news

openSUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0194-1 Rating: important References: #1007454 #1008519 #1009109 #1013285 #1013341 #1013764 #1013767 #1014109 #1014110 #1014111 #1014112 #1014256 #1014514 #1016779 #937125 Cross-References: CVE-2016-9102 CVE-2016-9103 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has two fixes is now available. Description: qemu was updated to fix several issues. These security issues were fixed: - CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number (bsc#1014256). - CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values writing to them (bsc#1007454). - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285). - CVE-2016-9845: The Virtio GPU Device emulator support as vulnerable to an information leakage issue while processing the 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could have used this flaw to leak contents of the host memory (bsc#1013767). - CVE-2016-9846: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while up[censored] the cursor data in update_cursor_data_virgl. A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host (bsc#1013764). - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109). - CVE-2016-9908: The Virtio GPU Device emulator support was vulnerable to an information leakage issue while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could have used this flaw to leak contents of the host memory (bsc#1014514). - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111). - CVE-2016-9912: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host (bsc#1014112). - CVE-2016-9913: VirtFS was vulnerable to memory leakage issue via its '9p-handle' or '9p-proxy' backend drivers. A privileged user inside guest could have used this flaw to leak host memory, thus affecting other services on the host and/or potentially crash the Qemu process on the host (bsc#1014110). These non-security issues were fixed: - Fixed uint64 property parsing and add regression tests (bsc#937125) - Added a man page for kvm_stat - Fix crash in vte (bsc#1008519) - Various upstream commits targeted towards stable releases (bsc#1013341) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-116=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): qemu-2.6.2-26.1 qemu-arm-2.6.2-26.1 qemu-arm-debuginfo-2.6.2-26.1 qemu-block-curl-2.6.2-26.1 qemu-block-curl-debuginfo-2.6.2-26.1 qemu-block-dmg-2.6.2-26.1 qemu-block-dmg-debuginfo-2.6.2-26.1 qemu-block-iscsi-2.6.2-26.1 qemu-block-iscsi-debuginfo-2.6.2-26.1 qemu-block-ssh-2.6.2-26.1 qemu-block-ssh-debuginfo-2.6.2-26.1 qemu-debugsource-2.6.2-26.1 qemu-extra-2.6.2-26.1 qemu-extra-debuginfo-2.6.2-26.1 qemu-guest-agent-2.6.2-26.1 qemu-guest-agent-debuginfo-2.6.2-26.1 qemu-kvm-2.6.2-26.1 qemu-lang-2.6.2-26.1 qemu-linux-user-2.6.2-26.1 qemu-linux-user-debuginfo-2.6.2-26.1 qemu-linux-user-debugsource-2.6.2-26.1 qemu-ppc-2.6.2-26.1 qemu-ppc-debuginfo-2.6.2-26.1 qemu-s390-2.6.2-26.1 qemu-s390-debuginfo-2.6.2-26.1 qemu-testsuite-2.6.2-26.1 qemu-tools-2.6.2-26.1 qemu-tools-debuginfo-2.6.2-26.1 qemu-x86-2.6.2-26.1 qemu-x86-debuginfo-2.6.2-26.1 - openSUSE Leap 42.2 (noarch): qemu-ipxe-1.0.0-26.1 qemu-seabios-1.9.1-26.1 qemu-sgabios-8-26.1 qemu-vgabios-1.9.1-26.1 - openSUSE Leap 42.2 (x86_64): qemu-block-rbd-2.6.2-26.1 qemu-block-rbd-debuginfo-2.6.2-26.1 References: https://www.suse.com/security/cve/CVE-2016-9102.html https://www.suse.com/security/cve/CVE-2016-9103.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9845.html https://www.suse.com/security/cve/CVE-2016-9846.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9908.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9912.html https://www.suse.com/security/cve/CVE-2016-9913.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://bugzilla.suse.com/1007454 https://bugzilla.suse.com/1008519 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1013285 https://bugzilla.suse.com/1013341 https://bugzilla.suse.com/1013764 https://bugzilla.suse.com/1013767 https://bugzilla.suse.com/1014109 https://bugzilla.suse.com/1014110 https://bugzilla.suse.com/1014111 https://bugzilla.suse.com/1014112 https://bugzilla.suse.com/1014256 https://bugzilla.suse.com/1014514 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/937125 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

openSUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0193-1 Rating: important References: #1018699 #1018700 #1018701 #1018702 Cross-References: CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-114=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-114=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): bind-9.9.9P1-43.1 bind-chrootenv-9.9.9P1-43.1 bind-debuginfo-9.9.9P1-43.1 bind-debugsource-9.9.9P1-43.1 bind-devel-9.9.9P1-43.1 bind-libs-9.9.9P1-43.1 bind-libs-debuginfo-9.9.9P1-43.1 bind-lwresd-9.9.9P1-43.1 bind-lwresd-debuginfo-9.9.9P1-43.1 bind-utils-9.9.9P1-43.1 bind-utils-debuginfo-9.9.9P1-43.1 - openSUSE Leap 42.2 (noarch): bind-doc-9.9.9P1-43.1 - openSUSE Leap 42.2 (x86_64): bind-libs-32bit-9.9.9P1-43.1 bind-libs-debuginfo-32bit-9.9.9P1-43.1 - openSUSE Leap 42.1 (i586 x86_64): bind-9.9.9P1-45.1 bind-chrootenv-9.9.9P1-45.1 bind-debuginfo-9.9.9P1-45.1 bind-debugsource-9.9.9P1-45.1 bind-devel-9.9.9P1-45.1 bind-libs-9.9.9P1-45.1 bind-libs-debuginfo-9.9.9P1-45.1 bind-lwresd-9.9.9P1-45.1 bind-lwresd-debuginfo-9.9.9P1-45.1 bind-utils-9.9.9P1-45.1 bind-utils-debuginfo-9.9.9P1-45.1 - openSUSE Leap 42.1 (noarch): bind-doc-9.9.9P1-45.1 - openSUSE Leap 42.1 (x86_64): bind-libs-32bit-9.9.9P1-45.1 bind-libs-debuginfo-32bit-9.9.9P1-45.1 References: https://www.suse.com/security/cve/CVE-2016-9131.html https://www.suse.com/security/cve/CVE-2016-9147.html https://www.suse.com/security/cve/CVE-2016-9444.html https://bugzilla.suse.com/1018699 https://bugzilla.suse.com/1018700 https://bugzilla.suse.com/1018701 https://bugzilla.suse.com/1018702 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: docker-latest security, bug fix, and enhancement update Advisory ID: RHSA-2017:0123-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0123.html Issue date: 2017-01-17 CVE Names: CVE-2016-9962 ===================================================================== 1. Summary: An update for docker-latest is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 7 Extras - x86_64 3. Description: Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, and self-sufficient container that will run virtually anywhere. The following packages have been upgraded to a newer upstream version: docker-latest (1.12.5). (BZ#1404309) Security Fix(es): * The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can, depending on the nature of the incoming process, leverage this to elevate access to the host. This ranges from accessing host content through the file descriptors of the incoming process to, potentially, a complete container escape by leveraging memory access or syscall interception. (CVE-2016-9962) Red Hat would like to thank the Docker project for reporting this issue. Upstream acknowledges Aleksa Sarai (SUSE) and Tonis Tiigi (Docker) as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1402086 - Can't open '/path/to/dir': No such file or directory; volume still in use 1404309 - [extras-rhel-7.3.2] rebase docker-latest to v1.12.4 + projectatomic patches 1406500 - fork/exec .../docker-runc: no such file or directory 1409531 - CVE-2016-9962 docker: insecure opening of file-descriptor allows privilege escalation 6. Package List: Red Hat Enterprise Linux 7 Extras: Source: docker-latest-1.12.5-14.el7.src.rpm x86_64: docker-client-latest-1.12.5-14.el7.x86_64.rpm docker-latest-1.12.5-14.el7.x86_64.rpm docker-latest-logrotate-1.12.5-14.el7.x86_64.rpm docker-latest-v1.10-migrator-1.12.5-14.el7.x86_64.rpm Red Hat Enterprise Linux 7 Extras: Source: docker-latest-1.12.5-14.el7.src.rpm x86_64: docker-client-latest-1.12.5-14.el7.x86_64.rpm docker-latest-1.12.5-14.el7.x86_64.rpm docker-latest-logrotate-1.12.5-14.el7.x86_64.rpm docker-latest-v1.10-migrator-1.12.5-14.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9962 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/cve-2016-9962 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfyJgXlSAg2UNWIIRAnnrAJ0WipR3/8Utg6oSRT9+rA+qCJNBwACfdzre 5i8Y5oFQv6p1oD1EYBZRWLo= =mgBp -----END PGP SIGNATURE----- --

A new unstable release! Shotwell is available for download at https://download.gnome.org/sources/shotwell/0.25/ Or for Ubuntu 16.x at the UNSTABLE PPA: https://launchpad.net/~yg-jensge/+archive/ubuntu/shotwell-unstable Shotwell 0.25.3 - 16 Jan 2017 * Fix event page context menu * Try to guess character set of string when UTF-8 validation fails * Fix tags context menu * Properly switch menu bar when changing pages * Fix rating * Fix a critical about reparenting a popup menu * Fix sidebar context menu * Fix toolbar in camera import page * Update glade files for all publishers * Flickr: Simplify OAuth parsing by using libsoup * Fix accellerators not coming from menu model * Add -f as shortcut for search bar * Remove AppMenu, needs more thinking about the design. * Flickr: Use human-readable size of upload quota * Fix leave fullscreen option * Fix upload issues with flickr * Fix several disabled actions when switching away from pages * Fix actions in fullscreen * Fix several typos * Piwigo: Fix title and comments on upload * Improved duplicate detection * Updated translations Bugs fixed in this release: - https://bugzilla.gnome.org/show_bug.cgi?id=718107 - https://bugzilla.gnome.org/show_bug.cgi?id=775196 - https://bugzilla.gnome.org/show_bug.cgi?id=776298 - https://bugzilla.gnome.org/show_bug.cgi?id=776527 - https://bugzilla.gnome.org/show_bug.cgi?id=776589 - https://bugzilla.gnome.org/show_bug.cgi?id=776614 - https://bugzilla.gnome.org/show_bug.cgi?id=776664 - https://bugzilla.gnome.org/show_bug.cgi?id=776839 All contributors to this release: - Jens Georg - Piotr Drąg - Marina Prado - Richard B. Kreckel - Marek Černocký - DuÅ¡an Kazik - Rafael Fontenelle - Andreas Brauchli - Amos Brocco - Alan Mortensen Added/updated translations - cs, courtesy of Marek Černocký - da, courtesy of Alan Mortensen - es, courtesy of Daniel Mustieles - ko, courtesy of Kim Boram - pl, courtesy of Piotr Drąg - pt_BR, courtesy of Rafael Fontenelle - sk, courtesy of DuÅ¡an Kazik - sr, courtesy of ÃœøрþÑÂûðò ÃÂøúþûøћ - sr ( -at -) latin, courtesy of Miroslav Nikolić _______________________________________________

