Jump to content
Compatible Support Forums

news

Members
 View Profile  See their activity

  • Content count

    80899

  • Joined

  • Last visited

    Never

  • Days Won

    18

Everything posted by news

  1. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2017:0062-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0062.html Issue date: 2017-01-16 CVE Names: CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9131) * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) * A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9444) Red Hat would like to thank ISC for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1411348 - CVE-2016-9131 bind: assertion failure while processing response to an ANY query 1411367 - CVE-2016-9147 bind: assertion failure while handling a query response containing inconsistent DNSSEC information 1411377 - CVE-2016-9444 bind: assertion failure while handling an unusually-formed DS record response 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.9.4-38.el7_3.1.src.rpm noarch: bind-license-9.9.4-38.el7_3.1.noarch.rpm x86_64: bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-9.9.4-38.el7_3.1.i686.rpm bind-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.1.i686.rpm bind-libs-lite-9.9.4-38.el7_3.1.x86_64.rpm bind-utils-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.9.4-38.el7_3.1.x86_64.rpm bind-chroot-9.9.4-38.el7_3.1.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-devel-9.9.4-38.el7_3.1.i686.rpm bind-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.1.i686.rpm bind-lite-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.9.4-38.el7_3.1.src.rpm noarch: bind-license-9.9.4-38.el7_3.1.noarch.rpm x86_64: bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-9.9.4-38.el7_3.1.i686.rpm bind-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.1.i686.rpm bind-libs-lite-9.9.4-38.el7_3.1.x86_64.rpm bind-utils-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bind-9.9.4-38.el7_3.1.x86_64.rpm bind-chroot-9.9.4-38.el7_3.1.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-devel-9.9.4-38.el7_3.1.i686.rpm bind-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.1.i686.rpm bind-lite-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bind-9.9.4-38.el7_3.1.src.rpm aarch64: bind-9.9.4-38.el7_3.1.aarch64.rpm bind-chroot-9.9.4-38.el7_3.1.aarch64.rpm bind-debuginfo-9.9.4-38.el7_3.1.aarch64.rpm bind-libs-9.9.4-38.el7_3.1.aarch64.rpm bind-libs-lite-9.9.4-38.el7_3.1.aarch64.rpm bind-pkcs11-9.9.4-38.el7_3.1.aarch64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.aarch64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.aarch64.rpm bind-utils-9.9.4-38.el7_3.1.aarch64.rpm noarch: bind-license-9.9.4-38.el7_3.1.noarch.rpm ppc64: bind-9.9.4-38.el7_3.1.ppc64.rpm bind-chroot-9.9.4-38.el7_3.1.ppc64.rpm bind-debuginfo-9.9.4-38.el7_3.1.ppc.rpm bind-debuginfo-9.9.4-38.el7_3.1.ppc64.rpm bind-libs-9.9.4-38.el7_3.1.ppc.rpm bind-libs-9.9.4-38.el7_3.1.ppc64.rpm bind-libs-lite-9.9.4-38.el7_3.1.ppc.rpm bind-libs-lite-9.9.4-38.el7_3.1.ppc64.rpm bind-utils-9.9.4-38.el7_3.1.ppc64.rpm ppc64le: bind-9.9.4-38.el7_3.1.ppc64le.rpm bind-chroot-9.9.4-38.el7_3.1.ppc64le.rpm bind-debuginfo-9.9.4-38.el7_3.1.ppc64le.rpm bind-libs-9.9.4-38.el7_3.1.ppc64le.rpm bind-libs-lite-9.9.4-38.el7_3.1.ppc64le.rpm bind-pkcs11-9.9.4-38.el7_3.1.ppc64le.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.ppc64le.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.ppc64le.rpm bind-utils-9.9.4-38.el7_3.1.ppc64le.rpm s390x: bind-9.9.4-38.el7_3.1.s390x.rpm bind-chroot-9.9.4-38.el7_3.1.s390x.rpm bind-debuginfo-9.9.4-38.el7_3.1.s390.rpm bind-debuginfo-9.9.4-38.el7_3.1.s390x.rpm bind-libs-9.9.4-38.el7_3.1.s390.rpm bind-libs-9.9.4-38.el7_3.1.s390x.rpm bind-libs-lite-9.9.4-38.el7_3.1.s390.rpm bind-libs-lite-9.9.4-38.el7_3.1.s390x.rpm bind-utils-9.9.4-38.el7_3.1.s390x.rpm x86_64: bind-9.9.4-38.el7_3.1.x86_64.rpm bind-chroot-9.9.4-38.el7_3.1.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-9.9.4-38.el7_3.1.i686.rpm bind-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.1.i686.rpm bind-libs-lite-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.x86_64.rpm bind-utils-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: bind-debuginfo-9.9.4-38.el7_3.1.aarch64.rpm bind-devel-9.9.4-38.el7_3.1.aarch64.rpm bind-lite-devel-9.9.4-38.el7_3.1.aarch64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.aarch64.rpm bind-sdb-9.9.4-38.el7_3.1.aarch64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.aarch64.rpm ppc64: bind-debuginfo-9.9.4-38.el7_3.1.ppc.rpm bind-debuginfo-9.9.4-38.el7_3.1.ppc64.rpm bind-devel-9.9.4-38.el7_3.1.ppc.rpm bind-devel-9.9.4-38.el7_3.1.ppc64.rpm bind-lite-devel-9.9.4-38.el7_3.1.ppc.rpm bind-lite-devel-9.9.4-38.el7_3.1.ppc64.rpm bind-pkcs11-9.9.4-38.el7_3.1.ppc64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.ppc.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.ppc64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.ppc.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.ppc64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.ppc64.rpm bind-sdb-9.9.4-38.el7_3.1.ppc64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.ppc64.rpm ppc64le: bind-debuginfo-9.9.4-38.el7_3.1.ppc64le.rpm bind-devel-9.9.4-38.el7_3.1.ppc64le.rpm bind-lite-devel-9.9.4-38.el7_3.1.ppc64le.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.ppc64le.rpm bind-sdb-9.9.4-38.el7_3.1.ppc64le.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.ppc64le.rpm s390x: bind-debuginfo-9.9.4-38.el7_3.1.s390.rpm bind-debuginfo-9.9.4-38.el7_3.1.s390x.rpm bind-devel-9.9.4-38.el7_3.1.s390.rpm bind-devel-9.9.4-38.el7_3.1.s390x.rpm bind-lite-devel-9.9.4-38.el7_3.1.s390.rpm bind-lite-devel-9.9.4-38.el7_3.1.s390x.rpm bind-pkcs11-9.9.4-38.el7_3.1.s390x.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.s390.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.s390x.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.s390.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.s390x.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.s390x.rpm bind-sdb-9.9.4-38.el7_3.1.s390x.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.s390x.rpm x86_64: bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-devel-9.9.4-38.el7_3.1.i686.rpm bind-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.1.i686.rpm bind-lite-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.9.4-38.el7_3.1.src.rpm noarch: bind-license-9.9.4-38.el7_3.1.noarch.rpm x86_64: bind-9.9.4-38.el7_3.1.x86_64.rpm bind-chroot-9.9.4-38.el7_3.1.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-9.9.4-38.el7_3.1.i686.rpm bind-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.1.i686.rpm bind-libs-lite-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.x86_64.rpm bind-utils-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-devel-9.9.4-38.el7_3.1.i686.rpm bind-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.1.i686.rpm bind-lite-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9131 https://access.redhat.com/security/cve/CVE-2016-9147 https://access.redhat.com/security/cve/CVE-2016-9444 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01439 https://kb.isc.org/article/AA-01440 https://kb.isc.org/article/AA-01441 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfGyBXlSAg2UNWIIRAg/SAJ45ecczuo+Yuzc0OahM8IomRC9MXgCfVOUh wNFq3vjHxvFyLC9ylB2kwIk= =wIRr -----END PGP SIGNATURE----- --
  2. news
    We have posted a new evolving technology report!! ------------------------------------------------------------ http://us7.campaign-archive1.com/?u=3d9b6193ffd32dd60e84fc74b&id=44f5b6924d&e=1230c2ab07 http://technologyx.us7.list-manage1.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=eae6335262&e=1230c2ab07 TITLE: Ring Pro Doorbell User Review - You Have Got to See This LINK: http://technologyx.us7.list-manage.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=156d572006&e=1230c2ab07 PHOTO: http://technologyx.us7.list-manage.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=ec0593e087&e=1230c2ab07 INFO: There comes a point when we all start thinking about turning our home into a smart home. Clap, Clap! In our circumstance, our home based business receives countless parcels weekly and being able to communicate with the courier was an ideal thought. Now, being the typical “I can do anything’ home renovation spe[censored]t, this couldn’t mean a simple replacement of a door lock. Oh no… complete door, Ring Pro Doorbell, Ring Pro Chime and Weiser Kevo BT Lock. Take a look! This initial report comprises our Ring Pro Doorbell Review. Now the wife wasn’t impressed that I had to accomplish this with only days to Christmas to say the least. That was until we caught this on video… Yes that is me. Ouch!! “Now that’s worth it†she said before posting the video on social media! _________________________________________________________________________________________
  3. news
    We have posted a new evolving technology report!! ------------------------------------------------------------ http://us7.campaign-archive1.com/?u=3d9b6193ffd32dd60e84fc74b&id=6dbe861389&e=1230c2ab07 http://technologyx.us7.list-manage.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=7e89f3e6f7&e=1230c2ab07 TITLE: Amazon Echo Review - The Canadian Perspective LINK: http://technologyx.us7.list-manage.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=d27e41c431&e=1230c2ab07 PHOTO: http://technologyx.us7.list-manage.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=f0c6246699&e=1230c2ab07 INFO: Alexa is an Amazon Echo (http://technologyx.us7.list-manage.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=faf703136d&e=1230c2ab07) and wakes me each and every morning with the voices of Jeremy Clarkson and the Grand Tour team getting gradually louder…and it works. “Wake up. Wake Up. Wake up. Wake Up!!†To be quite frank, this Amazon Echo (http://technologyx.us7.list-manage2.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=80d461b76b&e=1230c2ab07) feature alone is worth the price, but it is such a small part of what the Echo is capable of. Apply identified as a Digital Personal Assistant, the Echo wakes when you call her name (Alexa), listens to your question, throws it out to the internet and has the answer…seconds later. But wait, it can also work with smart devices in your home (no more clap clap!), play music from your music library, radio stations, connect to your smartphone for use and music, play games, get you recipes, sing ‘Happy Birthday’, work as a timer, get you the weather, tell you traffic conditions, tell you the time…and on and on and on. It’s uses, actually, are virtually unlimited…unless you are Canadian. _________________________________________________________________________________________
  4. news
    Title: Canary Smart Home Security Device Review ( -at -) NikKTech Description: With the Canary All-In-One Smart Home Security Device you're not only getting a Full HD 1080p security camera with night-vision mode and a motion sensor but also a device that records on the cloud with AES-256bit encryption, arms-disarms itself based on whether or not you're there, analyzes the quality of the air around it and can even alert emergency services. Article Link: http://www.nikktech.com/main/articles/security/security-systems/7368-canary- smart-home-security-device-review Image Link: http://www.nikktech.com/main/images/pics/reviews/canary/canary_smart_securit y/canaryb.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas
  5. news
    Title: Canary Smart Home Security Device Review ( -at -) NikKTech Description: With the Canary All-In-One Smart Home Security Device you're not only getting a Full HD 1080p security camera with night-vision mode and a motion sensor but also a device that records on the cloud with AES-256bit encryption, arms-disarms itself based on whether or not you're there, analyzes the quality of the air around it and can even alert emergency services. Article Link: http://www.nikktech.com/main/articles/security/security-systems/7368-canary- smart-home-security-device-review Image Link: http://www.nikktech.com/main/images/pics/reviews/canary/canary_smart_securit y/canaryb.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas
  6. news

