The following Fedora 25 Security updates need testing: Age URL 185 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 84 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 27 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dbbbafea6 runc-1.0.0-7.git6394544.fc25.2 23 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec3c82e64d libstaroffice-0.0.3-3.fc25 23 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bcfa3569d6 libmwaw-0.3.11-3.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f68c93aaac kmail-16.12.3-2.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb1ecba1bc kf5-messagelib-16.12.3-2.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a11f853361 kdepim4-4.14.10-31.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-708adeb9b6 libsndfile-1.0.28-3.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb xen-4.7.2-7.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-63aca509fb zabbix-3.0.9-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7591a8e2c9 globus-xio-5.16-1.fc25 globus-net-manager-0.17-1.fc25 globus-gass-cache-program-6.7-1.fc25 globus-gass-copy-9.27-1.fc25 globus-gssapi-gsi-12.16-1.fc25 globus-gram-job-manager-14.36-1.fc25 globus-gridftp-server-12.2-1.fc25 globus-io-11.9-1.fc25 globus-xio-gsi-driver-3.11-1.fc25 globus-xio-pipe-driver-3.10-1.fc25 globus-xio-udt-driver-1.27-1.fc25 myproxy-6.1.28-1.fc25 globus-ftp-client-8.35-2.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-38113758e7 drupal7-7.56-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff1b87765 webkitgtk4-2.16.5-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f7d6fbccc php-horde-Horde-Image-2.5.1-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c57da6642 libmtp-1.1.13-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-372bb1edb3 libdb-5.3.28-24.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-75c571778e irssi-1.0.3-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-620085cede httpd-2.4.26-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-03954b6dc4 jetty-test-helper-3.1-3.fc25 jetty-alpn-8.1.11-2.v20170118.fc25 jetty-9.4.6-1.v20170531.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d3bc944153 pius-2.2.4-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a348b32eb5 libgcrypt-1.7.8-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-58cde32413 qt5-qtwebengine-5.9.0-4.fc25
The following Fedora 25 Critical Path updates have yet to be approved: Age URL 27 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a83e0e61d6 fwupd-0.9.4-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd92718a5a pungi-4.1.16-3.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-82f4a3afee storaged-2.6.2-6.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb xen-4.7.2-7.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-708adeb9b6 libsndfile-1.0.28-3.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d90aa59a73 libguestfs-1.36.5-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0187b2a605 selinux-policy-3.13.1-225.19.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-372bb1edb3 libdb-5.3.28-24.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-80862de14e perl-Scalar-List-Utils-1.48-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff1b87765 webkitgtk4-2.16.5-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d8104c0ea6 hostname-3.15-8.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2a0a9f69f8 dbus-1.11.14-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-118505dd77 libsoup-2.56.0-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-de0dd8b845 gsm-1.0.17-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a348b32eb5 libgcrypt-1.7.8-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-92a040da1a rsync-3.1.2-4.fc25
The following builds have been pushed to Fedora 25 updates-testing
MUMPS-5.1.1-2.fc25 avr-gcc-6.3.0-1.fc25 cjs-3.4.2-2.fc25 coin-or-Ipopt-3.12.8-2.fc25 dbus-1.11.14-1.fc25 gsm-1.0.17-1.fc25 hostname-3.15-8.fc25 libforensic1394-0.2-17.fc25 libsoup-2.56.0-3.fc25 lightdm-settings-1.1.1-1.fc25 nemo-3.4.5-1.fc25 oci-systemd-hook-0.1.9-1.gitaa42622.fc25 pcp-3.12.0-1.fc25 python-batinfo-0.4.2-5.fc25 python-configargparse-0.12.0-1.fc25 python-msrest-0.4.11-1.fc25 python-munkres-1.0.12-1.fc25 python-pyvo-0.6.1-1.fc25 python-streamlink-0.7.0-1.fc25 python-xmlbuilder-1.0-9.fc25 qt5-qtwebengine-5.9.0-4.fc25 reg-0.4.1-5.fc25 thermald-1.6-4.fc25 ugene-1.26.3-1.fc25.1 weechat-1.9-1.fc25 xed-1.4.4-2.fc25 xviewer-1.4.3-2.fc25
Details about builds:
================================================================================ MUMPS-5.1.1-2.fc25 (FEDORA-2017-c0e9637b10) A MUltifrontal Massively Parallel sparse direct Solver -------------------------------------------------------------------------------- Update Information:
- Update MUMPS and Ipopt to newer versions -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1461038 - coin-or-Ipopt-3.12.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1461038 --------------------------------------------------------------------------------
================================================================================ avr-gcc-6.3.0-1.fc25 (FEDORA-2017-5463a67108) Cross Compiling GNU GCC targeted at avr -------------------------------------------------------------------------------- Update Information:
avr-gcc updated to gcc version 6.3.0 --------------------------------------------------------------------------------
================================================================================ cjs-3.4.2-2.fc25 (FEDORA-2017-db1258a8c9) Javascript Bindings for Cinnamon -------------------------------------------------------------------------------- Update Information:
Fix log spam -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1465004 - cjs-3.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1465004 --------------------------------------------------------------------------------
================================================================================ coin-or-Ipopt-3.12.8-2.fc25 (FEDORA-2017-c0e9637b10) Interior Point OPTimizer -------------------------------------------------------------------------------- Update Information:
- Update MUMPS and Ipopt to newer versions -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1461038 - coin-or-Ipopt-3.12.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1461038 --------------------------------------------------------------------------------
================================================================================ dbus-1.11.14-1.fc25 (FEDORA-2017-2a0a9f69f8) D-BUS message bus -------------------------------------------------------------------------------- Update Information:
Update to 1.11.14 --------------------------------------------------------------------------------
================================================================================ gsm-1.0.17-1.fc25 (FEDORA-2017-de0dd8b845) Shared libraries for GSM speech compressor -------------------------------------------------------------------------------- Update Information:
This update fixes undefined behaviour when doing left shifts on signed integers. No API or ABI changes. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1465878 - gsm-1.0.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1465878 --------------------------------------------------------------------------------
================================================================================ hostname-3.15-8.fc25 (FEDORA-2017-d8104c0ea6) Utility to set/show the host name or domain name -------------------------------------------------------------------------------- Update Information:
Man page: change yp_get_default_domain with getdomainname (#1168989) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1168989 - hostname(1) manpage dangling reference https://bugzilla.redhat.com/show_bug.cgi?id=1168989 --------------------------------------------------------------------------------
================================================================================ libforensic1394-0.2-17.fc25 (FEDORA-2017-f1a09c5bde) A library for performing live memory forensics over firewire -------------------------------------------------------------------------------- Update Information:
Enable Python3 support by default --------------------------------------------------------------------------------
================================================================================ libsoup-2.56.0-3.fc25 (FEDORA-2017-118505dd77) Soup, an HTTP library implementation -------------------------------------------------------------------------------- Update Information:
This update fixes the following problems: * Possible crashes when accessing sites with GSSAPI authentication * Sites with GSSAPI authentication that require closing the connection are not loaded at all * Some servers does not follow the GSSAPI authentication workflow closely, weaken the libsoup implemetation to behave like other clients (Firefox, cURL) to support them. --------------------------------------------------------------------------------
================================================================================ lightdm-settings-1.1.1-1.fc25 (FEDORA-2017-5991cb7cf6) Configuration tool for the LightDM display manager -------------------------------------------------------------------------------- Update Information:
* New upstream release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1466545 - lightdm-settings-1.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1466545 --------------------------------------------------------------------------------
================================================================================ nemo-3.4.5-1.fc25 (FEDORA-2017-41afc9bd92) File manager for Cinnamon -------------------------------------------------------------------------------- Update Information:
Update to latest release --------------------------------------------------------------------------------
================================================================================ oci-systemd-hook-0.1.9-1.gitaa42622.fc25 (FEDORA-2017-8c49b86e6c) OCI systemd hook for docker -------------------------------------------------------------------------------- Update Information:
Updated to work with newer versions of runc as well as docker-runc. It should work well with CRI-O Also. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1401537 - Cannot build image with --userns-remap set, permission denied https://bugzilla.redhat.com/show_bug.cgi?id=1401537 --------------------------------------------------------------------------------