A new unstable release of Rygel! Download source tarball here: http://download.gnome.org/sources/rygel/0.33/ 0.33.0 ====== - Translation updates - Several fixes for recent vala compiler MediaExport: - Blacklist VA-API for extractor Bugs fixed in this release: - https://bugzilla.gnome.org/show_bug.cgi?id=775152 All contributors to this release: - Jens Georg - Piotr Drąg - Rico Tzschichholz - Stas Solovey - Rafael Fontenelle - Matej UrbanÄÂiÄ - Mario Blättermann - Marek Černocký - Jiri Grönroos - Gianvito Cavasoli - Gábor Kelemen - Fabio Tomat - Daniel Mustieles - Aurimas Černius - Ask Hjorth Larsen - Anders Jonsson Added/updated translations - cs, courtesy of Marek Černocký - da, courtesy of Ask Hjorth Larsen - de, courtesy of Mario Blättermann - es, courtesy of Daniel Mustieles - fi, courtesy of Jiri Grönroos - fur, courtesy of Fabio Tomat - hu, courtesy of Gabor Kelemen - it, courtesy of Gianvito Cavasoli - ko, courtesy of Changwoo Ryu - lt, courtesy of Aurimas Černius - pl, courtesy of Piotr Drąg - pt_BR, courtesy of Rafael Fontenelle - ru, courtesy of Stas Solovey - sl, courtesy of Matej UrbanÄÂiÄ - sr, courtesy of ÃœøрþÑÂûðò ÃÂøúþûøћ - sr ( -at -) latin, courtesy of Miroslav Nikolić - sv, courtesy of Anders Jonsson -------- What is Rygel? Rygel is a home media solution that allows you to easily share audio, video and pictures, and control of media player on your home network. In technical terms it is both a UPnP AV MediaServer and MediaRenderer implemented through a  plug-in mechanism. Interoperability with other devices in the market is achieved  by conformance to very strict requirements of DLNA and on the fly  conversion of media to formats that client devices are capable of handling. More information at our project home page: http://www.rygel-project.org _______________________________________________

That's 0.25.3 of course. A new stable bugfix release and PPA packages will follow tonight. > A new unstable release! > > Shotwell is available for download at > > https://download.gnome.org/sources/shotwell/0.25/ > > Or for Ubuntu 16.x at the UNSTABLE PPA: > https://launchpad.net/~yg-jensge/+archive/ubuntu/shotwell-unstable > > Shotwell 0.25.3 - 16 Jan 2017 > * Fix event page context menu > * Try to guess character set of string when UTF-8 validation fails > * Fix tags context menu > * Properly switch menu bar when changing pages > * Fix rating > * Fix a critical about reparenting a popup menu > * Fix sidebar context menu > * Fix toolbar in camera import page > * Update glade files for all publishers > * Flickr: Simplify OAuth parsing by using libsoup > * Fix accellerators not coming from menu model > * Add -f as shortcut for search bar > * Remove AppMenu, needs more thinking about the design. > * Flickr: Use human-readable size of upload quota > * Fix leave fullscreen option > * Fix upload issues with flickr > * Fix several disabled actions when switching away from pages > * Fix actions in fullscreen > * Fix several typos > * Piwigo: Fix title and comments on upload > * Improved duplicate detection > * Updated translations > > Bugs fixed in this release: > - https://bugzilla.gnome.org/show_bug.cgi?id=718107 > - https://bugzilla.gnome.org/show_bug.cgi?id=775196 > - https://bugzilla.gnome.org/show_bug.cgi?id=776298 > - https://bugzilla.gnome.org/show_bug.cgi?id=776527 > - https://bugzilla.gnome.org/show_bug.cgi?id=776589 > - https://bugzilla.gnome.org/show_bug.cgi?id=776614 > - https://bugzilla.gnome.org/show_bug.cgi?id=776664 > - https://bugzilla.gnome.org/show_bug.cgi?id=776839 > > All contributors to this release: > - Jens Georg > - Piotr Drąg > - Marina Prado > - Richard B. Kreckel > - Marek Černocký > - DuÅ¡an Kazik > - Rafael Fontenelle > - Andreas Brauchli > - Amos Brocco > - Alan Mortensen > > Added/updated translations > - cs, courtesy of Marek Černocký > - da, courtesy of Alan Mortensen > - es, courtesy of Daniel Mustieles > - ko, courtesy of Kim Boram > - pl, courtesy of Piotr Drąg > - pt_BR, courtesy of Rafael Fontenelle > - sk, courtesy of DuÅ¡an Kazik > - sr, courtesy of ÃœøрþÑÂûðò ÃÂøúþûøћ > - sr ( -at -) latin, courtesy of Miroslav Nikolić > _______________________________________________

Hello LanOC Affiliates and newsletter subscribers, here is our newest posting. We would appreciate you spreading the word! LanOC Reviews has released a new article which you and your readers might enjoy. We would be grateful if you would please share it with them. *TITLE:* Sick of hearing about RGB, here’s an article about RGB ( -at -) LanOC Reviews <https://lanoc.org/review/editorials/7431-sick-of-hearing-about-rgb-here-s-an-article-about-rgb> *DESCRIPTION:* After spending the past few weeks sorting through all of the CES coverage, launches, and all of the comments and backlash on social media and websites like Reddit I wanted to sit down and talk a little about something that has been bothering me. Over the past year, but especially at CES, just about every product introduced now has RGB lighting. When seeing my friends in the tech press talk about it, you can almost see/read the frustration with it all and there are comments all over with people hating on RGB. I want to go on record and say that RGB is great for the industry and its one of those products that everyone is going to hate on but they will most likely be upset next year if someone brings out a product without it. *ARTICLE URL:* https://lanoc.org/review/editorials/7431-sick-of-hearing-about-rgb-here-s-an-article-about-rgb *LARGE IMAGE URL:* https://lanoc.org/images/reviews/2017/rgb/title.jpg *SMALL IMAGE URL:* https://lanoc.org/images/reviews/2017/rgb/email.jpg Thank you for your help Our content is syndicated by *RSS* 2.0 at: http://lanoc.org/review?fo rmat=feed&type=atom Check out our *YouTube* Channel: http://www.youtube.com/user/LanocReviews Follow us on *Twitter*: http://www.twitter.com/LanOC_Reviews Join our group on *Facebook*: http://www.facebook.com/LanOCReviews Join our *Steam* Group: http://steamcommunity.com/groups/lanoc *If this message has been sent to an incorrect address, or you no longer wish to receive our news, please email us back and let us know at reviews ( -at -) lanoc.org* ---------------------------------------- Wes Compton Editor-in-Chief LanOC Reviews http://lanoc.org ( -at -) LanOC_Reviews <http://twitter.com/#!/LanOC_Reviews> Google Plus <https://plus.google.com/u/1/b/111054267662763089650/> Our Facebook Page <http://www.facebook.com/LanOCReviews>

** TECHSPOT ------------------------------------------------------------ ** Mastering Gmail Search ------------------------------------------------------------ ** http://www.techspot.com/article/1314-gmail-search/ ------------------------------------------------------------ When Gmail debuted 12 years ago it made a shift in how we thought about email. Instead of deleting, the idea of archiving messages indefinitely became plausible. This has been helped by good UX and powerful search capabilities. Gmail search is also speedy which makes it practical. Here I'll cover a few of my favorite and most useful Gmail search operators. Thank you. Julio Franco Executive Editor | TECHSPOT ( -at -) juliofranco ----------------------------------- ============================================================ Our mailing address is: TechSpot 8237 NW 68 St Miami, FL 33166 USA

http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=66f0cba5d3&e=8138df6da5 ** Benchmark Reviews Presents: ------------------------------------------------------------ Corsair-Scimitar-Pro-RGB-Gaming-Mouse-with-Logo TITLE: Corsair Scimitar Pro Gaming Mouse Review (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=8e39e4dc83&e=8138df6da5) QUOTE: If your hunt is for a very nice corded USB gaming mouse that meets and exceeds expectations, then you’ve come to the right place. In this article for Benchmark Reviews we dive deep into the Corsair Scimitar Pro’s features. We’ll be testing DPI responsiveness, its customization, and real world everyday use for both gaming and other mouse intensive tasks such as Photoshop LINK: http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=5b2dc91f6e&e=8138df6da5 IMAGE: http://benchmarkreviews.us10.list-manage1.com/track/click?u=9a2f239b17114c9008e3dfda9&id=ea04e3ee2c&e=8138df6da5 ============================================================

A news post would be great. OCC has published a article Watch_Dogs 2 Performance Analysis Here is a quote from the review: Quote: â€ÂThere are two points that I think are worth walking away from these tests with. The first is that the GTX 770 with 2 GB of VRAM, released three years ago, was still able to make this game playable at its High preset, and the other is that the game is still quite new. There are still the Low and Medium presets below it, and naturally you can use a custom set of options to optimize for your system. Naturally the more powerful GTX 980 and GTX 1080 support higher settings and higher performance, but that lower-powered GPU is worth noticing.†Title: Watch_Dogs 2 Performance Analysis Link: http://www.overclockersclub.com/reviews/watch_dogs_2_performance/ Img: http://www.overclockersclub.com/siteimages/articles/watch_dogs_2_performance/013_thumb.jpg

At Phoronix we have posted a new article. A link to this from your site's news section would be greatly appreciated. Title: Benchmarking Radeon Open Compute ROCm 1.4 OpenCL ( -at -) Phoronix Direct Link: http://www.phoronix.com/vr.php?view=24028 Summary: "Last month with AMD/GPUOpen's ROCm 1.4 release they delivered on OpenCL support, albeit for this initial release all of the code is not yet open-source. I tried out ROCm 1.4 with the currently supported GPUs to see how the OpenCL performance compares to just using the AMDGPU-PRO OpenCL implementation." Please feel free to contact us with any questions or comments you may

Are you looking for a cost effective entry-level PVIe NVMe SSD for your system? The MyDigitalSSD Bullet Proof eXpress (BPX) 80mm (2280) M.2 PCIe 3.0 x4 NVMe SSDs are shaking the market up right now due to some amazing price points. MyDigitalSSD currently offers the BPX series in three capacities; 120GB ($69.99 shipped), 240GB ($114.99 shipped), and 480GB ($199.99 shipped). Those prices put the 480GB drive around $0.42 per GB and that is the lowest priced Phison E7 controlled MLC drive that we have seen to date! Article Title: MyDigitalSSD BPX M.2 NVMe 480GB SSD Review ( -at -) Legit Reviews Article URL: http://www.legitreviews.com/mydigitalssd-bpx-m2-nvme-480gb-ssd-review_190472 Unsubscribe: http://adserv.legitreviews.com/cgi-bin/dada/mail.cgi/u/legitpr/reviewnews// =

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2017:0113-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0113.html Issue date: 2017-01-17 CVE Names: CVE-2016-6828 CVE-2016-7117 CVE-2016-9555 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The kernel-rt packages have been upgraded to version 3.10.0-514, which provides a number of security and bug fixes over the previous version. (BZ#1400193) Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) * A flaw was found in the Linux kernel's implementation of sctp protocol in which a remote attacker can trigger an out of bounds read with an offset of up to 64kB. This may panic the machine with a page-fault. (CVE-2016-9555, Moderate) Bug Fix(es): * Previously, console warnings from the real-time kernel were generated when a sleeping lock was acquired in atomic context. With this update, the code has been modified to not acquire a sleeping lock in this context. As a result, the console warnings are no longer generated. (BZ#1378982) * Previously, the device mapper (DM) subsystem was not notified that the real-time kernel changes the way preemption works with spinlocks. This caused a kernel panic when the dm-multipath kernel module was loaded because the interrupt request (IRQ) check was invalid on the real-time kernel. This check has been corrected enabling the system to boot correctly with the dm-multipath module enabled. (BZ#1400305) * Previously, the kernel could sometimes panic due to a possible division by zero in the scheduler. This bug has been fixed by defining a new div64_ul() division function and correcting the affected calculation in the proc_sched_show_task() function. (BZ#1400975) * Unlike the standard Linux kernel, the real-time kernel does not disable interrupts inside the Interrupt Service Routines driver. Because of this difference, a New API (NAPI) function for turning interrupt requests (IRQ) off was actually being called with IRQs enabled. Consequently, the NAPI poll list was being corrupted, causing improper networking card operation and potential kernel hangs. With this update, the NAPI function has been corrected to force modifications of the poll list to be protected allowing proper operation of the networking card drivers. (BZ#1401779) Enhancement(s): * With this update, the CONFIG_SLUB_DEBUG and CONFIG_SLABINFO kernel configuration options are enabled in the real-time kernel. These options turn on SLUB allocator debugging and slab information tracking, which are helpful when investigating kernel memory allocation problems. (BZ#1357997) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1346444 - [mrg] update kernel-rt sources 1357997 - Enable CONFIG_SLUB_DEBUG and CONFIG_SLABINFO 1367091 - CVE-2016-6828 kernel: Use after free in tcp_xmit_retransmit_queue 1378982 - BUG: using smp_processor_id() in preemptible 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 1397930 - CVE-2016-9555 kernel: Slab out-of-bounds access in sctp_sf_ootb() 1400193 - update the MRG 2.5.z 3.10 kernel-rt sources 1400305 - RT kernel panics with dm-multipath enabled [mrg] 1401779 - NIC hangs due to corrupt napi lists 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-514.rt56.210.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-514.rt56.210.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-514.rt56.210.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-514.rt56.210.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6828 https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/cve/CVE-2016-9555 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfm7SXlSAg2UNWIIRAkrWAJoDaDrfp14M7PGi51A2nOTpHgDPiQCeIUkr BgAeqcoqsN8UWczQYDnNjIw= =77qN -----END PGP SIGNATURE----- --