    ANNOUNCE: glibmm 2.51.1.2

    news posted a topic in Upcoming News

    *** glibmm: glibmm 2.52 wraps glib 2.52 glibmm 2.52 is a version of the glibmm-2.52 API. It installs in parallel with the gtkmm-2.4 API/ABI, of which the most recent version is glibmm 2.50. http://www.gtkmm.org *** Changes 2.51.1.2 (unstable): Distro packagers should probably not package this yet. Glib: * Remove some deprecated API  (Kjell Ahlstedt) * Variant: Remove the string specializations of cast_dynamic.  (Kjell Ahlstedt) * Glib::VariantType: Add get_item_types(), removing first() and  next().  (Kjell Ahlstedt) Bug #775741 Gio: * init(): Set the global locale.  (Kjell Ahlstedt) Bug #661588 * ActionBase: get_state_hint_variant() now returns VariantContainerBase.  (Kjell Ahlstedt) * ActionMap: add_action_with_parameter(): Register the parameter type,  to make this work.  (Daniel Boles) Bug #774444 * ActionResult: Add is_tagged_vfunc().  (Kjell Ahlstedt) * Glib::Dispatcher: Implement the pimpl idiom  (Kjell Ahlstedt) Bug #651942 * File, FileInfo, FileIOStream, FileOutputStream: Use Glib::ustring for  (UTF-8) file attributes of string type.  (Kjell Ahlstedt) Bug #615950 * NetworkMonitor: Derive from Gio::Initable.  (Kjell Ahlstedt) * RemoteActionGroup: Rename some vfuncs to add _full().  (Murray Cumming) Documentation: * ActionMap:  - ActivateSlot: Mention add_action_bool().  - ActivateWithParameterSlot: Be more specific.  (Daniel Boles) Bug #774444 Build: * Update the Visual Studio project files.  (Chun-wei Fan) * Some minor cppcheck fixes.  (Murray Cumming) 2.51.1.1 (unstable): General: * Remove no_default_handler in some _WRAP_SIGNAL()s  This allows application developers to simply override  the default on_*() signal handlers for these signals too,  as they can already with most other signals.  If you are using, for instance, the -Wsuggest-override  compiler option, watch out for new compiler warnings suggesting  that your existing signal handler should now be marked with the  override keyword - that means you should do so but you should  also stop connecting the signal handler in your code.  (Kjell Ahlstedt) * Build: examples/Makefile.am: Re-insert the dispatcher examples  (Kjell Ahlstedt) Glib: * Dispatcher: Don't cast a HANDLE to an int on Windows.  (Kjell Ahlstedt) Bug #772074 * ObjectBase:  - Remove connect_property_changed_with_return()  and let connect_property_changed() return a sigc::connection.  (Kjell Ahlstedt)  - Use std::forward_list for interface class pointers.  (Kjell Ahlstedt)  - Replace extra_object_base_data map by instance data.  (Kjell Ahlstedt) * ObjectBase: overload get_property().  (Marcin Kolny) * Main, IOSource: autodeduce type of fd field.  (Marcin Kolny) Bug #770274 * Settings: Add property_settings_schema(), and update  signal_changed().  (Kjell Ahlstedt) * Settings: Make set_enum() + set_flags() usable  (djb) Bug #774647 * SettingsSchemaKey: Add missing value/range methods  (Daniel Boles) Bug #774903 * SignalProxyNormal: Remove connect_() and connect_notify_(),  adding connect_impl().  (Kjell Ahlstedt) * Rename SignalProxyDetailed to SignalProxyDetailedBase, and  SignalProxyDetailedAnyType to SignalProxyDetailed.  Remove SignalProxyDetailed# aliases (# = 0..6).  (Kjell Ahlstedt) * Source: Replace extra_source_data by instance data.  (Kjell Ahlstedt) Bug #561885 Gio: * ActionMap::add_action_vfunc(): Const correction.  (Murray Cumming) * Application: Add dbus_register/unregister_vfunc.  (Ritesh Khadgaray, Kjell Ahlstedt) Bug #762191 * Menu: insert/prepend/add_item(): Const correction.  (Murray Cumming) * MenuAttributeIter: get_value(): Const correction.  (Murray Cumming) * MenuModel: get_item_atribute(): const correction.  (Murray Cumming) * RemoteActionGroup: Derive from Gio::ActionGroup.  (Murray Cumming) Gio::Dbus: * Proxy: Fix memory leak in get_cached_property_names().  (Kjell Ahlstedt) Bug #775210 * Proxy: Derive from (and implement) Gio::DBus::Interface.  (Murray Cumming) -- Murray Cumming murrayc ( -at -) murrayc.com www.murrayc.com _______________________________________________
  7. news

