 8 ] Bug #1283432 - dnf group list --installed / --available https://bugzilla.redhat.com/show_bug.cgi?id=1283432 [ 9 ] Bug #1258503 - regression in dnf, requires network access for history https://bugzilla.redhat.com/show_bug.cgi?id=1258503 [ 10 ] Bug #1305356 - dnf groupinstall does not install packages, only marks them https://bugzilla.redhat.com/show_bug.cgi?id=1305356 [ 11 ] Bug #1286477 - DNF creates /etc/yum/repos.d instead of /etc/dnf/repos.d when no repodir is present/configured https://bugzilla.redhat.com/show_bug.cgi?id=1286477 [ 12 ] Bug #1024701 - [rfe] debuginfo-install plugin: add passive feature to keep debuginfo packages in sync https://bugzilla.redhat.com/show_bug.cgi?id=1024701 [ 13 ] Bug #1302214 - Translation incomplete of the download plugin https://bugzilla.redhat.com/show_bug.cgi?id=1302214 --------------------------------------------------------------------------------
================================================================================ drupal6-ctools-1.15-1.fc23 (FEDORA-2016-3f89c045e0) Primarily a set of APIs and tools to improve the developer experience -------------------------------------------------------------------------------- Update Information:
### 6.x-1.15 This is an incremental bugfix release for ctools, particularly for newer versions of php 5. (5.4+) ctools is now in bug and security only maintenance mode. Any future feature requests should be made in the 7.x or preferably, the 8.x branch. #### Changes since 6.x-1.14: * #1334894 by mikeytown2: Warning: Invalid argument supplied for foreach() in views_content_views_content_type_render() * #2599688 by jansete: Strict warning: Declaration of views_content_plugin_display_panel_pane::options_submit() should be compatible with views_plugin_display::options_submit(&$form, &$form_state) * Fix 'Only variables should be passed by reference' error -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1293745 - drupal6-ctools-1.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1293745 --------------------------------------------------------------------------------
================================================================================ drupal6-emfield-2.7-1.fc23 (FEDORA-2016-592f23fb74) An engine for modules to integrate various 3rd party media content providers -------------------------------------------------------------------------------- Update Information:
### 6.x-2.7 Fixes [Embedded Media Field - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2016-004](https://www.drupal.org/node/2666446) #### Changes since 6.x-2.6: * by dalin: Ensure that width and height are always numbers. * #1868588 by tangent: URL detection regex does not match hyphens / breaks HTML markup -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1306475 - drupal6-emfield-2.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1306475 --------------------------------------------------------------------------------
================================================================================ drupal6-login_destination-2.13-1.fc23 (FEDORA-2016-f0b9ada60c) Control where users are directed to once they login -------------------------------------------------------------------------------- Update Information:
### 6.x-2.13 #### Changes since 6.x-2.12: NOTE: the upgrade will be seamless - no db schema changes made ( D6 module version does not have its own db tables ) See [#2611674: Number of fixed issues - 9, feeling - priceless! 6.x version issues screenshot](https://www.drupal.org/node/2611674) for a screenshot with all the bugs for D6 finally fixed! This release fixes all known bugs! NOTE2: Added a new setting on login_destination's settings page: "use_drupal_goto". Here is some explanation: - turn on/off the drupal_goto invocation - OFF by default - we need use_drupal_goto == ON, if we want to use absolute urls on login redirect, at least until some better way is found - if we have it ON, it will break modules like content_profile_registration from the content_profile package. It's ok for you to leave it ON if you don't use that module. As always test, and double test. We tried to make it as flexible as we can, giving you control over the drupal_goto usage + sane defaults (its OFF by default). Changes: * #1508152 by rsvelko: add new setting: "use_drupal_goto" * #1793540 by stewart.adam, rsvelko: Should check if force_password_change module is enabled when checking if redirection is valid * better function naming: login_destination_apply_redirect -> __login_destination_should_we_redirect * #1577904 by rsvelko: Correct the onscreen PHP Snippet example rewrote login_destination_redirect_to_path_and_query to make it handle array/string queries and rawurlencode query/path only when needed settings page rearranged a bit: move the destination fieldgroup to become first, and the condtition fieldgroup -> second * better absolute url detection * #1307478 by chriscohen, rsvelko: Notice: Undefined property: stdClass::$force_password_change in login_destination_apply_redirect() * minor edits like: better README language, stripping CVS keywords, remove trailing whitespace -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1289080 - drupal6-login_destination-2.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1289080 --------------------------------------------------------------------------------
================================================================================ drupal6-pathauto-2.1-1.fc23 (FEDORA-2016-178a8a5ec2) Provides a mechanism to automatically generate aliases -------------------------------------------------------------------------------- Update Information:
### 6.x-2.1 #### Changes since 6.x-2.0: * Fixed pathauto_alias_uniquify() did not use pathauto_truncate_utf8(). * #2423077 by Dave Reid, TuWebO: Fixed wrong parameters passed to truncate_utf8() from pathauto_alias_uniquify(). * #1899806: Fixed URL segments with empty tokens inbetween separator resulted in duplicated backslashes in Pathauto alias. * #1565850: Added hook_pathauto_pattern_alter(). Simplify invocations of pathauto_cleanstring() by both accepting $options['langauge'] and $options['langcode']. * Bug #973908: Fix pathauto_cleanstring() lacks language context. * Updated PATHAUTO_PREG_CLASS_UNICODE_WORD_BOUNDARY to match the Drupal 7 value. * #1003490: Renamed 'Bulk update' tab to 'Bulk generate' to better reflect actual functionality. * #1574700 by jgSnell, fletchgqc: Clarified transliteration help text means US-ASCII instead of ASCII-96. * #2174603: Added support for an $options['force'] parameter in pathauto_*_update_alias() callbacks that ignores the $object->path['pathauto'] value and will always perform aliasing. * #1834666 by greggles: Update README.txt maintainers * #1796920: Fixed pathauto_action_info() did not define the required 'hooks' property for each action. * #1189844: Added hook_action_info() support for bulk updating nodes, terms, and users with Views Bulk Operations. * Prevent core bug #600836 (infinite batch errors) if new entities are added while the batch processes are running. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1300492 - drupal6-pathauto-2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1300492 --------------------------------------------------------------------------------
================================================================================ eclipse-mdt-ocl-6.0.2-1.fc23 (FEDORA-2016-44564b5c98) Implementation of the OCL OMG meta-model for Eclipse -------------------------------------------------------------------------------- Update Information:
Update to Mars.2 releases of modeling frameworks. --------------------------------------------------------------------------------
================================================================================ eclipse-mdt-uml2-5.1.2-1.fc23 (FEDORA-2016-44564b5c98) Implementation of the UML2 OMG meta-model for Eclipse -------------------------------------------------------------------------------- Update Information:
Update to Mars.2 releases of modeling frameworks. --------------------------------------------------------------------------------
================================================================================ eclipse-mpc-1.4.2-1.fc23 (FEDORA-2016-ed915a9110) Eclipse Marketplace Client -------------------------------------------------------------------------------- Update Information:
Update to Mars.2 release. --------------------------------------------------------------------------------
================================================================================ eclipse-subclipse-1.10.11-2.fc23 (FEDORA-2016-7c7e8c9a0e) Subversion Eclipse plugin -------------------------------------------------------------------------------- Update Information:
Updates to latest upstream minor release. For details of changes, please see: http://subclipse.tigris.org/subclipse_1.10.x/changes.html --------------------------------------------------------------------------------
================================================================================ fail2ban-0.9.4-2.fc23 (FEDORA-2016-c9a748915a) Daemon to ban hosts that cause multiple authentication errors -------------------------------------------------------------------------------- Update Information:
Update to 0.9.4: Fixes: roundcube-auth jail typo for logpath Fix dnsToIp resolver for fqdn with large list of IPs (gh-1164) filter.d /apache-badbots.conf Updated useragent string regex adding escape for + filter.d/mysqld-auth.conf Updated "Access denied ..." regex for MySQL 5.6 and later (gh-1211, gh-1332) filter.d/sshd.conf Updated "Auth fail" regex for OpenSSH 5.9 and later Treat failed and killed execution of commands identically (only different log messages), which addresses different behavior on different exit codes of dash and bash (gh-1155) Fix jail.conf.5 man's section (gh-1226) Fixed default banaction for allports jails like pam-generic, recidive, etc with new default variable banaction_allports (gh-1216) Fixed fail2ban-regex stops working on invalid (wrong encoded) character for python version < 3.x (gh-1248) Use postfix_log logpath for postfix-rbl jail filters.d/postfix.conf - add 'Sender address rejected: Domain not found' failregex use fail2ban_agent as user-agent in actions badips, blocklist_de, etc (gh-1271) Fix ignoring the sender option by