Jump to content
Compatible Support Forums

news

Members
 View Profile  See their activity

  • Content count

    80899

  • Joined

  • Last visited

    Never

  • Days Won

    18

Everything posted by news

  1. news
    The 7th Generation Intel Core i7 Kaby Lake desktop processors have been officially announced and the Intel Core i7-7700K is the new flagship LGA1151 processor for Intel! Intel Kaby Lake desktop performance numbers have been leaked for more than two months now, so if you are reading this review we truly appreciate it and thank you for supporting Legit Reviews and all the independent reviews that we have been doing since 2002! Article Title: Intel Core i7-7700K Processor Review ( -at -) Legit Reviews Article URL: http://www.legitreviews.com/intel-core-i7-7700k-processor-review_189491 Unsubscribe: http://adserv.legitreviews.com/cgi-bin/dada/mail.cgi/u/legitpr/reviewnews// =
  2. news
    Intel's Kaby Lake desktop CPUs are finally out, and enthusiasts everywhere are considering an upgrade and eager to see what the entire lineup looks like. From dual-core i3s to high-end Xeons, we have all the info on the new models for desktop and laptops alike. Read more: http://techreport.com/news/31190/intel-unveils-its-full-range-of-desktop-and-laptop-kaby-lake-cpus -- To unsubscribe from: TR-News, just follow this link: http://node1.techreport.com/cgi-bin/dada/mail.cgi/u/trnews/reviewnews// Click this link, or copy and paste the address into your browser.
  3. news
    TITLE: ASUS ROG STRIX Z270F Gaming Review ( -at -) Vortez CONTENT: In the spotlight today is the STRIX Z270F Gaming - a capable Intel Z270 motherboard which carries with it some trademark ROG features. As with other ASUS motherboards, our STRIX offering also arrives with Aura lighting options which allows users to not only sync up other Aura-based products but kit their computer chassis out with some eye-catching LED strips! LINK: http://www.vortez.net/review.php?id=1252 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.
  4. news
    Nvidia is rounding out its push of desktop-class graphics hardware into laptop form factors today with its mobile GTX 1050 and GTX 1050 Ti graphics chips. We examine what's changed and what to expect from GP107's mobilization. Read more: http://techreport.com/review/31180/nvidia-unveils-its-gtx-1050-and-gtx-1050-ti-for-laptops -- To unsubscribe from: TR-News, just follow this link: http://node1.techreport.com/cgi-bin/dada/mail.cgi/u/trnews/reviewnews// Click this link, or copy and paste the address into your browser.
  5. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libphp-phpmailer Version : 5.1-1.2 CVE ID : CVE-2016-10033 Debian Bug : 849365 Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch proposed for CVE-2016-10033. Because the origial patch was not applied in Debian, Debian was not vulnerable to CVE-2016-10045. For Debian 7 "Wheezy", these problems have been fixed in version 5.1-1.2. We recommend that you upgrade your libphp-phpmailer packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYa8pJAAoJEFb2GnlAHawEYmkH/15S5c6QZAAkEySy1dBTVfd6 ar/zjqWI+4FDNBxixtVFI8uhv+47Q0Ri7TIekDjbHWU+Y/G/F9fUQYXGhSA+n9Rc xcNr3V1B/0QavOFCG674a36vWDAEyl2Qtq5AD8Znz4vJ7otSG9iv3JNJg6ojgkIA +UAgGQLzrMisggD84K1xkgdV/rPuAl2AxjUksryaO4+s1FQJXZ+nE7D+VFrItFUD nG5rKzOr+++DrAeVEJwN/TawUx3GadaDzMxQoRSWafmyczJIft/cbUnniEAJ5l8q zcmJOgkgruHGzdaIa4panyaRKPzf9MRtD1glIMnaZAtfQV+YPotREIn7+dhkRHo= =XFB1 -----END PGP SIGNATURE-----
  6. news
