The following Fedora 24 Security updates need testing:
Age URL
89
https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df
jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24
58
https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08
squid-3.5.23-1.fc24
51
https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24
15
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba9c6a3634
quagga-0.99.24.1-5.fc24
14
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba
runc-1.0.0-5.rc2.gitc91b5be.fc24
11
https://bodhi.fedoraproject.org/updates/FEDORA-2017-22828d4bdb redis-3.2.7-1.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-18d3fc2ec1
python-peewee-2.8.5-2.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a5b89363f
libwmf-0.2.8.4-50.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d5fb74cd2e
zoneminder-1.28.1-8.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-fa4e441e03
netpbm-10.77.00-3.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-404f1a29fc
mingw-gtk-vnc-0.7.0-1.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a9e6a5c249
gtk-vnc-0.7.0-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-27099c270a
bind-9.10.4-3.P6.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9b2cf468d5 vim-8.0.324-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-abbfa3f1a9
python-cjson-1.1.0-9.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3893b6e15b
mingw-wavpack-5.1.0-1.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bf34bc83ba
python-tqdm-4.11.2-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-844445f2aa mupdf-1.10a-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-40d29c8e84
kopete-16.12.2-2.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-33cb46c6b0
diffoscope-77-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-624e2eeda0
mujs-0-8.20170124git4006739.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-13b5cb36c3
plasma-desktop-5.8.5-4.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1abcbe695
webkitgtk4-2.14.5-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-05e32fe278 xrdp-0.9.1-3.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-787bc0d5b4
kernel-4.9.10-100.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-176122b6c4
ntfs-3g-2016.2.22-4.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-85415b3949 lua-5.3.4-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9b2cf468d5 vim-8.0.324-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-acb5ebda45 audit-2.7.2-2.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-37dac69023
baloo-widgets-16.12.2-1.fc24 dolphin-16.12.2-1.fc24 dolphin-plugins-16.12.2-1.fc24
kate-16.12.2-1.fc24 kdelibs-4.14.29-1.fc24 kde-runtime-16.12.2-2.fc24
konsole5-16.12.2-1.fc24 khelpcenter-16.12.2-1.fc24 kde-l10n-16.12.2-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-787bc0d5b4
kernel-4.9.10-100.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a8dc348834 pcre-8.40-2.fc24
The following builds have been pushed to Fedora 24 updates-testing
R-littler-0.3.2-1.fc24
antlrworks-1.5.2-5.fc24
boomaga-0.8.0-8.gitb495615.fc24
cereal-1.2.2-1.fc24
cinnamon-3.2.8-13.fc24
community-mysql-5.7.17-4.fc24
copy-jdk-configs-2.2-1.fc24
cscppc-1.3.2-1.fc24
csdiff-1.3.2-1.fc24
csmock-2.0.3-1.fc24
cswrap-1.3.4-1.fc24
digikam-5.4.0-1.fc24.1
gwenview-16.12.2-1.fc24
iio-sensor-proxy-2.2-1.fc24
kamera-16.12.2-1.fc24
kcolorchooser-16.12.2-1.fc24
kdegraphics-thumbnailers-16.12.2-1.fc24
kernel-4.9.10-100.fc24
kf5-libkdcraw-16.12.2-1.fc24
kf5-libkexiv2-16.12.2-1.fc24
kf5-libkface-16.12.2-1.fc24
kf5-libkipi-16.12.2-1.fc24
kf5-libksane-16.12.2-1.fc24
kolourpaint-16.12.2-1.fc24
kruler-16.12.2-1.fc24
ksaneplugin-16.12.2-1.fc24
libmfx-1.19-1.20170114gita5ba231.fc24
libsolv-0.6.26-1.fc24
mariadb-10.1.21-3.fc24
metamath-0.139-1.fc24
modulemd-1.1.0-1.fc24
mozilla-https-everywhere-5.2.11-1.fc24
mycli-1.8.1-4.fc24
pcre-8.40-2.fc24
perl-Net-CalDAVTalk-0.10-1.fc24
perl-Net-CardDAVTalk-0.05-1.fc24
perl-String-Compare-ConstantTime-0.312-1.fc24
php-onelogin-php-saml-2.10.3-1.fc24
php-zendframework-zend-mail-2.7.3-1.fc24
quassel-0.12.4-3.fc24
spectacle-16.12.2-1.fc24
strace-4.16-1.fc24
svgpart-16.12.2-1.fc24
tripwire-2.4.3.2-3.fc24
vdr-epg-daemon-1.1.95-1.fc24
webkitgtk4-2.14.5-1.fc24
wmfrog-0.3.1-16.fc24
xrdp-0.9.1-3.fc24
xrootd-4.6.0-3.fc24
Details about builds:
================================================================================
R-littler-0.3.2-1.fc24 (FEDORA-2017-eec1acc91a)
littler: R at the Command-Line via 'r'
--------------------------------------------------------------------------------
Update Information:
New version - see
https://cran.r-project.org/web/packages/littler/news.html for
details.