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2017:0086-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0086.html Issue date: 2017-01-17 CVE Names: CVE-2016-6828 CVE-2016-7117 CVE-2016-9555 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2857831. Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) * A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate) Bug Fix(es): * Previously, the performance of Internet Protocol over InfiniBand (IPoIB) was suboptimal due to a conflict of IPoIB with the Generic Receive Offload (GRO) infrastructure. With this update, the data cached by the IPoIB driver has been moved from a control block into the IPoIB hard header, thus avoiding the GRO problem and the corruption of IPoIB address information. As a result, the performance of IPoIB has been improved. (BZ#1390668) * Previously, when a virtual machine (VM) with PCI-Passthrough interfaces was recreated, a race condition between the eventfd daemon and the virqfd daemon occurred. Consequently, the operating system rebooted. This update fixes the race condition. As a result, the operating system no longer reboots in the described situation. (BZ#1391611) * Previously, a packet loss occurred when the team driver in round-robin mode was sending a large number of packets. This update fixes counting of the packets in the round-robin runner of the team driver, and the packet loss no longer occurs in the described situation. (BZ#1392023) * Previously, the virtual network devices contained in the deleted namespace could be deleted in any order. If the loopback device was not deleted as the last item, other netns devices, such as vxlan devices, could end up with dangling references to the loopback device. Consequently, deleting a network namespace (netns) occasionally ended by a kernel oops. With this update, the underlying source code has been fixed to ensure the correct order when deleting the virtual network devices on netns deletion. As a result, the kernel oops no longer occurs under the described circumstances. (BZ#1392024) * Previously, a Kabylake system with a Sunrise Point Platform Controller Hub (PCH) with a PCI device ID of 0xA149 showed the following warning messages during the boot: "Unknown Intel PCH (0xa149) detected." "Warning: Intel Kabylake processor with unknown PCH - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware." The messages were shown because this PCH was not properly recognized. With this update, the problem has been fixed, and the operating system now boots without displaying the warning messages. (BZ#1392033) * Previously, the operating system occasionally became unresponsive after a long run. This was caused by a race condition between the try_to_wake_up() function and a woken up task in the core scheduler. With this update, the race condition has been fixed, and the operating system no longer locks up in the described scenario. (BZ#1393719) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1367091 - CVE-2016-6828 kernel: Use after free in tcp_xmit_retransmit_queue 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 1397930 - CVE-2016-9555 kernel: Slab out-of-bounds access in sctp_sf_ootb() 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-514.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.1.el7.noarch.rpm kernel-doc-3.10.0-514.6.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-headers-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.1.el7.x86_64.rpm perf-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-514.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.1.el7.noarch.rpm kernel-doc-3.10.0-514.6.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-headers-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.1.el7.x86_64.rpm perf-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-514.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.1.el7.noarch.rpm kernel-doc-3.10.0-514.6.1.el7.noarch.rpm ppc64: kernel-3.10.0-514.6.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-514.6.1.el7.ppc64.rpm kernel-debug-3.10.0-514.6.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-514.6.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.6.1.el7.ppc64.rpm kernel-devel-3.10.0-514.6.1.el7.ppc64.rpm kernel-headers-3.10.0-514.6.1.el7.ppc64.rpm kernel-tools-3.10.0-514.6.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-514.6.1.el7.ppc64.rpm perf-3.10.0-514.6.1.el7.ppc64.rpm perf-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm python-perf-3.10.0-514.6.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-514.6.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debug-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.6.1.el7.ppc64le.rpm kernel-devel-3.10.0-514.6.1.el7.ppc64le.rpm kernel-headers-3.10.0-514.6.1.el7.ppc64le.rpm kernel-tools-3.10.0-514.6.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-514.6.1.el7.ppc64le.rpm perf-3.10.0-514.6.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm python-perf-3.10.0-514.6.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm s390x: kernel-3.10.0-514.6.1.el7.s390x.rpm kernel-debug-3.10.0-514.6.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.s390x.rpm kernel-debug-devel-3.10.0-514.6.1.el7.s390x.rpm kernel-debuginfo-3.10.0-514.6.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-514.6.1.el7.s390x.rpm kernel-devel-3.10.0-514.6.1.el7.s390x.rpm kernel-headers-3.10.0-514.6.1.el7.s390x.rpm kernel-kdump-3.10.0-514.6.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-514.6.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-514.6.1.el7.s390x.rpm perf-3.10.0-514.6.1.el7.s390x.rpm perf-debuginfo-3.10.0-514.6.1.el7.s390x.rpm python-perf-3.10.0-514.6.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.s390x.rpm x86_64: kernel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-headers-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.1.el7.x86_64.rpm perf-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.6.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.ppc64.rpm perf-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.6.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-514.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.1.el7.noarch.rpm kernel-doc-3.10.0-514.6.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-headers-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.1.el7.x86_64.rpm perf-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6828 https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/cve/CVE-2016-9555 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2857831 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfm50XlSAg2UNWIIRAmyQAJ94OnL9F0NIJ2FwETONhikS1ASVVgCeKwEP v7tgVk7weRvbe4vZaHieogI= =KiPw -----END PGP SIGNATURE----- --

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2017:0091-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0091.html Issue date: 2017-01-17 CVE Names: CVE-2016-6828 CVE-2016-7117 CVE-2016-9555 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) * A flaw was found in the Linux kernel's implementation of sctp protocol in which a remote attacker can trigger an out of bounds read with an offset of up to 64kB. This may panic the machine with a page-fault. (CVE-2016-9555, Moderate) Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-514.6.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1401863) * Previously, the device mapper (DM) subsystem was not notified that the real-time kernel changes the way preemption works with spinlocks. This caused a kernel panic when the dm-multipath kernel module was loaded because the interrupt request (IRQ) check was invalid on the real-time kernel. This check has been corrected enabling the system to boot correctly with the dm-multipath module enabled. (BZ#1400930) * Unlike the standard Linux kernel, the real-time kernel does not disable interrupts inside the Interrupt Service Routines driver. Because of this difference, a New API (NAPI) function for turning interrupt requests (IRQ) off was actually being called with IRQs enabled. Consequently, the NAPI poll list was being corrupted, causing improper networking card operation and potential kernel hangs. With this update, the NAPI function has been corrected to force modifications of the poll list to be protected allowing proper operation of the networking card drivers. (BZ#1402837) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1367091 - CVE-2016-6828 kernel: Use after free in tcp_xmit_retransmit_queue 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 1397930 - CVE-2016-9555 kernel: Slab out-of-bounds access in sctp_sf_ootb() 1400930 - RT kernel panics with dm-multipath enabled 1401863 - kernel-rt: update to the RHEL7.3.z batch#2 source tree 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-514.6.1.rt56.429.el7.src.rpm noarch: kernel-rt-doc-3.10.0-514.6.1.rt56.429.el7.noarch.rpm x86_64: kernel-rt-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-kvm-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-514.6.1.rt56.429.el7.src.rpm noarch: kernel-rt-doc-3.10.0-514.6.1.rt56.429.el7.noarch.rpm x86_64: kernel-rt-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6828 https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/cve/CVE-2016-9555 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfm6nXlSAg2UNWIIRAr+vAJ9GhdVmsVpdSuJc1Zaw6o3KWhWbEQCgslY0 qdCkVre8wrFPBWXO1ifAYQc= =mZEp -----END PGP SIGNATURE----- --

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: qemu-kvm security and bug fix update Advisory ID: RHSA-2017:0083-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0083.html Issue date: 2017-01-17 CVE Names: CVE-2016-2857 ===================================================================== 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857) Red Hat would like to thank Ling Liu (Qihoo 360 Inc.) for reporting this issue. Bug Fix(es): * Previously, rebooting a guest virtual machine more than 128 times in a short period of time caused the guest to shut down instead of rebooting, because the virtqueue was not cleaned properly. This update ensures that the virtqueue is cleaned more reliably, which prevents the described problem from occurring. (BZ#1393484) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate() 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.3.src.rpm x86_64: qemu-img-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.3.src.rpm x86_64: qemu-img-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.3.src.rpm ppc64: qemu-img-1.5.3-126.el7_3.3.ppc64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.ppc64.rpm ppc64le: qemu-img-1.5.3-126.el7_3.3.ppc64le.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.ppc64le.rpm x86_64: qemu-img-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.3.src.rpm x86_64: qemu-img-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2857 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/security/updates/classification/#Low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfm4IXlSAg2UNWIIRAqo2AKDBcem0HhMfiKIYWKl1mnXrIt1PhACfbk51 gD9g89JnjAZCvGffEdEMDsQ= =FCGV -----END PGP SIGNATURE----- --

