The following Fedora 23 Security updates need testing:
Age URL
231
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
188
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
161
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
112
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
111
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
76
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
31
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7
optipng-0.7.6-1.fc23
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7c48036d73
community-mysql-5.6.30-1.fc23
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5733ad20f5
pgpdump-0.30-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2aae0dbc5
botan-1.10.13-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5b2eb0bf9c
ntp-4.2.6p5-40.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-78ad11154f
ocaml-4.02.2-5.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6f479decc6
owncloud-8.2.4-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7edf033fd8
squid-3.5.10-3.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d900003e6
kernel-4.4.9-300.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2e2b178ea
jackson-dataformat-xml-2.5.0-3.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff070e8faa
imlib2-1.4.9-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-609627f8f5
ioprocess-0.15.1-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-68abc0be35 glibc-2.22-15.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-88778482ea lorax-23.21-1.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0a2ca2016e
xulrunner-44.0-6.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-afa56613ca
lxsession-0.5.2-9.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-035c5cc546 taglib-1.11-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-66b78d4812
pulseaudio-7.1-1.fc23.1
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff070e8faa
imlib2-1.4.9-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-edcdaedcc0
livecd-tools-23.3-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d900003e6
kernel-4.4.9-300.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b23268e0fc
xdg-utils-1.1.1-4.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-68abc0be35 glibc-2.22-15.fc23
The following builds have been pushed to Fedora 23 updates-testing
R-zoo-1.7.13-3.fc23
armadillo-6.700.6-1.fc23
drush-6.7.0-1.fc23
glibc-2.22-15.fc23
glogg-1.1.1-1.fc23
gnome-chemistry-utils-0.14.12-2.fc23
gnumeric-1.12.29-1.fc23
goffice-0.10.29-1.fc23
guitarix-0.35.0-2.fc23
kf5-knotifications-5.21.0-3.fc23
kf5-knotifyconfig-5.21.0-2.fc23
libchewing-0.5.0-1.fc23
lshell-0.9.18-1.fc23
medusa-2.2-1.fc23
perl-Net-Twitter-4.01020-1.fc23
Details about builds:
================================================================================
R-zoo-1.7.13-3.fc23 (FEDORA-2016-a6212824bb)
Z's ordered observations for irregular time series
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable release with following list of fixes: * The
window() method erroneously dropped the dimension in case of 1-column zoo
series; * Bug fix in NA handling of `rollmax()`; * A few `as.yearmon/as.yearqtr`
methods were not registered in the NAMESPACE but are now; * If there are less
then two non-NAs in `na.approx()` then `approx()` cannot be applied. Instead of
throwing an error (as up to version 1.7-12) simply no NAs are replaced now; *
Bug fix for `lag(z, k = k, na.pad = TRUE)` which ignored `na.pad = TRUE` if 'k'
was a vector of lags.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1332743 - R-zoo-1.7-13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1332743
--------------------------------------------------------------------------------
================================================================================
armadillo-6.700.6-1.fc23 (FEDORA-2016-88714cade1)
Fast C++ matrix library with interfaces to LAPACK and ATLAS
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable release. * fix for handling empty matrices by
`kron()` * fix for clang warning in advanced matrix constructors * fix for
false deprecated warning in `trunc_log()` and `trunc_exp()` * fix for gcc-6.1
warning about misleading indentation * corrected documentation for the
`solve()` function
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329890 - armadillo-6.700.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1329890
--------------------------------------------------------------------------------
================================================================================
drush-6.7.0-1.fc23 (FEDORA-2016-e56e2e2811)
Command line shell and scripting interface for Drupal
--------------------------------------------------------------------------------
Update Information:
### NOTE: This package replaces the 6.2.0 version PEAR package `php-drush-drush`
which was installed at `/usr/share/pear/drush/`. This package installs at
`/usr/share/drush/` instead. ### For release information, see:
https://github.com/drush-ops/drush/releases Drush is a command line shell and
Unix scripting interface for Drupal. If you are unfamiliar with shell scripting,