--------------------------------------------------------------------------------
================================================================================
antlrworks-1.5.2-5.fc24 (FEDORA-2017-a8223f3880)
Grammar development environment for ANTLR v3 grammars
--------------------------------------------------------------------------------
Update Information:
This update provides Appdata data for ANTLRWorks. The package is now build with
Maven also, for better dependency management.
--------------------------------------------------------------------------------
================================================================================
boomaga-0.8.0-8.gitb495615.fc24 (FEDORA-2017-61cf15a0be)
A virtual printer for viewing a document before printing
--------------------------------------------------------------------------------
Update Information:
Update to 8.0-8.gitb495615
--------------------------------------------------------------------------------
================================================================================
cereal-1.2.2-1.fc24 (FEDORA-2017-a57bdfe8d3)
A header-only C++11 serialization library
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422474 - cereal-1.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1422474
--------------------------------------------------------------------------------
================================================================================
cinnamon-3.2.8-13.fc24 (FEDORA-2017-1d4e40da67)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
* Require system-logos instead of fedora-logos
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1421952 - don't require fedora-logos, but rather system-logos
https://bugzilla.redhat.com/show_bug.cgi?id=1421952
--------------------------------------------------------------------------------
================================================================================
community-mysql-5.7.17-4.fc24 (FEDORA-2017-df0e73dc61)
MySQL client programs and shared libraries
--------------------------------------------------------------------------------
Update Information:
Second part of the #1421092 solution. The first part is mariadb-10.1.21-3
update. . Fixed server-client dependency solving.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1421092 - /usr/bin/mysql_plugin from install of
mariadb-server-utils-3:10.1.21-1.fc25.x86_64 conflicts with file from package
community-mysql-5.7.17-1.fc25.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1421092
--------------------------------------------------------------------------------
================================================================================
copy-jdk-configs-2.2-1.fc24 (FEDORA-2017-6f9fb20e98)
JDKs configuration files copier
--------------------------------------------------------------------------------
Update Information:
Attempt to fix rpmsave behavior - Update to 2.2
--------------------------------------------------------------------------------
================================================================================
cscppc-1.3.2-1.fc24 (FEDORA-2017-c1c94fd0cb)
A compiler wrapper that runs cppcheck in background
--------------------------------------------------------------------------------
Update Information:
- update to latest upstream release - update project URL and source URL
--------------------------------------------------------------------------------
================================================================================
csdiff-1.3.2-1.fc24 (FEDORA-2017-c1c94fd0cb)
Non-interactive tools for processing code scan results in plain-text
--------------------------------------------------------------------------------
Update Information:
- update to latest upstream release - update project URL and source URL
--------------------------------------------------------------------------------
================================================================================
csmock-2.0.3-1.fc24 (FEDORA-2017-c1c94fd0cb)
A mock wrapper for Static Analysis tools
--------------------------------------------------------------------------------
Update Information:
- update to latest upstream release - update project URL and source URL
--------------------------------------------------------------------------------
================================================================================
cswrap-1.3.4-1.fc24 (FEDORA-2017-c1c94fd0cb)
Generic compiler wrapper
--------------------------------------------------------------------------------
Update Information:
- update to latest upstream release - update project URL and source URL
--------------------------------------------------------------------------------
================================================================================
digikam-5.4.0-1.fc24.1 (FEDORA-2017-43339a97e4)
A digital camera accessing & photo management application
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
gwenview-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
An image viewer
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
iio-sensor-proxy-2.2-1.fc24 (FEDORA-2017-9cc804668b)
IIO accelerometer sensor to input device proxy
--------------------------------------------------------------------------------
Update Information:
This release fixes iio-sensor-proxy not receiving udev events because of the
excessive lockdown added in version 2.1. This also fixes a possible crash on
startup due to a race condition.
