The following Fedora 24 Security updates need testing:
Age URL
83
https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24
66
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f
chicken-4.11.0-3.fc24
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea
compat-guile18-1.8.8-14.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-59316cf667 tor-0.2.8.9-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0f0d48142
jasper-1.900.13-1.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1b01b9278
tomcat-8.0.38-1.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-73054cfeeb
java-1.8.0-openjdk-aarch32-1.8.0.102-7.160812.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c9d15bbcbb
kdepimlibs-4.14.10-15.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cae6456f63
quagga-0.99.24.1-4.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c671aae490
chromium-native_client-54.0.2840.59-1.20161013git090f907.fc24
chromium-54.0.2840.71-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-160ec6525e
libwebp-0.5.1-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-00d2f5c19f
mingw-libwebp-0.5.1-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0d1a8ee35b xen-4.6.3-7.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9
pungi-4.1.10-1.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3eaf049e56
libfm-1.2.4-8.D20161017git82b3a1a201.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3d5c976bf8
menu-cache-1.0.1-3.D20161021git441f0ca9a1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0f0d48142
jasper-1.900.13-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-be63aafd32
libarchive-3.2.2-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f4c0c9930
libraw1394-2.1.2-1.fc24
The following builds have been pushed to Fedora 24 updates-testing
calamares-2.4.3-1.fc24
ghc-rpm-macros-1.4.17-1.fc24
perl-Devel-Timer-0.09-1.fc24
php-markdown-1.7.0-1.fc24
php-ocramius-code-generator-utils-0.3.2-4.fc24
php-ocramius-generated-hydrator-1.2.0-1.fc24
php-ocramius-proxy-manager-1.0.2-2.fc24
psad-2.4.3-3.fc24
python-wand-0.4.4-1.fc24
sigul-0.202-0.fc24
snap-confine-1.0.44-2.fc24
votca-csg-1.4-1.fc24
votca-tools-1.4-1.fc24
votca-xtp-1.4-1.fc24
xen-4.6.3-7.fc24
zsh-syntax-highlighting-0.5.0-1.fc24
Details about builds:
================================================================================
calamares-2.4.3-1.fc24 (FEDORA-2016-426a9a785c)
Installer from a live CD/DVD/USB to disk
--------------------------------------------------------------------------------
Update Information:
An update of Calamares to the latest upstream release, version 2.4.3. What is
new compared to the calamares-2.4.2-3 packages: * fixed user creation so it
obeys the list of default groups for new users; * added Deepin support to the
`displaymanager` module; * fixed an issue which could cause a failed install
with LUKS if other LUKS partitions are already present. Note that the changes
to support LUKS full disk encryption with `dracut` (including the added support
for C++/Qt batch job plugins, used for the new `dracutlukscfg` module) are now
included in the upstream release. (They have been backported from the master
branch to the 2.4.x stable branch upstream.) These changes were already
backported in the calamares-2.4.2-3 Fedora packages and are thus not listed
above.
--------------------------------------------------------------------------------
================================================================================
ghc-rpm-macros-1.4.17-1.fc24 (FEDORA-2016-812064dd22)
RPM macros for building Haskell packages for GHC
--------------------------------------------------------------------------------
Update Information:
Backports from F25 including: - support for subpackaging with ghc_libs_build
and ghc_libs_install - %ghc_lib_subpackage now also accepts pkg-ver without
hyphen - new ghc_fix_rpath macro - ghc_gen_filelists now handles license files
automatically - set Cabal docdir to licensedir so licenses end up in right place
- ghc_lib_subpackage now takes name-version
--------------------------------------------------------------------------------
================================================================================
perl-Devel-Timer-0.09-1.fc24 (FEDORA-2016-a7839eddaa)
Track and report execution time for parts of code
--------------------------------------------------------------------------------
Update Information:
0.09 2016.10.19 MANWAR --- - Tidied up pod document in general and documented
method report().
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1386663 - perl-Devel-Timer-0.09 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1386663
--------------------------------------------------------------------------------
================================================================================
php-markdown-1.7.0-1.fc24 (FEDORA-2016-c889de3d9d)
Markdown implementation in PHP
--------------------------------------------------------------------------------
Update Information:
**PHP Markdown Lib 1.7.0** (29 Oct 2016) * Added a `hard_wrap`
configuration variable to make all newline characters in the text
become `<br>` tags in the HTML output. By default, according to the
standard Markdown syntax these newlines are ignored unless they a
preceded by two spaces. Thanks to Jonathan Cohlmeyer for the implementation. *
Improved the parsing of list items to fix problematic cases that came to
light with the addition of `hard_wrap`. This should have no effect on the
output except span-level list items that ended with two spaces (and thus
ended with a line break). * Added a `code_span_content_func`
configuration variable which takes a function that will convert the
content of the code span to HTML. This can be useful to implement syntax
highlighting. Although contrary to its code block equivalent, there is
no syntax for specifying a language. Credits to styxit for the
implementation. * Fixed a Markdwon Extra issue where two-space-at-end-of-
line hard breaks wouldn't work inside of HTML block elements such as
`<p markdown="1">` where the element expects only span-level
content.
