The following Fedora 22 Security updates need testing:
Age URL
246
https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878
echoping-6.1-0.beta.r434svn.1.fc22
195
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185
ceph-deploy-1.5.25-1.fc22
127
https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781
python-kdcproxy-0.3.2-1.fc22
113
https://bodhi.fedoraproject.org/updates/FEDORA-2015-13823
python-django-1.8.4-1.fc22
111
https://bodhi.fedoraproject.org/updates/FEDORA-2015-1aee5e6f0b
conntrack-tools-1.4.2-9.fc22
82
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22
75
https://bodhi.fedoraproject.org/updates/FEDORA-2015-05490fc42d
squid-3.4.13-3.fc22
75
https://bodhi.fedoraproject.org/updates/FEDORA-2015-be2c11d456
subversion-1.8.14-1.fc22
70
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf
openstack-swift-2.2.0-6.fc22
68
https://bodhi.fedoraproject.org/updates/FEDORA-2015-3e4043f088
python-pymongo-3.0.3-1.fc22
46
https://bodhi.fedoraproject.org/updates/FEDORA-2015-de44abca87
ntp-4.2.6p5-34.fc22
39
https://bodhi.fedoraproject.org/updates/FEDORA-2015-0552500cd7
python-pygments-2.0.2-3.fc22
39
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d
miniupnpc-1.9-6.fc22
22
https://bodhi.fedoraproject.org/updates/FEDORA-2015-c7b1be8823
seamonkey-2.39-1.fc22
22
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
22
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
15
https://bodhi.fedoraproject.org/updates/FEDORA-2015-8413bdd343 abrt-2.6.1-7.fc22
13
https://bodhi.fedoraproject.org/updates/FEDORA-2015-89468612f5
jenkins-1.609.3-4.fc22
12
https://bodhi.fedoraproject.org/updates/FEDORA-2015-fff2073f50 wget-1.16.3-2.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0
thttpd-2.25b-36.fc22
9
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6565f29415
pax-utils-1.1.4-1.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6d64c257cf
thunderbird-38.4.0-1.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2015-a288773b9a
LibRaw-0.16.2-3.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2015-3461e976cb
libpng10-1.0.65-1.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2ebdd4ad8f
moodle-2.8.9-1.fc22
5
https://bodhi.fedoraproject.org/updates/FEDORA-2015-d87d60b9a9
openssl-1.0.1k-13.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2015-d5cc306730 p7zip-15.09-4.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105
ImageMagick-6.9.2.7-1.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2015-39522bb8c9
php-PHPMailer-5.2.14-1.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2015-020f4b9400
xsupplicant-2.2.0-13.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2015-686f289aa5 qemu-2.3.1-8.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2015-233750b6ab
libpng15-1.5.25-1.fc22
1
https://bodhi.fedoraproject.org/updates/FEDORA-2015-b406a8e4f2 qemu-2.3.1-9.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2015-c4ed00a68f
kernel-4.2.7-200.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2015-8dd01b09a9
arts-1.5.10-30.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2f4b92ed2e
kdelibs3-3.5.10-71.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2015-08e4af5a20 xen-4.5.2-5.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2015-90c27b6e91
grub2-2.02-0.18.fc22
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
121
https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22
107
https://bodhi.fedoraproject.org/updates/FEDORA-2015-14218 xulrunner-40.0-1.fc22
39
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f
libgphoto2-2.5.8-1.fc22
36
https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22
33
https://bodhi.fedoraproject.org/updates/FEDORA-2015-069fea7e6b
livecd-tools-22.3-1.fc22
22
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
22
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
22
https://bodhi.fedoraproject.org/updates/FEDORA-2015-82b7665427 koji-1.10.1-1.fc22
17
https://bodhi.fedoraproject.org/updates/FEDORA-2015-1d21e7f650 unzip-6.0-23.fc22
15
https://bodhi.fedoraproject.org/updates/FEDORA-2015-efc06edc85
NetworkManager-vpnc-1.0.8-1.fc22 NetworkManager-openconnect-1.0.8-1.fc22
NetworkManager-openvpn-1.0.8-1.fc22 NetworkManager-openswan-1.0.8-1.fc22