--------------------------------------------------------------------------------
================================================================================
kamera-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
Digital camera support for KDE
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
kcolorchooser-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
A color chooser
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
kdegraphics-thumbnailers-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
Thumbnailers for various graphic types
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
kernel-4.9.10-100.fc24 (FEDORA-2017-787bc0d5b4)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.9.10 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1421638 - CVE-2017-5970 kernel: ipv4: Invalid IP options could cause
skb->dst drop
https://bugzilla.redhat.com/show_bug.cgi?id=1421638
[ 2 ] Bug #1422138 - CVE-2017-5967 kernel: Time subsystem allows local users to discover
real PID values
https://bugzilla.redhat.com/show_bug.cgi?id=1422138
--------------------------------------------------------------------------------
================================================================================
kf5-libkdcraw-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
A C++ interface around LibRaw library
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
kf5-libkexiv2-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
A wrapper around Exiv2 library
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
kf5-libkface-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
A face recognition and detection library
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
kf5-libkipi-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
Common plugin infrastructure for KDE image applications
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
kf5-libksane-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
SANE Library interface for KDE
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
kolourpaint-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
An easy-to-use paint program
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
kruler-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
A screen ruler and color measurement tool
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
ksaneplugin-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
KDE sane service
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
libmfx-1.19-1.20170114gita5ba231.fc24 (FEDORA-2017-eeb088e25a)
Intel hardware video acceleration dispatcher library
--------------------------------------------------------------------------------
Update Information:
Introduces API version 1.19. This version is backward compatible with the
previous API versions.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1418271 - libmfx-1.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1418271
--------------------------------------------------------------------------------
================================================================================
libsolv-0.6.26-1.fc24 (FEDORA-2017-7d95e93b75)
Package dependency solver
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.26: - Split libsolvext to separate pkg-config file - Fix
undefined symbol in bindings
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422808 - undefined symbol: solvable_matchesdep
https://bugzilla.redhat.com/show_bug.cgi?id=1422808
--------------------------------------------------------------------------------
================================================================================
mariadb-10.1.21-3.fc24 (FEDORA-2017-0dda23cd5a)
A community developed branch of MySQL
--------------------------------------------------------------------------------
Update Information:
First part of the #1421092 solution. The second part is community-mysql-5.7.17-4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1421092 - /usr/bin/mysql_plugin from install of
mariadb-server-utils-3:10.1.21-1.fc25.x86_64 conflicts with file from package
community-mysql-5.7.17-1.fc25.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1421092
--------------------------------------------------------------------------------
================================================================================
metamath-0.139-1.fc24 (FEDORA-2017-c3f7fbb557)
Construct mathematics from basic axioms
--------------------------------------------------------------------------------
Update Information:
This update installs some previously missing theories, and also updates to
version 0.139: - print only one line for 'save proof * /compressed/fast'
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422091 - Some theories are missing from rpm
https://bugzilla.redhat.com/show_bug.cgi?id=1422091
--------------------------------------------------------------------------------
================================================================================
modulemd-1.1.0-1.fc24 (FEDORA-2017-ec4f43e4d1)
Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
A new version of modulemd is available. This release installs its test suite
under modulemd.tests and changes the default behavior of the xmd field.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1418794 - __init__.pyc from install of python2-modulemd-1.0.2-1.fc25.noarch
conflicts with file from package python-custodia-0.1.0-4.fc25.noarch
https://bugzilla.redhat.com/show_bug.cgi?id=1418794
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-5.2.11-1.fc24 (FEDORA-2017-62b521aab9)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
* Ruleset updates * Removing targets which are HSTS preloaded in all
supported browsers * In HTTP Nowhere mode, attempt HTTPS before block
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400517 - mozilla-https-everywhere-5.2.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1400517
--------------------------------------------------------------------------------
================================================================================
mycli-1.8.1-4.fc24 (FEDORA-2017-9695d54eb1)
Interactive CLI for MySQL Database with auto-completion and syntax highlighting
--------------------------------------------------------------------------------
Update Information:
Add fix to work with newer sqlparse.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422211 - mycli dependency issue
https://bugzilla.redhat.com/show_bug.cgi?id=1422211
--------------------------------------------------------------------------------
================================================================================
pcre-8.40-2.fc24 (FEDORA-2017-a8dc348834)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release fixes pcregrep multi-line matching with --only-matching option, a
crash when JIT-compiling some patterns and a possible buffer overflow when
formatting a pcregrep error message.