reviewing the documentation for your shell (e.g. man bash) or reading an online
tutorial (e.g. search for "bash tutorial") will help you get the most out of
Drush. Drush core ships with lots of useful commands for interacting with code
like modules/themes/profiles. Similarly, it runs update.php, executes sql
queries and DB migrations, and misc utilities like run cron or clear cache.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1244571 - Review Request: drush - Command line shell and scripting interface
for Drupal
https://bugzilla.redhat.com/show_bug.cgi?id=1244571
--------------------------------------------------------------------------------
================================================================================
glibc-2.22-15.fc23 (FEDORA-2016-68abc0be35)
The GNU libc libraries
--------------------------------------------------------------------------------
Update Information:
This update contains minor security fixes (for CVE-2016-3075, CVE-2016-1234,
CVE-2015-8778, CVE-2015-8776, CVE-2014-9761, CVE-2015-8779) and collects fixes
for bugs encountered by Fedora users.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1316972 - glibc: NULL pointer dereference in stub resolver with unconnectable
name server addresses
https://bugzilla.redhat.com/show_bug.cgi?id=1316972
[ 2 ] Bug #1321861 - glibc: "getent group" listing using nss_db fails when
entries are long
https://bugzilla.redhat.com/show_bug.cgi?id=1321861
[ 3 ] Bug #1313404 - Test suite failure: elf/tst-audit10 and elf/tst-audit4
https://bugzilla.redhat.com/show_bug.cgi?id=1313404
[ 4 ] Bug #1332914 - glibc: Backport nss_dns hardening patches
https://bugzilla.redhat.com/show_bug.cgi?id=1332914
[ 5 ] Bug #1321954 - CVE-2016-3075 glibc: Stack overflow in nss_dns_getnetbyname_r
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1321954
[ 6 ] Bug #1332912 - glibc: nss_hesiod: Heap overflow in get_txt_records
https://bugzilla.redhat.com/show_bug.cgi?id=1332912
[ 7 ] Bug #1333940 - glibc: Avoid build failure in TZ tests
https://bugzilla.redhat.com/show_bug.cgi?id=1333940
[ 8 ] Bug #1332917 - glibc: Deadlock between fflush, getdelim, and fork
https://bugzilla.redhat.com/show_bug.cgi?id=1332917
[ 9 ] Bug #1333945 - glibc: dlerror () returns NULL after dlsym (RTLD_NEXT) of a
non-existent symbol
https://bugzilla.redhat.com/show_bug.cgi?id=1333945
[ 10 ] Bug #1315648 - CVE-2016-1234 glibc: Stack-based buffer overflow in glob with
GLOB_ALTDIRFUNC and crafted directory [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1315648
[ 11 ] Bug #1333901 - glibc: getnameinfo: fix memory leak and incorrect truncation
checks
https://bugzilla.redhat.com/show_bug.cgi?id=1333901
[ 12 ] Bug #1288740 - glibc: tst-makecontext fails on armhfp
https://bugzilla.redhat.com/show_bug.cgi?id=1288740
[ 13 ] Bug #1307234 - strfmon_l does not group digits.
https://bugzilla.redhat.com/show_bug.cgi?id=1307234
[ 14 ] Bug #1300304 - CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300304
[ 15 ] Bug #1300300 - CVE-2015-8776 glibc: Segmentation fault caused by passing
out-of-range data to strftime() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300300
[ 16 ] Bug #1293139 - Invalid memory access in getmntent_r()
https://bugzilla.redhat.com/show_bug.cgi?id=1293139
[ 17 ] Bug #1300311 - CVE-2014-9761 glibc: Unbounded stack allocation in nan* functions
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300311
[ 18 ] Bug #1300314 - CVE-2015-8779 glibc: Unbounded stack allocation in catopen
function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300314
[ 19 ] Bug #1321372 - Incorrect first day of the week for es_CL locale
https://bugzilla.redhat.com/show_bug.cgi?id=1321372
--------------------------------------------------------------------------------
================================================================================
glogg-1.1.1-1.fc23 (FEDORA-2016-495632bedf)
Smart interactive log explorer
--------------------------------------------------------------------------------
Update Information:
New upstream release 1.1.1, rhbz#1329862
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329862 - glogg-1.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1329862
--------------------------------------------------------------------------------
================================================================================
gnome-chemistry-utils-0.14.12-2.fc23 (FEDORA-2016-8c0532c389)
A set of chemical utilities
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest upstream releases of gnumeric and goffice: *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.29.html
--------------------------------------------------------------------------------
================================================================================
gnumeric-1.12.29-1.fc23 (FEDORA-2016-8c0532c389)
Spreadsheet program for GNOME
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest upstream releases of gnumeric and goffice: *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.29.html
--------------------------------------------------------------------------------
================================================================================