    ANNOUNCE: gtkmm 3.89.2

    news posted a topic in Upcoming News

    *** gtkmm gtkmm 3.89 wraps GTK+ 3.89. It will become gtkmm 4.0, wrapping GTK+ 4.0. It is a version of the gtkmm-4.0 API. It installs in parallel with gtkmm-3.0. gtkmm stays in-sync with gtk+ by (mostly) following the official GNOME release schedule: http://www.gnome.org/start/unstable/ http://www.gtkmm.org *** Changes 3.89.2: (unstable) Distro packagers should probably not package this yet. Gtk: * Application: Set the global locale.  (Kjell Ahlstedt) Bug #661588 * CellArea, CellRenderer, CheckMenuItem: Remove render functions.  (Kjell Ahlstedt) * CellView: Remove Remove property_background(),  property_background_rgba() and property_background_set(),  and set_background_rgba().  (Kjell Ahlstedt) * Container:  - forall_vfunc(): Take a sigc::slot instead of a function pointer.  - get_child_property_vfunc() and set_child_property_vfunc(): Take     Gtk::Widget* and Glib::ValueBase& instead of GtkWidget* and GValue*.  - Add get_path_for_child_vfunc().  (Kjell Ahlstedt) Bug #670204 * IconInfo: Rename load_symbolic(context) to load_symbolic_for_context().  (Kjell Ahlstedt) * LevelBar: Implement the Orientable interface.  (Kjell Ahlstedt) * PlacesSidebar: signal_populate_popup(): Change Menu* parameter  to Container*.  (Kjell Ahlstedt) * RecentChooser: get_recent_manager_vfunc(): Fix refcounting.  (Kjell Ahlstedt) * Scrollable: Add get_border_vfunc().  (Kjell Ahlstedt) * ToolBar: Implement the Orientable interface.  (Kjell Ahlstedt) * ToolShell: Add some vfuncs and make most others const.  (Kjell Ahlstedt) * StyleContext:  - Remove set/get_junction_sides().  - Remove get_background_color() and     get_border_color().  (Kjell Ahlstedt) * TextView: signal_populate_popup(): Change Menu* parameter  to Container*.  (Kjell Ahlstedt) * TreeIter: Make a real const_iterator.  (Kjell Ahlstedt) Bug #134520 * TreeModelFilter, TreeModelSort: Add const method overloads.  (Kjell Ahlstedt) Bug #134520 * TreeSelection: Add const versions of get_selected().  (Kjell Ahlstedt) Bug #94742 * TreeView: Remove get_bin_window().  (Kjell Ahlstedt) * TreeRow, TreeNodeChilren: Make real const versions.  (Kjell Ahlstedt) Bug #134520 * ViewPort: Remove get_bin_window() and get_view_window().  (Kjell Ahlstedt) * Widget:  - Remove get_style_property_value().  (Kjell Ahlstedt)  - Add set_margin().  - Remove get_preferred_height_for_width() that takes a baseline.  (Murray Cumming) Gdk: * Device: Remove grab() and ungrab().  (Kjell Ahlstedt) * DeviceManager: Remove list_devices(). * Display:  - Add is_composited() and is_rgba().  - Remove get_device_manager().  (Kjell Ahlstedt) * Add DrawContext.  (Kjell Ahlstedt) * DrawingContext: Add get_paint_context() and property_paint_context().  (Kjell Ahlstedt) * GLContext:  - Derive from DrawContext.  - Add get_damage().  - Remove property_display() and property_window(), which are moved to     DrawContext.  (Kjell Ahlstedt) * Pixbuf: Remove create_from_inline(). Remove non-const  versions of save() and save_to_buffer().  (Kjell Ahlstedt) * Window:  - begin_draw_frame(): Add (optional) context.  - Remove ensure_native() and reparent().  (Murray Cumming) General: * Fix some cppcheck issues.  (Murray Cumming) * Use Cairo::make_refptr_for_instance().  (Murray Cumming) -- Murray Cumming murrayc ( -at -) murrayc.com www.murrayc.com _______________________________________________
  8. news
    ------------------------------------------------------------ http://us7.campaign-archive1.com/?u=406e963590798a4aa1eab5f99&id=d8b05c739e&e=2c7a1c459a Dear News Affiliates, Custom PC Review recently published article(s) your readers may enjoy. We’d appreciate it if you could share it with them. Title: Review: Audioengine HD3 Premium Powered Desktop Speakers (http://custompcreview.us7.list-manage.com/track/click?u=406e963590798a4aa1eab5f99&id=4cff9bd348&e=2c7a1c459a) Excerpt: "When it comes to premium desktop computer speakers, few manufacturers on the market match the level of Audioengine when it comes to sound quality. Over the years, we’ve had the opportunity to review the Audioengine A2+ and the Audioengine A5+ which were outstanding speakers that are simply unmatched by other computer speaker manufacturers..." Thank you for your support, -- Sam Chen -- Editor-in-Chief -- Custom PC Review -- http://custompcreview.us7.list-manage.com/track/click?u=406e963590798a4aa1eab5f99&id=100131d47f&e=2c7a1c459a (http://custompcreview.us7.list-manage.com/track/click?u=406e963590798a4aa1eab5f99&id=a91c145959&e=2c7a1c459a)
  9. news
    Package : icedove Version : 45.6.0-2 CVE ID : CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple vulnerabilities may lead to the execution of arbitrary code, data leakage or bypass of the content security policy. For Debian 7 "Wheezy", these problems have been fixed in version 45.6.0-2. We recommend that you upgrade your icedove packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
  10. news

