Jump to content
Compatible Support Forums

news

Members
 View Profile  See their activity

  • Content count

    80899

  • Joined

  • Last visited

    Never

  • Days Won

    18

Everything posted by news

  1. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0227-1 Rating: important References: #1012852 #1013543 #1014271 #1019079 Cross-References: CVE-2016-10088 CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.21-69 fixes several issues. The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bsc#1019079). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). before 4.8.14 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-108=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-69-default-3-8.2 References: https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1019079 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  2. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0228-1 Rating: important References: #1012852 #1013543 #1014271 #1019079 Cross-References: CVE-2016-10088 CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.21-81 fixes several issues. The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bsc#1019079). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). before 4.8.14 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-110=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-81-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1019079 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  3. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0229-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.67-60_64_18 fixes several issues. The following security bugs were fixed: - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-111=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_18-default-3-2.1 kgraft-patch-3_12_67-60_64_18-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  4. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0230-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.59-60_45 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-113=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-6-2.1 kgraft-patch-3_12_59-60_45-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  5. news
    ** TECHSPOT ------------------------------------------------------------ ** Getting Started with Gmail Keyboard Shortcuts ------------------------------------------------------------ ** http://www.techspot.com/article/1319-gmail-shortcuts/ ------------------------------------------------------------ Keyboard shortcuts can be found in virtually every modern operating system, app and service. They may only shave off a second or two at a time but trust me, the savings can quickly add up when used on a regular basis. Such is the case with Gmail, one of the world’s most popular e-mail clients. Thank you. Julio Franco Executive Editor | TECHSPOT (http://www.techspot.com) ( -at -) juliofranco ----------------------------------- ============================================================ Our mailing address is: TechSpot 8237 NW 68 St Miami, FL 33166 USA
  6. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0231-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.51-60_25 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-116=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_25-default-8-2.1 kgraft-patch-3_12_51-60_25-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  7. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0232-1 Rating: important References: #1019079 Cross-References: CVE-2016-10088 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.21-90 fixes several issues. The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bsc#1019079). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-109=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-90-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-10088.html https://bugzilla.suse.com/1019079 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  8. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0233-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.53-60_30 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-117=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-7-2.1 kgraft-patch-3_12_53-60_30-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  9. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0234-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.57-60_35 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-115=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_57-60_35-default-6-2.1 kgraft-patch-3_12_57-60_35-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  10. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0235-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-114=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-6-2.1 kgraft-patch-3_12_59-60_41-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  11. news
    Title: Phanteks Enthoo Luxe Tempered Glass Edition Review ( -at -) NikKTech Description: The Enthoo Luxe Tempered Glass Edition by Phanteks is one of the very few feature-rich full towers in the market today that have a tempered glass side panel and if that's not enough for you the 4 pre-installed 140mm fans and the 4 RGB LED strips on both sides should do the trick. Article Link: http://www.nikktech.com/main/articles/pc-hardware/pc-cases/7370-phanteks-ent hoo-luxe-tempered-glass-edition-review Image Link: http://www.nikktech.com/main/images/pics/reviews/phanteks/enthoo_luxe_temper ed/enthoo_luxe_tempered_glassa.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas
  12. news
    SUSE Security Update: Security update for gstreamer-0_10-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0225-1 Rating: important References: #1012102 #1012103 #1012104 #1013653 #1013655 #1013663 Cross-References: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: gstreamer-0_10-plugins-good was updated to fix six security issues. These security issues were fixed: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104). - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gstreamer-0_10-plugins-good-12948=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gstreamer-0_10-plugins-good-12948=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gstreamer-0_10-plugins-good-0.10.30-5.14.1 gstreamer-0_10-plugins-good-doc-0.10.30-5.14.1 gstreamer-0_10-plugins-good-lang-0.10.30-5.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gstreamer-0_10-plugins-good-debuginfo-0.10.30-5.14.1 gstreamer-0_10-plugins-good-debugsource-0.10.30-5.14.1 References: https://www.suse.com/security/cve/CVE-2016-9634.html https://www.suse.com/security/cve/CVE-2016-9635.html https://www.suse.com/security/cve/CVE-2016-9636.html https://www.suse.com/security/cve/CVE-2016-9807.html https://www.suse.com/security/cve/CVE-2016-9808.html https://www.suse.com/security/cve/CVE-2016-9810.html https://bugzilla.suse.com/1012102 https://bugzilla.suse.com/1012103 https://bugzilla.suse.com/1012104 https://bugzilla.suse.com/1013653 https://bugzilla.suse.com/1013655 https://bugzilla.suse.com/1013663 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  13. news