goffice-0.10.29-1.fc23 (FEDORA-2016-8c0532c389)
G Office support libraries
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest upstream releases of gnumeric and goffice: *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.29.html
--------------------------------------------------------------------------------
================================================================================
guitarix-0.35.0-2.fc23 (FEDORA-2016-ec38ed6a0c)
Mono amplifier to JACK
--------------------------------------------------------------------------------
Update Information:
Ensure roboto condensed font is pulled in as a dependency ---- * New UI
design/style * disable Gtk warnings in non debug build * add option to
enable LSF support in guitarix * add new MultiBand Clipper * patch waf to
use stdout as default output and write only error messages to stderr. * add
format .w64 to recorder * add configure flag to disable installation of the
MOD stuff * add MXR Distortion and Boss DS1 as LV2 plugins * add new plugin
emulated Boss DS1 distortion * apply patches from V��ctor Cuadrado (Debian
Multimedia team) * add new comandline option -F (set tuner reference pitch at
startup) * add comandline option -t (set tuner temperament) * disable
Fixrate resampler when jack sample rate is higher then the fixed rate * use
96kHz internal samplerate for main amp simulation * use fixed samplerate
(41000Hz) in Pitchtracker to fix tracking of low frequencys at high samplerate
* use the new Musical Artifacts Interface for Online Presets * Add MXR
Distortion plus guitarix plugin * add BigMuffPi guitarix and LV2 plugin *
add gx_aclipper.lv2 (RAT) * add bypass mode for jack insert ports * fix
Guitarix starts with 19-tet tuner, while stating 12-tet * add new configure
option group style with option --install-roboto-font * add check if roboto
condensed is installed * add warning when roboto condensed isn't installed and
--install-roboto-font isn't choosen * use <Control S> to save changes to
current preset, use <Alt s> for show/hide values. * fix detune for inplace
processing * add new distortion gx plugin "RAT" * new French translation by
Fr��d��ric Rech (many thanks fred) * Add new modgui artwork data (even bigger
commit) * Add new modgui ttl files (big commit) * Add references to new
modgui files * fix guitarix crash when plugin fail to instantiate
--------------------------------------------------------------------------------
================================================================================
kf5-knotifications-5.21.0-3.fc23 (FEDORA-2016-b785febb27)
KDE Frameworks 5 Tier 2 solution with abstraction for system notifications
--------------------------------------------------------------------------------
Update Information:
Pull in phonon-related path fixes.
--------------------------------------------------------------------------------
================================================================================
kf5-knotifyconfig-5.21.0-2.fc23 (FEDORA-2016-b785febb27)
KDE Frameworks 5 Tier 3 module for KNotify configuration
--------------------------------------------------------------------------------
Update Information:
Pull in phonon-related path fixes.
--------------------------------------------------------------------------------
================================================================================
libchewing-0.5.0-1.fc23 (FEDORA-2016-a6cc646e5d)
Intelligent phonetic input method library for Traditional Chinese
--------------------------------------------------------------------------------
Update Information:
- Upstream update to 0.5.0
--------------------------------------------------------------------------------
================================================================================
lshell-0.9.18-1.fc23 (FEDORA-2016-5f046ca688)
A Python-based limited shell
--------------------------------------------------------------------------------
Update Information:
Updated to new upstream version 0.9.18 (rhbz#1323254)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1323254 - lshell: Provide a Python 3 subpackage
https://bugzilla.redhat.com/show_bug.cgi?id=1323254
--------------------------------------------------------------------------------
================================================================================
medusa-2.2-1.fc23 (FEDORA-2016-10885379ea)
Parallel brute forcing password cracker
--------------------------------------------------------------------------------
Update Information:
Upstream official release of 2.2
--------------------------------------------------------------------------------
================================================================================
perl-Net-Twitter-4.01020-1.fc23 (FEDORA-2016-59dde4bfcf)
Perl interface to the Twitter API
--------------------------------------------------------------------------------
Update Information:
Upgrade to 4.01020 (bz#1323532)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1323532 - perl-Net-Twitter-4.01020 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1323532
--------------------------------------------------------------------------------