NetworkManager-fortisslvpn-1.0.8-1.fc22 NetworkManager-1.0.8-1.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2015-bee294be57 grep-2.21-6.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2015-f194dc9900
librsvg2-2.40.12-1.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6d64c257cf
thunderbird-38.4.0-1.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2015-74751a6fd5
chkconfig-1.7-1.fc22
5
https://bodhi.fedoraproject.org/updates/FEDORA-2015-4daef06c07
nautilus-3.16.3-1.fc22
5
https://bodhi.fedoraproject.org/updates/FEDORA-2015-d87d60b9a9
openssl-1.0.1k-13.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2015-f03bcc3731
perl-libwww-perl-6.15-1.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2015-1b2b67ac30
gnome-online-accounts-3.16.5-1.fc22
1
https://bodhi.fedoraproject.org/updates/FEDORA-2015-3c934e07c3
kdelibs-4.14.14-4.fc22
1
https://bodhi.fedoraproject.org/updates/FEDORA-2015-8083abc683
selinux-policy-3.13.1-128.22.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2015-8be6e502c3 gcc-5.3.1-2.fc22
gcc-python-plugin-0.14-4.2.fc22 libtool-2.4.2-35.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2015-c4ed00a68f
kernel-4.2.7-200.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2015-1c93bbd1a7
sqlite-3.9.0-2.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2015-473007accf
util-linux-2.26.2-4.fc22
The following builds have been pushed to Fedora 22 updates-testing
arts-1.5.10-30.fc22
cross-binutils-2.25.1-2.fc22
cross-gcc-5.2.1-4.fc22
datovka-4.4.2-1.fc22
gcc-5.3.1-2.fc22
gcc-python-plugin-0.14-4.2.fc22
globus-gsi-proxy-core-7.9-1.fc22
globus-gsi-sysconfig-6.9-1.fc22
globus-gssapi-gsi-11.24-1.fc22
grub2-2.02-0.18.fc22
jfontchooser-1.0.5-2.fc22
kdelibs3-3.5.10-71.fc22
kernel-4.2.7-200.fc22
libosmocore-0.9.0-3.20151109git916423ef.fc22
libsolv-0.6.14-3.fc22
libtool-2.4.2-35.fc22
lua-argparse-0.5.0-1.fc22
mathgl-2.3.3-5.fc22
myproxy-6.1.16-1.fc22
mysql-mmm-2.2.1-13.fc22
nodejs-extsprintf-1.3.0-1.fc22
nodejs-path-exists-2.2.0-1.fc22
opencl-utils-1-1.svn16.fc22
pbuilder-0.221.3-1.fc22
pcsc-cyberjack-3.99.5final.SP08-2.fc22
pesign-0.111-7.fc22
pinta-1.6-2.fc22
python-libpagure-0.6-1.fc22
python-music21-2.2.1-1.fc22
qbittorrent-3.3.1-2.fc22
rb_libtorrent-1.0.7-2.fc22
rpmspectool-1.99.4-1.fc22
sqlite-3.9.0-2.fc22
util-linux-2.26.2-4.fc22
wine-1.8-0.1.fc22
xen-4.5.2-5.fc22
Details about builds:
================================================================================
arts-1.5.10-30.fc22 (FEDORA-2015-8dd01b09a9)
aRts (analog realtime synthesizer) - the KDE sound system
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2015-7543 in arts (the legacy aRts sound server): A
temporary directory was being created insecurely using mktemp and mkdir,
allowing an attacker to hijack the temporary directory and thus the inter-
process communication (IPC). This update fixes the temporary directory creation
to use the safe mkdtemp function instead.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1280543 - CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to
hijack the IPC
https://bugzilla.redhat.com/show_bug.cgi?id=1280543
--------------------------------------------------------------------------------
================================================================================
cross-binutils-2.25.1-2.fc22 (FEDORA-2015-942cab9499)
A GNU collection of cross-compilation binary utilities
--------------------------------------------------------------------------------
Update Information:
Rebased on binutils-2.25.1-9. Should now support powerpc64le. ---- Add support
for ppcle & ppc64le, sync with binutils-2.25.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037026 - cross-binutils FTBFS if "-Werror=format-security" flag is
used
https://bugzilla.redhat.com/show_bug.cgi?id=1037026
--------------------------------------------------------------------------------
================================================================================
cross-gcc-5.2.1-4.fc22 (FEDORA-2015-baa411f109)
Cross C compiler
--------------------------------------------------------------------------------
Update Information:
Rebased on gcc-5.2.1-5. Fixed alpha -O2 compilation [BZ 1256791]. ---- Rebase
on gcc-5.2.1 and add ppcle and ppc64le support in binutils [BZ 1255946] ----