    Gladiator SuperNova (i5 Kaby Lake) System Review ------------------------------------------------------------ http://us2.campaign-archive1.com/?u=bfb2b902b5fb045ad6f841f98&id=c9ac8d3385&e=872093acb5 http://www.kitguru.net Gladiator SuperNova (i5 Kaby Lake) System Review In November 2016 we partnered with Gladiator to bring you a pretty sweet competition (http://goo.gl/fbTs4T) . All you had to do was ‘spec-up’ a system costing between £800-1200 using Gladiator’s website, and the winner would not only receive that system as a fully-built PC, but the winning entry would also be built by Gladiator and reviewed by KitGuru. So, today, we are pleased to bring you our review of the Gladiator SuperNova, featuring an i5-7600K, Z270 motherboard and a GTX 1060. Read the review here: http://www.kitguru.net/desktop-pc/gaming-rig/dominic-moass/gladiator-supernova-i5-kaby-lake-system-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend1.com/forward?u=bfb2b902b5fb045ad6f841f98&id=c9ac8d3385&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  14. news
    TITLE: ASUS ROG STRIX GTX 1060 Review ( -at -) Vortez CONTENT: Today we'll be reviewing our fifth GTX 1060 by way of the STRIX GTX 1060 OC. This graphics card sits inside the Republic of Gamers (ROG) lineup and therefore has some rather special features which include the renowned DirectCU III cooler bearing a triple fan configuration, Aura RGB lighting, and a substantial factory overclock to both the GPU and memory. LINK: http://www.vortez.net/review.php?id=1259 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.
  15. news
    Hello LanOC Affiliates and newsletter subscribers, here is our newest posting. We would appreciate you spreading the word! LanOC Reviews has released a new article which you and your readers might enjoy. We would be grateful if you would please share it with them. *TITLE:* Fnatic Gear Clutch G1 ( -at -) LanOC Reviews <https://lanoc.org/review/input-devices/7432-fnatic-clutch-g1> *DESCRIPTION:* So have you ever heard of Func? What about Fnatic? Func was a mousepad manufacturer that later went on to make a few nice peripherals. Fnatic, on the other hand, is one of if not the biggest brand in eSports. Well about a year and a half ago Func closed its doors and Fnatic picked them up. Given all of the branded products that the eSports teams work with others on it wasn’t a huge shock to see one of them go into the market themselves. Fatal1ty did it solo and at this point, the Fnatic brand is a lot bigger, especially to the younger eSports fan. So a while back (frankly far too long ago, I'm just now catching up) Fnatic sent over their Clutch G1 for me to check out. I’ve spent some time with the Clutch G1 and now I can finally sit down and talk a little about its performance. *ARTICLE URL:* https://lanoc.org/review/input-devices/7432-fnatic-clutch-g1 *LARGE IMAGE URL:* https://lanoc.org/images/reviews/2017/fnatic_clutch_g1/title.jpg *SMALL IMAGE URL:* https://lanoc.org/images/reviews/2017/fnatic_clutch_g1/email.jpg Thank you for your help Our content is syndicated by *RSS* 2.0 at: http://lanoc.org/review?fo rmat=feed&type=atom Check out our *YouTube* Channel: http://www.youtube.com/user/LanocReviews Follow us on *Twitter*: http://www.twitter.com/LanOC_Reviews Join our group on *Facebook*: http://www.facebook.com/LanOCReviews Join our *Steam* Group: http://steamcommunity.com/groups/lanoc *If this message has been sent to an incorrect address, or you no longer wish to receive our news, please email us back and let us know at reviews ( -at -) lanoc.org* ---------------------------------------- Wes Compton Editor-in-Chief LanOC Reviews http://lanoc.org ( -at -) LanOC_Reviews <http://twitter.com/#!/LanOC_Reviews> Google Plus <https://plus.google.com/u/1/b/111054267662763089650/> Our Facebook Page <http://www.facebook.com/LanOCReviews>
  16. news
    <http://www.eteknix.com> MSI GT62VR 7RE Dominator Pro Kaby Lake First Look MSI's gaming laptops have gained a special status for their gorgeous sense of style and astounding features. It's no surprise that the latest data puts their firmly in the lead as the world's most successful gaming laptop manufacturer. Honestly, it's thoroughly deserved and I'm pleased to see the MSI pushing the technical envelope further and making laptops a true alternative to traditional desktops. Of course, the advent of NVIDIA's highly-efficient Pascal architecture played a huge part in this progress and dramatically cut the performance deficit between the two form-factors. Compiling any kind of system requires a balanced, thoughtful approach and ensuring the weakest link doesn't inhibit the user-experience. While the previous generation Intel processors in the form of the i7-6700HQ and i7-6820HK complemented high-end graphics hardware pretty well, there's always room for improvement. URL - http://www.eteknix.com/msi-gt62vr-7re-dominator-pro-kaby-lake-first-look/ --
  17. news
    <http://www.eteknix.com> Creative Sound BlasterX Siege M04 Gaming Mouse Review Today is a special day for us here at eTeknix as we put the latest Creative hardware to the test! Of course, you may be thinking “but Creative don't make peripherals?†and that has been true for a very long time, given they've always focused on audio hardware and have great success in that market. Now with their continued support of eSports teams, especially with their DAC and Headset products, Creative is looking to put a keyboard and mouse in gamers hands, as well as a headset on their head. URL - http://www.eteknix.com/creative-sound-blasterx-siege-m04-gaming-mouse-review/ --
  18. news

