The following Fedora 23 Security updates need testing:
Age URL
442
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
400
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
373
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
323
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
323
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
130
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23
119
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23
112
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
96
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14
dhcpcd-6.11.3-1.fc23
61
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
54
https://bodhi.fedoraproject.org/updates/FEDORA-2016-17ea599651
compat-guile18-1.8.8-14.fc23
38
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b89e991e63
nodejs-0.10.48-1.fc23
28
https://bodhi.fedoraproject.org/updates/FEDORA-2016-272fa6b96e dracut-043-67.fc23
16
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5afe06026b
jenkins-1.625.3-5.fc23 jenkins-remoting-2.62.3-1.fc23
13
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e8a8561ee7
ntp-4.2.6p5-43.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7fc142da66
phpMyAdmin-4.6.5.1-2.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a571b97ebb
php-php-gettext-1.0.12-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4896f20b3
roundcubemail-1.2.3-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bf6c3ea62c
perl-DBD-MySQL-4.033-4.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7da97a3914
mcabber-1.0.4-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c33466fbb
tomcat-8.0.39-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a400e4cd90
thunderbird-45.5.1-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5c32bae671
php-simplesamlphp-saml2-2.3.3-1.fc23 php-simplesamlphp-saml2_1-1.10.3-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-30077d1b37
ipsilon-2.0.2-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e5ff0ed40c lxc-2.0.6-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c17cb9648
kernel-4.8.12-100.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
139
https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23
libreport-2.6.4-3.fc23
112
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
73
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e
python-virtkey-0.63.0-1.fc23
66
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a
koji-1.10.1-13.fc23
61
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
45
https://bodhi.fedoraproject.org/updates/FEDORA-2016-86a2119f42 nspr-4.13.1-1.fc23
30
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0906f64ec8 rpm-4.13.0-1.fc23
28
https://bodhi.fedoraproject.org/updates/FEDORA-2016-272fa6b96e dracut-043-67.fc23
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-62b8930463
pciutils-3.5.2-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-03d76071b6
nss-3.27.0-1.3.fc23
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b5b28b69e2
mod_perl-2.0.10-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8ec81aeba6
dbus-1.10.14-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bf6c3ea62c
perl-DBD-MySQL-4.033-4.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6064f86234 vim-8.0.118-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a400e4cd90
thunderbird-45.5.1-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ac1042dfcc
libbluray-0.9.3-3.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c17cb9648
kernel-4.8.12-100.fc23
The following builds have been pushed to Fedora 23 updates-testing
bibus-1.5.2-1.fc23
ipsilon-2.0.2-2.fc23
kernel-4.8.12-100.fc23
libabigail-1.0-0.8.rc6.3.fc23
lxc-2.0.6-2.fc23
mariadb-10.0.28-1.fc23
mup-6.5-1.fc23
netpbm-10.76.00-2.fc23
picojson-1.3.0-1.fc23
purple-hangouts-0-41.20161128hg4c2de0f.fc23
python-adal-0.4.3-1.fc23
qmc2-0.70-1.fc23
xosview-1.19-1.fc23
Details about builds:
================================================================================
bibus-1.5.2-1.fc23 (FEDORA-2016-456a75666a)
Bibliographic and reference management software
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream release 1.5.2, fixes rhbz #757675 - Added patch to
fixes rhbz #1190916 (thanks to Scott Talbert)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #757675 - bibus-1.5.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=757675
[ 2 ] Bug #1190916 - bibus: deprecation warning with wxPython 3.0
https://bugzilla.redhat.com/show_bug.cgi?id=1190916
--------------------------------------------------------------------------------
================================================================================
ipsilon-2.0.2-2.fc23 (FEDORA-2016-30077d1b37)
An Identity Provider Server
--------------------------------------------------------------------------------
Update Information:
New Ipsilon 2.0 release. ---- Main changes since 1.2: Security fix for
���CVE-2016-8638 OpenID Connect 2.0 OAuth 2 User portal with consent management
Authorization plugin support Support for adding an instance to the web root Lots
of bugfixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1348585 - Ipsilon form config contains wrong PAM service file
https://bugzilla.redhat.com/show_bug.cgi?id=1348585
[ 2 ] Bug #1346336 - New ipsilon-idp.conf doesn't work with mod_nss installed
https://bugzilla.redhat.com/show_bug.cgi?id=1346336
[ 3 ] Bug #1396973 - CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1396973
[ 4 ] Bug #1391445 - Using ipsilon-client-install --saml-auth produces Alias /protected
/usr/share/ipsilon/ui/saml2sp
https://bugzilla.redhat.com/show_bug.cgi?id=1391445
--------------------------------------------------------------------------------
================================================================================
kernel-4.8.12-100.fc23 (FEDORA-2016-9c17cb9648)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.8.12 stable update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400804 - CVE-2016-9777 Kernel: kvm: out of bounds memory access via vcpu_id
https://bugzilla.redhat.com/show_bug.cgi?id=1400804
[ 2 ] Bug #1400468 - CVE-2016-9756 Kernel: kvm: stack memory information leakage
https://bugzilla.redhat.com/show_bug.cgi?id=1400468
[ 3 ] Bug #1400904 - CVE-2016-9755 kernel: netfilter: Out-of-bounds write due to a
signedness issue when defragmenting ipv6 packets
https://bugzilla.redhat.com/show_bug.cgi?id=1400904
--------------------------------------------------------------------------------
================================================================================
libabigail-1.0-0.8.rc6.3.fc23 (FEDORA-2016-d9cb438e37)