Rebase on gcc-5.2.1 and add ppcle and ppc64le support in binutils [BZ 1255946]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1265791 - optimiser bug with -O3 on Alpha + other arches
https://bugzilla.redhat.com/show_bug.cgi?id=1265791
[ 2 ] Bug #1219345 - ice in extract_insn, at recog.c:2343 for alpha cross compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1219345
--------------------------------------------------------------------------------
================================================================================
datovka-4.4.2-1.fc22 (FEDORA-2015-e0e40cff29)
A free graphical interface for Czech Databox (Datov�� schr��nky)
--------------------------------------------------------------------------------
Update Information:
new upstream release: - enhancement: better explanation of some error codes -
fix: increased maximum number of downloaded messages - fix: don't forget
password on ISDS connection failure ---- New upstream release: + feature:
store attachments for sent messages into the database + feature: configurable
timeout for marking a message as read + feature: filter field background color
based on whether a matching message matches + enhancement: renamed attachments
to avoid potentially problematic characters + enhancement: Home and End key
navigation in message list + enhancement: add some missing tool tips + fix:
two pop-ups show on errors when sending a message + fix: importing messages
from another database file + fix: message status updating with privilege-
restricted accounts + fix: sending a commercial messages from templates
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1276802 - datovka-4.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1276802
[ 2 ] Bug #1289784 - datovka-4.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1289784
--------------------------------------------------------------------------------
================================================================================
gcc-5.3.1-2.fc22 (FEDORA-2015-8be6e502c3)
Various compilers (C, C++, Objective-C, Java, ...)
--------------------------------------------------------------------------------
Update Information:
This errata updates gcc in F23 to 5.3. List of upstream bugs fixed
(
http://gcc.gnu.org/PRNNNNN): 36192, 37072, 43341, 47266, 49940, 49944, 50201,
51048, 51993, 52482, 56158, 56274, 56383, 56520, 56956, 57845, 58027, 58066,
58754, 59678, 60164, 60736, 60993, 61313, 61819, 61830, 62258, 63408, 63740,
64833, 64906, 64921, 64986, 65049, 65089, 65099, 65142, 65195, 65393, 65441,
65697, 65711, 65726, 65734, 65742, 65750, 65751, 65841, 65843, 65879, 65880,
65882, 65908, 65913, 65914, 65919, 65945, 65973, 65974, 66001, 66035, 66048,
66055, 66067, 66079, 66085, 66098, 66114, 66119, 66134, 66136, 66200, 66216,
66260, 66301, 66311, 66332, 66336, 66375, 66412, 66413, 66422, 66424, 66432,
66465, 66501, 66509, 66515, 66523, 66533, 66539, 66545, 66546, 66549, 66556,
66563, 66566, 66567, 66568, 66569, 66581, 66583, 66585, 66596, 66611, 66619,
66628, 66633, 66647, 66648, 66649, 66650, 66667, 66691, 66697, 66700, 66702,
66703, 66705, 66711, 66724, 66725, 66728, 66731, 66743, 66748, 66760, 66761,
66780, 66782, 66790, 66793, 66794, 66814, 66820, 66823, 66828, 66838, 66840,
66855, 66857, 66861, 66864, 66866, 66891, 66896, 66908, 66912, 66917, 66919,
66922, 66923, 66929, 66930, 66936, 66942, 66948, 66952, 66956, 66957, 66979,
66998, 67002, 67005, 67015, 67021, 67028, 67029, 67037, 67049, 67055, 67056,
67060, 67061, 67104, 67121, 67127, 67130, 67131, 67141, 67143, 67161, 67171,
67173, 67177, 67211, 67222, 67226, 67244, 67258, 67265, 67271, 67280, 67281,
67303, 67337, 67354, 67362, 67369, 67374, 67378, 67391, 67401, 67409, 67429,
67439, 67440, 67442, 67443, 67452, 67460, 67470, 67495, 67500, 67501, 67502,
67504, 67506, 67511, 67512, 67514, 67517, 67521, 67522, 67523, 67525, 67526,
67557, 67563, 67573, 67600, 67609, 67614, 67615, 67616, 67619, 67657, 67662,
67690, 67699, 67707, 67716, 67721, 67730, 67736, 67747, 67769, 67770, 67783,
67794, 67802, 67803, 67805, 67808, 67813, 67818, 67821, 67849, 67850, 67885,
67900, 67929, 67933, 67939, 67940, 67941, 67954, 67967, 67977, 67987, 67989,
68015, 68017, 68018, 68019, 68053, 68054, 68055, 68057, 68059, 68067, 68079,
68087, 68102, 68106, 68108, 68129, 68143, 68151, 68153, 68154, 68157, 68169,