    ANNOUNCE: gtkmm 3.89.3

    news posted a topic in Upcoming News

    *** gtkmm gtkmm 3.89 wraps GTK+ 3.89. It will become gtkmm 4.0, wrapping GTK+ 4.0. It is a version of the gtkmm-4.0 API. It installs in parallel with gtkmm-3.0. gtkmm stays in-sync with gtk+ by (mostly) following the official GNOME release schedule: http://www.gnome.org/start/unstable/ http://www.gtkmm.org *** Changes 3.89.3: (unstable) Distro packagers should probably not package this yet. Gtk: * Grid: attach(): Add default values.  (Kjell Ahlstedt) * TextIter:  - TextIter: Make a real const_iterator  (Kjell Ahlstedt) Bug #142126  - forward/backward_find_char(): Take a sigc::slot  instead of a function pointer.  (Kjell Ahlstedt) Documentation: * Demos: Remove obsolete text from the TextView demo  (Kjell Ahlstedt) -- Murray Cumming murrayc ( -at -) murrayc.com www.murrayc.com _______________________________________________
  19. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: python-XStatic-jquery-ui security update Advisory ID: RHSA-2017:0161-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0161.html Issue date: 2017-01-19 CVE Names: CVE-2016-7103 ===================================================================== 1. Summary: An update for python-XStatic-jquery-ui is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - noarch 3. Description: jQuery UI is a set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript library. Security Fix(es): * It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user. (CVE-2016-7103) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1360286 - CVE-2016-7103 jquery-ui: cross-site scripting in dialog closeText 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: python-XStatic-jquery-ui-1.12.0.1-1.el7ost.src.rpm noarch: python-XStatic-jquery-ui-1.12.0.1-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7103 https://access.redhat.com/security/updates/classification/#low https://nodesecurity.io/advisories/127 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgVmHXlSAg2UNWIIRAqOYAJ9CAZh5RyphQZ1aLSPaLXC0EDwn8gCgmPXf Oe38j2e0sr/a93CI+Xr7Lj0= =sqRG -----END PGP SIGNATURE----- --
  20. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder security update Advisory ID: RHSA-2017:0156-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0156.html Issue date: 2017-01-19 CVE Names: CVE-2015-5162 ===================================================================== 1. Summary: Updated openstack-cinder packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - noarch 3. Description: OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API. Security Fix(es): * A resource vulnerability in the Block Storage (cinder) service was found in its use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1198169 - Cinder volumes attached to none 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources 1370012 - NetApp Cinder driver: cloning operations are unsuccessful 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7: Source: openstack-cinder-2014.2.4-11.el7ost.src.rpm noarch: openstack-cinder-2014.2.4-11.el7ost.noarch.rpm openstack-cinder-doc-2014.2.4-11.el7ost.noarch.rpm python-cinder-2014.2.4-11.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5162 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgU6lXlSAg2UNWIIRAv7hAJ4s7TIuGiStvCJ/sAMTwU8lP8cXWgCgm88h q0BrLuhJeNwqDYcGd6ZmZ2k= =kDYP -----END PGP SIGNATURE----- --
  21. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder security update Advisory ID: RHSA-2017:0153-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0153.html Issue date: 2017-01-19 CVE Names: CVE-2015-5162 ===================================================================== 1. Summary: An update for openstack-cinder is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 - noarch 3. Description: OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API. Security Fix(es): * A resource vulnerability in the Block Storage (cinder) service was found in its use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7: Source: openstack-cinder-2014.1.5-9.el7ost.src.rpm noarch: openstack-cinder-2014.1.5-9.el7ost.noarch.rpm openstack-cinder-doc-2014.1.5-9.el7ost.noarch.rpm python-cinder-2014.1.5-9.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5162 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgU6HXlSAg2UNWIIRAmnUAKCrAMvyaA8ZIjtFDaNAwemHLUv2UQCglB8I w0gIbNeTkVdyG4alE01AiSc= =bvVL -----END PGP SIGNATURE----- --