    Wine release 2.0-rc5

    news posted a topic in Upcoming News

    The Wine development release 2.0-rc5 is now available. What's new in this release (see below for details): - Bug fixes only, we are in code freeze. The source is available from the following locations: http://dl.winehq.org/wine/source/2.0/wine-2.0-rc5.tar.bz2 http://mirrors.ibiblio.org/wine/source/2.0/wine-2.0-rc5.tar.bz2 Binary packages for various distributions will be available from: http://www.winehq.org/download You will find documentation on http://www.winehq.org/documentation You can also get the current source directly from the git repository. Check http://www.winehq.org/git for details. Wine is available thanks to the work of many people. See the file AUTHORS in the distribution for the complete list. ---------------------------------------------------------------- Bugs fixed in 2.0-rc5 (total 28): 7372 Can't copy and paste between native apps (e.g., Open Office, Firefox, Gimp) and some Wine apps (affects Dreamweaver, Photoshop, Powerpoint, Excel) 9875 moving dialogs shows artifacts on window behind it 11835 Adobe Acrobat Pro 6 / Acrobat Reader 6.01 -- Comments don't work 11847 Adobe Acrobat Pro 6 / Acrobat Reader 6.01 -- How To window does not work 15845 Silverlight configuration tab "Application storage" causes freeze (while iterating isolated storage) 16528 RAdmin Send Message Feature Doesn't Work 29832 Mario Forever crashes 30355 DVDSubEdit 1.52 crashes on startup, broken TBM_SETRANGEMAX handling 33066 resident evil 6 pc benchmark Black screen 33860 Visual Web Developer Express 2008 displays only "file system" in Browse window 34465 process hacker 2.31 crashes in toolbar code 36187 valgrind shows lots of warnings for comctl32/tests/listview.c when running in a virtual desktop 36554 valgrind shows a definite leak in ieframe/tests/intshcut.c 37458 Regedit: Left click on a selected key activates renaming mode 37576 Google Sketchup 7 and 8: 2D Drawing File Export Broken 37762 Runaway & Runaway 2: wrong colors 38030 Adobe Lightroom 5.7 - Classic window dialog size increase at each opening 38216 Wrong screen in Civilization V 38449 valgrind shows a couple leaks in shell32/tests/shelldispatch.c test_namespace() 38847 valgrind shows a definite leak in winmm/tests/wave.c 39905 Ogar Server crashes while starting 40537 ddraw:ddraw1 causes Windows XP to crash 41058 Absent model in 3d scene in [censored]yBeach3 game 41188 Trove game wants msvcp140.dll._Cnd_init_in_situ 42009 Mentor Graphics DK Design Suite crashes on clipboard copy 42067 Disney Universe doesn't scale gamescreen properly 42110 regression: commit "xinput1_3 prefer builtin dll" aliens versus predator classic 2000 (steam) fails to launch 42194 Magic: The Gathering Online 4.0 fails to connect to login server ---------------------------------------------------------------- Changes since 2.0-rc4: Alexandre Julliard (4): winex11: Merge reading the selection data into the conversion function. winex11: Don't update the clipboard if the X11 selection hasn't changed. winex11: Periodically check for selection changes using a timer. winex11: Add basic support for importing text/html clipboard format. Andrew Eikum (1): quartz: Don't write past end of d3d9 buffer. Anton Romanov (1): ws2_32: Ignore IPV6_V6ONLY setsockopt for AF_INET sockets. Fabian Maurer (1): riched20: Check for NULL in fnTextSrv_TxSetText and add test. François Gouget (27): winapi: Add support for DECLSPEC_HOTPATCH function declarations. winapi: Add some more __stdcall synonyms. kernel32/tests: A couple of spelling fixes in ok() messages. taskschd/tests: Fix a couple of ITriggerCollection ok() messages. cmd/tests: A spelling fix in a comment. hlink/tests: Add a trailing '\n' to an ok() call. user32/tests: A spelling fix in a comment. wined3d: Make some functions static. dxgi/tests: Some spelling fixes in ok() messages. ddraw/tests: Spelling fixes in a few comments. dxgi: Make wined3d_scanline_ordering_from_dxgi() static. qcap/tests: A spelling fix in an ok() message. d3dx9_36/tests: Make test_texture_shader() static. gdiplus: Make some GdipDraw*Path() functions static. xmllite: A spelling fix in a comment. msi: Make reg_get_{multi}sz() static. msi/tests: A spelling fix in a variable name. quartz: A couple of spelling fixes in comments. explorerframe: A spelling fix in a comment. dinput: Spelling and case fixes in comments. regedit: Make output_writeconsole() static. riched20: A spelling fix in a comment. mshtml/tests: Some spelling fixes in comments. jscript: Make scope_push() static. usp10: A spelling fix in a comment. imm32/tests: A spelling fix in an ok() message. msacm32/tests: Make acm_driver_func() static. Henri Verbeet (5): wined3d: Fully initialise "settings" in wined3d_ffp_get_vs_settings(). ddraw/tests: Try to avoid killing the Intel (kernel) driver. wined3d: Use winediag for the backbuffer offscreen rendering message. wine.inf: Add Dynamic DST data for Asia/Tehran. ddraw: Set the swapchain palette in ddraw_create_swapchain(). Hugh McMaster (1): regedit: Only allow key renaming via the Edit or Popup menus. Huw D. M. Davies (3): dxgi/tests: Fix test failure on Windows 7. dmime/tests: Skip the tests if InitAudio fails for any reason. advapi32/tests: Update ACE registry tests with Windows 10 values. Jacek Caban (2): secur32/tests: Use importlib for functions available since Windows XP. secur32: Don't change input buffer in InitializeSecurityContext. Józef Kucia (13): wined3d: Update "screen_format" when ChangeDisplaySetting[censored]() call is redundant. ddraw/tests: Add test for display mode surface pixel format. d3d8/tests: Add more tests for UnlockRect(). d3d9/tests: Add more tests for UnlockRect(). d3d8: Return D3D_OK from UnlockRect() for not locked textures. d3d9: Return D3D_OK from UnlockRect() for not locked textures. ddraw/tests: Fix compilation on systems that don't support nameless unions. d3d11/tests: Fix compilation on systems that don't support nameless unions. d3d8/tests: Make the window client rect match the d3d swapchain size. d3d10core/tests: Port test_depth_stencil_sampling() from d3d11. d3d8/tests: Remove redundant state setting calls. d3d9/tests: Accept 64-bit Windows FPU setup behavior. d3d9: Avoid '\n' in middle of TRACE() message. Ken Thomases (6): winemac: Change some clipboard functions to void return. winemac: Don't update the clipboard if the Mac pasteboard hasn't changed. winemac: Periodically check for pasteboard changes using a timer. winemac: Add basic support for importing the public.html pasteboard format. winemac: Export HTML Format clipboard data to the public.html pasteboard type. winemac: Ignore an additional expected error in the clipboard pipe communication code. Louis Lenders (1): advapi32: Spelling fix in comment. Michael Cronenworth (1): wined3d: Add Iris Haswell PCI ids and descriptions. Michael Stefaniuc (1): po: Update the Romanian translation. Nikolay Sivov (8): shell32/tests: Some tests for ExtractIcon(). shell32/tests: Some tests for ExtractAssociatedIcon(). comctl32/tests: Call appropriate default procedure for parent window (Valgrind). shell32/tests: Test valid special folder IDs with NameSpace() method. user32/tests: Some tests for GetWindowText() when non terminated string is returned. comctl32/toolbar: Protect from NULL pointer access in TB_GETBUTTONINFOW handler. comctl32/trackbar: Fix TBM_SETRANGEMAX handling when new limit is less than current min boundary. comctl32/propsheet: Double size of a template buffer passed to PSCB_PRECREATE. Zebediah Figura (1): user.exe16: Fix LPARAM conversions in WM_DDE_EXECUTE. -- Alexandre Julliard julliard ( -at -) winehq.org
  11. news
    SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0127-1 Rating: important References: #1007454 #1008519 #1009109 #1013285 #1013341 #1013764 #1013767 #1014109 #1014110 #1014111 #1014112 #1014256 #1014514 #1016779 #937125 Cross-References: CVE-2016-9102 CVE-2016-9103 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has two fixes is now available. Description: qemu was updated to fix several issues. These security issues were fixed: - CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number (bsc#1014256). - CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values writing to them (bsc#1007454). - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285). - CVE-2016-9845: The Virtio GPU Device emulator support as vulnerable to an information leakage issue while processing the 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could have used this flaw to leak contents of the host memory (bsc#1013767). - CVE-2016-9846: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while up[censored] the cursor data in update_cursor_data_virgl. A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host (bsc#1013764). - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109). - CVE-2016-9908: The Virtio GPU Device emulator support was vulnerable to an information leakage issue while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could have used this flaw to leak contents of the host memory (bsc#1014514). - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111). - CVE-2016-9912: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host (bsc#1014112). - CVE-2016-9913: VirtFS was vulnerable to memory leakage issue via its '9p-handle' or '9p-proxy' backend drivers. A privileged user inside guest could have used this flaw to leak host memory, thus affecting other services on the host and/or potentially crash the Qemu process on the host (bsc#1014110). These non-security issues were fixed: - Fixed uint64 property parsing and add regression tests (bsc#937125) - Added a man page for kvm_stat - Fix crash in vte (bsc#1008519) - Various upstream commits targeted towards stable releases (bsc#1013341) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-68=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-68=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-68=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): qemu-2.6.2-39.1 qemu-arm-2.6.2-39.1 qemu-arm-debuginfo-2.6.2-39.1 qemu-block-curl-2.6.2-39.1 qemu-block-curl-debuginfo-2.6.2-39.1 qemu-block-rbd-2.6.2-39.1 qemu-block-rbd-debuginfo-2.6.2-39.1 qemu-block-ssh-2.6.2-39.1 qemu-block-ssh-debuginfo-2.6.2-39.1 qemu-debugsource-2.6.2-39.1 qemu-guest-agent-2.6.2-39.1 qemu-guest-agent-debuginfo-2.6.2-39.1 qemu-lang-2.6.2-39.1 qemu-tools-2.6.2-39.1 qemu-tools-debuginfo-2.6.2-39.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): qemu-ipxe-1.0.0-39.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): qemu-2.6.2-39.1 qemu-block-curl-2.6.2-39.1 qemu-block-curl-debuginfo-2.6.2-39.1 qemu-block-ssh-2.6.2-39.1 qemu-block-ssh-debuginfo-2.6.2-39.1 qemu-debugsource-2.6.2-39.1 qemu-guest-agent-2.6.2-39.1 qemu-guest-agent-debuginfo-2.6.2-39.1 qemu-lang-2.6.2-39.1 qemu-tools-2.6.2-39.1 qemu-tools-debuginfo-2.6.2-39.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): qemu-block-rbd-2.6.2-39.1 qemu-block-rbd-debuginfo-2.6.2-39.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): qemu-ppc-2.6.2-39.1 qemu-ppc-debuginfo-2.6.2-39.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64): qemu-arm-2.6.2-39.1 qemu-arm-debuginfo-2.6.2-39.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): qemu-kvm-2.6.2-39.1 qemu-x86-2.6.2-39.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): qemu-ipxe-1.0.0-39.1 qemu-seabios-1.9.1-39.1 qemu-sgabios-8-39.1 qemu-vgabios-1.9.1-39.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): qemu-ipxe-1.0.0-39.1 qemu-seabios-1.9.1-39.1 qemu-sgabios-8-39.1 qemu-vgabios-1.9.1-39.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): qemu-2.6.2-39.1 qemu-block-curl-2.6.2-39.1 qemu-block-curl-debuginfo-2.6.2-39.1 qemu-debugsource-2.6.2-39.1 qemu-kvm-2.6.2-39.1 qemu-tools-2.6.2-39.1 qemu-tools-debuginfo-2.6.2-39.1 qemu-x86-2.6.2-39.1 References: https://www.suse.com/security/cve/CVE-2016-9102.html https://www.suse.com/security/cve/CVE-2016-9103.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9845.html https://www.suse.com/security/cve/CVE-2016-9846.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9908.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9912.html https://www.suse.com/security/cve/CVE-2016-9913.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://bugzilla.suse.com/1007454 https://bugzilla.suse.com/1008519 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1013285 https://bugzilla.suse.com/1013341 https://bugzilla.suse.com/1013764 https://bugzilla.suse.com/1013767 https://bugzilla.suse.com/1014109 https://bugzilla.suse.com/1014110 https://bugzilla.suse.com/1014111 https://bugzilla.suse.com/1014112 https://bugzilla.suse.com/1014256 https://bugzilla.suse.com/1014514 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/937125 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  12. news