68185, 68190, 68194, 68196, 68218, 68220, 68221, 68224, 68238, 68249, 68250,
68277, 68318, 68319, 68321, 68328, 68337, 68339, 68363, 68376, 68408, 68416,
68422, 68448, 68483, 68508, 68552, 68564, 68671, 68680
--------------------------------------------------------------------------------
================================================================================
gcc-python-plugin-0.14-4.2.fc22 (FEDORA-2015-8be6e502c3)
GCC plugin that embeds Python
--------------------------------------------------------------------------------
Update Information:
This errata updates gcc in F23 to 5.3. List of upstream bugs fixed
(
http://gcc.gnu.org/PRNNNNN): 36192, 37072, 43341, 47266, 49940, 49944, 50201,
51048, 51993, 52482, 56158, 56274, 56383, 56520, 56956, 57845, 58027, 58066,
58754, 59678, 60164, 60736, 60993, 61313, 61819, 61830, 62258, 63408, 63740,
64833, 64906, 64921, 64986, 65049, 65089, 65099, 65142, 65195, 65393, 65441,
65697, 65711, 65726, 65734, 65742, 65750, 65751, 65841, 65843, 65879, 65880,
65882, 65908, 65913, 65914, 65919, 65945, 65973, 65974, 66001, 66035, 66048,
66055, 66067, 66079, 66085, 66098, 66114, 66119, 66134, 66136, 66200, 66216,
66260, 66301, 66311, 66332, 66336, 66375, 66412, 66413, 66422, 66424, 66432,
66465, 66501, 66509, 66515, 66523, 66533, 66539, 66545, 66546, 66549, 66556,
66563, 66566, 66567, 66568, 66569, 66581, 66583, 66585, 66596, 66611, 66619,
66628, 66633, 66647, 66648, 66649, 66650, 66667, 66691, 66697, 66700, 66702,
66703, 66705, 66711, 66724, 66725, 66728, 66731, 66743, 66748, 66760, 66761,
66780, 66782, 66790, 66793, 66794, 66814, 66820, 66823, 66828, 66838, 66840,
66855, 66857, 66861, 66864, 66866, 66891, 66896, 66908, 66912, 66917, 66919,
66922, 66923, 66929, 66930, 66936, 66942, 66948, 66952, 66956, 66957, 66979,
66998, 67002, 67005, 67015, 67021, 67028, 67029, 67037, 67049, 67055, 67056,
67060, 67061, 67104, 67121, 67127, 67130, 67131, 67141, 67143, 67161, 67171,
67173, 67177, 67211, 67222, 67226, 67244, 67258, 67265, 67271, 67280, 67281,
67303, 67337, 67354, 67362, 67369, 67374, 67378, 67391, 67401, 67409, 67429,
67439, 67440, 67442, 67443, 67452, 67460, 67470, 67495, 67500, 67501, 67502,
67504, 67506, 67511, 67512, 67514, 67517, 67521, 67522, 67523, 67525, 67526,
67557, 67563, 67573, 67600, 67609, 67614, 67615, 67616, 67619, 67657, 67662,
67690, 67699, 67707, 67716, 67721, 67730, 67736, 67747, 67769, 67770, 67783,
67794, 67802, 67803, 67805, 67808, 67813, 67818, 67821, 67849, 67850, 67885,
67900, 67929, 67933, 67939, 67940, 67941, 67954, 67967, 67977, 67987, 67989,
68015, 68017, 68018, 68019, 68053, 68054, 68055, 68057, 68059, 68067, 68079,
68087, 68102, 68106, 68108, 68129, 68143, 68151, 68153, 68154, 68157, 68169,
68185, 68190, 68194, 68196, 68218, 68220, 68221, 68224, 68238, 68249, 68250,
68277, 68318, 68319, 68321, 68328, 68337, 68339, 68363, 68376, 68408, 68416,
68422, 68448, 68483, 68508, 68552, 68564, 68671, 68680
--------------------------------------------------------------------------------
================================================================================
globus-gsi-proxy-core-7.9-1.fc22 (FEDORA-2015-2427c4acbd)
Globus Toolkit - Globus GSI Proxy Core Library
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
globus-gsi-sysconfig-6.9-1.fc22 (FEDORA-2015-2427c4acbd)
Globus Toolkit - Globus GSI System Config Library
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
globus-gssapi-gsi-11.24-1.fc22 (FEDORA-2015-2427c4acbd)
Globus Toolkit - GSSAPI library
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
grub2-2.02-0.18.fc22 (FEDORA-2015-90c27b6e91)
Bootloader with support for Linux, Multiboot and more
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2015-8370.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1290417 - CVE-2015-8370 grub2: buffer overflow when checking password entered
during bootup [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1290417
--------------------------------------------------------------------------------
================================================================================
jfontchooser-1.0.5-2.fc22 (FEDORA-2015-bc9bf43ebc)
Swing-based java component for font selection
--------------------------------------------------------------------------------
Update Information:
New Java font chooser library package.