Set of ABI analysis tools
--------------------------------------------------------------------------------
Update Information:
Fix upstream Bug 20927 - Segfault when abidiff is invoked with $HOME not set
---- Fix an issue where some suppressed diff nodes are still visible in change
reports ---- Update to upstream 1.0.rc6 tarball
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1352547 - Missing pyxdg as Requires in libabigail-1.0-0.8.rc5.3.fc24
https://bugzilla.redhat.com/show_bug.cgi?id=1352547
[ 2 ] Bug #19658 - None
https://bugzilla.redhat.com/show_bug.cgi?id=19658
--------------------------------------------------------------------------------
================================================================================
lxc-2.0.6-2.fc23 (FEDORA-2016-e5ff0ed40c)
Linux Resource Containers
--------------------------------------------------------------------------------
Update Information:
Update LXC to the latest stable version. See
[
here](https://linuxcontainers.org/lxc/news/) for the list of changes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1398242 - CVE-2016-8649 lxc: lxc-attach to malicious container allows access
to host
https://bugzilla.redhat.com/show_bug.cgi?id=1398242
--------------------------------------------------------------------------------
================================================================================
mariadb-10.0.28-1.fc23 (FEDORA-2016-50ae10d7de)
A community developed branch of MySQL
--------------------------------------------------------------------------------
Update Information:
Related: 1096787
--------------------------------------------------------------------------------
================================================================================
mup-6.5-1.fc23 (FEDORA-2016-14b541b5c7)
A music notation program that can also generate MIDI files
--------------------------------------------------------------------------------
Update Information:
Update to Mup 6.5
--------------------------------------------------------------------------------
================================================================================
netpbm-10.76.00-2.fc23 (FEDORA-2016-56c1d8f9f4)
A library for handling different graphics file formats
--------------------------------------------------------------------------------
Update Information:
add missing directives about bundled libraries jasper and jbigkit ---- New
version of netpbm is available (10.76.00)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1395716 - netpbm sources contains bunndled jbigkit and jasper libraries
https://bugzilla.redhat.com/show_bug.cgi?id=1395716
[ 2 ] Bug #1393713 - netpbm-10.76.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1393713
--------------------------------------------------------------------------------
================================================================================
picojson-1.3.0-1.fc23 (FEDORA-2016-eebc96fea7)
A header-file-only, JSON parser / serializer in C++
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new release 1.3.0 + spec clean updisabled empty debuginfo - Fixes
rhbz #1114328 rhbz #1175221 and rhbz #1307862
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1307862 - picojson: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1307862
[ 2 ] Bug #1114328 - picojson-debuginfo is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1114328
[ 3 ] Bug #1175221 - picojson-1.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1175221
--------------------------------------------------------------------------------
================================================================================
purple-hangouts-0-41.20161128hg4c2de0f.fc23 (FEDORA-2016-e3e67153c3)
Hangouts plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated to latest snapshot.
--------------------------------------------------------------------------------
================================================================================
python-adal-0.4.3-1.fc23 (FEDORA-2016-b883fa6d55)
ADAL for Python
--------------------------------------------------------------------------------
Update Information:
###ADAL for Python 0.4.3 * Fixes logger bug to ensure proper logging * Updates
dependency to exclude the requests package 2.12.* * Introduces a new switch to
override the default behavior ###ADAL for Python 0.4.2 * Fix decoding
exception when decoding id_token with non-ASCII characters on Python 2.x * Minor
adjustment on version string handling ###ADAL for Python 0.4.1 * Fix encoding
exceptions on formatting error text * Minor typo fixes in sample code ###ADAL
for Python 0.4.0 * Support login using federated credentials through protocols
of wstrust 1.3 or 2005 * Support http tracing through proxies by exposing the
environment variable of ADAL_PYTHON_SSL_NO_VERIFY ###ADAL for Python 0.3.0 *
Support device code flow, required for accounts with 2FA enforced, or MSA
accounts such as live id * Support service principal with certificate. * Support
token cache. * Remove all JS style of callbacks for better code readability and
maintainability. * Improve 'AuthenticationContext' class to be consistent with
ADAL node and C# versions. * Add samples showing how to use the ADAL in correct
ways. Convenient methods in init.py were removed as it has no integrations with
cache and used client id belonging to other client app. * Update readme with
common authentication flows and smooth package installations. * Update for US
Government and German Government Authority.
--------------------------------------------------------------------------------
================================================================================
qmc2-0.70-1.fc23 (FEDORA-2016-9f5d991ec3)
M.A.M.E. Catalog / Launcher II
--------------------------------------------------------------------------------
Update Information:
An update to the latest qmc2 release: *
http://qmc2.batcom-
it.net/index.php/2016/11/30/qmc2-0-70-released/
--------------------------------------------------------------------------------
================================================================================
xosview-1.19-1.fc23 (FEDORA-2016-4bc2acdc5d)
An X Window System utility for monitoring system resources
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream release 1.19, fixes rhbz #1401149 - Do not use
upstreamed patches (already in latest release)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401149 - xosview-1.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1401149
--------------------------------------------------------------------------------