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0181-1 Rating: important References: #1000118 #1000189 #1000287 #1000304 #1000433 #1000776 #1001169 #1001171 #1001310 #1001462 #1001486 #1001888 #1002322 #1002770 #1002786 #1003068 #1003566 #1003581 #1003606 #1003813 #1003866 #1003964 #1004048 #1004052 #1004252 #1004365 #1004517 #1005169 #1005327 #1005545 #1005666 #1005745 #1005895 #1005917 #1005921 #1005923 #1005925 #1005929 #1006103 #1006175 #1006267 #1006528 #1006576 #1006804 #1006809 #1006827 #1006915 #1006918 #1007197 #1007615 #1007653 #1007955 #1008557 #1008979 #1009062 #1009969 #1010040 #1010158 #1010444 #1010478 #1010507 #1010665 #1010690 #1010970 #1011176 #1011250 #1011913 #1012060 #1012094 #1012452 #1012767 #1012829 #1012992 #1013001 #1013479 #1013531 #1013700 #1014120 #1014392 #1014701 #1014710 #1015212 #1015359 #1015367 #1015416 #799133 #914939 #922634 #963609 #963655 #963904 #964462 #966170 #966172 #966186 #966191 #966316 #966318 #966325 #966471 #969474 #969475 #969476 #969477 #969756 #971975 #971989 #972993 #974313 #974842 #974843 #978907 #979378 #979681 #981825 #983087 #983152 #983318 #985850 #986255 #986987 #987641 #987703 #987805 #988524 #988715 #990384 #992555 #993739 #993841 #993891 #994881 #995278 #997059 #997639 #997807 #998054 #998689 #999907 #999932 Cross-References: CVE-2015-1350 CVE-2015-8964 CVE-2016-7039 CVE-2016-7042 CVE-2016-7425 CVE-2016-7913 CVE-2016-7917 CVE-2016-8645 CVE-2016-8666 CVE-2016-9083 CVE-2016-9084 CVE-2016-9793 CVE-2016-9919 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 127 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1003964). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation was fixed, which allowed CAP_NET_ADMIN users to cause memory corruption. (bsc#1013531). - CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux kernel omits a certain check of the dst data structure, which allowed remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet (bnc#1014701). The following non-security bugs were fixed: - 8250_pci: Fix potential use-after-free in error path (bsc#1013001). - acpi / PAD: do not register acpi_pad driver if running as Xen dom0 (bnc#995278). - Add mainline tags to various hyperv patches - alsa: fm801: detect FM-only card earlier (bsc#1005917). - alsa: fm801: explicitly free IRQ line (bsc#1005917). - alsa: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1005917). - alsa: hda - Bind with i915 only when Intel graphics is present (bsc#1012767). - alsa: hda - Clear the leftover component assignment at snd_hdac_i915_exit() (bsc#1012767). - alsa: hda - Degrade i915 binding failure message (bsc#1012767). - alsa: hda - Fix yet another i915 pointer leftover in error path (bsc#1012767). - alsa: hda - Gate the mic jack on HP Z1 Gen3 AiO (bsc#1004365). - alsa: hda - Turn off loopback mixing as default (bsc#1001462). - apparmor: add missing id bounds check on dfa verification (bsc#1000304). - apparmor: check that xindex is in trans_table bounds (bsc#1000304). - apparmor: do not check for vmalloc_addr if kvzalloc() failed (bsc#1000304). - apparmor: do not expose kernel stack (bsc#1000304). - apparmor: ensure the target profile name is always audited (bsc#1000304). - apparmor: exec should not be returning ENOENT when it denies (bsc#1000304). - apparmor: fix audit full profile hname on successful load (bsc#1000304). - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287). - apparmor: fix disconnected bind mnts reconnection (bsc#1000304). - apparmor: fix log failures for all profiles in a set (bsc#1000304). - apparmor: fix module parameters can be changed after policy is locked (bsc#1000304). - apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304). - apparmor: fix put() parent ref after up[censored] the active ref (bsc#1000304). - apparmor: fix refcount bug in profile replacement (bsc#1000304). - apparmor: fix refcount race when finding a child profile (bsc#1000304). - apparmor: fix replacement bug that adds new child to old parent (bsc#1000304). - apparmor: fix uninitialized lsm_audit member (bsc#1000304). - apparmor: fix update the mtime of the profile file on replacement (bsc#1000304). - apparmor: internal paths should be treated as disconnected (bsc#1000304). - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304). - arm64: Call numa_store_cpu_info() earlier. - arm64/efi: Enable runtime call flag checking (bsc#1005745). - arm64/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - arm64: Refuse to install 4k kernel on 64k system - arm64: Update config files. Disable CONFIG_IPMI_SI_PROBE_DEFAULTS (bsc#1006576) - arm: bcm2835: add CPU node for ARM core (boo#1012094). - arm: bcm2835: Split the DT for peripherals from the DT for the CPU (boo#1012094). - asoc: cht_bsw_rt5645: Enable jack detection (bsc#1010690). - asoc: cht_bsw_rt5645: Fix writing to string literal (bsc#1010690). - asoc: cht_bsw_rt5672: Use HID translation unit (bsc#1010690). - asoc: fsl_ssi: mark SACNT register volatile (bsc#1005917). - asoc: imx-spdif: Fix crash on suspend (bsc#1005917). - asoc: intel: add function stub when ACPI is not enabled (bsc#1010690). - asoc: Intel: add fw name to common dsp context (bsc#1010690). - asoc: Intel: Add missing 10EC5672 ACPI ID matching for Cherry Trail (bsc#1010690). - asoc: Intel: Add module tags for common match module (bsc#1010690). - asoc: Intel: add NULL test (bsc#1010690). - AsoC: Intel: Add quirks for MinnowBoard MAX (bsc#1010690). - asoc: Intel: Add surface3 entry in CHT-RT5645 machine (bsc#1010690). - asoc: Intel: Atom: add 24-bit support for media playback and capture (bsc#1010690). - ASoc: Intel: Atom: add deep buffer definitions for atom platforms (bsc#1010690). - asoc: Intel: Atom: add definitions for modem/SSP0 interface (bsc#1010690). - asoc: Intel: Atom: Add quirk for Surface 3 (bsc#1010690). - asoc: Intel: Atom: add support for CHT w/ RT5640 (bsc#1010690). - asoc: Intel: Atom: Add support for HP ElitePad 1000 G2 (bsc#1010690). - asoc: Intel: Atom: add support for RT5642 (bsc#1010690). - asoc: Intel: Atom: add terminate entry for dmi_system_id tables (bsc#1010690). - asoc: Intel: Atom: auto-detection of Baytrail-CR (bsc#1010690). - asoc: Intel: Atom: clean-up compressed DAI definition (bsc#1010690). - asoc: Intel: atom: enable configuration of SSP0 (bsc#1010690). - asoc: Intel: atom: fix 0-day warnings (bsc#1010690). - asoc: Intel: Atom: fix boot warning (bsc#1010690). - asoc: Intel: Atom: Fix message handling during drop stream (bsc#1010690). - asoc: Intel: atom: fix missing breaks that would cause the wrong operation to execute (bsc#1010690). - asoc: Intel: Atom: fix regression on compress DAI (bsc#1010690). - asoc: Intel: Atom: flip logic for gain Switch (bsc#1010690). - asoc: Intel: atom: Make some messages to debug level (bsc#1010690). - asoc: Intel: Atom: move atom driver to common acpi match (bsc#1010690). - asoc: Intel: atom: statify cht_quirk (bsc#1010690). - asoc: Intel: boards: add DEEP_BUFFER support for BYT/CHT/BSW (bsc#1010690). - asoc: Intel: boards: align pin names between byt-rt5640 drivers (bsc#1010690). - asoc: Intel: boards: merge DMI-based quirks in bytcr-rt5640 driver (bsc#1010690). - asoc: Intel: boards: start merging byt-rt5640 drivers (bsc#1010690). - asoc: Intel: bytcr_rt56040: additional routing quirks (bsc#1010690). - asoc: Intel: bytcr-rt5640: add Asus T100TAF quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: add IN3 map (bsc#1010690). - asoc: Intel: bytcr_rt5640: add MCLK support (bsc#1010690). - asoc: Intel: bytcr_rt5640: Add quirk for Teclast X98 Air 3G tablet (bsc#1010690). - asoc: Intel: bytcr_rt5640: add SSP2_AIF2 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: change quirk position (bsc#1010690). - asoc: Intel: bytcr_rt5640: default routing and quirks on Baytrail-CR (bsc#1010690). - asoc: Intel: bytcr-rt5640: enable ASRC (bsc#1010690). - asoc: Intel: bytcr_rt5640: enable differential mic quirk (bsc#1010690). - asoc: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled (bsc#1010690). - asoc: Intel: bytcr_rt5640: fix dai/clock setup for SSP0 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: fixup DAI codec_name with HID (bsc#1010690). - asoc: Intel: bytcr_rt5640: log quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for Acer Aspire SWS-012 (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for mono speaker (bsc#1010690). - asoc: Intel: bytcr_rt5640: set SSP to I2S mode 2ch (bsc#1010690). - asoc: Intel: bytcr_rt5640: use HID translation util (bsc#1010690). - asoc: Intel: cht: fix uninit variable warning (bsc#1010690). - asoc: Intel: common: add translation from HID to codec-name (bsc#1010690). - asoc: Intel: common: filter ACPI devices with _STA return value (bsc#1010690). - asoc: Intel: common: increase the loglevel of "FW Poll Status" (bsc#1010690). - asoc: Intel: Create independent acpi match module (bsc#1010690). - asoc: intel: Fix sst-dsp dependency on dw stuff (bsc#1010690). - asoc: Intel: Keep building old baytrail machine drivers (bsc#1010690). - asoc: Intel: Load the atom DPCM driver only (bsc#1010690). - asoc: intel: make function stub static (bsc#1010690). - asoc: Intel: Move apci find machine routines (bsc#1010690). - asoc: Intel: pass correct parameter in sst_alloc_stream_mrfld() (bsc#1005917). - asoc: intel: Replace kthread with work (bsc#1010690). - asoc: Intel: Skylake: Always acquire runtime pm ref on unload (bsc#1005917). - asoc: Intel: sst: fix sst_memcpy32 wrong with non-4x bytes issue (bsc#1010690). - asoc: rt5640: add ASRC support (bsc#1010690). - asoc: rt5640: add internal clock source support (bsc#1010690). - asoc: rt5640: add master clock handling for rt5640 (bsc#1010690). - asoc: rt5640: add supplys for dac power (bsc#1010690). - asoc: rt5640: remove unused variable (bsc#1010690). - asoc: rt5640: Set PLL src according to source (bsc#1010690). - asoc: rt5645: add DAC1 soft volume func control (bsc#1010690). - asoc: rt5645: Add dmi_system_id "Google Setzer" (bsc#1010690). - asoc: rt5645: extend delay time for headphone pop noise (bsc#1010690). - asoc: rt5645: fix reg-2f default value (bsc#1010690). - asoc: rt5645: improve headphone pop when system resumes from S3 (bsc#1010690). - asoc: rt5645: improve IRQ reaction time for HS button (bsc#1010690). - asoc: rt5645: merge DMI tables of google projects (bsc#1010690). - asoc: rt5645: patch reg-0x8a (bsc#1010690). - asoc: rt5645: polling jd status in all conditions (bsc#1010690). - asoc: rt5645: Separate regmap for rt5645 and rt5650 (bsc#1010690). - asoc: rt5645: set RT5645_PRIV_INDEX as volatile (bsc#1010690). - asoc: rt5645: use polling to support HS button (bsc#1010690). - asoc: rt5645: Use the mod_delayed_work instead of the queue_delayed_work and cancel_delayed_work_sync (bsc#1010690). - asoc: rt5670: Add missing 10EC5072 ACPI ID (bsc#1010690). - asoc: rt5670: Enable Braswell platform workaround for Dell Wyse 3040 (bsc#1010690). - asoc: rt5670: fix HP Playback Volume control (bsc#1010690). - asoc: rt5670: patch reg-0x8a (bsc#1010690). - asoc: simple-card: do not fail if sysclk setting is not supported (bsc#1005917). - asoc: tegra_alc5632: check return value (bsc#1005917). - asoc: wm8960: Fix WM8960_SYSCLK_PLL mode (bsc#1005917). - autofs: fix multiple races (bsc#997639). - autofs: use dentry flags to block walks during expire (bsc#997639). - blacklist.conf: Add dup / unapplicable commits (bsc#1005545). - blacklist.conf: Add i915 stable commits that can be ignored (bsc#1015367) - blacklist.conf: add inapplicable / duped commits (bsc#1005917) - blacklist.conf: ignore commit bfe6c8a89e03 ("arm64: Fix NUMA build error when !CONFIG_ACPI") - blacklist.conf: Remove intel_pstate potential patch that SLE 12 SP2 The code layout upstream that motivated this patch is completely different to what is in SLE 12 SP2 as schedutil was not backported. - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - btrfs: allocate root item at snapshot ioctl time (bsc#1012452). - btrfs: better packing of btrfs_delayed_extent_op (bsc#1012452). - btrfs: Check metadata redundancy on balance (bsc#1012452). - btrfs: clean up an error code in btrfs_init_space_info() (bsc#1012452). - btrfs: cleanup, stop casting for extent_map->lookup everywhere (bsc#1012452). - btrfs: cleanup, use enum values for btrfs_path reada (bsc#1012452). - btrfs: deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171). - btrfs: deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171). - btrfs: do an allocation earlier during snapshot creation (bsc#1012452). - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881). - btrfs: do not leave dangling dentry if symlink creation failed (bsc#1012452). - btrfs: do not use slab cache for struct btrfs_delalloc_work (bsc#1012452). - btrfs: drop duplicate prefix from scrub workqueues (bsc#1012452). - btrfs: drop unused parameter from lock_extent_bits (bsc#1012452). - btrfs: Enhance chunk validation check (bsc#1012452). - btrfs: Enhance super validation check (bsc#1012452). - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666). - btrfs: Expoert and move leaf/subtree qgroup helpers to qgroup.c (bsc983087, bsc986255). - btrfs: fix endless loop in balancing block groups (bsc#1006804). - btrfs: fix incremental send failure caused by balance (bsc#985850). - btrfs: fix locking bugs when defragging leaves (bsc#1012452). - btrfs: fix memory leaks after transaction is aborted (bsc#1012452). - btrfs: fix output of compression message in btrfs_parse_options() (bsc#1012452). - btrfs: fix race between free space endio workers and space cache writeout (bsc#1012452). - btrfs: fix races on root_log_ctx lists (bsc#1007653). - btrfs: fix race when finishing dev replace leading to transaction abort (bsc#1012452). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: fix typo in log message when starting a balance (bsc#1012452). - btrfs: fix unprotected list operations at btrfs_write_dirty_block_groups (bsc#1012452). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: make btrfs_close_one_device static (bsc#1012452). - btrfs: make clear_extent_bit helpers static inline (bsc#1012452). - btrfs: make clear_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make end_extent_writepage return void (bsc#1012452). - btrfs: make extent_clear_unlock_delalloc return void (bsc#1012452). - btrfs: make extent_range_clear_dirty_for_io return void (bsc#1012452). - btrfs: make extent_range_redirty_for_io return void (bsc#1012452). - btrfs: make lock_extent static inline (bsc#1012452). - btrfs: make set_extent_bit helpers static inline (bsc#1012452). - btrfs: make set_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make set_range_writeback return void (bsc#1012452). - btrfs: preallocate path for snapshot creation at ioctl time (bsc#1012452). - btrfs: put delayed item hook into inode (bsc#1012452). - btrfs: qgroup: Add comments explaining how btrfs qgroup works (bsc983087, bsc986255). - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc983087, bsc986255). - btrfs: qgroup: Rename functions to make it follow reserve, trace, account steps (bsc983087, bsc986255). - btrfs: remove a trivial helper btrfs_set_buffer_uptodate (bsc#1012452). - btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns (bsc#1007653). - btrfs: remove unused inode argument from uncompress_inline() (bsc#1012452). - btrfs: remove wait from struct btrfs_delalloc_work (bsc#1012452). - btrfs: send, do not bug on inconsistent snapshots (bsc#985850). - btrfs: sink parameter wait to btrfs_alloc_delalloc_work (bsc#1012452). - btrfs: Support convert to -d dup for btrfs-convert (bsc#1012452). - btrfs: use GFP_KERNEL for allocations in ioctl handlers (bsc#1012452). - btrfs: use GFP_KERNEL for allocations of workqueues (bsc#1012452). - btrfs: use GFP_KERNEL for xattr and acl allocations (bsc#1012452). - btrfs: use smaller type for btrfs_path locks (bsc#1012452). - btrfs: use smaller type for btrfs_path lowest_level (bsc#1012452). - btrfs: use smaller type for btrfs_path reada (bsc#1012452). - btrfs: verbose error when we find an unexpected item in sys_array (bsc#1012452). - cdc-acm: added sanity checking for probe() (bsc#993891). - cxgbi: fix uninitialized flowi6 (bsc#963904 FATE#320115). - Delete patches.fixes/apparmor-initialize-common_audit_data.patch (bsc#1000304) It'll be fixed in the upcoming apparmor fix series from upstream. - dell-laptop: Fixate rfkill work on CPU#0 (bsc#1004052). - dell-wmi: Check if Dell WMI descriptor structure is valid (bsc#1004052). - dell-wmi: Clean up hotkey table size check (bsc#1004052). - dell-wmi: Ignore WMI event code 0xe045 (bsc#1004052). - dell-wmi: Improve unknown hotkey handling (bsc#1004052). - dell-wmi: Process only one event on devices with interface version 0 (bsc#1004052). - dell-wmi: Stop storing pointers to DMI tables (bsc#1004052). - dell-wmi: Support new hotkeys on the XPS 13 9350 (Skylake) (bsc#1004052). - dell_wmi: Use a C99-style array for bios_to_linux_keycode (bsc#1004052). - Drivers: hv: utils: fix a race on userspace daemons registration (bnc#1014392). - drm/amdgpu: Do not leak runtime pm ref on driver load (bsc#1005545). - drm/amdgpu: Do not leak runtime pm ref on driver unload (bsc#1005545). - drm/i915: Acquire audio powerwell for HD-Audio registers (bsc#1005545). - drm/i915: add helpers for platform specific revision id range checks (bsc#1015367). - drm/i915: Add missing ring_mask to Pineview (bsc#1005917). - drm/i915: Apply broader WaRsDisableCoarsePowerGating for guc also (bsc#1015367). - drm/i915/bxt: add revision id for A1 stepping and use it (bsc#1015367). - drm/i915: Calculate watermark related members in the crtc_state, v4 (bsc#1011176). - drm/i915: Call intel_dp_mst_resume() before resuming displays (bsc#1015359). - drm/i915: call kunmap_px on pt_vaddr (bsc#1005545). - drm/i915: Cleaning up DDI translation tables (bsc#1014392). - drm/i915: Clean up L3 SQC register field definitions (bsc#1014392). - drm/i915/dsi: fix CHV dsi encoder hardware state readout on port C (bsc#1015367). - drm/i915: Enable polling when we do not have hpd (bsc#1014120). - drm/i915: Exit cherryview_irq_handler() after one pass (bsc#1015367). - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2 (bsc#1014392). - drm/i915: Fix system resume if PCI device remained enabled (bsc#1015367). - drm/i915: fix the SDE irq dmesg warnings properly (bsc#1005545). - drm/i915: Fix VBT backlight Hz to PWM conversion for PNV (bsc#1005545). - drm/i915: Fix vbt PWM max setup for CTG (bsc#1005545). - drm/i915: Force ringbuffers to not be at offset 0 (bsc#1015367). - drm/i915/gen9: Add WaInPlaceDecompressionHang (bsc#1014392). - drm/i915/ivb: Move WaCxSRDisabledForSpriteScaling w/a to atomic check (bsc#1011176). - drm/i915: Kill intel_runtime_pm_disable() (bsc#1005545). - drm/i915: Make plane fb tracking work correctly, v2 (bsc#1004048). - drm/i915: Make prepare_plane_fb fully interruptible (bsc#1004048). - drm/i915: Move disable_cxsr to the crtc_state (bsc#1011176). - drm/i915: On fb alloc failure, unref gem object where it gets refed (bsc#1005545). - drm/i915: Only call commit_planes when there are things to commit (bsc#1004048). - drm/i915: Only commit active planes when up[censored] planes during reset (bsc#1004048). - drm/i915: Only run commit when crtc is active, v2 (bsc#1004048). - drm/i915: remove parens around revision ids (bsc#1015367). - drm/i915: Set crtc_state->lane_count for HDMI (bsc#1005545). - drm/i915/skl: Add WaDisableGafsUnitClkGating (bsc#1014392). - drm/i915/skl: Fix rc6 based gpu/system hang (bsc#1015367). - drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs (bsc#1015367). - drm/i915/skl: Update DDI translation tables for SKL (bsc#1014392). - drm/i915/skl: Update watermarks before the crtc is disabled (bsc#1015367). - drm/i915: suppress spurious !wm_changed warning (bsc#1006267). - drm/i915: Unconditionally flush any chipset buffers before execbuf (bsc#1005545). - drm/i915: Update legacy primary state outside the commit hook, v2 (bsc#1004048). - drm/i915: Update Skylake DDI translation table for DP (bsc#1014392). - drm/i915: Update Skylake DDI translation table for HDMI (bsc#1014392). - drm/i915/userptr: Hold mmref whilst calling get-user-pages (bsc#1015367). - drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() (bsc#1014120). - drm/i915/vlv: Make intel_crt_reset() per-encoder (bsc#1014120). - drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init() (bsc#1014120). - drm/i915: Wait for power cycle delay after turning off DSI panel power (bsc#1005545). - drm/i915: Wait up to 3ms for the pcu to ack the cdclk change request on SKL (bsc#1005545). - drm/layerscape: reduce excessive stack usage (bsc#1005545). - drm/mgag200: fix error return code in mgag200fb_create() (bsc#1005917). - drm/nouveau: Do not leak runtime pm ref on driver unload (bsc#1005545). - drm/radeon: Also call cursor_move_locked when the cursor size changes (bsc#1000433). - drm/radeon: Always store CRTC relative radeon_crtc->cursor_x/y values (bsc#1000433). - drm/radeon/ci add comment to document intentionally unreachable code (bsc#1005545). - drm/radeon: Do not leak runtime pm ref on driver load (bsc#1005545). - drm/radeon: Do not leak runtime pm ref on driver unload (bsc#1005545). - drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on (bsc#998054) - drm/radeon: Hide the HW cursor while it's out of bounds (bsc#1000433). - drm/radeon: Switch to drm_vblank_on/off (bsc#998054). - drm/rockchip: fix a couple off by one bugs (bsc#1005545). - drm/tegra: checking for IS_ERR() instead of NULL (bsc#1005545). - edac/mce_amd: Add missing SMCA error descriptions (fate#320474, bsc#1013700). - edac/mce_amd: Use SMCA prefix for error descriptions arrays (fate#320474, bsc#1013700). - efi/arm64: Do not apply MEMBLOCK_NOMAP to UEFI memory map mapping (bsc#986987). - efi: ARM: avoid warning about phys_addr_t cast. - efi/runtime-wrappers: Add {__,}efi_call_virt() templates (bsc#1005745). - efi/runtime-wrappers: Detect firmware IRQ flag corruption (bsc#1005745). - efi/runtime-wrappers: Remove redundant #ifdefs (bsc#1005745). - ext4: fix data exposure after a crash (bsc#1012829). - Fix kabi change cause by adding flock_owner to open_context (bsc#998689). - Fixup UNMAP calculation (bsc#1005327) - fs, block: force direct-I/O for dax-enabled block devices (bsc#1012992). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - genirq: Add untracked irq handler (bsc#1006827). - genirq: Use a common macro to go through the actions list (bsc#1006827). - gpio: generic: make bgpio_pdata always visible. - gpio: Restore indentation of parent device setup. - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486). - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486). - gro_cells: mark napi struct as not busy poll candidates (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - group-source-files.pl: mark arch/*/scripts as devel make[2]: /usr/src/linux-4.6.4-2/arch/powerpc/scripts/gcc-check-mprofile-kernel.sh: C ommand not found - hpsa: fallback to use legacy REPORT PHYS command (bsc#1006175). - hpsa: use bus '3' for legacy HBA devices (bsc#1010665). - hpsa: use correct DID_NO_CONNECT hostbyte (bsc#1010665). - hv: do not lose pending heartbeat vmbus packets (bnc#1006918). - i2c: designware-baytrail: Add support for cherrytrail (bsc#1011913). - i2c: designware-baytrail: Pass dw_i2c_dev into helper functions (bsc#1011913). - i2c: designware-baytrail: Work around Cherry Trail semaphore errors (bsc#1011913). - i2c: designware: Prevent runtime suspend during adapter registration (bsc#1011913). - i2c: designware: retry transfer on transient failure (bsc#1011913). - i2c: designware: Use transfer timeout from ioctl I2C_TIMEOUT (bsc#1011913). - i2c: Enable CONFIG_I2C_DESIGNWARE_PLATFORM and *_BAYTRAIL (bsc#1010690) Realtek codecs on CHT platform require this i2c bus driver. - i2c: xgene: Avoid dma_buffer overrun (bsc#1006576). - i40e: fix an uninitialized variable bug (bsc#969476 FATE#319648). - i40e: fix broken i40e_config_rss_aq function (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40e: Remove redundant memset (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Add missing check for interface already open (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Add missing NULL check for MPA private data (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Avoid writing to freed memory (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Change mem_resources pointer to a u8 (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Do not set self-referencing pointer to NULL after kfree (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Fix double free of allocated_buffer (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Protect req_resource_num update (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Receive notification events correctly (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Send last streaming mode message for loopback connections (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Update hw_iwarp_state (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - ib/core: Fix possible memory leak in cma_resolve_iboe_route() (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - ib/mlx5: Fix iteration overrun in GSI qps (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ib/mlx5: Fix steering resource leak (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ib/mlx5: Set source mac address in FTE (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: convert to use simple_open() (bsc#1015416). - ibmvnic: Driver Version 1.0.1 (bsc#1015416). - ibmvnic: drop duplicate header seq_file.h (bsc#1015416). - ibmvnic: fix error return code in ibmvnic_probe() (bsc#1015416). - ibmvnic: Fix GFP_KERNEL allocation in interrupt context (bsc#1015416). - ibmvnic: Fix missing brackets in init_sub_crq_irqs (bsc#1015416). - ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context (bsc#1015416). - ibmvnic: Fix size of debugfs name buffer (bsc#1015416). - ibmvnic: Handle backing device failover and reinitialization (bsc#1015416). - ibmvnic: Start completion queue negotiation at server-provided optimum values (bsc#1015416). - ibmvnic: Unmap ibmvnic_statistics structure (bsc#1015416). - ibmvnic: Update MTU after device initialization (bsc#1015416). - input: ALPS - add touchstick support for SS5 hardware (bsc#987703). - input: ALPS - allow touchsticks to report pressure (bsc#987703). - input: ALPS - handle 0-pressure 1F events (bsc#987703). - input: ALPS - set DualPoint flag for 74 03 28 devices (bsc#987703). - iommu/arm-smmu: Add support for 16 bit VMID (fate#319978). - iommu/arm-smmu: Workaround for ThunderX erratum #27704 (fate#319978). - ipc/sem.c: add cond_resched in exit_sme (bsc#979378). - ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062). - ixgbe: Do not clear RAR entry when clearing VMDq for SAN MAC (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - kABI: protect struct dw_mci. - kABI: protect struct mmc_packed (kabi). - kABI: reintroduce iov_iter_fault_in_multipages_readable. - kABI: reintroduce sk_filter (kabi). - kABI: reintroduce strtobool (kabi). - kABI: restore ip_cmsg_recv_offset parameters (kabi). - kabi/severities: Ignore kABI for asoc Intel SST drivers (bsc#1010690) These drivers are self-contained, not for 3rd party drivers. - kabi/severities: Whitelist libceph and rbd (bsc#988715). Like SLE12-SP1. - kernel-module-subpackage: Properly quote flavor in expressions That fixes a parse error if the flavor starts with a digit or contains other non-alphabetic characters. - kgr: ignore zombie tasks during the patching (bnc#1008979). - kvm: arm/arm64: Fix occasional warning from the timer work function (bsc#988524). - kvm: x86: correctly reset dest_map->vector when restoring LAPIC state (bsc#966471). - libceph: enable large, variable-sized OSD requests (bsc#988715). - libceph: make r_request msg_size calculation clearer (bsc#988715). - libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op (bsc#988715). - libceph: osdc->req_mempool should be backed by a slab pool (bsc#988715). - libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715). - lib/mpi: avoid assembler warning (bsc#1003581). - lib/mpi: mpi_read_buffer(): fix buffer overflow (bsc#1003581). - lib/mpi: mpi_read_buffer(): optimize skipping of leading zero limbs (bsc#1003581). - lib/mpi: mpi_read_buffer(): replace open coded endian conversion (bsc#1003581). - lib/mpi: mpi_write_sgl(): fix out-of-bounds stack access (bsc#1003581). - lib/mpi: mpi_write_sgl(): fix style issue with lzero decrement (bsc#1003581). - lib/mpi: mpi_write_sgl(): purge redundant pointer arithmetic (bsc#1003581). - lib/mpi: mpi_write_sgl(): replace open coded endian conversion (bsc#1003581). - lib/mpi: use "static inline" instead of "extern inline" (bsc#1003581). - locking/pv-qspinlock: Use cmpxchg_release() in __pv_queued_spin_unlock() (bsc#969756). - locking/rtmutex: Prevent dequeue vs. unlock race (bsc#1015212). - locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() (bsc#1015212). - mailbox/xgene-slimpro: Checking for IS_ERR instead of NULL. - md/raid1: fix: IO can block resync indefinitely (bsc#1001310). - mlx4: Do not BUG_ON() if device reset failed (bsc#1001888). - mm: do not use radix tree writeback tags for pages in swap cache (bnc#971975 VM performance -- swap). - mm: filemap: do not plant shadow entries without radix tree node (bnc#1005929). - mm: filemap: fix mapping->nrpages double accounting in fuse (bnc#1005929). - mm/filemap: generic_file_read_iter(): check for zero reads unconditionally (bnc#1007955). - mm/mprotect.c: do not touch single threaded PTEs which are on the right node (bnc#971975 VM performance -- numa balancing). - mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page() (bnc#1005929). - mm/zswap: use workqueue to destroy pool (VM Functionality, bsc#1005923). - net: icmp6_send should use dst dev to determine L3 domain (bsc#1014701). - net: ipv6: tcp reset, icmp need to consider L3 domain (bsc#1014701). - net/mlx4_en: Fix panic on xmit while port is down (bsc#966191 FATE#320230). - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (bsc#1006809). - net/mlx5: Add error prints when validate ETS failed (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Avoid setting unused var when modifying vport node GUID (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Use correct flow dissector key on flower offloading (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix autogroups groups num not decreasing (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix teardown errors that happen in pci error handler (bsc#1001169). - net/mlx5: Keep autogroups list ordered (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net_sched: fix a typo in tc_for_each_action() (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: sctp, forbid negative length (bnc#1005921). - netvsc: fix incorrect receive checksum offloading (bnc#1006915). - nfs: nfs4_fl_prepare_ds must be careful about reporting success (bsc#1000776). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - oom: print nodemask in the oom report (bnc#1003866). - overlayfs: allow writing on read-only btrfs subvolumes (bsc#1010158) - pci/acpi: Allow all PCIe services on non-ACPI host bridges (bsc#1006827). - pci: Allow additional bus numbers for hotplug bridges (bsc#1006827). - pci: correctly cast mem_base in pci_read_bridge_mmio_pref() (bsc#1001888). - pci: Do not set RCB bit in LNKCTL if the upstream bridge hasn't (bsc#1001888). - pci: Fix BUG on device attach failure (bnc#987641). - pci: pciehp: Allow exclusive userspace control of indicators (bsc#1006827). - pci: Remove return values from pcie_port_platform_notify() and relatives (bsc#1006827). - perf/x86: Add perf support for AMD family-17h processors (fate#320473). - pm / hibernate: Fix 2G size issue of snapshot image verification (bsc#1004252). - pm / sleep: declare __tracedata symbols as char rather than char (bnc#1005895). - powercap/intel_rapl: Add support for Kabylake (bsc#1003566). - powercap / RAPL: add support for Denverton (bsc#1003566). - powercap / RAPL: Add support for Ivy Bridge server (bsc#1003566). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - powerpc/xmon: Add xmon command to dump process/task similar to ps(1) (fate#322020). - proc: much faster /proc/vmstat (bnc#971975 VM performance -- vmstat). - qede: Correctly map aggregation replacement pages (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - qed: FLR of active VFs might lead to FW assert (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841). - qla2xxx: Fix NULL pointer deref in QLA interrupt (bsc#1003068). - qla2xxx: setup data needed in ISR before setting up the ISR (bsc#1006528). - rbd: truncate objects on cmpext short reads (bsc#988715). - Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()" (bsc#1005917). - Revert "can: dev: fix deadlock reported after bus-off". - Revert "fix minor infoleak in get_user_ex()" (p.k.o). - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - Revert "x86/mm: Expand the exception table logic to allow new handling options" (p.k.o). - rpm/config.sh: Build against SP2 in the OBS as well - rpm/constraints.in: increase disk for kernel-syzkaller The kernel-syzkaller build now consumes around 30G. This causes headache in factory where the package rebuilds over and over. Require 35G disk size to successfully build the flavor. - rpm/kernel-binary.spec.in: Build the -base package unconditionally (bsc#1000118) - rpm/kernel-binary.spec.in: Do not create KMPs with CONFIG_MODULES=n - rpm/kernel-binary.spec.in: Only build -base and -extra with CONFIG_MODULES (bsc#1000118) - rpm/kernel-binary.spec.in: Simplify debug info switch Any CONFIG_DEBUG_INFO sub-options are answered in the configs nowadays. - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - rpm/package-descriptions: Add 64kb kernel flavor description - rpm/package-descriptions: add kernel-syzkaller - rpm/package-descriptions: pv has been merged into -default (fate#315712) - rpm/package-descriptions: the flavor is 64kb, not 64k - s390/mm: fix gmap tlb flush issues (bnc#1005925). - sched/core: Optimize __schedule() (bnc#978907 Scheduler performance -- context switch). - sched/fair: Fix incorrect task group ->load_avg (bsc#981825). - sched/fair: Optimize find_idlest_cpu() when there is no choice (bnc#978907 Scheduler performance -- idle search). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001). - serial: 8250_port: fix runtime PM use in __do_stop_tx_rs485() (bsc#983152). - sunrpc: fix refcounting problems with auth_gss messages (boo#1011250). - supported.conf: add hid-logitech-hidpp (bsc#1002322 bsc#1002786) - supported.conf: Add overlay.ko to -base (fate#321903) Also, delete the stale entry for the old overlayfs. - supported.conf: Mark vmx-crypto as supported (fate#319564) - supported.conf: xen-netfront should be in base packages, just like its non-pvops predecessor. (bsc#1002770) - target: fix tcm_rbd_gen_it_nexus for emulated XCOPY state (bsc#1003606). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#963609 FATE#320143). - time: Avoid undefined behaviour in ktime_add_safe() (bnc#1006103). - Update config files: select new CONFIG_SND_SOC_INTEL_SST_* helpers - Update patches.suse/btrfs-8401-fix-qgroup-accounting-when-creating-snap.patch (bsc#972993). - usb: gadget: composite: Clear reserved fields of SSP Dev Cap (FATE#319959). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - Using BUG_ON() as an assert() is _never_ acceptable (bnc#1005929). - vmxnet3: Wake queue from reset work (bsc#999907). - Whitelist KVM KABI changes resulting from adding a hcall. caused by 5246adec59458b5d325b8e1462ea9ef3ead7f6ae powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec No problem is expected as result of changing KVM KABI so whitelisting for now. If we get some additional input from IBM we can back out the patch. - writeback: initialize inode members that track writeback history (bsc#1012829). - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479). - x86/efi: Enable runtime call flag checking (bsc#1005745). - x86/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - x86/hpet: Reduce HPET counter read contention (bsc#1014710). - x86/mce/AMD, EDAC/mce_amd: Define and use tables for known SMCA IP types (fate#320474, bsc#1013700). Exclude removed symbols from kABI check. They're AMD Zen relevant only and completely useless to other modules - only edac_mce_amd.ko. - x86/mce/AMD: Increase size of the bank_map type (fate#320474, bsc#1013700). - x86/mce/AMD: Read MSRs on the CPU allocating the threshold blocks (fate#320474, bsc#1013700). - x86/mce/AMD: Update sysfs bank names for SMCA systems (fate#320474, bsc#1013700). - x86/mce/AMD: Use msr_ops.misc() in allocate_threshold_blocks() (fate#320474, bsc#1013700). - x86/pci: VMD: Attach VMD resources to parent domain's resource tree (bsc#1006827). - x86/pci: VMD: Document code for maintainability (bsc#1006827). - x86/pci: VMD: Fix infinite loop executing irq's (bsc#1006827). - x86/pci: VMD: Initialize list item in IRQ disable (bsc#1006827). - x86/pci: VMD: Request userspace control of PCIe hotplug indicators (bsc#1006827). - x86/pci: VMD: Select device dma ops to override (bsc#1006827). - x86/pci: VMD: Separate MSI and MSI-X vector sharing (bsc#1006827). - x86/pci: VMD: Set bus resource start to 0 (bsc#1006827). - x86/pci: VMD: Synchronize with RCU freeing MSI IRQ descs (bsc#1006827). - x86/pci: VMD: Use lock save/restore in interrupt enable path (bsc#1006827). - x86/pci/VMD: Use untracked irq handler (bsc#1006827). - x86/pci: VMD: Use x86_vector_domain as parent domain (bsc#1006827). - x86, powercap, rapl: Add Skylake Server model number (bsc#1003566). - x86, powercap, rapl: Reorder CPU detection table (bsc#1003566). - x86, powercap, rapl: Use Intel model macros intead of open-coding (bsc#1003566). - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (bnc#1005169). - zram: Fix unbalanced idr management at hot removal (bsc#1010970). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-87=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-87=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-87=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-87=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-87=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-87=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-87=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.38-93.1 kernel-default-debugsource-4.4.38-93.1 kernel-default-extra-4.4.38-93.1 kernel-default-extra-debuginfo-4.4.38-93.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.38-93.1 kernel-obs-build-debugsource-4.4.38-93.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.38-93.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.38-93.1 kernel-default-base-4.4.38-93.1 kernel-default-base-debuginfo-4.4.38-93.1 kernel-default-debuginfo-4.4.38-93.1 kernel-default-debugsource-4.4.38-93.1 kernel-default-devel-4.4.38-93.1 kernel-syms-4.4.38-93.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.38-93.1 kernel-macros-4.4.38-93.1 kernel-source-4.4.38-93.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.38-93.1 kernel-default-base-4.4.38-93.1 kernel-default-base-debuginfo-4.4.38-93.1 kernel-default-debuginfo-4.4.38-93.1 kernel-default-debugsource-4.4.38-93.1 kernel-default-devel-4.4.38-93.1 kernel-syms-4.4.38-93.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.38-93.1 kernel-macros-4.4.38-93.1 kernel-source-4.4.38-93.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_38-93-default-1-2.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.38-93.1 cluster-md-kmp-default-debuginfo-4.4.38-93.1 cluster-network-kmp-default-4.4.38-93.1 cluster-network-kmp-default-debuginfo-4.4.38-93.1 dlm-kmp-default-4.4.38-93.1 dlm-kmp-default-debuginfo-4.4.38-93.1 gfs2-kmp-default-4.4.38-93.1 gfs2-kmp-default-debuginfo-4.4.38-93.1 kernel-default-debuginfo-4.4.38-93.1 kernel-default-debugsource-4.4.38-93.1 ocfs2-kmp-default-4.4.38-93.1 ocfs2-kmp-default-debuginfo-4.4.38-93.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.38-93.1 kernel-macros-4.4.38-93.1 kernel-source-4.4.38-93.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.38-93.1 kernel-default-debuginfo-4.4.38-93.1 kernel-default-debugsource-4.4.38-93.1 kernel-default-devel-4.4.38-93.1 kernel-default-extra-4.4.38-93.1 kernel-default-extra-debuginfo-4.4.38-93.1 kernel-syms-4.4.38-93.1 References: https://www.suse.com/security/cve/CVE-2015-1350.html https://www.suse.com/security/cve/CVE-2015-8964.html https://www.suse.com/security/cve/CVE-2016-7039.html https://www.suse.com/security/cve/CVE-2016-7042.html https://www.suse.com/security/cve/CVE-2016-7425.html https://www.suse.com/security/cve/CVE-2016-7913.html https://www.suse.com/security/cve/CVE-2016-7917.html https://www.suse.com/security/cve/CVE-2016-8645.html https://www.suse.com/security/cve/CVE-2016-8666.html https://www.suse.com/security/cve/CVE-2016-9083.html https://www.suse.com/security/cve/CVE-2016-9084.html https://www.suse.com/security/cve/CVE-2016-9793.html https://www.suse.com/security/cve/CVE-2016-9919.html https://bugzilla.suse.com/1000118 https://bugzilla.suse.com/1000189 https://bugzilla.suse.com/1000287 https://bugzilla.suse.com/1000304 https://bugzilla.suse.com/1000433 https://bugzilla.suse.com/1000776 https://bugzilla.suse.com/1001169 https://bugzilla.suse.com/1001171 https://bugzilla.suse.com/1001310 https://bugzilla.suse.com/1001462 https://bugzilla.suse.com/1001486 https://bugzilla.suse.com/1001888 https://bugzilla.suse.com/1002322 https://bugzilla.suse.com/1002770 https://bugzilla.suse.com/1002786 https://bugzilla.suse.com/1003068 https://bugzilla.suse.com/1003566 https://bugzilla.suse.com/1003581 https://bugzilla.suse.com/1003606 https://bugzilla.suse.com/1003813 https://bugzilla.suse.com/1003866 https://bugzilla.suse.com/1003964 https://bugzilla.suse.com/1004048 https://bugzilla.suse.com/1004052 https://bugzilla.suse.com/1004252 https://bugzilla.suse.com/1004365 https://bugzilla.suse.com/1004517 https://bugzilla.suse.com/1005169 https://bugzilla.suse.com/1005327 https://bugzilla.suse.com/1005545 https://bugzilla.suse.com/1005666 https://bugzilla.suse.com/1005745 https://bugzilla.suse.com/1005895 https://bugzilla.suse.com/1005917 https://bugzilla.suse.com/1005921 https://bugzilla.suse.com/1005923 https://bugzilla.suse.com/1005925 https://bugzilla.suse.com/1005929 https://bugzilla.suse.com/1006103 https://bugzilla.suse.com/1006175 https://bugzilla.suse.com/1006267 https://bugzilla.suse.com/1006528 https://bugzilla.suse.com/1006576 https://bugzilla.suse.com/1006804 https://bugzilla.suse.com/1006809 https://bugzilla.suse.com/1006827 https://bugzilla.suse.com/1006915 https://bugzilla.suse.com/1006918 https://bugzilla.suse.com/1007197 https://bugzilla.suse.com/1007615 https://bugzilla.suse.com/1007653 https://bugzilla.suse.com/1007955 https://bugzilla.suse.com/1008557 https://bugzilla.suse.com/1008979 https://bugzilla.suse.com/1009062 https://bugzilla.suse.com/1009969 https://bugzilla.suse.com/1010040 https://bugzilla.suse.com/1010158 https://bugzilla.suse.com/1010444 https://bugzilla.suse.com/1010478 https://bugzilla.suse.com/1010507 https://bugzilla.suse.com/1010665 https://bugzilla.suse.com/1010690 https://bugzilla.suse.com/1010970 https://bugzilla.suse.com/1011176 https://bugzilla.suse.com/1011250 https://bugzilla.suse.com/1011913 https://bugzilla.suse.com/1012060 https://bugzilla.suse.com/1012094 https://bugzilla.suse.com/1012452 https://bugzilla.suse.com/1012767 https://bugzilla.suse.com/1012829 https://bugzilla.suse.com/1012992 https://bugzilla.suse.com/1013001 https://bugzilla.suse.com/1013479 https://bugzilla.suse.com/1013531 https://bugzilla.suse.com/1013700 https://bugzilla.suse.com/1014120 https://bugzilla.suse.com/1014392 https://bugzilla.suse.com/1014701 https://bugzilla.suse.com/1014710 https://bugzilla.suse.com/1015212 https://bugzilla.suse.com/1015359 https://bugzilla.suse.com/1015367 https://bugzilla.suse.com/1015416 https://bugzilla.suse.com/799133 https://bugzilla.suse.com/914939 https://bugzilla.suse.com/922634 https://bugzilla.suse.com/963609 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/963904 https://bugzilla.suse.com/964462 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/966186 https://bugzilla.suse.com/966191 https://bugzilla.suse.com/966316 https://bugzilla.suse.com/966318 https://bugzilla.suse.com/966325 https://bugzilla.suse.com/966471 https://bugzilla.suse.com/969474 https://bugzilla.suse.com/969475 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/969756 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/971989 https://bugzilla.suse.com/972993 https://bugzilla.suse.com/974313 https://bugzilla.suse.com/974842 https://bugzilla.suse.com/974843 https://bugzilla.suse.com/978907 https://bugzilla.suse.com/979378 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/981825 https://bugzilla.suse.com/983087 https://bugzilla.suse.com/983152 https://bugzilla.suse.com/983318 https://bugzilla.suse.com/985850 https://bugzilla.suse.com/986255 https://bugzilla.suse.com/986987 https://bugzilla.suse.com/987641 https://bugzilla.suse.com/987703 https://bugzilla.suse.com/987805 https://bugzilla.suse.com/988524 https://bugzilla.suse.com/988715 https://bugzilla.suse.com/990384 https://bugzilla.suse.com/992555 https://bugzilla.suse.com/993739 https://bugzilla.suse.com/993841 https://bugzilla.suse.com/993891 https://bugzilla.suse.com/994881 https://bugzilla.suse.com/995278 https://bugzilla.suse.com/997059 https://bugzilla.suse.com/997639 https://bugzilla.suse.com/997807 https://bugzilla.suse.com/998054 https://bugzilla.suse.com/998689 https://bugzilla.suse.com/999907 https://bugzilla.suse.com/999932 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

