The following Fedora 24 Security updates need testing: Age URL 68 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 52 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f chicken-4.11.0-3.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-be779371b4 perl-Image-Info-1.38-6.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-53e8aa35f6 ghostscript-9.20-2.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-282507c3e9 libass-0.13.4-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bc51f4636f libgit2-0.24.2-2.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e57edc4cc glibc-arm-linux-gnu-2.24-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea compat-guile18-1.8.8-14.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4b5897686 epiphany-3.20.4-1.fc24 webkitgtk4-2.14.1-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-57b72e526c jasper-1.900.3-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-34209c3a8e guile-2.0.13-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7a30285647 php-5.6.27-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b9cb75981a php-pecl-zip-1.13.5-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a56fb613a8 qemu-2.6.2-2.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9 pungi-4.1.10-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c9d0d9a4f mpfr-3.1.5-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79b5ab3437 pcre-8.39-4.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e51ac2b4f5 thunderbird-45.4.0-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-57b72e526c jasper-1.900.3-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8c47413113 libXi-1.7.7-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b157bf653 gnome-settings-daemon-3.20.2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-89c831660c control-center-3.20.2-1.fc24 The following builds have been pushed to Fedora 24 updates-testing caja-1.16.0-2.fc24 cjdns-18-3.fc24 control-center-3.20.2-1.fc24 eog-3.20.5-1.fc24 eog-plugins-3.16.5-1.fc24 findbugs-contrib-6.8.0-1.fc24 frogr-1.2-1.fc24 ghex-3.18.3-1.fc24 gnome-settings-daemon-3.20.2-1.fc24 mate-notification-daemon-1.16.0-2.fc24 monit-5.19.0-1.fc24 perl-App-Cmd-0.330-3.fc24 perl-Specio-0.30-1.fc24 purple-skypeweb-1.2.2-3.20161015gitd23eab9.fc24 qemu-2.6.2-2.fc24 vulkan-1.0.30.0-1.fc24 Details about builds: ================================================================================ caja-1.16.0-2.fc24 (FEDORA-2016-07b0a24a39) File manager for MATE -------------------------------------------------------------------------------- Update Information: - fix desktop redraw issues https://github.com/mate-desktop/caja/issues/659 -------------------------------------------------------------------------------- ================================================================================ cjdns-18-3.fc24 (FEDORA-2016-99aa725ff8) The privacy-friendly network without borders -------------------------------------------------------------------------------- Update Information: New upstream release has protocol 18 which supports supernodes. Supernode/Subnode code is still a work in progress with this release, so it is disabled. Fedora and EL7 use libsodium, as it gives the best performance with a dynamic library. EL6 uses the bundled NaCl library to avoid the libstdc++ dependency of the dynamic library. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383844 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383844 -------------------------------------------------------------------------------- ================================================================================ control-center-3.20.2-1.fc24 (FEDORA-2016-89c831660c) Utilities to configure the GNOME desktop -------------------------------------------------------------------------------- Update Information: gnome-control-center 3.20.2 release. - Fix panel search - Fix some keyboard navigation issues - Translation updates Display: - Ensure only one output is set as primary - Fix possible crash on startup Network: - Fix some SSID escaping issues Power: - Fix hiding wi-fi, mobile broadband toggles - Fix wifi device state when opening power panel Privacy: - React to changes in permissions store - Update for PermissionStore DBus API changes User accounts: - Fix missing records in the history dialog -------------------------------------------------------------------------------- ================================================================================ eog-3.20.5-1.fc24 (FEDORA-2016-b63f5be64d) Eye of GNOME image viewer -------------------------------------------------------------------------------- Update Information: eog 3.20.5 and eog-plugins 3.16.5 releases. -------------------------------------------------------------------------------- ================================================================================ eog-plugins-3.16.5-1.fc24 (FEDORA-2016-b63f5be64d) A collection of plugins for the eog image viewer -------------------------------------------------------------------------------- Update Information: eog 3.20.5 and eog-plugins 3.16.5 releases. -------------------------------------------------------------------------------- ================================================================================ findbugs-contrib-6.8.0-1.fc24 (FEDORA-2016-5baf788c91) Extra findbugs detectors -------------------------------------------------------------------------------- Update Information: Update to 6.8.0. Detectors added in this version: * **[DMC] Dubious Map Collection** - Looks for fields that are implementations of `java.util.Map`, but that are only ever iterated over. This probably means that this data structure should be a `List` of some class that holds two values, or at the least `Pair`. `Map` was probably chosen as it was the easiest thing to use, but obfuscates the reason for the data structure. * **[BL] Burying Logic** - Looks for relatively large `if` blocks of code, where you unconditionally `return` from them, and then follow that with an unconditional `return` of a small block. This places the bulk of the logic to the right indentation-wise, making it more difficult to read than needed. It would be better to invert the logic of the `if` block, and immediately `return`, allowing the bulk of the logic to be moved to the left, for easier reading. * **[WI] Wiring Issues** - Looks for various issues around `@Autowired`/`@Inject` fields in DI classes * Injecting the same bean twice into the same class hierarchy, even with different field names * **[CCI] Concurrent Collection Issues** - Looks for various issues around using concurrent collections including: * Using `get`/`put` with collection values, when you should use `putIfAbsent` -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383534 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383534 -------------------------------------------------------------------------------- ================================================================================ frogr-1.2-1.fc24 (FEDORA-2016-9d5995ef73) Flickr Remote Organizer for GNOME -------------------------------------------------------------------------------- Update Information: frogr 1.2 release. * Added flatpak support. * Improved content inside the AppData file. * Fix cancellation of the image upload process. * Remove build-dependency on intltool, now relying on gettext only. -------------------------------------------------------------------------------- ================================================================================ ghex-3.18.3-1.fc24 (FEDORA-2016-cc98ad7d39) Binary editor for GNOME -------------------------------------------------------------------------------- Update Information: ghex 3.18.3 release with translation updates. -------------------------------------------------------------------------------- ================================================================================ gnome-settings-daemon-3.20.2-1.fc24 (FEDORA-2016-3b157bf653) The daemon sharing settings from GNOME to GTK+/KDE applications -------------------------------------------------------------------------------- Update Information: gnome-settings-daemon 3.20.2 release. Color: - Ignore fake VNC devices Media keys: - Fix a crash setting a headset Power: - Ensure we blank the screen when locked Sharing: - Fix crash on exit Smartcard: - Complete activation task right away if no drivers - Fix crash on startup Wacom: - Don't segfault when a device is removed while being configured - Fix hot(un)plug related crashes - Fix memory leaks - Avoid warnings when switching VTs XSettings: - Fix keynav-use-caret setting not working -------------------------------------------------------------------------------- ================================================================================ mate-notification-daemon-1.16.0-2.fc24 (FEDORA-2016-d66bd8243f) Notification daemon for MATE Desktop -------------------------------------------------------------------------------- Update Information: - Fix bold formatting -------------------------------------------------------------------------------- References: [ 1 ] Bug #1384691 - None https://bugzilla.redhat.com/show_bug.cgi?id=1384691 -------------------------------------------------------------------------------- ================================================================================ monit-5.19.0-1.fc24 (FEDORA-2016-dd45a7f090) Manages and monitors processes, files, directories and devices -------------------------------------------------------------------------------- Update Information: Updates Monit to 5.19.0. Please note that this update may require minor updates to your configuration files if you wish to preserve identical behaviour to 5.14.0. See https://mmonit.com/monit/changes for details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1325633 - None https://bugzilla.redhat.com/show_bug.cgi?id=1325633 -------------------------------------------------------------------------------- ================================================================================ perl-App-Cmd-0.330-3.fc24 (FEDORA-2016-49887ecd61) Write command line apps with less suffering -------------------------------------------------------------------------------- Update Information: The upstream tests have been removed from the package, per user request. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385280 - None https://bugzilla.redhat.com/show_bug.cgi?id=1385280 -------------------------------------------------------------------------------- ================================================================================ perl-Specio-0.30-1.fc24 (FEDORA-2016-1c83659a90) Type constraints and coercions for Perl -------------------------------------------------------------------------------- Update Information: Minor bugfix for a corner case. -------------------------------------------------------------------------------- ================================================================================ purple-skypeweb-1.2.2-3.20161015gitd23eab9.fc24 (FEDORA-2016-154d41a128) Adds support for Skype to Pidgin -------------------------------------------------------------------------------- Update Information: Fixed warning. ---- * Updated to version 1.2.2. * Fixed accounts login. ---- * Updated to version 1.2.2. * Fixed non-Live logins. -------------------------------------------------------------------------------- ================================================================================ qemu-2.6.2-2.fc24 (FEDORA-2016-a56fb613a8) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bz #1360600) * CVE-2016-6833: vmxnet3: use-after-free (bz #1368982) * CVE-2016-6490: virtio: infinite loop in virtqueue_pop (bz #1361428) * CVE-2016-7156: pvscsi: infinite loop when building SG list (bz #1373480) * CVE-2016-7170: vmware_vga: OOB stack memory access (bz #1374709) * CVE-2016-7161: net: Heap overflow in xlnx.xps- ethernetlite (bz #1379298) * CVE-2016-7466: usb: xhci memory leakage during device unplug (bz #1377838) * CVE-2016-7422: virtio: null pointer dereference (bz #1376756) * CVE-2016-7908: net: Infinite loop in mcf_fec_do_tx (bz #1381193) * CVE-2016-8576: usb: xHCI: infinite loop vulnerability (bz #1382322) * CVE-2016-7995: usb: hcd-ehci: memory leak (bz #1382669) * Don't depend on edk2 roms where they aren't available (bz #1373576) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1360599 - CVE-2016-6351 Qemu: scsi: esp: OOB write access in esp_do_dma https://bugzilla.redhat.com/show_bug.cgi?id=1360599 [ 2 ] Bug #1368980 - CVE-2016-6833 Qemu: net: vmxnet3: use-after-free while writing to device https://bugzilla.redhat.com/show_bug.cgi?id=1368980 [ 3 ] Bug #1361427 - CVE-2016-6490 Qemu: virtio: infinite loop in virtqueue_pop https://bugzilla.redhat.com/show_bug.cgi?id=1361427 [ 4 ] Bug #1373478 - CVE-2016-7156 Qemu: scsi: pvscsi: infintie loop when building SG list https://bugzilla.redhat.com/show_bug.cgi?id=1373478 [ 5 ] Bug #1374702 - CVE-2016-7170 Qemu: vmware_vga: OOB stack memory access when processing svga command https://bugzilla.redhat.com/show_bug.cgi?id=1374702 [ 6 ] Bug #1379297 - CVE-2016-7161 qemu: hw: net: Heap overflow in xlnx.xps-ethernetlite https://bugzilla.redhat.com/show_bug.cgi?id=1379297 [ 7 ] Bug #1377837 - CVE-2016-7466 Qemu: usb: xhci memory leakage during device unplug https://bugzilla.redhat.com/show_bug.cgi?id=1377837 [ 8 ] Bug #1376755 - CVE-2016-7422 Qemu: virtio: null pointer dereference in virtqueu_map_desc https://bugzilla.redhat.com/show_bug.cgi?id=1376755 [ 9 ] Bug #1327465 - CVE-2016-7908 Qemu: net: Infinite loop in mcf_fec_do_tx() https://bugzilla.redhat.com/show_bug.cgi?id=1327465 [ 10 ] Bug #1333425 - CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch https://bugzilla.redhat.com/show_bug.cgi?id=1333425 [ 11 ] Bug #1382668 - CVE-2016-7995 Qemu: usb: hcd-ehci: memory leak in ehci_process_itd https://bugzilla.redhat.com/show_bug.cgi?id=1382668 -------------------------------------------------------------------------------- ================================================================================ vulkan-1.0.30.0-1.fc24 (FEDORA-2016-e3b237ed43) Vulkan loader and validation layers -------------------------------------------------------------------------------- Update Information: Update ---- Add wayland support -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383115 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383115 --------------------------------------------------------------------------------