--------------------------------------------------------------------------------
================================================================================
kdelibs3-3.5.10-71.fc22 (FEDORA-2015-2f4b92ed2e)
KDE 3 Libraries
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2015-7543 in kdelibs3 (the KDE 3 compatibility version of
kdelibs): A temporary directory was being created insecurely using mktemp and
mkdir, allowing an attacker to hijack the temporary directory and thus the
inter-process communication (IPC). This update fixes the temporary directory
creation to use the safe mkdtemp function instead.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1280543 - CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to
hijack the IPC
https://bugzilla.redhat.com/show_bug.cgi?id=1280543
--------------------------------------------------------------------------------
================================================================================
kernel-4.2.7-200.fc22 (FEDORA-2015-c4ed00a68f)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.2.7 stable update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1285326 - CVE-2015-7515 kernel: aiptek: crash on invalid USB device
descriptors
https://bugzilla.redhat.com/show_bug.cgi?id=1285326
[ 2 ] Bug #1270158 - CVE-2015-7833 kernel: usbvision: crash on invalid USB device
descriptors
https://bugzilla.redhat.com/show_bug.cgi?id=1270158
[ 3 ] Bug #1286261 - CVE-2015-8374 kernel: Information leak when truncating of
compressed/inlined extents on BTRFS
https://bugzilla.redhat.com/show_bug.cgi?id=1286261
--------------------------------------------------------------------------------
================================================================================
libosmocore-0.9.0-3.20151109git916423ef.fc22 (FEDORA-2015-f2da169de3)
Utility functions for OsmocomBB, OpenBSC and related projects
--------------------------------------------------------------------------------
Update Information:
Fixed library to pass smscb test on ppc. ---- This is new package - utility
functions for OsmocomBB, OpenBSC and related projects.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1289940 - [libosmocore] Fix test on big-endian machines
https://bugzilla.redhat.com/show_bug.cgi?id=1289940
[ 2 ] Bug #1279527 - Review Request: libosmocore - Utility functions for OsmocomBB,
OpenBSC and related projects
https://bugzilla.redhat.com/show_bug.cgi?id=1279527
--------------------------------------------------------------------------------
================================================================================
libsolv-0.6.14-3.fc22 (FEDORA-2015-f0a7ef1898)
Package dependency solver
--------------------------------------------------------------------------------
Update Information:
Enable bzip2 support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1226647 - libsolv: RFE: Enable support for bzip2 compression
https://bugzilla.redhat.com/show_bug.cgi?id=1226647
--------------------------------------------------------------------------------
================================================================================
libtool-2.4.2-35.fc22 (FEDORA-2015-8be6e502c3)
The GNU Portable Library Tool
--------------------------------------------------------------------------------
Update Information:
This errata updates gcc in F23 to 5.3. List of upstream bugs fixed
(
http://gcc.gnu.org/PRNNNNN): 36192, 37072, 43341, 47266, 49940, 49944, 50201,
51048, 51993, 52482, 56158, 56274, 56383, 56520, 56956, 57845, 58027, 58066,
58754, 59678, 60164, 60736, 60993, 61313, 61819, 61830, 62258, 63408, 63740,
64833, 64906, 64921, 64986, 65049, 65089, 65099, 65142, 65195, 65393, 65441,
65697, 65711, 65726, 65734, 65742, 65750, 65751, 65841, 65843, 65879, 65880,
65882, 65908, 65913, 65914, 65919, 65945, 65973, 65974, 66001, 66035, 66048,
66055, 66067, 66079, 66085, 66098, 66114, 66119, 66134, 66136, 66200, 66216,
66260, 66301, 66311, 66332, 66336, 66375, 66412, 66413, 66422, 66424, 66432,
66465, 66501, 66509, 66515, 66523, 66533, 66539, 66545, 66546, 66549, 66556,
66563, 66566, 66567, 66568, 66569, 66581, 66583, 66585, 66596, 66611, 66619,
66628, 66633, 66647, 66648, 66649, 66650, 66667, 66691, 66697, 66700, 66702,
66703, 66705, 66711, 66724, 66725, 66728, 66731, 66743, 66748, 66760, 66761,
66780, 66782, 66790, 66793, 66794, 66814, 66820, 66823, 66828, 66838, 66840,
66855, 66857, 66861, 66864, 66866, 66891, 66896, 66908, 66912, 66917, 66919,
66922, 66923, 66929, 66930, 66936, 66942, 66948, 66952, 66956, 66957, 66979,
66998, 67002, 67005, 67015, 67021, 67028, 67029, 67037, 67049, 67055, 67056,
67060, 67061, 67104, 67121, 67127, 67130, 67131, 67141, 67143, 67161, 67171,
67173, 67177, 67211, 67222, 67226, 67244, 67258, 67265, 67271, 67280, 67281,
67303, 67337, 67354, 67362, 67369, 67374, 67378, 67391, 67401, 67409, 67429,