    CRYORIG A80 @ techPowerUp

    news posted a topic in Upcoming News

    Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: CRYORIG A80 Link: http://www.techpowerup.com/reviews/CRYORIG/A80 Brief: CRYORIG looks to improve their share of the all-in-one liquid cooler market by dominating the competition with the A80. Featuring their unique Hybrid Airflow Fan paired with a large 280 mm radiator, this interesting design might just turn a few heads.
  13. news
    View this email in your browser (http://us3.campaign-archive2.com/?u=efc4c507c2cf964fc2462caca&id=54968b8053&e=0c004f9c13) A few months back, Intel updated its enterprise-class solid state storage line-up with a new series of NVMe-based drives – the DC P3520 series -- featuring IMFT 3D MLC NAND flash memory. Like some of its other high-end offerings, the drives featured Intel’s native NVMe PCI Express controller, but the use of more affordable 3D MLC NAND allowed Intel to reduce costs, while keeping endurance relatively high. Since some of the first consumer-class solid state drives hit the scene, Intel has been known to push the envelope in the space, and ultimately drive prices down. Intel did it somewhat recently with the SSD 750 series for desktops, which made high-speed NVMe PCIe storage much more attainable for the average enthusiast. And now with the Intel SSD DC P3520, the company is doing something similar in the enterprise storage space... Intel SSD DC P3520 Series NVMe PCIe Enterprise Solid State Drive Review (http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=6b8f91790b&e=0c004f9c13) http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=a04eb164f6&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=c3891db9d6&e=0c004f9c13 Best Regards, HotHardware.com (http://hothardware.us3.list-manage2.com/track/click?u=efc4c507c2cf964fc2462caca&id=ad2e1740b9&e=0c004f9c13) http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=e4a6d671ba&e=0c004f9c13 http://hothardware.us3.list-manage1.com/track/click?u=efc4c507c2cf964fc2462caca&id=24f3cf3c64&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=3b87557e67&e=0c004f9c13 ============================================================
  14. news
    Hello LanOC Affiliates and newsletter subscribers, here is our newest posting. We would appreciate you spreading the word! LanOC Reviews has released a new article which you and your readers might enjoy. We would be grateful if you would please share it with them. *TITLE:* XFX RX 460 4GB Slim ( -at -) LanOC Reviews <https://lanoc.org/review/video-cards/7426-xfx-rx-460-4gb-slim> *DESCRIPTION:* I bet a lot of you don’t even know it, but it really wasn’t all that long ago that single slot cards were all that was available. Now, though, even the low-end cards take up two slots with their coolers. That said, there are still reasons to need a single slot video card. Some cases will only support them, though that has gotten a lot better. Your configuration might not have any two slots together, or maybe you need to upgrade a small OEM build that was never built for having a dedicated card at all. No matter the reason, getting a single slot card can sometimes be hard, especially if you actually want good performance. Because of that XFX recently introduced their RX 460 Slim that is packed neatly into a single slot configuration and doesn’t need a power connection at all. So today I’m going to check out the card and then run it through our testing to see how it performs. *ARTICLE URL:* https://lanoc.org/review/video-cards/7426-xfx-rx-460-4gb-slim *LARGE IMAGE URL:* https://lanoc.org/images/reviews/2017/xfx_rx460_slim/title.jpg *SMALL IMAGE URL:* https://lanoc.org/images/reviews/2017/xfx_rx460_slim/email.jpg Thank you for your help Our content is syndicated by *RSS* 2.0 at: http://lanoc.org/review?fo rmat=feed&type=atom Check out our *YouTube* Channel: http://www.youtube.com/user/LanocReviews Follow us on *Twitter*: http://www.twitter.com/LanOC_Reviews Join our group on *Facebook*: http://www.facebook.com/LanOCReviews Join our *Steam* Group: http://steamcommunity.com/groups/lanoc *If this message has been sent to an incorrect address, or you no longer wish to receive our news, please email us back and let us know at reviews ( -at -) lanoc.org* ---------------------------------------- Wes Compton Editor-in-Chief LanOC Reviews http://lanoc.org ( -at -) LanOC_Reviews <http://twitter.com/#!/LanOC_Reviews> Google Plus <https://plus.google.com/u/1/b/111054267662763089650/> Our Facebook Page <http://www.facebook.com/LanOCReviews>
  15. news
    -------- ROCCAT SUORA FX MECHANICAL KEYBOARD REVIEW ( -at -) APH NETWORKS ----------- Hello everyone! APH Networks has published a new review that your readers might enjoy. A post in your site's news section would be greatly appreciated! Don't forget to send your site news to us. As we promise to post your news articles on APH Networks periodically, we would certainly appreciate it if you do the same as well. Thank you for your support in advance! * Title: ROCCAT Suora FX Mechanical Keyboard Review ( -at -) APH Networks * Description: The ROCCAT Suora FX is a capable keyboard with RGB lighting, but original Cherry MX switches are off the list even with its $135 price tag. * Link: http://aphnetworks.com/reviews/roccat-suora-fx * Image: http://aphnetworks.com/review/roccat-suora-fxrgb/009.jpg Best Regards, Jonathan Kwan Editor-in-Chief APH Networks Inc. http://aphnetworks.com -- Unsubscribe from this newsletter: http://aphnetworks.com/newsletter/confirm/remove/c77c84bd425t5
  16. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3762-1 security ( -at -) debian.org https://www.debian.org/security/ Laszlo Boszormenyi (GCS) January 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tiff CVE ID : CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code. There were additional vulnerabilities in the tools bmp2tiff, gif2tiff, thumbnail and ras2tiff, but since these were addressed by the libtiff developers by removing the tools altogether, no patches are available and those tools were also removed from the tiff package in Debian stable. The change had already been made in Debian stretch before and no applications included in Debian are known to rely on these scripts. If you use those tools in custom setups, consider using a different conversion/thumbnailing tool. For the stable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 4.0.7-4. For the unstable distribution (sid), these problems have been fixed in version 4.0.7-4. We recommend that you upgrade your tiff packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
  17. news
    Razer Blade Laptop with GTX 1060 (2016-2017) Review ------------------------------------------------------------ http://us2.campaign-archive1.com/?u=bfb2b902b5fb045ad6f841f98&id=9def3a0d67&e=872093acb5 http://www.kitguru.net Razer Blade Laptop with GTX 1060 (2016-2017) Review Razer has updated its Blade laptop with a new graphics chip, moving from GTX 970M to GTX 1060, however it keeps the same name ‘Razer Blade’ which could get pretty darned confusing so we’re going to call it The New Razer Blade, From the outside the New Razer Blade looks like the previous model as the changes are internal. Read the review here: http://www.kitguru.net/lifestyle/laptops/leo-waldock/razer-blade-with-gtx-1060-laptop-2016-2017-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=9def3a0d67&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  18. news