--------------------------------------------------------------------------------
================================================================================
perl-Net-CalDAVTalk-0.10-1.fc24 (FEDORA-2017-af414ed549)
CalDAV client with JSON data interface
--------------------------------------------------------------------------------
Update Information:
This release fixes setting time zone on recurrences. It uses top level time zone
instead recurrecne time zone now.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422480 - perl-Net-CalDAVTalk-0.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1422480
--------------------------------------------------------------------------------
================================================================================
perl-Net-CardDAVTalk-0.05-1.fc24 (FEDORA-2017-6fe0bffde5)
CardDAV client
--------------------------------------------------------------------------------
Update Information:
This release adds support for ACL in FastMail servers.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422481 - perl-Net-CardDAVTalk-0.05 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1422481
--------------------------------------------------------------------------------
================================================================================
perl-String-Compare-ConstantTime-0.312-1.fc24 (FEDORA-2017-61b28a67d8)
Timing side-channel protected string compare
--------------------------------------------------------------------------------
Update Information:
This release fixes handling of variables with attached magic.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422300 - perl-String-Compare-ConstantTime-0.312 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1422300
--------------------------------------------------------------------------------
================================================================================
php-onelogin-php-saml-2.10.3-1.fc24 (FEDORA-2017-3513c9553f)
SAML support for PHP
--------------------------------------------------------------------------------
Update Information:
Update to 2.10.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1385654 - php-onelogin-php-saml-v2.10.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1385654
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-mail-2.7.3-1.fc24 (FEDORA-2017-01b774bbee)
Zend Framework Mail component
--------------------------------------------------------------------------------
Update Information:
**Version 2.7.3** - 2017-02-14 - [#93](https://github.com/zendframework/zend-
mail/pull/93) fixes a situation whereby `getSender()` was unintentionally
creating a blank `Sender` header, instead of returning `null` if none exists,
fixing an issue in the SMTP transport. -
[#105](https://github.com/zendframework/zend-mail/pull/105) fixes the header
implementation to allow zero (`0`) values for header values. -
[#116](https://github.com/zendframework/zend-mail/pull/116) fixes how the
`AbstractProtocol` handles `stream_socket_client()` errors, ensuring an
exception is thrown with detailed information regarding the failure.
--------------------------------------------------------------------------------
================================================================================
quassel-0.12.4-3.fc24 (FEDORA-2017-1d9c4c6feb)
A modern distributed IRC system
--------------------------------------------------------------------------------
Update Information:
Remove firewalld service file, as firewalld upstream now provides it.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422280 - Quassel-core package conflicts with firewalld
https://bugzilla.redhat.com/show_bug.cgi?id=1422280
--------------------------------------------------------------------------------
================================================================================
spectacle-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
Screenshot capture utility
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
strace-4.16-1.fc24 (FEDORA-2017-54c102af04)
Tracks and displays system calls associated with a running process
--------------------------------------------------------------------------------
Update Information:
v4.15 -> v4.16.