67439, 67440, 67442, 67443, 67452, 67460, 67470, 67495, 67500, 67501, 67502,
67504, 67506, 67511, 67512, 67514, 67517, 67521, 67522, 67523, 67525, 67526,
67557, 67563, 67573, 67600, 67609, 67614, 67615, 67616, 67619, 67657, 67662,
67690, 67699, 67707, 67716, 67721, 67730, 67736, 67747, 67769, 67770, 67783,
67794, 67802, 67803, 67805, 67808, 67813, 67818, 67821, 67849, 67850, 67885,
67900, 67929, 67933, 67939, 67940, 67941, 67954, 67967, 67977, 67987, 67989,
68015, 68017, 68018, 68019, 68053, 68054, 68055, 68057, 68059, 68067, 68079,
68087, 68102, 68106, 68108, 68129, 68143, 68151, 68153, 68154, 68157, 68169,
68185, 68190, 68194, 68196, 68218, 68220, 68221, 68224, 68238, 68249, 68250,
68277, 68318, 68319, 68321, 68328, 68337, 68339, 68363, 68376, 68408, 68416,
68422, 68448, 68483, 68508, 68552, 68564, 68671, 68680
--------------------------------------------------------------------------------
================================================================================
lua-argparse-0.5.0-1.fc22 (FEDORA-2015-8478b2f6dc)
Feature-rich command line parser for Lua
--------------------------------------------------------------------------------
Update Information:
Updating to latest released version. Includes addition of several features.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1289954 - lua-argparse-0.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1289954
--------------------------------------------------------------------------------
================================================================================
mathgl-2.3.3-5.fc22 (FEDORA-2015-c598573ee0)
Cross-platform library for making high-quality scientific graphics
--------------------------------------------------------------------------------
Update Information:
- Reenable octave module. - Split out -qt, -wx and -fltk widgets into seperate
subpackages.
--------------------------------------------------------------------------------
================================================================================
myproxy-6.1.16-1.fc22 (FEDORA-2015-2427c4acbd)
Manage X.509 Public Key Infrastructure (PKI) security credentials
--------------------------------------------------------------------------------
Update Information:
globus-gsi-sysconfig-6.9-1 * GT6 update globus-gssapi-gsi-11.24-1 * GT6
update: Don't call SSLv3_method unless it is available globus-gsi-proxy-
core-7.9-1 * GT6 update: Change default proxy_req type to RFC, was GT3
myproxy-6.1.16-1 * Update to 6.1.16 (handle invalid proxy_req type)
--------------------------------------------------------------------------------
================================================================================
mysql-mmm-2.2.1-13.fc22 (FEDORA-2015-ac67ef7547)
Multi-Master Replication Manager for MySQL
--------------------------------------------------------------------------------
Update Information:
Fixes issue with newer Net::ARP version numbers
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169914 - mysql-mmm bug with newer Net::ARP version numbers
https://bugzilla.redhat.com/show_bug.cgi?id=1169914
--------------------------------------------------------------------------------
================================================================================
nodejs-extsprintf-1.3.0-1.fc22 (FEDORA-2015-58d1069add)
Extended POSIX-style sprintf
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1290171 - Review Request: nodejs-extsprintf - Extended POSIX-style sprintf
https://bugzilla.redhat.com/show_bug.cgi?id=1290171
--------------------------------------------------------------------------------
================================================================================
nodejs-path-exists-2.2.0-1.fc22 (FEDORA-2015-615098d9b1)
Promisify a callback-style function
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1272764 - Review Request: nodejs-path-exists - Check if a path exists
https://bugzilla.redhat.com/show_bug.cgi?id=1272764
--------------------------------------------------------------------------------
================================================================================
opencl-utils-1-1.svn16.fc22 (FEDORA-2015-1736b6c271)
Useful OpenCL tools and utilities
--------------------------------------------------------------------------------
Update Information:
Patch to work with OpenCL 1.2, cleanup and moving header files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1266184 - opencl-utils bundles OpenCL headers packaged in opencl-headers
https://bugzilla.redhat.com/show_bug.cgi?id=1266184
--------------------------------------------------------------------------------
================================================================================
pbuilder-0.221.3-1.fc22 (FEDORA-2015-2128fbbc06)
Personal package builder for Debian packages