* In the parser code, switched to PHPDoc comment format. Thanks to
Robbie Averill for the help. Packaging change: * switch to
fedora/autoloader
--------------------------------------------------------------------------------
================================================================================
php-ocramius-code-generator-utils-0.3.2-4.fc24 (FEDORA-2016-4cc636c1d4)
A set of code generator utilities built on top of PHP-Parsers
--------------------------------------------------------------------------------
Update Information:
## php-ocramius-proxy-manager ### 1.0.2 * 249: Weird problem with
FileWriterGeneratorStrategy * 250: Hotfix - #249 file writer generator strategy
rename failures * 254: Please check 1.0.1 tag ### 1.0.1 * 249: Weird problem
with FileWriterGeneratorStrategy * 250: Hotfix - #249 file writer generator
strategy rename failures --- ## php-ocramius-generated-hydrator RPM: Added
autoloader ### 1.2.0 * 31: travis add php 7 + hhvm-nightly * 34: update
manual's url to "current" instead of specified version at README * 41: Tag
release allowing PHP 7 in Composer dependencies list --- ## php-ocramius-code-
generator-utils RPM: Added autoloader
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1350615 - php-ocramius-proxy-manager: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1350615
[ 2 ] Bug #1251784 - php-ocramius-proxy-manager-1.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1251784
--------------------------------------------------------------------------------
================================================================================
php-ocramius-generated-hydrator-1.2.0-1.fc24 (FEDORA-2016-4cc636c1d4)
An object hydrator
--------------------------------------------------------------------------------
Update Information:
## php-ocramius-proxy-manager ### 1.0.2 * 249: Weird problem with
FileWriterGeneratorStrategy * 250: Hotfix - #249 file writer generator strategy
rename failures * 254: Please check 1.0.1 tag ### 1.0.1 * 249: Weird problem
with FileWriterGeneratorStrategy * 250: Hotfix - #249 file writer generator
strategy rename failures --- ## php-ocramius-generated-hydrator RPM: Added
autoloader ### 1.2.0 * 31: travis add php 7 + hhvm-nightly * 34: update
manual's url to "current" instead of specified version at README * 41: Tag
release allowing PHP 7 in Composer dependencies list --- ## php-ocramius-code-
generator-utils RPM: Added autoloader
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1350615 - php-ocramius-proxy-manager: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1350615
[ 2 ] Bug #1251784 - php-ocramius-proxy-manager-1.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1251784
--------------------------------------------------------------------------------
================================================================================
php-ocramius-proxy-manager-1.0.2-2.fc24 (FEDORA-2016-4cc636c1d4)
OOP proxy wrappers utilities
--------------------------------------------------------------------------------
Update Information:
## php-ocramius-proxy-manager ### 1.0.2 * 249: Weird problem with
FileWriterGeneratorStrategy * 250: Hotfix - #249 file writer generator strategy
rename failures * 254: Please check 1.0.1 tag ### 1.0.1 * 249: Weird problem
with FileWriterGeneratorStrategy * 250: Hotfix - #249 file writer generator
strategy rename failures --- ## php-ocramius-generated-hydrator RPM: Added
autoloader ### 1.2.0 * 31: travis add php 7 + hhvm-nightly * 34: update
manual's url to "current" instead of specified version at README * 41: Tag
release allowing PHP 7 in Composer dependencies list --- ## php-ocramius-code-
generator-utils RPM: Added autoloader
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1350615 - php-ocramius-proxy-manager: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1350615
[ 2 ] Bug #1251784 - php-ocramius-proxy-manager-1.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1251784
--------------------------------------------------------------------------------
================================================================================
psad-2.4.3-3.fc24 (FEDORA-2016-d0c111aa20)
Port Scan Attack Detector (psad) watches for suspect traffic
--------------------------------------------------------------------------------
Update Information:
Many changes since the last 2.2.1 release available in Fedora. The most
important ones are: * Added support for reading syslog messages from journalctl
* Added support for systems with 'firewalld' * Dropped the bundled whois client
(system whois client will be used instead if available) * Added native systemd
service unit * Added missing SELinux rules preventing psad from running Full
upstream changelog:
https://github.com/mrash/psad/blob/master/ChangeLog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1040425 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1040425
[ 2 ] Bug #1354548 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1354548