--------------------------------------------------------------------------------
================================================================================
svgpart-16.12.2-1.fc24 (FEDORA-2017-43339a97e4)
SVG KPart
--------------------------------------------------------------------------------
Update Information:
KDE Graphics 16.12.2, see also
https://www.kde.org/announcements/announce-
applications-16.12.2.php
--------------------------------------------------------------------------------
================================================================================
tripwire-2.4.3.2-3.fc24 (FEDORA-2017-b5e7a3c732)
IDS (Intrusion Detection System)
--------------------------------------------------------------------------------
Update Information:
Fix #1421468 by removing defattr macro in files section ---- update to 2.4.3.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1421468 - overly restrictive permissions on /usr/share/doc/tripwire
https://bugzilla.redhat.com/show_bug.cgi?id=1421468
[ 2 ] Bug #830999 - tripwire cron should send mail to configured recipients
https://bugzilla.redhat.com/show_bug.cgi?id=830999
--------------------------------------------------------------------------------
================================================================================
vdr-epg-daemon-1.1.95-1.fc24 (FEDORA-2017-cd76b6bf9f)
A daemon to download EPG data from internet and manage it in a mysql database
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.95 ---- Update to 1.94 ---- Update to 1.1.93 ---- Update to
1.1.91 ---- Update to 1.1.90 ---- Update to 1.1.89
--------------------------------------------------------------------------------
================================================================================
webkitgtk4-2.14.5-1.fc24 (FEDORA-2017-b1abcbe695)
GTK+ Web content engine library
--------------------------------------------------------------------------------
Update Information:
This update addresses the following vulnerabilities: *
[
CVE-2017-2350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350),
[
CVE-2017-2354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354),
[
CVE-2017-2355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355),
[
CVE-2017-2356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356),
[
CVE-2017-2362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362),
[
CVE-2017-2363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363),
[
CVE-2017-2364](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2364),
[
CVE-2017-2365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2365),
[
CVE-2017-2366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366),
[
CVE-2017-2369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369),
[
CVE-2017-2371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2371),
[
CVE-2017-2373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373)
Additional fixes: * Make accelerating compositing mode on-demand again. By
default it will only be used for websites that require it, saving a lot of
memory on websites that don���t need it. * Release unused UpdateAtlas and reduce
the tile coverage on memory pressure. * The media backend now stores preloaded
media in /var/tmp instead of user cache dir. * Make inspector work again when
accelerated compositing support is disabled. * Fix a deadlock when the media
player is destroyed. * Fix network process crashes when loading custom URI
schemes. * Fix overlay scrollbars that are over a subframe. * Fix a crash in
GraphicsContext3D::drawArrays when using OpenGL 3.2 core profile. * Fix
BadDamage X errors happening when resizing the WebView. * Fix several crashes
and rendering issues.
--------------------------------------------------------------------------------
================================================================================
wmfrog-0.3.1-16.fc24 (FEDORA-2017-da0293e0cc)
A weather application, it shows the weather in a graphical way
--------------------------------------------------------------------------------
Update Information:
This release fixes a crash when parsing overlong wmfrog arguments. It also makes
-tmp argument to be respected.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1422319 - [abrt] wmfrog: strcpy(): wmfrog killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1422319
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.1-3.fc24 (FEDORA-2017-05e32fe278)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
WARNING: Please note that this update comes with a slightly different syntax of
sesman.ini file, so if you edited this file by hand, you may need to look at the
.rpmnew file and merge any required changes by hand. This release also creates
three files in /etc/xrdp directory if they don't already exist or are empty: -
rsakeys.ini - cert.pem - key.pem Also note that in Fedora, the only backend
that will really work is still Xvnc for now. New features - New xorgxrdp
backend using existing Xorg with additional modules - Improvements to X11rdp
backend - Support for IPv6 (disabled by default) - Initial support for RemoteFX
Codec (disabled by default) - Support for TLS security layer (preferred over RDP
layer if supported by the client) - Support for disabling deprecated SSLv3
protocol and for selecting custom cipher suites in xrdp.ini - Support for
bidirectional fastpath (enabled in both directions by default) - Support clients
that don't support drawing orders, such as MS RDP client for Android, ChromeRDP
(disabled by default) - More configurable login screen - Support for new virtual
channels: - - rdpdr: device redirection - - rdpsnd: audio output - - cliprdr:
clipboard - - xrdpvr: xrdp video redirection channel (can be used along with
NeutrinoRDP client) - Support for disabling virtual channels globally or by
session type - Allow to specify the path for backends (Xorg, X11rdp, Xvnc) -
Added files for systemd support - Multi-monitor support - xrdp-chansrv stroes
logs in ${XDG_DATA_HOME}/xrdp now Security fixes - User's password could be
recovered from the Xvnc password file - X11 authentication was not used
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1404972 - CVE-2013-1430 xrdp: Cleartext password shown in file after logging
into xrdp session [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1404972
[ 2 ] Bug #1404971 - CVE-2013-1430 xrdp: Cleartext password shown in file after logging
into xrdp session [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1404971
--------------------------------------------------------------------------------
================================================================================
xrootd-4.6.0-3.fc24 (FEDORA-2017-e12389b771)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
New version 4.6.0, release notes are here:
https://github.com/xrootd/xrootd/blob/v4.6.0/docs/ReleaseNotes.txt
--------------------------------------------------------------------------------