--------------------------------------------------------------------------------
Update Information:
Update to version 0.221.3, see
http://metadata.ftp-
master.debian.org/changelogs/main/p/pbuilder/pbuilder_0.221.3_changelog for
details. ---- Update to version 0.221.2, see
http://metadata.ftp-
master.debian.org/changelogs/main/p/pbuilder/pbuilder_0.221.2_changelog for
details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1289788 - pbuilder-0.221.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1289788
--------------------------------------------------------------------------------
================================================================================
pcsc-cyberjack-3.99.5final.SP08-2.fc22 (FEDORA-2015-b1c1f34555)
PC/SC driver for REINER SCT cyberjack USB chip card reader
--------------------------------------------------------------------------------
Update Information:
New upstream, spec-file cleanup. ---- new upstream
--------------------------------------------------------------------------------
================================================================================
pesign-0.111-7.fc22 (FEDORA-2015-9d7c4ff402)
Signing utility for UEFI binaries
--------------------------------------------------------------------------------
Update Information:
Allow the mockbuild user to read the nss database if the account exists.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1283475 - Could not initialize nss: The certificate/key database is in an
old, unsupported format.
https://bugzilla.redhat.com/show_bug.cgi?id=1283475
[ 2 ] Bug #1284561 - Typo in pesign-authorize-groups
https://bugzilla.redhat.com/show_bug.cgi?id=1284561
[ 3 ] Bug #1284063 - Need pesign-rh-test-certs to build kernel
https://bugzilla.redhat.com/show_bug.cgi?id=1284063
--------------------------------------------------------------------------------
================================================================================
pinta-1.6-2.fc22 (FEDORA-2015-858171370b)
An easy to use drawing and image editing program
--------------------------------------------------------------------------------
Update Information:
fix build failure on ppc64 related to mono_arches
--------------------------------------------------------------------------------
================================================================================
python-libpagure-0.6-1.fc22 (FEDORA-2015-a96bda327e)
A Python library for Pagure APIs
--------------------------------------------------------------------------------
Update Information:
Update the source to 0.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1281739 - Review Request: python-libpagure - A Python library for Pagure
APIs
https://bugzilla.redhat.com/show_bug.cgi?id=1281739
--------------------------------------------------------------------------------
================================================================================
python-music21-2.2.1-1.fc22 (FEDORA-2015-2718e724ad)
A toolkit for computational musicology
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
================================================================================
qbittorrent-3.3.1-2.fc22 (FEDORA-2015-cd2f2dff6c)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
The major difference between qbittorrent 3.2.x and 3.3.x is the switch of
default from Qt4 to Qt5 (and Fedora did this switch too). Multiple fixes and new
features have been added as well ---- fix build on ppc64le
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1255788 - FTBFS with qbittorrent on ppc64le "Could not find a version
of the library!"
https://bugzilla.redhat.com/show_bug.cgi?id=1255788
[ 2 ] Bug #1252961 - qBittorrent fails to build on ppc64le
https://bugzilla.redhat.com/show_bug.cgi?id=1252961
[ 3 ] Bug #1279239 - [abrt] qbittorrent: uw_frame_state_for(): qbittorrent killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1279239
[ 4 ] Bug #1286706 - qbittorrent-3.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1286706
[ 5 ] Bug #1282019 - rb_libtorrent-1.0.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1282019
--------------------------------------------------------------------------------
================================================================================
rb_libtorrent-1.0.7-2.fc22 (FEDORA-2015-cd2f2dff6c)
A C++ BitTorrent library aiming to be the best alternative
--------------------------------------------------------------------------------
Update Information:
The major difference between qbittorrent 3.2.x and 3.3.x is the switch of
default from Qt4 to Qt5 (and Fedora did this switch too). Multiple fixes and new
features have been added as well ---- fix build on ppc64le
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1255788 - FTBFS with qbittorrent on ppc64le "Could not find a version
of the library!"