================================================================================ pcp-3.12.0-1.fc25 (FEDORA-2017-9103ca28d1) System-level performance monitoring and performance management -------------------------------------------------------------------------------- Update Information:
Fix pcp-atop failure in open-ended write mode (BZ 1431292) ---- Correct subrpm inclusion of zeroconf config files (BZ 1456262) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1431292 - pmatop -w fails, bad -T argument to pmlogger https://bugzilla.redhat.com/show_bug.cgi?id=1431292 [ 2 ] Bug #1317515 - SELinux is preventing /usr/bin/bash from 'read' accesses on the directory /var/lib/pcp/pmdas. https://bugzilla.redhat.com/show_bug.cgi?id=1317515 [ 3 ] Bug #1376857 - poor pmlogconf performance, esp. with derived metrics https://bugzilla.redhat.com/show_bug.cgi?id=1376857 [ 4 ] Bug #1456262 - proc.* metrics being pmlogconf'd, even without pcp-zeroconf installed https://bugzilla.redhat.com/show_bug.cgi?id=1456262 --------------------------------------------------------------------------------
================================================================================ python-batinfo-0.4.2-5.fc25 (FEDORA-2017-9cd4056c89) Python module to retrieve battery information -------------------------------------------------------------------------------- Update Information:
Enable Python3 support by default --------------------------------------------------------------------------------
================================================================================ python-configargparse-0.12.0-1.fc25 (FEDORA-2017-b6bcea1333) A Python module with support for argparse, config files, and env variables -------------------------------------------------------------------------------- Update Information:
Update to new upstream version 0.12.0 --------------------------------------------------------------------------------
================================================================================ python-msrest-0.4.11-1.fc25 (FEDORA-2017-81992237dc) AutoRest swagger generator Python client runtime -------------------------------------------------------------------------------- Update Information:
###Version 0.4.11 Bugfixes * Fix incorrect dependency to ���requests��� 2.14.x, instead of 2.x meant in 0.4.8 ### Version 0.4.10 Features * Add requests hooks to configuration -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1460050 - python-msrest-v0.4.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1460050 --------------------------------------------------------------------------------
================================================================================ python-munkres-1.0.12-1.fc25 (FEDORA-2017-c8d4174f76) A Munkres algorithm for Python -------------------------------------------------------------------------------- Update Information:
Update to latest upstream release 1.0.12 --------------------------------------------------------------------------------
================================================================================ python-pyvo-0.6.1-1.fc25 (FEDORA-2017-7428d9e276) Access to remote data and services of the Virtual observatory (VO) using Python -------------------------------------------------------------------------------- Update Information:
New upstream release --------------------------------------------------------------------------------
================================================================================ python-streamlink-0.7.0-1.fc25 (FEDORA-2017-9b06e14503) Python library for extracting streams from various websites -------------------------------------------------------------------------------- Update Information:
0.7.0 of Streamlink! Since our May release, we've incorporated quite a few changes! Outlined are the major features in this month's release: * Stream types will now be sorted accordingly in terms of quality * TeamLiquid.net Plugin added * Numerous plugin & bug fixes * Updated HomeBrew package * Improved CLI documentation Many thanks to those who've contributed in this release! If you think that this application is helpful, please consider supporting the maintainers by [donating](https://streamlink.github.io/donate.html). See https://github.com/streamlink/streamlink/releases/tag/0.7.0 for more -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1466776 - python-streamlink-0.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1466776 --------------------------------------------------------------------------------
================================================================================ python-xmlbuilder-1.0-9.fc25 (FEDORA-2017-b1ff24f2b9) A python XML/(x)HTML builder -------------------------------------------------------------------------------- Update Information:
Renaming for Python 2 --------------------------------------------------------------------------------
================================================================================ qt5-qtwebengine-5.9.0-4.fc25 (FEDORA-2017-58cde32413) Qt5 - QtWebEngine components -------------------------------------------------------------------------------- Update Information:
This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069. Other important changes include: * Based on Chromium 56.0.2924.122 with security fixes from Chromium up to version 58.0.3029.96. (5.8.0 was based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75.) * [QTBUG-54650, QTBUG-59922] Accessibility is now disabled by default on Linux, like it is in Chrome, due to poor options for enabling it conditionally and its heavy performance impact. Set the environment variable `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it again. * [QTBUG-56531] Enabled `filesystem:` protocol handler. * [QTBUG-57720] Optimized incremental scene-graph rendering in particular for software rendering. * [QTBUG-60049] Enabled brotli support. * Many bug fixes, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.9.0?h=5.9 for details. In addition, this build includes a fix for https://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility in QtWebEngine 5.9.0 compared to 5.8.0. --------------------------------------------------------------------------------
================================================================================ reg-0.4.1-5.fc25 (FEDORA-2017-263decc3c1) Docker registry v2 command line client -------------------------------------------------------------------------------- Update Information:
Fix epel7 build and add upstream patch for single-run execution mode. ---- Fix build for epel7 ---- Add an upstream'd patch to enable single-run mode of reg- server that will create static html files and then exit instead of serving the files with built-in http server. ---- New package for Fedora. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1432214 - Review Request: reg - Docker registry v2 command line client. https://bugzilla.redhat.com/show_bug.cgi?id=1432214 --------------------------------------------------------------------------------
================================================================================ thermald-1.6-4.fc25 (FEDORA-2017-b7cc97e7ff) Thermal Management daemon -------------------------------------------------------------------------------- Update Information:
* Add upstream patch to fix ThermalMonitor * Add several fixes from upstream -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1464548 - [abrt] thermald-monitor: ThermaldInterface::getLowestValidTripTempForZone(): ThermalMonitor killed by signal 11 https://bugzilla.redhat.com/show_bug.cgi?id=1464548 --------------------------------------------------------------------------------
================================================================================ ugene-1.26.3-1.fc25.1 (FEDORA-2017-53d214b243) Integrated bioinformatics toolkit -------------------------------------------------------------------------------- Update Information:
This is a patch release that contains several major bug fixes and interface improvements requested by users. ---- Changes in the release include: 1. All databases, supported by SnpEff, are now available for prediction of variant effects. 2. By default, all documents are opened in tabs instead of windows. To change this parameter go to the Application Settings. 3. Support of high- resolution Retina displays. You can download the latest UGENE version on this page - http://ugene.unipro.ru/download.html. A new view for working with Sanger reads ��� the Chromatogram Alignment Editor ��� is planned for 1.27 version. Stay tuned! --------------------------------------------------------------------------------
================================================================================ weechat-1.9-1.fc25 (FEDORA-2017-2261491984) Portable, fast, light and extensible IRC client -------------------------------------------------------------------------------- Update Information:
New upstream version 1.9 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1464190 - New upstream version - 1.8 https://bugzilla.redhat.com/show_bug.cgi?id=1464190 [ 2 ] Bug #1450583 - weechat-1.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1450583 --------------------------------------------------------------------------------
================================================================================ xed-1.4.4-2.fc25 (FEDORA-2017-013f4a7a29) X-Apps [Text] Editor (Cross-DE, backward-compatible, GTK3, traditional UI) -------------------------------------------------------------------------------- Update Information:
* Fix filtered provides -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1463461 - xed-1.4.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1463461 --------------------------------------------------------------------------------
================================================================================ xviewer-1.4.3-2.fc25 (FEDORA-2017-23dfa8ba2b) Fast and functional graphics viewer -------------------------------------------------------------------------------- Update Information:
* Fix filtered provides -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1465898 - xviewer-1.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1465898 --------------------------------------------------------------------------------