action_mw, action_mwl and action_c_mwl Changed filter.d/asterisk regex for "Call from ..." (few vulnerable now) Removed compression and rotation count from logrotate (inherit them from the global logrotate config) New Features: New interpolation feature for definition config readers - <known/parameter> (means last known init definition of filters or actions with name parameter). This interpolation makes possible to extend a parameters of stock filter or action directly in jail inside jail.local file, without creating a separately filter.d/*.local file. As extension to interpolation %(known/parameter)s, that does not works for filter and action init parameters New actions: nftables-multiport and nftables-allports - filtering using nftables framework. Note: it requires a pre-existing chain for the filtering rule. New filters: openhab - domotic software authentication failure with the rest api and web interface (gh-1223) nginx-limit-req - ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) murmur - ban hosts that repeatedly attempt to connect to murmur/mumble-server with an invalid server password or certificate. haproxy-http-auth - filter to match failed HTTP Authentications against a HAProxy server New jails: murmur - bans TCP and UDP from the bad host on the default murmur port. sshd filter got new failregex to match "maximum authentication attempts exceeded" (introduced in openssh 6.8) Added filter for Mac OS screen sharing (VNC) daemon Enhancements: Do not rotate empty log files Added new date pattern with year after day (e.g. Sun Jan 23 2005 21:59:59) http://bugs.debian.org/798923 Added openSUSE path configuration (Thanks Johannes Weberhofer) Allow to split ignoreip entries by ',' as well as by ' ' (gh-1197) Added a timeout (3 sec) to urlopen within badips.py action (Thanks M. Maraun) Added check against atacker's Googlebot PTR fake records (Thanks Pablo Rodriguez Fernandez) Enhance filter against atacker's Googlebot PTR fake records (gh-1226) Nginx log paths extended (prefixed with "*" wildcard) (gh-1237) Added filter for openhab domotic software authentication failure with the rest api and web interface (gh-1223) Add *_backend options for services to allow distros to set the default backend per service, set default to systemd for Fedora as appropriate Performance improvements while monitoring large number of files (gh-1265). Use associative array (dict) for monitored log files to speed up lookup operations. Thanks @kshetragia Specified that fail2ban is PartOf iptables.service firewalld.service in .service file -- would reload fail2ban if those services are restarted Provides new default fail2ban_version and interpolation variable fail2ban_agent in jail.conf Enhance filter 'postfix' to ban incoming SMTP client with no fqdn hostname, and to support multiple instances of postfix having varying suffix (gh-1331) (Thanks Tom Hendrikx) files/gentoo-initd to use start-stop-daemon to robustify restarting the service --------------------------------------------------------------------------------
================================================================================ fasd-1.0.1-2.fc23 (FEDORA-2016-931cee65c9) A command-line productivity booster -------------------------------------------------------------------------------- Update Information:
Fasd (pronounced similar to "fast") is a command-line productivity booster. Fasd offers quick access to files and directories for POSIX shells. It is inspired by tools like autojump, z and v. Fasd keeps track of files and directories you have accessed, so that you can quickly reference them in the command line. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1316175 - Review Request: fasd - A command-line productivity booster https://bugzilla.redhat.com/show_bug.cgi?id=1316175 --------------------------------------------------------------------------------
================================================================================ lcgdm-dav-0.17.1-1.fc23 (FEDORA-2016-38663d0f80) HTTP/DAV front end to the DPM/LFC services -------------------------------------------------------------------------------- Update Information:
New upstream release 0.17.1 --------------------------------------------------------------------------------
================================================================================ libotr-4.1.1-1.fc23 (FEDORA-2016-8b4f643f3d) Off-The-Record Messaging library and toolkit -------------------------------------------------------------------------------- Update Information:
Updated to 4.1.1 for CVE-2016-2851 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1315247 https://bugzilla.redhat.com/show_bug.cgi?id=1315247 --------------------------------------------------------------------------------
================================================================================ libreoffice-5.0.5.2-5.fc23 (FEDORA-2016-da85be9364) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information:
* popups at the bottom of the screen don't always open upwards as they should --------------------------------------------------------------------------------