https://bugzilla.redhat.com/show_bug.cgi?id=1255788
[ 2 ] Bug #1252961 - qBittorrent fails to build on ppc64le
https://bugzilla.redhat.com/show_bug.cgi?id=1252961
[ 3 ] Bug #1279239 - [abrt] qbittorrent: uw_frame_state_for(): qbittorrent killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1279239
[ 4 ] Bug #1286706 - qbittorrent-3.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1286706
[ 5 ] Bug #1282019 - rb_libtorrent-1.0.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1282019
--------------------------------------------------------------------------------
================================================================================
rpmspectool-1.99.4-1.fc22 (FEDORA-2015-d7595935f4)
Utility for handling RPM spec files
--------------------------------------------------------------------------------
Update Information:
This update contains improvements in parsing spec files, as well as handling
certain errors when downloading files.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1154596 - spectool not downloading source
https://bugzilla.redhat.com/show_bug.cgi?id=1154596
--------------------------------------------------------------------------------
================================================================================
sqlite-3.9.0-2.fc22 (FEDORA-2015-1c93bbd1a7)
Library that implements an embeddable SQL database engine
--------------------------------------------------------------------------------
Update Information:
Updated sqlite with added amalgamation source distribution for stage2 builds.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1273994 - [REGRESSION] sqlite FTBFS during stage2 bootstrap - The 3.9 update
requires tcl, that isn't available in stage2
https://bugzilla.redhat.com/show_bug.cgi?id=1273994
--------------------------------------------------------------------------------
================================================================================
util-linux-2.26.2-4.fc22 (FEDORA-2015-473007accf)
A collection of basic system utilities
--------------------------------------------------------------------------------
Update Information:
backport build-sys patch from f21 to fix STAGE1 bootstrap
--------------------------------------------------------------------------------
================================================================================
wine-1.8-0.1.fc22 (FEDORA-2015-6306d811b5)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
Wine 1.8-rc3 Bug fixes. Code freeze, working towards 1.8 release.
--------------------------------------------------------------------------------
================================================================================
xen-4.5.2-5.fc22 (FEDORA-2015-08e4af5a20)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
eepro100: Prevent two endless loops [CVE-2015-8345] (#1285215), pcnet: fix rx
buffer overflow [CVE-2015-7512], ui: vnc: avoid floating point exception
[CVE-2015-8504], additional patch for [XSA-158, CVE-2015-8338] long running
memory operations on ARM [XSA-158, CVE-2015-8338] XENMEM_exchange error handling
issues [XSA-159, CVE-2015-8339, CVE-2015-8340] libxl leak of pv kernel and
initrd on error [XSA-160, CVE-2015-8341] ---- heap buffer overflow
vulnerability in pcnet emulator [XSA-162, CVE-2015-7504], virtual PMU is
unsupported [XSA-163]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1285213 - CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing
command block list
https://bugzilla.redhat.com/show_bug.cgi?id=1285213
[ 2 ] Bug #1285061 - CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback
mode
https://bugzilla.redhat.com/show_bug.cgi?id=1285061
[ 3 ] Bug #1261461 - CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in
pcnet_receive
https://bugzilla.redhat.com/show_bug.cgi?id=1261461
[ 4 ] Bug #1285350 - xen: Virtual Performance Measurement Unit feature is unsupported
https://bugzilla.redhat.com/show_bug.cgi?id=1285350
[ 5 ] Bug #1284933 - CVE-2015-8341 xen: libxl leak of PV kernel can cause OOM condition
https://bugzilla.redhat.com/show_bug.cgi?id=1284933
[ 6 ] Bug #1284919 - CVE-2015-8339 CVE-2015-8340 xen: XENMEM_exchange error handling may
cause DoS to host
https://bugzilla.redhat.com/show_bug.cgi?id=1284919
[ 7 ] Bug #1284911 - CVE-2015-8338 xen: Long running memory operations on ARM cause DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1284911
--------------------------------------------------------------------------------