--------------------------------------------------------------------------------
================================================================================
python-wand-0.4.4-1.fc24 (FEDORA-2016-4b6cb71fb8)
Ctypes-based simple MagickWand API binding for Python
--------------------------------------------------------------------------------
Update Information:
Updated to Wand Version 0.4.4.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387848 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1387848
--------------------------------------------------------------------------------
================================================================================
sigul-0.202-0.fc24 (FEDORA-2016-05345bee7d)
A signing server and related software client
--------------------------------------------------------------------------------
Update Information:
Upstream update to fix some bugs and implement Docker signing with the Skopeo
model.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1374535 - OSTree support should be optional
https://bugzilla.redhat.com/show_bug.cgi?id=1374535
[ 2 ] Bug #991154 - Validate NSS passphrase on startup
https://bugzilla.redhat.com/show_bug.cgi?id=991154
--------------------------------------------------------------------------------
================================================================================
snap-confine-1.0.44-2.fc24 (FEDORA-2016-c579dae0b4)
Confinement system for snap applications
--------------------------------------------------------------------------------
Update Information:
Configure for different /snap directory to match snapd
--------------------------------------------------------------------------------
================================================================================
votca-csg-1.4-1.fc24 (FEDORA-2016-7188d2847c)
VOTCA coarse-graining engine
--------------------------------------------------------------------------------
Update Information:
Version bump to 1.4
--------------------------------------------------------------------------------
================================================================================
votca-tools-1.4-1.fc24 (FEDORA-2016-7188d2847c)
VOTCA tools library
--------------------------------------------------------------------------------
Update Information:
Version bump to 1.4
--------------------------------------------------------------------------------
================================================================================
votca-xtp-1.4-1.fc24 (FEDORA-2016-7188d2847c)
VOTCA excitation and charge properties module
--------------------------------------------------------------------------------
Update Information:
Version bump to 1.4
--------------------------------------------------------------------------------
================================================================================
xen-4.6.3-7.fc24 (FEDORA-2016-0d1a8ee35b)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
several qemu security fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333425 - CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in
xhci_ring_fetch
https://bugzilla.redhat.com/show_bug.cgi?id=1333425
[ 2 ] Bug #1383291 - CVE-2016-8578 Qemu: 9pfs: potential NULL dereferencein 9pfs
routines
https://bugzilla.redhat.com/show_bug.cgi?id=1383291
[ 3 ] Bug #1384909 - CVE-2016-8669 Qemu: char: divide by zero error in
serial_update_parameters
https://bugzilla.redhat.com/show_bug.cgi?id=1384909
[ 4 ] Bug #1388046 - CVE-2016-8910 Qemu: net: rtl8139: infinite loop while transmit in
C+ mode
https://bugzilla.redhat.com/show_bug.cgi?id=1388046
[ 5 ] Bug #1327626 - Qemu: timer: a9gtimer: Infinite loop unfolds when updating
a9gtimer
https://bugzilla.redhat.com/show_bug.cgi?id=1327626
[ 6 ] Bug #1389642 - Qemu: 9pfs: information leakage via xattr
https://bugzilla.redhat.com/show_bug.cgi?id=1389642
[ 7 ] Bug #1389550 - Qemu: 9pfs: memory leakage when creating extended attribute
https://bugzilla.redhat.com/show_bug.cgi?id=1389550
[ 8 ] Bug #1389702 - Qemu: 9pfs: memory leakage in v9fs_link
https://bugzilla.redhat.com/show_bug.cgi?id=1389702
[ 9 ] Bug #1389712 - Qemu: 9pfs: memory leakage in v9fs_write
https://bugzilla.redhat.com/show_bug.cgi?id=1389712
[ 10 ] Bug #1389686 - Qemu: 9pfs: integer overflow leading to OOB access
https://bugzilla.redhat.com/show_bug.cgi?id=1389686
--------------------------------------------------------------------------------
================================================================================
zsh-syntax-highlighting-0.5.0-1.fc24 (FEDORA-2016-75b0c56bc7)
Fish shell like syntax highlighting for Zsh
--------------------------------------------------------------------------------
Update Information:
Update to 0.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1389583 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1389583
--------------------------------------------------------------------------------