A simple application to access, organize and share your photos on GNOME. It is meant to be a simple and elegant replacement for using a file manager to deal with photos. Seamless cloud integration is offered through GNOME Online Accounts. Overview of changes in 3.23.4 ============================= * Bugs fixed: 690623 Port to GtkFlowBox 747123 Show GPS information in properties 763712 Use G_DECLARE_FINAL_TYPE 775700 Remove PhotosSettings 776133 GdMainView: The DnD selection counter is broken on HiDpi 776565 Crashed right after creating a new album 776670 application: Add F1 accelerator to show help * Updated translations: Catalan Icelandic Bugs: https://bugzilla.gnome.org/enter_bug.cgi?product=gnome-photos Design: https://wiki.gnome.org/Design/Apps/Photos Download: http://download.gnome.org/sources/gnome-photos/3.23/ Git: http://git.gnome.org/browse/gnome-photos Website: https://wiki.gnome.org/Apps/Photos Happy hacking, Debarshi _______________________________________________

openSUSE Security Update: Security update for openjpeg2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0185-1 Rating: important References: #1002414 #1007739 #1007740 #1007741 #1007742 #1007743 #1007744 #1007747 #1014543 #1014975 #999817 Cross-References: CVE-2016-7445 CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 CVE-2016-9572 CVE-2016-9573 CVE-2016-9580 CVE-2016-9581 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for openjpeg2 fixes the following issues: * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] * CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] * CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] * CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] * CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2017-108=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): libopenjp2-7-2.1.0-2.3.1 libopenjp2-7-debuginfo-2.1.0-2.3.1 openjpeg2-2.1.0-2.3.1 openjpeg2-debuginfo-2.1.0-2.3.1 openjpeg2-debugsource-2.1.0-2.3.1 openjpeg2-devel-2.1.0-2.3.1 References: https://www.suse.com/security/cve/CVE-2016-7445.html https://www.suse.com/security/cve/CVE-2016-8332.html https://www.suse.com/security/cve/CVE-2016-9112.html https://www.suse.com/security/cve/CVE-2016-9113.html https://www.suse.com/security/cve/CVE-2016-9114.html https://www.suse.com/security/cve/CVE-2016-9115.html https://www.suse.com/security/cve/CVE-2016-9116.html https://www.suse.com/security/cve/CVE-2016-9117.html https://www.suse.com/security/cve/CVE-2016-9118.html https://www.suse.com/security/cve/CVE-2016-9572.html https://www.suse.com/security/cve/CVE-2016-9573.html https://www.suse.com/security/cve/CVE-2016-9580.html https://www.suse.com/security/cve/CVE-2016-9581.html https://bugzilla.suse.com/1002414 https://bugzilla.suse.com/1007739 https://bugzilla.suse.com/1007740 https://bugzilla.suse.com/1007741 https://bugzilla.suse.com/1007742 https://bugzilla.suse.com/1007743 https://bugzilla.suse.com/1007744 https://bugzilla.suse.com/1007747 https://bugzilla.suse.com/1014543 https://bugzilla.suse.com/1014975 https://bugzilla.suse.com/999817 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

openSUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0182-1 Rating: important References: #1018699 #1018700 #1018701 #1018702 Cross-References: CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2017-109=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): bind-9.9.6P1-2.28.1 bind-chrootenv-9.9.6P1-2.28.1 bind-debuginfo-9.9.6P1-2.28.1 bind-debugsource-9.9.6P1-2.28.1 bind-devel-9.9.6P1-2.28.1 bind-libs-9.9.6P1-2.28.1 bind-libs-debuginfo-9.9.6P1-2.28.1 bind-lwresd-9.9.6P1-2.28.1 bind-lwresd-debuginfo-9.9.6P1-2.28.1 bind-utils-9.9.6P1-2.28.1 bind-utils-debuginfo-9.9.6P1-2.28.1 - openSUSE 13.2 (x86_64): bind-libs-32bit-9.9.6P1-2.28.1 bind-libs-debuginfo-32bit-9.9.6P1-2.28.1 - openSUSE 13.2 (noarch): bind-doc-9.9.6P1-2.28.1 References: https://www.suse.com/security/cve/CVE-2016-9131.html https://www.suse.com/security/cve/CVE-2016-9147.html https://www.suse.com/security/cve/CVE-2016-9444.html https://bugzilla.suse.com/1018699 https://bugzilla.suse.com/1018700 https://bugzilla.suse.com/1018701 https://bugzilla.suse.com/1018702 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

