This updates addresses a critical security vulnerability in the DNS resolver related to AF_UNSPEC
queries with getaddrinfo
(CVE-2015-7547).
In addition, a bug that causes Hesiod lookups to fail with a crash is fixed.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2016-0f9e9a34ce
Please login to add feedback.
This update has been submitted for testing by fweimer.
No problems noticed after manually updating from koji and rebooting.
Looks good to me as well.
Works fine for me
Additionally verified that no more segfault occurs with provided PoC.
Works for me.
works for me
Also no problems noticed after manually updating from koji and rebooting.
works for me.
works for me
karma: +1
working OK here. haven't confirmed security fix, but no critpath problems.
Everything working fine after a reboot. Didn't check CVE-2015-7547.
No issues noted in everyday use.
6 hours after the build was completed and still in pending state and not in the updates-testing repo (not counting that it should go directly to the stable repo)? Fix for serious security bug? Are you joking?
+1
I'm with anonymous.. these security updates take too long.
This update has been pushed to testing.
This update has been submitted for stable by bodhi.
works for me
karma: +1
works here
works here
Works for me
This update has been pushed to stable.
This update reliably causes my self-built Firefox to fail to resolve hostnames after being installed. Hostnames are generally resolvable by other tools, but the Firefox failure is immediate and almost total. glibc-2.22-7.fc23 works fine.
cks: Did you file a bug report with more, detailed information?
I've asked cks by email to help us triage what's going on with his Firefox builds.
See https://bugzilla.redhat.com/show_bug.cgi?id=1252570#c6 for the issue reported by cks. If we say reboot required, we actually mean it. ☺
works for me.
Where is update for Fedora 22? :-(
@anonymous here is the update for F22: https://bodhi.fedoraproject.org/updates/FEDORA-2016-0480defc94 which is pushed to stable and was deployed from koji 30 hours ago to all our production servers by me
Any chance of a Fedora 21 update?
@anonymous: Fedora 21 is EOL long ago and should not be installed anywhere this time so there is no chance and this bodhi ticket is ONLY for the F23 build