    View this email in your browser (http://us3.campaign-archive1.com/?u=efc4c507c2cf964fc2462caca&id=a813fe4ef9&e=0c004f9c13) AMD and the Radeon Technologies Group have seen great success with their FreeSync adaptive refresh rate technology. Since its introduction, over 120 FreeSync compatible displays have been brought to market that target a wide array of form factors and price points. With CES and the impending launch of its next-generation GPU architecture codenamed Vega, AMD is now ready to unleash FreeSync 2 on the world, with the goal to ultimately improve pixel quality and address some issues with first-gen products... AMD Unveils FreeSync 2 Technology With HDR And LFC Support (http://hothardware.us3.list-manage1.com/track/click?u=efc4c507c2cf964fc2462caca&id=5480e72ae6&e=0c004f9c13) http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=ede6d19b77&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=1e97bf1afa&e=0c004f9c13 Best Regards, HotHardware.com (http://hothardware.us3.list-manage1.com/track/click?u=efc4c507c2cf964fc2462caca&id=fbdc54d080&e=0c004f9c13) http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=6e4f85066d&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=a8c3f99b12&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=138183358a&e=0c004f9c13 ============================================================
  7. news
    AMD has pulled back the curtain on FreeSync 2, the new version of the FreeSync variable refresh rate technology. Read more: http://techreport.com/news/31187/freesync-2-simplifies-life-with-brighter-more-colorful-displays -- To unsubscribe from: TR-News, just follow this link: http://node1.techreport.com/cgi-bin/dada/mail.cgi/u/trnews/reviewnews// Click this link, or copy and paste the address into your browser.
  8. news
    A simple application to access, organize and share your photos on GNOME. It is meant to be a simple and elegant replacement for using a file manager to deal with photos. Seamless cloud integration is offered through GNOME Online Accounts. Overview of changes in 3.22.3 ============================= * Bugs fixed: 774253 Unable to find Photos by browsing in Software (not listed in relevant categories) 775153 Forget the last non-range selection when leaving selection mode 776133 GdMainView: The DnD selection counter is broken on HiDpi * Updated translations: Russian Bugs: https://bugzilla.gnome.org/enter_bug.cgi?product=gnome-photos Design: https://wiki.gnome.org/Design/Apps/Photos Download: http://download.gnome.org/sources/gnome-photos/3.22/ Git: http://git.gnome.org/browse/gnome-photos Website: https://wiki.gnome.org/Apps/Photos Happy hacking, Debarshi _______________________________________________
  9. news
    A simple application to access, organize and share your photos on GNOME. It is meant to be a simple and elegant replacement for using a file manager to deal with photos. Seamless cloud integration is offered through GNOME Online Accounts. Overview of changes in 3.22.3 ============================= * Bugs fixed: 774253 Unable to find Photos by browsing in Software (not listed in relevant categories) 775153 Forget the last non-range selection when leaving selection mode 776133 GdMainView: The DnD selection counter is broken on HiDpi * Updated translations: Russian Bugs: https://bugzilla.gnome.org/enter_bug.cgi?product=gnome-photos Design: https://wiki.gnome.org/Design/Apps/Photos Download: http://download.gnome.org/sources/gnome-photos/3.22/ Git: http://git.gnome.org/browse/gnome-photos Website: https://wiki.gnome.org/Apps/Photos Happy hacking, Debarshi _______________________________________________
  10. news
    CentOS Errata and Security Advisory 2017:0001 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0001.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: dc28c95448c5a8315f1a6546daf679aa59e0679ec1b48bfba148627ea6f48ff6 ipa-admintools-4.4.0-14.el7.centos.1.1.noarch.rpm dcc427dae0a08bcfa430c11ad0bdad58e3ae6083c92fea951c449ab0a533d5b9 ipa-client-4.4.0-14.el7.centos.1.1.x86_64.rpm c056b04f8295d9f5a1cf64e71510061f6023ea2520ea3926ac0b2b927c8c2423 ipa-client-common-4.4.0-14.el7.centos.1.1.noarch.rpm dbcb03c16f66ef6e9a41f2da063bce840b2f12e8ae3b26c460daa17916c2ab21 ipa-common-4.4.0-14.el7.centos.1.1.noarch.rpm 27810c01523855e3dba124e5ff55a366ede67429fe913ca2fc6cd0ff2eccf8bb ipa-python-compat-4.4.0-14.el7.centos.1.1.noarch.rpm f99350ed354fb88fbfa4e575af6795762e356a620f8ee802d1451b11e6d5f732 ipa-server-4.4.0-14.el7.centos.1.1.x86_64.rpm 10ddb20de8bfa614cc7d0b8de3a7be81f34886594b8e758f1bac1edc7833abf1 ipa-server-common-4.4.0-14.el7.centos.1.1.noarch.rpm b2f39aab7979e39144e5debc15e53a42ca9b4ef11ed186e5ea8b2a63cc8a4590 