CentOS Errata and Security Advisory 2017:0063 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0063.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a5e9d904f5d3b760438b3d50e40a99abf24f2a83ac43333072a1362c0f61186a bind-9.8.2-0.47.rc1.el6_8.4.i686.rpm c88b96127401b4a73d7fb4260d284bcfe50cec45215e4b3b97a50e27db5a8742 bind-chroot-9.8.2-0.47.rc1.el6_8.4.i686.rpm e24be65343576a042a8a0b567f35bcf7a68314ceaa9698c045a9aeb226043c29 bind-devel-9.8.2-0.47.rc1.el6_8.4.i686.rpm 21ba0901191dee2ca1764921a0932245005edb3fab4b12d47c21dffabe8124ba bind-libs-9.8.2-0.47.rc1.el6_8.4.i686.rpm fe720e84cf035fed2e6bc1dff1f81a57e1f77d65aa0cc99428a282518cceabbc bind-sdb-9.8.2-0.47.rc1.el6_8.4.i686.rpm 04b878f0bd69fc813a575b48d268480e1ec8230a0e78fdc14e44ae312a777e54 bind-utils-9.8.2-0.47.rc1.el6_8.4.i686.rpm x86_64: 135d88035e507920bc4d63a49af67cc28fba5d59b15851652e67a5e4771b27b6 bind-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm 6b173a9d942a21163cfd200bcf2687660d00201a5af79bfa5a48f8951e9381f4 bind-chroot-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm e24be65343576a042a8a0b567f35bcf7a68314ceaa9698c045a9aeb226043c29 bind-devel-9.8.2-0.47.rc1.el6_8.4.i686.rpm ec3b537c771895846e6046ccefe92ef6342fca039ce7a58a5e0a6df40ed9b472 bind-devel-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm 21ba0901191dee2ca1764921a0932245005edb3fab4b12d47c21dffabe8124ba bind-libs-9.8.2-0.47.rc1.el6_8.4.i686.rpm cbc4ec06b260f3201e0ff37718fd618cf2053f107f94d2206be41e1782961b0c bind-libs-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm 7c171bfb67e8e22ab4bbff74032892ec381e5936191633f75af8534734966b47 bind-sdb-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm 38fbafe72a6c6bc0acf4f1ddbfe648227e2bd05d558fc8adb848f8a3b2ab76f9 bind-utils-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm Source: a48d7e57f50030bad2b2574c73e1060decb61eb2d11abf917876ac792efce6da bind-9.8.2-0.47.rc1.el6_8.4.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos ( -at -) irc.freenode.net Twitter: ( -at -) JohnnyCentOS _______________________________________________

be quiet! Pure Base 600 Chassis review ------------------------------------------------------------ http://us2.campaign-archive1.com/?u=bfb2b902b5fb045ad6f841f98&id=5591b63880&e=872093acb5 http://www.kitguru.net be quiet! Pure Base 600 Chassis review The Germans have gone budget. be quiet! has launched its new Pure Base 600 case as an entry-level model that sits below the Silent Base and Dark Base cases we saw in 2016 and 2017. As you will see in our video, our initial impressions were a bit … glum. There are no windows and certainly no tempered glass, so basically you get a black box that looks a bit plasticky. Pull off the two side panels and the interior is an open design without a power supply cover where it appears that everything is on show and there are few features of interest. You can see the optical drive bay housing and the three separate hard drive bays but perhaps the most exciting thing is the inclusion of two Pure Wings 2 fans, 140mm at front and 120mm at the rear. At this stage in the game KitGuru was ready to throw in the towel and award the Pure Base 600 a ‘Dull but Nice’ award and move on to the next review. Happily we persevered which is just as well as we nearly missed a trick or two. Read the review here: http://www.kitguru.net/components/cases/leo-waldock/be-quiet-pure-base-600-chassis-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend1.com/forward?u=bfb2b902b5fb045ad6f841f98&id=5591b63880&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.

TITLE: GIGABYTE GTX 1050 Ti OC Review ( -at -) Vortez CONTENT: Today we focus our attention on the GIGABYTE camp and what they have to offer in the GTX 1050 Ti OC. As the name suggests, this graphics card arrives with a factory overclock - featuring a small boost to the GPU clock speed. GTX 1050 Ti OC also benefits from a small footprint allowing it to squeeze into small builds and its dependence on PCI-slot power means this could be a great upgrade for many with an aging PC. LINK: http://www.vortez.net/review.php?id=1258 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.

** APC Back-UPS Pro 900 ------------------------------------------------------------ ** PC Review take a look at the APC Back-UPS Pro 900, a reasonably priced uninterruptible power supply aimed at small servers and PCs : ------------------------------------------------------------ "After two lightning strikes knocked out power at our house, followed by several power breaker failures, we thought it was worthwhile investing in a UPS. We use RAID to protect against drive failures and the cost of protecting against another power failure seemed like a good investment. The idea behind a UPS is that you seamlessly switch power to internal batteries when mains power fails, but also signal that power has been lost and how much battery time remains. For example, you may tell a server to power down gracefully when there is 10 minutes of UPS battery time remaining. You also gain some protection from surges and spikes, which may protect against damage during lightning strikes." Read the review here: http://pcreview.us3.list-manage.com/track/click?u=7cab8f90ba035d40ae23be725&id=5118b07d33&e=09ef9e32f2 APC Back-UPS Pro 900 ============================================================ Copyright © 2017 PC Review, All rights reserved.

CentOS Errata and Security Advisory 2017:0063 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0063.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 476cd5104692bcf026b6db800aeecff31c5600f3d64fac08084c3d61853f0645 bind-9.3.6-25.P1.el5_11.12.i386.rpm d526c2176aed4fee687f110fe8d892bcc553bcb1a756fb0cafd8b90643723a92 bind-chroot-9.3.6-25.P1.el5_11.12.i386.rpm f021b8dcca512def5daf9030caa562d29d25722c9537880d57cb2810dfb2e18b bind-devel-9.3.6-25.P1.el5_11.12.i386.rpm 4ed7fef04663dd5698df65b8330f761f8b3baf4d6f0d9724dc805c490f99a075 bind-libbind-devel-9.3.6-25.P1.el5_11.12.i386.rpm 355bc4519a8e4407a58c6ff57f9f73aa0f0e58a5c387ddebb2b501d203d717fd bind-libs-9.3.6-25.P1.el5_11.12.i386.rpm c39fde90b9dae40891146c07e22fa86efa67b1b7c3398342a02e3f4e8a00efd7 bind-sdb-9.3.6-25.P1.el5_11.12.i386.rpm 1a0aac18b38c02f92d46679e1bf597c34736ebb52babe608db6a027cd33dbfa2 bind-utils-9.3.6-25.P1.el5_11.12.i386.rpm a0e4df6c9c9a8e71ba271a273499f89ad8711f526e6e3f96d12cc3f975916802 caching-nameserver-9.3.6-25.P1.el5_11.12.i386.rpm x86_64: e82197a8f8b22b38fc714a1d11ef84cea29dfefef9eb54ad294922f720b8c3ef bind-9.3.6-25.P1.el5_11.12.x86_64.rpm ad683a24813a69d495ae71e5894b85de01414773b793ed916b36bb522b7c2342 bind-chroot-9.3.6-25.P1.el5_11.12.x86_64.rpm f021b8dcca512def5daf9030caa562d29d25722c9537880d57cb2810dfb2e18b bind-devel-9.3.6-25.P1.el5_11.12.i386.rpm a2870ab0a9bafe00d644546d951804d9953534de6a236253585367d512122fbf bind-devel-9.3.6-25.P1.el5_11.12.x86_64.rpm 4ed7fef04663dd5698df65b8330f761f8b3baf4d6f0d9724dc805c490f99a075 bind-libbind-devel-9.3.6-25.P1.el5_11.12.i386.rpm 7a2b25aa3226c64f5f454da3e3d52672a0e8da89fd38b7c614384266097d576c bind-libbind-devel-9.3.6-25.P1.el5_11.12.x86_64.rpm 355bc4519a8e4407a58c6ff57f9f73aa0f0e58a5c387ddebb2b501d203d717fd bind-libs-9.3.6-25.P1.el5_11.12.i386.rpm 0e1b85f2a746ce8a8548c3d22aa78a559cc75c7ff790a0169b2692a0132809b8 bind-libs-9.3.6-25.P1.el5_11.12.x86_64.rpm 1b15168ef3f4846baded7033e5184b6abfd24ed88bf5591d54b52b583bfcdb2e bind-sdb-9.3.6-25.P1.el5_11.12.x86_64.rpm 0f02b6e4925d97a6451bf2c4edc99b0d9d4f4c1757cd7403c9986fb2bfd61f7d bind-utils-9.3.6-25.P1.el5_11.12.x86_64.rpm 77ed878e16195d8314c9c2f95a4ba84a6d87254813d1abe517233f36b6b637cf caching-nameserver-9.3.6-25.P1.el5_11.12.x86_64.rpm Source: 897436d4f721c68e17038d55daac3947493f08a294a15a92cb211ac16c9a1605 bind-9.3.6-25.P1.el5_11.12.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos ( -at -) irc.freenode.net Twitter: JohnnyCentOS _______________________________________________