    At CES 2017, MSI was presenting their hardware line-up that included the latest Intel 270 motherboards. They had an interesting demo running the MSI Z270 XPower Gaming Titanium motherboard with an Intel Core i7-7700K processor at 5.2GHz. Legit Reviews talked about it with MSI and CES 2017 and they stated that any Intel Core i7-7700K should be able to hit 5.2GHz on liquid cooling with a single click of their Gaming Overclock button within the UEFI. That’s an impressive statement.... Article Title: MSI Allowing CPU Overclockers To Hit 5.2GHz On Select Intel Z270 Motherboards ( -at -) Legit Reviews Article URL: http://www.legitreviews.com/msi-allowing-cpu-overclockers-hit-5-2ghz-select-intel-z270-motherboards_190225 Unsubscribe: http://adserv.legitreviews.com/cgi-bin/dada/mail.cgi/u/legitpr/reviewnews// =
  19. news
    The Case Mods and Builds of CES 2017 ( -at -) ThinkComputers.org Feature Link: http://www.thinkcomputers.org/the-case-mods-and-builds-of-ces-2017/ Image URL: http://www.thinkcomputers.org/articles/mods-ces-2017-email.jpg Alt Image URL: http://www.thinkcomputers.org/articles/mods-ces-2017-small.jpg Quote: "CES is always a great place to find amazing PC Mods and Builds. CES is a place for many companies to showcase their new products and what better way to get attention to those products than to have them inside of a great mod or build. PC Modding has never been bigger and many companies actually commission modders to create builds for CES. It was awesome to see so many mods and incredible builds at CES this year. So without further ado here is our gallery for the mods and builds of CES 2017!"
  20. news
    iKBC F87 & F108 Mechanical Keyboards Review ------------------------------------------------------------ http://us2.campaign-archive1.com/?u=bfb2b902b5fb045ad6f841f98&id=45d01abcbc&e=872093acb5 http://www.kitguru.net iKBC F87 & F108 Mechanical Keyboards Review iKBC are a Taiwanese company who are working with SeaSonic to bring their keyboards to market. Today we are looking at their F87 and F108 keyboards – the only difference between the two is that the F87 is 80% sized while the F108 is a full size board. As such, both feature Cherry MX switches, per-key RGB lighting and double-shot PBT keycaps to deliver a premium-grade experience. Read the review here: http://www.kitguru.net/peripherals/keyboards/dominic-moass/ikbc-f87-f108-mechanical-keyboards-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=45d01abcbc&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  21. news
    iKBC F87 & F108 Mechanical Keyboards Review ------------------------------------------------------------ http://us2.campaign-archive1.com/?u=bfb2b902b5fb045ad6f841f98&id=45d01abcbc&e=872093acb5 http://www.kitguru.net iKBC F87 & F108 Mechanical Keyboards Review iKBC are a Taiwanese company who are working with SeaSonic to bring their keyboards to market. Today we are looking at their F87 and F108 keyboards – the only difference between the two is that the F87 is 80% sized while the F108 is a full size board. As such, both feature Cherry MX switches, per-key RGB lighting and double-shot PBT keycaps to deliver a premium-grade experience. Read the review here: http://www.kitguru.net/peripherals/keyboards/dominic-moass/ikbc-f87-f108-mechanical-keyboards-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=45d01abcbc&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  22. news
    Sollte diese E-Mail nicht korrekt dargestellt werden, klicken Sie [bitte hier](http://link.shuttle.eu/pgnog0gz-y3mkylaf-kmawvqlu-9n2). - PRESSEMITTEILUNG - Zur sofortigen Veröffentlichung Elmshorn, Deutschland - 2017-01-13 DX30: Der Fanless-PC einer neuen Generation ------------------------------------------- - Intel Apollo Lake Mikroarchitektur - Nur 7 Watt Leistungsaufnahme - Für 12 und 19 Volt geeignet - Erstmals horizontal nutzbar Elmshorn, Deutschland, 2017-01-13 – bereits seit der ersten Markteinführung eines Fanless-PCs geht von ihnen eine gewisse Faszination aus. Als Shuttle mit dem XS35 im Jahr 2010, der Öffentlichkeit das allererste Modell seiner Art vorstellte, war dies der Startschuss für eine ganze Reihe von geräuschlosen Lösungen, die rein passiv gekühlt sind und ohne Lüfter auskommen. Es eröffneten sich Einsatzmöglichkeiten, an die bisher nicht zu denken war. Die Fanless-PCs von Shuttle machten damals vieles erst möglich. Jetzt, zu Jahresbeginn startet eine völlig neue Generation. Der erste Vertreter, das XPC Barebone DX30 aus der "XPC slim"-Familie setzt auf die Intel Apollo Lake Mikroarchitektur in 14-nm-Bauweise. Das Barebone verfügt über einen kraftvollen Intel Celeron Prozessor J3355 (Dual-Core, 2 MB Cache, bis 2,5 GHz) und bietet Platz für 8 GB DDR3L-Speicher. Als Massenspeicher kann ein 2,5-Laufwerk (HDD oder SSD) mit SATA 6 Gbit/s, sowie eine NVMe-SSD (M.2-2280) eingebaut werden. Die äußeren Abmessungen des schwarzen Gehäuses betragen 19 x 16,5 x 4,3 cm (TBH) und entsprechen damit etwa 1,35 Liter Volumen. "Mit dem DX30 eröffnen wir ein neues Kapitel. Erweiterte Anwendungsmöglichkeiten, ein robustes Stahlgehäuse und die Preisgestaltung machen es attraktiver denn je", sagt Tom Seiffert, Head of Marketing & PR der Shuttle Computer Handels GmbH. "Gleich zwei Modellreihen, die des XS35 und die des XS36 werden von DX30 abgelöst. " Nach außen, verteilt auf Front- und Rückseite, stehen 1x HDMI, 1x DisplayPort, 2x USB 3.0, 4x USB 2.0, Cardreader, 1x RJ45, 1x PS/2 und 2x RS-232 zur Verfügung. Mit dem separat erhältlichen Adapterkabel PVG01, kann eine der seriellen Schnittstellen durch einen zusätzlichen VGA-Anschluss ersetzt werden. Im aufgelöteten Intel Celeron Prozessor J3355 steckt eine Intel HD Graphics 500 Grafikeinheit, die via DisplayPort flüssige 4K-Wiedergabe bei 60 Hz ermöglicht und bis zu drei Monitoranschlüsse gleichzeitig ansprechen kann (DisplayPort, HDMI und VGA). Das DX30 wird mit einem austauschbaren WLAN-Modul (im M.2-2230-Steckplatz) mit externer Antenne ausgeliefert. Gigabit-Geschwindigkeit im Netzwerk erreicht es über die RJ45-Schnittstelle mit Intel i211 Ethernet Controller. Neben Wake-on-LAN kann das neue Modell auch mit über einen Remote-Power-On-Anschluss gestartet werden. Entfernt man einen speziellen Jumper auf dem Mainboard, so startet das Gerät immer automatisch, sobald es mit Energie versorgt wird. Die Energieversorgung übernimmt ein externes 19-Volt-Netzteil mit 40 Watt. Alternativ ist die Versorgung auch mit 12 Volt Gleichspannung aus einer anderen Energiequelle möglich. Die Toleranz liegt hier jeweils bei +/-5%. Im laufenden Zustand liegt die Leistungsaufnahme bei geringen 7 Watt. Bislang waren die lüfterlosen Modelle der "XPC slim"-Familie nur für den vertikalen Betrieb ausgelegt. Mit dem Verkaufsstart des jüngsten Mitglieds, ändert sich dies nun. Das neue Gehäuse und die nochmals reduzierte Menge an Abwärme, erlauben nun die horizontale Nutzung, selbst im Dauerbetrieb. Die Umgebungstemperatur darf 0-40 °C betragen. Die Einsatzgebiete des DX30 sind so vielfältig, wie es erdenkliche Aufstellorte und Montagemöglichkeiten gibt. Etwa auf dem Schreibtisch im Büro liegend, per mitgelieferter VESA-Halterung an einem Digital Signage-Bildschirm montiert oder für individuelle Befestigungskonzepte stehen zahlreiche M3-Gewindeöffnungen bereit. Ein kurzer Produktfilm zeigt das Gerät in 360°-Ansichten und beleuchtet wichtige Details: [https://youtu.be/VoEddb3C8Y0](https://youtu.be/VoEddb3C8Y0) Die