ipa-server-dns-4.4.0-14.el7.centos.1.1.noarch.rpm 3639b9647258e46938d33ab87de9c830cff1aa766faa0e4239518d5096bb10eb ipa-server-trust-ad-4.4.0-14.el7.centos.1.1.x86_64.rpm 47e2d338cc7bd469c0f4c977c6cc9135f2f14cc87c5ae727a44f0247971511b3 python2-ipaclient-4.4.0-14.el7.centos.1.1.noarch.rpm c3c203f1c5b1e92abe93363613811c6a897d0e6cdcf524c482b328c1e778fd52 python2-ipalib-4.4.0-14.el7.centos.1.1.noarch.rpm 4aa2f783fb152fd29501ead599b89d392f71f17e8c7e4b0fe118c8974349d475 python2-ipaserver-4.4.0-14.el7.centos.1.1.noarch.rpm Source: db7bb345ae00c474c7885fefe59f3d86e5641bb82acea48c803e21df1ed54edf ipa-4.4.0-14.el7.centos.1.1.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos ( -at -) irc.freenode.net Twitter: ( -at -) JohnnyCentOS _______________________________________________
  11. news
    Package : samba Version : 2:3.6.6-6+deb7u11 CVE ID : CVE-2016-2125 Simo Sorce of Red Hat discovered that the Samba client code always requests a forwardable ticket when using Kerberos authentication. A target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to fully impersonate the authenticated user or service. For Debian 7 "Wheezy", these problems have been fixed in version 2:3.6.6-6+deb7u11. We recommend that you upgrade your samba packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
  12. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update Advisory ID: RHSA-2017:0002-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0002.html Issue date: 2017-01-02 CVE Names: CVE-2016-1669 CVE-2016-5180 CVE-2016-5325 CVE-2016-7099 ===================================================================== 1. Summary: An update for rh-nodejs4-nodejs and rh-nodejs4-http-parser is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a newer upstream version: rh-nodejs4-nodejs (4.6.2), rh-nodejs4-http-parser (2.7.0). (BZ#1388097) Security Fix(es): * It was found that Node.js' tls.checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate accepted by a Node.js TLS client. (CVE-2016-7099) * It was found that the V8 Zone class was vulnerable to integer overflow when allocating new memory (Zone::New() and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges. (CVE-2016-1669) * A vulnerability was found in c-ares, a DNS resolver library bundled with Node.js. A hostname with an escaped trailing dot would have its size calculated incorrectly, leading to a single byte written beyond the end of a buffer on the heap. An attacker able to provide such a hostname to an application using c-ares, could potentially cause that application to crash. (CVE-2016-5180) * It was found that the reason argument in ServerResponse#writeHead() was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request. (CVE-2016-5325) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1335449 - CVE-2016-1669 V8: integer overflow leading to buffer overflow in Zone::New 1346910 - CVE-2016-5325 nodejs: reason argument in ServerResponse#writeHead() not properly validated 1379921 - CVE-2016-7099 nodejs: wildcard certificates not properly validated 1380463 - CVE-2016-5180 c-ares: Single byte out of buffer write 1388097 - Rebase nodejs to latest v4 release 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-nodejs4-http-parser-2.7.0-2.el6.src.rpm rh-nodejs4-nodejs-4.6.2-4.el6.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el6.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el6.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-nodejs4-http-parser-2.7.0-2.el6.src.rpm rh-nodejs4-nodejs-4.6.2-4.el6.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el6.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el6.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-nodejs4-http-parser-2.7.0-2.el6.src.rpm rh-nodejs4-nodejs-4.6.2-4.el6.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el6.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el6.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-nodejs4-http-parser-2.7.0-2.el7.src.rpm rh-nodejs4-nodejs-4.6.2-4.el7.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el7.