  22. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder security update Advisory ID: RHSA-2017:0165-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0165.html Issue date: 2017-01-19 CVE Names: CVE-2015-5162 ===================================================================== 1. Summary: An update for openstack-cinder is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 - noarch 3. Description: OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API. Security Fix(es): * A resource vulnerability in the Block Storage (cinder) service was found in its use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6: Source: openstack-cinder-2014.1.5-9.el6ost.src.rpm noarch: openstack-cinder-2014.1.5-9.el6ost.noarch.rpm openstack-cinder-doc-2014.1.5-9.el6ost.noarch.rpm python-cinder-2014.1.5-9.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5162 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgU7BXlSAg2UNWIIRAjMsAJ9SQo/s2AoQbxutqh4LQ7TTKay64wCfRBMs aHBiZ58uCJj+SMj5IV686KI= =AL03 -----END PGP SIGNATURE----- --
  23. news
    SteelSeries' Apex M500 keyboard ditches RGB LED backlighting and complicated software for a simple look and feel pinned on the quality typing experience of Cherry MX Red or MX Blue switches. We got in many hours of gaming on this board to see whether it lives up to its $100 price tag. Read more: http://techreport.com/review/31152/steelseries-apex-m500-keyboard-reviewed --- The Tech Report - PC Hardware Explored http://techreport.com -- To unsubscribe from: TR-News, just follow this link: http://node1.techreport.com/cgi-bin/dada/mail.cgi/u/trnews/reviewnews// Click this link, or copy and paste the address into your browser.
  24. news
    SUSE Security Update: Security update for gstreamer-0_10-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0210-1 Rating: important References: #1012102 #1012103 #1012104 #1013653 #1013655 #1013663 Cross-References: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for gstreamer-0_10-plugins-good fixes the following issues: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-104=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-104=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gstreamer-0_10-plugins-good-0.10.31-16.1 gstreamer-0_10-plugins-good-debuginfo-0.10.31-16.1 gstreamer-0_10-plugins-good-debugsource-0.10.31-16.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gstreamer-0_10-plugins-good-lang-0.10.31-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-0_10-plugins-good-lang-0.10.31-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-0_10-plugins-good-0.10.31-16.1 gstreamer-0_10-plugins-good-debuginfo-0.10.31-16.1 gstreamer-0_10-plugins-good-debugsource-0.10.31-16.1 References: https://www.suse.com/security/cve/CVE-2016-9634.html https://www.suse.com/security/cve/CVE-2016-9635.html https://www.suse.com/security/cve/CVE-2016-9636.html https://www.suse.com/security/cve/CVE-2016-9807.html https://www.suse.com/security/cve/CVE-2016-9808.html https://www.suse.com/security/cve/CVE-2016-9810.html https://bugzilla.suse.com/1012102 https://bugzilla.suse.com/1012103 https://bugzilla.suse.com/1012104 https://bugzilla.suse.com/1013653 https://bugzilla.suse.com/1013655 https://bugzilla.suse.com/1013663 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  25. news
    Hi News Poster HardwareOverclock.com has just posted another review. Last week we have tested the Scythe Mugen 5 cpu cooler. Title: Scythe Mugen 5 cpu cooler ( -at -) HardwareOverclock.com Link: http://hardwareoverclock.com/Scythe-Mugen-5-CPU-Kuehler.htm Image: http://hardwareoverclock.com/kuehler/Scythe-Mugen-5-19.jpg Thanks for posting our news. Pls feel free and send us your News too. Rene Ruf Chefredakteur HardwareOverclock.com <mailto:admin ( -at -) hardwareoverclock.com> mailto:admin ( -at -) hardwareoverclock.com hardwareoverclock.com
×