================================================================================ libsolv-0.6.19-2.fc23 (FEDORA-2016-0123ce82c1) Package dependency solver -------------------------------------------------------------------------------- Update Information:
Regular DNF bugfix release. ---- Update to 0.6.15 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1313215 - got "IndexError: list index out of range " after ran dnf history command https://bugzilla.redhat.com/show_bug.cgi?id=1313215 [ 2 ] Bug #1227014 - dnf makecache is extremely slow https://bugzilla.redhat.com/show_bug.cgi?id=1227014 [ 3 ] Bug #1302217 - dnf metadata expiration message does not fit on screen https://bugzilla.redhat.com/show_bug.cgi?id=1302217 [ 4 ] Bug #1303149 - dnf history info failing https://bugzilla.redhat.com/show_bug.cgi?id=1303149 [ 5 ] Bug #1302934 - Malformed translations in 1.1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1302934 [ 6 ] Bug #1306304 - [perf] cache installed set of packages in query (for updates) https://bugzilla.redhat.com/show_bug.cgi?id=1306304 [ 7 ] Bug #1268818 - dnf -v group list not mentioned in man page https://bugzilla.redhat.com/show_bug.cgi?id=1268818 [ 8 ] Bug #1283432 - dnf group list --installed / --available https://bugzilla.redhat.com/show_bug.cgi?id=1283432 [ 9 ] Bug #1258503 - regression in dnf, requires network access for history https://bugzilla.redhat.com/show_bug.cgi?id=1258503 [ 10 ] Bug #1305356 - dnf groupinstall does not install packages, only marks them https://bugzilla.redhat.com/show_bug.cgi?id=1305356 [ 11 ] Bug #1286477 - DNF creates /etc/yum/repos.d instead of /etc/dnf/repos.d when no repodir is present/configured https://bugzilla.redhat.com/show_bug.cgi?id=1286477 [ 12 ] Bug #1024701 - [rfe] debuginfo-install plugin: add passive feature to keep debuginfo packages in sync https://bugzilla.redhat.com/show_bug.cgi?id=1024701 [ 13 ] Bug #1302214 - Translation incomplete of the download plugin https://bugzilla.redhat.com/show_bug.cgi?id=1302214 --------------------------------------------------------------------------------
================================================================================ mod_auth_mellon-0.11.1-1.fc23 (FEDORA-2016-5cf6959198) A SAML 2.0 authentication module for the Apache Httpd Server -------------------------------------------------------------------------------- Update Information:
[CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to incorrect error handling when reading POST data from client. [CVE-2016-2146] Fix DOS attack (Apache worker process crash resource exhaustion) due to missing size checks when reading POST data. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1315747 - CVE-2016-2146 mod_auth_mellon: Failure to limit amount of POST data submitted by client https://bugzilla.redhat.com/show_bug.cgi?id=1315747 [ 2 ] Bug #1315739 - CVE-2016-2145 mod_auth_mellon: Missing error check when calling ap_get_client_block() https://bugzilla.redhat.com/show_bug.cgi?id=1315739 --------------------------------------------------------------------------------
================================================================================ muffin-2.8.5-1.fc23 (FEDORA-2016-edf9de62a7) Window and compositing manager based on Clutter -------------------------------------------------------------------------------- Update Information:
release update --------------------------------------------------------------------------------
================================================================================ nemo-2.8.7-1.fc23 (FEDORA-2016-edf9de62a7) File manager for Cinnamon -------------------------------------------------------------------------------- Update Information:
release update --------------------------------------------------------------------------------
================================================================================ openqa-4.3-19.fc23 (FEDORA-2016-612ad5089a) OS-level automated testing framework -------------------------------------------------------------------------------- Update Information:
This is a small update which includes the openQA temporary directory in the package, as openQA does not have the rights to create it. --------------------------------------------------------------------------------
================================================================================ owncloud-8.1.5-1.fc23 (FEDORA-2016-271438cff3) Private file sync and share server -------------------------------------------------------------------------------- Update Information:
Update to 8.1.5 Note that it is important not to miss this update as it's a required path to the next update of 8.2.X and if not applied will require manual intervention to update to this via koji before 8.2.X if skipped. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1261011 - owncloud-9.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1261011 --------------------------------------------------------------------------------
================================================================================ pdc-client-0.9.0-1.fc23 (FEDORA-2016-360eaf7066) Client library and console client for Product Definition Center -------------------------------------------------------------------------------- Update Information:
Update to latest upstream version ---- This client package contains two separate Product Definition Center clients and API module. Both clients contain extensive built-in help. Just run the executable with -h or --help argument. pdc_client ---------- This is a very simple client. Essentially this is just a little more convenient than using curl manually. Each invocation of this client obtains a token and then performs a single request. This client is not meant for direct usage, but just as a helper for integrating with PDC from languages where it might be easier than performing the network requests manually. pdc ---------- This is much more user friendly user interface. A single invocation can perform multiple requests depending on what subcommand you used. The pdc client supports Bash completion if argcomplete Python package is installed. Python API (pdc_client) ---------- When writing a client code interfacing with PDC server, you might find pdc_client module handy. It provides access to the configuration defined above and automates obtaining authorization token. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1297411 - Review Request: pdc-client - Client library and console client for Product Definition Center https://bugzilla.redhat.com/show_bug.cgi?id=1297411 --------------------------------------------------------------------------------
================================================================================ php-pecl-http-2.5.6-1.fc23 (FEDORA-2016-474c1d8264) Extended HTTP support -------------------------------------------------------------------------------- Update Information:
**Version 2.5.6** * Fix php-bug php#71719: Buffer overflow in HTTP url parsing functions (Mike, rc0r) * Fix gh-issue #28: Possible null pointer dereference in php_http_url_mod() (rc0r) * Fix gh-issue #22: Fix PHP5 config.w32 (Jan Ehrhardt) * Fix gh-issue #20: setSslOptions notice with curl 7.43 (Mike, Vitaliy Demidov) --------------------------------------------------------------------------------
================================================================================ php-sabre-dav-2.1.6-1.fc23 (FEDORA-2016-aa75e14ef2) WebDAV Framework for PHP -------------------------------------------------------------------------------- Update Information:
Update to 2.1.6, required for owncloud 8.1+ --------------------------------------------------------------------------------
================================================================================ php-sabre-vobject-3.4.6-1.fc23 (FEDORA-2016-f9afc12b86) Library to parse and manipulate iCalendar and vCard objects -------------------------------------------------------------------------------- Update Information:
Updating to 3.4.6 as a dependency of owncloud 8.1+ --------------------------------------------------------------------------------
================================================================================ playonlinux-4.2.10-7.fc23 (FEDORA-2016-fcf9a198ef) Graphical front-end for Wine -------------------------------------------------------------------------------- Update Information:
Fix bad icon path in a desktop file --------------------------------------------------------------------------------
================================================================================ python-behave-1.2.5-10.fc23 (FEDORA-2016-1216503c85) Tools for the behavior-driven development, Python style -------------------------------------------------------------------------------- Update Information:
Fixed Requires for python3-behave. Thank you Miro Hron��ok ---- Fixed managing python3 builds. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1216989 - Please upgrade to 1.2.5 in F21+ https://bugzilla.redhat.com/show_bug.cgi?id=1216989 [ 2 ] Bug #1276923 - provide Python3 version of the package https://bugzilla.redhat.com/show_bug.cgi?id=1276923 --------------------------------------------------------------------------------
================================================================================ python-nmrglue-0.5-3.fc23 (FEDORA-2016-484d980b68) Python module for processing NMR data -------------------------------------------------------------------------------- Update Information:
Python module for processing NMR data --------------------------------------------------------------------------------
================================================================================ python-tgcaptcha2-0.3.1-1.fc23 (FEDORA-2016-d7dafbf27f) TurboGears captcha plugin -------------------------------------------------------------------------------- Update Information:
Implemented nonces to prevent replay attack (DWF-2016-89000). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1316083 - tgcaptcha does not have any prevention against replay attacks https://bugzilla.redhat.com/show_bug.cgi?id=1316083 --------------------------------------------------------------------------------
================================================================================ python3-cherrypy-5.0.1-2.fc23 (FEDORA-2016-3966c860f7) Pythonic, object-oriented web development framework -------------------------------------------------------------------------------- Update Information:
Updated to a new upstream version 5.0.1, added 2 patches for CherryPy to build against python 3.5 (>=fedora24), which changed some APIs. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1307958 - python3-cherrypy: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307958 [ 2 ] Bug #1292639 - python3-cherrypy-5.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1292639 --------------------------------------------------------------------------------
================================================================================ samba-4.3.6-0.fc23 (FEDORA-2016-ed1587f6ba) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information:
Update to Samba 4.3.6, fixes CVE-2015-7560 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1315942 - CVE-2015-7560 samba: Incorrect ACL get/set allowed on symlink path [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1315942 --------------------------------------------------------------------------------
================================================================================ tvtime-1.0.10-2.fc23 (FEDORA-2016-da412774c1) A high quality TV viewer -------------------------------------------------------------------------------- Update Information:
- New upstream release 1.0.10 - Honor CFLAGS (no -03 no -fomit-framepointer) when building - Fix crash when running "tvtime -v" on x86_64 (rhbz1315619) - The tvtime patches from tvtime-1.0.8-4.fc23 were all incorporated upstream. - Translation updates -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1315619 - tvtime cpuinfo.c: gcc only copies lower 32 bits of array address to pointer on assignment ? https://bugzilla.redhat.com/show_bug.cgi?id=1315619 --------------------------------------------------------------------------------
================================================================================ xen-4.5.2-9.fc23 (FEDORA-2016-f4504e9445) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information:
Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714 (#1296080) Qemu: i386: null pointer dereference in vapic_write() CVE-2016-1922 (#1292767) qemu: Stack-based buffer overflow in megasas_ctrl_get_info CVE-2015-8613 (#1293305) qemu-kvm: Infinite loop and out-of-bounds transfer start in start_xmit() and e1000_receive_iov() CVE-2016-1981 (#1299996) Qemu: usb ehci out-of-bounds read in ehci_process_itd (#1300235) Qemu: usb: ehci null pointer dereference in ehci_caps_write CVE-2016-2198 (#1303135) Qemu: net: ne2000: infinite loop in ne2000_receive CVE-2016-2841 (#1304048) Qemu: usb: integer overflow in remote NDIS control message handling CVE-2016-2538 (#1305816) Qemu: usb: null pointer dereference in remote NDIS control message handling CVE-2016-2392 (#1307116) Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference CVE-2016-2391 (#1308882) Qemu: net: out of bounds read in net_checksum_calculate() CVE-2016-2857 (#1309565) Qemu: OOB access in address_space_rw leads to segmentation fault CVE-2015-8817 CVE-2015-8818 (#1313273) Qemu: rng-random: arbitrary stack based allocation leading to corruption CVE-2016-2858 (#1314678) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1296060 - CVE-2016-1714 Qemu: nvram: OOB r/w access in processing firmware configurations https://bugzilla.redhat.com/show_bug.cgi?id=1296060 [ 2 ] Bug #1283934 - CVE-2016-1922 Qemu: i386: null pointer dereference in vapic_write() https://bugzilla.redhat.com/show_bug.cgi?id=1283934 [ 3 ] Bug #1284008 - CVE-2015-8613 Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info https://bugzilla.redhat.com/show_bug.cgi?id=1284008 [ 4 ] Bug #1298570 - CVE-2016-1981 Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines https://bugzilla.redhat.com/show_bug.cgi?id=1298570 [ 5 ] Bug #1299455 - Qemu: usb ehci out-of-bounds read in ehci_process_itd https://bugzilla.redhat.com/show_bug.cgi?id=1299455 [ 6 ] Bug #1301643 - CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write https://bugzilla.redhat.com/show_bug.cgi?id=1301643 [ 7 ] Bug #1303106 - CVE-2016-2841 Qemu: net: ne2000: infinite loop in ne2000_receive https://bugzilla.redhat.com/show_bug.cgi?id=1303106 [ 8 ] Bug #1303120 - CVE-2016-2538 Qemu: usb: integer overflow in remote NDIS control message handling https://bugzilla.redhat.com/show_bug.cgi?id=1303120 [ 9 ] Bug #1302299 - CVE-2016-2392 Qemu: usb: null pointer dereference in remote NDIS control message handling https://bugzilla.redhat.com/show_bug.cgi?id=1302299 [ 10 ] Bug #1304794 - CVE-2016-2391 Qemu: usb: multiple eof_timers in ohci module leads to null pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1304794 [ 11 ] Bug #1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate() https://bugzilla.redhat.com/show_bug.cgi?id=1296567 [ 12 ] Bug #1300771 - CVE-2015-8817 CVE-2015-8818 Qemu: OOB access in address_space_rw leads to segmentation fault https://bugzilla.redhat.com/show_bug.cgi?id=1300771 [ 13 ] Bug #1314676 - CVE-2016-2858 Qemu: rng-random: arbitrary stack based allocation leading to corruption https://bugzilla.redhat.com/show_bug.cgi?id=1314676 --------------------------------------------------------------------------------