unverbindliche Preisempfehlung von Shuttle für das [DX30](http://www.shuttle.eu/'>http://www.shuttle.eu/de/produkte/slim/dx30/'>http://www.shuttle.eu/de/produkte/slim/dx30/'>http://www.shuttle.eu/de/produkte/slim/dx30/) liegt bei 205,- Euro (inkl. 19% MwSt.). Mit Veröffentlichung dieser Pressemitteilung ist dieses Modell im Handel erhältlich. PRESSEMATERIAL » » » Hochauflösendes Bildmaterial: [www.shuttle.eu/de/produkte/slim/dx30/](http://www.shuttle.eu/de/produkte/slim/dx30/) Produktseite: [www.shuttle.eu/de/presse/bildmaterial/dx30/](http://www.shuttle.eu/de/presse/bildmaterial/dx30/) Produktvideo: [www.youtube.com/watch?v=VoEddb3C8Y0]( ) Shuttle Logo: [data.shuttle.eu/extern/logos.zip](http://data.shuttle.eu/extern/logos.zip) Bei redaktionellen Fragen wenden Sie sich bitte an die nachfolgend genannten Ansprechpartner. PRESSEKONTAKT » » » Tom Seiffert +49 4121-476-885 [t.seiffert ( -at -) shuttle.eu](mailto:t.seiffert ( -at -) shuttle.eu) Zuständig für: Europa (Deutschland, Österreich, Schweiz) Christian Scheibel +49 4121-476-891 [c.scheibel ( -at -) shuttle.eu](mailto:c.scheibel ( -at -) shuttle.eu) Zuständig für: Europa (Benelux, Italien, Spanien, Skandinavien, Portugal, Griechenland, Irland, Osteuropa) Shuttle Headquarters +886 2-8792-6168 [shuttlepr ( -at -) tw.shuttle.com](mailto:shuttlepr ( -at -) tw.shuttle.com) Zuständig für: Europa (Vereinigtes Königreich), Asien, Australien Shuttle USA Lionheart Communications Nancy Napurski [nnapurski ( -at -) lionheartpr.com](mailto:nnapurski ( -at -) lionheartpr.com) +1 585-967-3348 Zuständig für: Nord- und Südamerika ÜBER SHUTTLE » » » Die 1983 in Taiwan gegründete Shuttle Inc. ist auf die Entwicklung und Produktion von platzsparenden Mini-PCs spezialisiert. Das börsennotierte Unternehmen wird weltweit durch Niederlassungen in Deutschland, den USA, China und Japan vertreten. Seit dem Jahr 2001 sind die attraktiven PC-Lösungen in vielerlei Formaten und für nahezu jeden Anwendungsbereich das Hauptgeschäftsfeld von Shuttle. Das Unternehmen versteht sich zudem darin, individuelle Lösungen für die anspruchsvollen Anforderungen seiner Kunden zu entwickeln. Technische Innovationen wie neue Chipsätze, Prozessoren und Anschlüsse werden stets binnen kurzer Zeit nach Veröffentlichung in neue Modelle integriert. Zuletzt wurde das Produktsortiment um leistungsstarke lüfterlose Slim-PCs erweitert. ABSENDERINFORMATIONEN » » » Shuttle Computer Handels GmbH Fritz-Strassmann-Str. 5 25337 Elmshorn (Deutschland) Website: [www.shuttle.eu](http://www.shuttle.eu/) USt.-IdNr.: DE118711404 Amtsgericht Elmshorn HRB 1427 Geschäftsführung: Li-Na Yu Weitere Informationen zu Shuttle Produkten erhalten Sie auf unserer Internetseite unter [www.shuttle.eu](http://www.shuttle.eu/) Facebook: [www.facebook.com/Shuttle.Europe](https://www.facebook.com/Shuttle.Europe) YouTube Channel: [www.youtube.com/ShuttleEurope](https://www.youtube.com/ShuttleEurope) Twitter: [www.twitter.com/shuttle_europe](https://www.twitter.com/shuttle_europe) Technische Änderungen und Irrtümer vorbehalten. Abonnement [verwalten](http://link.shuttle.eu/pgnog0gz-y3mkylaf-mp879pie-c6n) • Pressemitteilungen [abbestellen](http://link.shuttle.eu/pgnog0gz-y3mkylaf-q7atlq7a-pwd)
  23. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2017:0061-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0061.html Issue date: 2017-01-12 CVE Names: CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 ===================================================================== 1. Summary: An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es): * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385402 - CVE-2016-5582 OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591) 1385544 - CVE-2016-5573 OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519) 1385714 - CVE-2016-5554 OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739) 1385723 - CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) 1386103 - CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm ppc64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm s390x: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.s390x.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.s390x.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.s390x.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm s390x: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.s390x.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.s390x.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.s390x.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.s390x.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5542 https://access.redhat.com/security/cve/CVE-2016-5554 https://access.redhat.com/security/cve/CVE-2016-5573 https://access.redhat.com/security/cve/CVE-2016-5582 https://access.redhat.com/security/cve/CVE-2016-5597 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYeIT0XlSAg2UNWIIRAgQPAKCai7h4Cc6597NSiWUwuXUJ+pWWvgCgkbvC gQh8khAY9KtXVarZehdvrEU= =KF5H -----END PGP SIGNATURE----- --
  24. news
    ** TECHSPOT ------------------------------------------------------------ ** Comparing Team Communication Apps: What Do You Get for Free? ------------------------------------------------------------ ** http://www.techspot.com/article/1308-best-free-team-communication-apps/ ------------------------------------------------------------ Team communication and messaging is one area where we've seen a ton of action lately, with apps such as Slack becoming the ultimate tool for workgroup collaboration. Make your business and workgroup more efficient with a communication solution that doesn't cost a dime. Thank you. Julio Franco Executive Editor | TECHSPOT ( -at -) juliofranco ----------------------------------- ============================================================ Our mailing address is: TechSpot 8237 NW 68 St Miami, FL 33166 USA
  25. news
    KDE Project Security Advisory ============================= Title: Ark: unintended execution of scripts and executable files Risk Rating: Important CVE: CVE-2017-5330 Versions: ark >= 15.12 Author: Elvis Angelaccio Date: 12 January 2017 Overview ======== Through a (possibly malicious) tar archive that contains an executable shell script or binary, it was possible to execute arbitrary code on target machines. KRun::runUrl() has a runExecutable argument which defaults to true. Ark was using this default value and was also not checking whether an extracted file was executable before passing it to the runUrl() function. Impact ====== An attacker can send legitimate tar archives with executable scripts or binaries disguised as normal files (say, with README or LICENSE as filenames). The attacker then can trick a user to select those files and click the Open button in the Ark toolbar, which triggers the affected code. Workaround ========== Don't use the File -> Open functionality of Ark. You can still open archives (Archive->Open) and extract them. Solution ======== Update to Ark >= 16.12.1 For older releases of Ark, apply the following patches: Applications/16.08 branch: https://commits.kde.org/ark/49ce94df19607e234525afda5ad4190ce35300c3 Applications/16.04 branch: https://commits.kde.org/ark/6b6da3f2e6ac5ca12b46d208d532948c1dbb8776 Applications/15.12 branch: https://commits.kde.org/ark/e2448360eca1b81eb59fffca9584b0fc5fbd8e5b Credits ======= Thanks to Fabian Vogt for reporting this issue, Elvis Angelaccio for fixing this issue.
×