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el7.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nodejs4-http-parser-2.7.0-2.el7.src.rpm rh-nodejs4-nodejs-4.6.2-4.el7.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el7.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el7.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-nodejs4-http-parser-2.7.0-2.el7.src.rpm rh-nodejs4-nodejs-4.6.2-4.el7.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el7.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el7.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-nodejs4-http-parser-2.7.0-2.el7.src.rpm rh-nodejs4-nodejs-4.6.2-4.el7.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el7.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el7.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nodejs4-http-parser-2.7.0-2.el7.src.rpm rh-nodejs4-nodejs-4.6.2-4.el7.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el7.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el7.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1669 https://access.redhat.com/security/cve/CVE-2016-5180 https://access.redhat.com/security/cve/CVE-2016-5325 https://access.redhat.com/security/cve/CVE-2016-7099 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYang/XlSAg2UNWIIRAqPhAJ4rtqdCTCITn3nsH6i7k5urjevpaQCcD5oD hZtZN/u1FLCbl80ixw3ROf0= =bLnw -----END PGP SIGNATURE----- --
  13. news
    Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: Shuttle NC02U w/ Intel Celeron 3855U Link: http://www.techpowerup.com/reviews/Shuttle/NC02U Brief: Shuttle's newest release is the NC02U series whose predecessor is the NC01U line. Today, we will take a look at this line's entry model featuring Windows support, an Intel Celeron CPU and quiet operation.
  14. news
    openSUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0008-1 Rating: important References: #1000106 #1000195 #1002496 #1003030 #1003032 #1004016 #1005004 #1005005 #1007157 #1007160 #1009100 #1009103 #1009104 #1009107 #1009109 #1009111 #1011652 #1012651 #1014298 #1016340 #953518 Cross-References: CVE-2016-10013 CVE-2016-10024 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2016-9932 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has two fixes is now available. Description: This updates xen to version 4.4.4_06 to fix the following issues: - An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable. (boo#1016340, CVE-2016-10013) - An unprivileged user in a 64 bit x86 guest could gain information from the host, crash the host or gain privilege of the host (boo#1009107, CVE-2016-9383) - An unprivileged guest process could (unintentionally or maliciously) obtain or ocorrupt sensitive information of other programs in the same guest. Only x86 HVM guests have been affected. The attacker needs to be able to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777) - A guest on x86 systems could read small parts of hypervisor stack data (boo#1012651, CVE-2016-9932) - A malicious guest kernel could hang or crash the host system (boo#1014298, CVE-2016-10024) - A malicious guest administrator could escalate their privilege to that of the host. Only affects x86 HVM guests using qemu older version 1.6.0 or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637) - An unprivileged guest user could escalate privilege to that of the guest administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100, CVE-2016-9386) - An unprivileged guest user could escalate privilege to that of the guest administrator (on AMD CPUs) or crash the system (on Intel CPUs) on 32-bit x86 HVM guests. Only guest operating systems that allowed a new task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382) - A malicious guest administrator could crash the host on x86 PV guests only (boo#1009104, CVE-2016-9385) - A malicious guest administrator could get privilege of the host emulator process on x86 HVM guests. (boo#1009109, CVE-2016-9381) - A vulnerability in pygrub allowed a malicious guest administrator to obtain the contents of sensitive host files, or even delete those files (boo#1009111, CVE-2016-9379, CVE-2016-9380) - A privileged guest user could cause an infinite loop in the RTL8139 ethernet emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007157, CVE-2016-8910) - A privileged guest user could cause an infinite loop in the intel-hda sound emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007160, CVE-2016-8909) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero vulnerability of the JAZZ RC4030 chipset emulation (boo#1005004 CVE-2016-8667) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero issue of the 16550A UART emulation (boo#1005005, CVE-2016-8669) - A privileged guest user could cause an infinite loop in the USB xHCI emulation, causing a DoS situation on the host (boo#1004016, CVE-2016-8576) - A privileged guest user could cause an infinite loop in the ColdFire Fash Ethernet Controller emulation, causing a DoS situation on the host (boo#1003030, CVE-2016-7908) - A privileged guest user could cause an infinite loop in the AMD PC-Net II emulation, causing a DoS situation on the host (boo#1003032, CVE-2016-7909) - Cause a reload of clvm in the block-dmmd script to avoid a blocking lvchange call (boo#1002496) - Also unplug SCSI disks in qemu-xen-traditional for upstream unplug protocol. Before a single SCSI storage devices added to HVM guests could appear multiple times in the guest. (boo#953518) - Fix a kernel panic / black screen when trying to boot a XEN kernel on some UEFI firmwares (boo#1000195) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2017-5=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): xen-debugsource-4.4.4_06-58.1 xen-devel-4.4.4_06-58.1 xen-libs-4.4.4_06-58.1 xen-libs-debuginfo-4.4.4_06-58.1 xen-tools-domU-4.4.4_06-58.1 xen-tools-domU-debuginfo-4.4.4_06-58.1 - openSUSE 13.2 (x86_64): xen-4.4.4_06-58.1 xen-doc-html-4.4.4_06-58.1 xen-kmp-default-4.4.4_06_k3.16.7_53-58.1 xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1 xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1 xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1 xen-libs-32bit-4.4.4_06-58.1 xen-libs-debuginfo-32bit-4.4.4_06-58.1 xen-tools-4.4.4_06-58.1 xen-tools-debuginfo-4.4.4_06-58.1 References: https://www.suse.com/security/cve/CVE-2016-10013.html https://www.suse.com/security/cve/CVE-2016-10024.html https://www.suse.com/security/cve/CVE-2016-7777.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-8576.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8909.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9379.html https://www.suse.com/security/cve/CVE-2016-9380.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9382.html https://www.suse.com/security/cve/CVE-2016-9383.html https://www.suse.com/security/cve/CVE-2016-9385.html https://www.suse.com/security/cve/CVE-2016-9386.html https://www.suse.com/security/cve/CVE-2016-9637.html https://www.suse.com/security/cve/CVE-2016-9932.html https://bugzilla.suse.com/1000106 https://bugzilla.suse.com/1000195 https://bugzilla.suse.com/1002496 https://bugzilla.suse.com/1003030 https://bugzilla.suse.com/1003032 https://bugzilla.suse.com/1004016 https://bugzilla.suse.com/1005004 https://bugzilla.suse.com/1005005 https://bugzilla.suse.com/1007157 https://bugzilla.suse.com/1007160 https://bugzilla.suse.com/1009100 https://bugzilla.suse.com/1009103 https://bugzilla.suse.com/1009104 https://bugzilla.suse.com/1009107 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1009111 https://bugzilla.suse.com/1011652 https://bugzilla.suse.com/1012651 https://bugzilla.suse.com/1014298 https://bugzilla.suse.com/1016340 https://bugzilla.suse.com/953518 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  15. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ipa security update Advisory ID: RHSA-2017:0001-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0001.html Issue date: 2017-01-02 CVE Names: CVE-2016-7030 CVE-2016-9575 ===================================================================== 1. Summary: An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * It was discovered that the default IdM password policies that lock out accounts after a certain number of failed login attempts were also applied to host and service accounts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services. (CVE-2016-7030) * It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. (CVE-2016-9575) The CVE-2016-7030 issue was discovered by Petr Spacek (Red Hat) and the CVE-2016-9575 issue was discovered by Liam Campbell (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1370493 - CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy 1395311 - CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ipa-4.4.0-14.el7_3.1.1.src.rpm noarch: ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm x86_64: ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm x86_64: ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ipa-4.4.0-14.el7_3.1.1.src.rpm noarch: ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm x86_64: ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm x86_64: ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ipa-4.4.0-14.el7_3.1.1.src.rpm aarch64: ipa-client-4.4.0-14.el7_3.1.1.aarch64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.aarch64.rpm noarch: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm ppc64: ipa-client-4.4.0-14.el7_3.1.1.ppc64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.ppc64.rpm ppc64le: ipa-client-4.4.0-14.el7_3.1.1.ppc64le.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.ppc64le.rpm s390x: ipa-client-4.4.0-14.el7_3.1.1.s390x.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.s390x.rpm x86_64: ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ipa-4.4.0-14.el7_3.1.1.src.rpm noarch: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm x86_64: ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7030 https://access.redhat.com/security/cve/CVE-2016-9575 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYajgnXlSAg2UNWIIRAuijAJ4gXTGTMPQiEmlXks0jn+TZ1vhEzgCgmcJt DGQauZp1jzO249TxyXk0qfg= =Hozf -----END PGP SIGNATURE----- --
  16. news
    openSUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0005-1 Rating: important References: #1012651 #1014298 #1014300 #1016340 Cross-References: CVE-2016-10013 CVE-2016-10024 CVE-2016-10025 CVE-2016-9932 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013) - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. (XSA-200, bsc#1012651, CVE-2016-9932) - PV guests may have been able to mask interrupts causing a Denial of Service. (XSA-202, bsc#1014298, CVE-2016-10024) - A missing NULL pointer check in VMFUNC emulation could lead to a hypervisor crash leading to a Denial of Servce. (XSA-203, bsc#1014300, CVE-2016-10025) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-2=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): xen-debugsource-4.7.1_04-6.1 xen-devel-4.7.1_04-6.1 xen-libs-4.7.1_04-6.1 xen-libs-debuginfo-4.7.1_04-6.1 xen-tools-domU-4.7.1_04-6.1 xen-tools-domU-debuginfo-4.7.1_04-6.1 - openSUSE Leap 42.2 (x86_64): xen-4.7.1_04-6.1 xen-doc-html-4.7.1_04-6.1 xen-libs-32bit-4.7.1_04-6.1 xen-libs-debuginfo-32bit-4.7.1_04-6.1 xen-tools-4.7.1_04-6.1 xen-tools-debuginfo-4.7.1_04-6.1 References: https://www.suse.com/security/cve/CVE-2016-10013.html https://www.suse.com/security/cve/CVE-2016-10024.html https://www.suse.com/security/cve/CVE-2016-10025.html https://www.suse.com/security/cve/CVE-2016-9932.html https://bugzilla.suse.com/1012651 https://bugzilla.suse.com/1014298 https://bugzilla.suse.com/1014300 https://bugzilla.suse.com/1016340 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  17. news
    openSUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0007-1 Rating: important References: #1000106 #1002496 #1003030 #1003032 #1003870 #1004016 #1005004 #1005005 #1007157 #1007160 #1009100 #1009103 #1009104 #1009107 #1009108 #1009109 #1009111 #1011652 #1012651 #1013657 #1013668 #1014298 #1016340 Cross-References: CVE-2016-10013 CVE-2016-10024 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-7995 CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2016-9776 CVE-2016-9932 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This updates xen to version 4.5.5 to fix the following issues: - An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable. (boo#1016340, CVE-2016-10013) - An unprivileged user in a 64 bit x86 guest could gain information from the host, crash the host or gain privilege of the host (boo#1009107, CVE-2016-9383) - An unprivileged guest process could (unintentionally or maliciously) obtain or ocorrupt sensitive information of other programs in the same guest. Only x86 HVM guests have been affected. The attacker needs to be able to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777) - A guest on x86 systems could read small parts of hypervisor stack data (boo#1012651, CVE-2016-9932) - A malicious guest kernel could hang or crash the host system (boo#1014298, CVE-2016-10024) - The epro100 emulated network device caused a memory leak in the host when unplugged in the guest. A privileged user in the guest could use this to cause a DoS on the host or potentially crash the guest process on the host (boo#1013668, CVE-2016-9101) - The ColdFire Fast Ethernet Controller was vulnerable to an infinite loop that could be trigged by a privileged user in the guest, leading to DoS (boo#1013657, CVE-2016-9776) - A malicious guest administrator could escalate their privilege to that of the host. Only affects x86 HVM guests using qemu older version 1.6.0 or using the qemu-xen-traditional. (boo#1011652, CVE-2016-9637) - An unprivileged guest user could escalate privilege to that of the guest administrator on x86 HVM guests, especially on Intel CPUs (boo#1009100, CVE-2016-9386) - An unprivileged guest user could escalate privilege to that of the guest administrator (on AMD CPUs) or crash the system (on Intel CPUs) on 32-bit x86 HVM guests. Only guest operating systems that allowed a new task to start in VM86 mode were affected. (boo#1009103, CVE-2016-9382) - A malicious guest administrator could crash the host on x86 PV guests only (boo#1009104, CVE-2016-9385) - An unprivileged guest user was able to crash the guest. (boo#1009108, CVE-2016-9377, CVE-2016-9378) - A malicious guest administrator could get privilege of the host emulator process on x86 HVM guests. (boo#1009109, CVE-2016-9381) - A vulnerability in pygrub allowed a malicious guest administrator to obtain the contents of sensitive host files, or even delete those files (boo#1009111, CVE-2016-9379, CVE-2016-9380) - A privileged guest user could cause an infinite loop in the RTL8139 ethernet emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007157, CVE-2016-8910) - A privileged guest user could cause an infinite loop in the intel-hda sound emulation to consume CPU cycles on the host, causing a DoS situation (boo#1007160, CVE-2016-8909) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero vulnerability of the JAZZ RC4030 chipset emulation (boo#1005004 CVE-2016-8667) - A privileged guest user could cause a crash of the emulator process on the host by exploiting a divide by zero issue of the 16550A UART emulation (boo#1005005, CVE-2016-8669) - A privileged guest user could cause a memory leak in the USB EHCI emulation, causing a DoS situation on the host (boo#1003870, CVE-2016-7995) - A privileged guest user could cause an infinite loop in the USB xHCI emulation, causing a DoS situation on the host (boo#1004016, CVE-2016-8576) - A privileged guest user could cause an infinite loop in the ColdFire Fash Ethernet Controller emulation, causing a DoS situation on the host (boo#1003030, CVE-2016-7908) - A privileged guest user could cause an infinite loop in the AMD PC-Net II emulation, causing a DoS situation on the host (boo#1003032, CVE-2016-7909) - Cause a reload of clvm in the block-dmmd script to avoid a blocking lvchange call (boo#1002496) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-4=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): xen-debugsource-4.5.5_06-18.1 xen-devel-4.5.5_06-18.1 xen-libs-4.5.5_06-18.1 xen-libs-debuginfo-4.5.5_06-18.1 xen-tools-domU-4.5.5_06-18.1 xen-tools-domU-debuginfo-4.5.5_06-18.1 - openSUSE Leap 42.1 (x86_64): xen-4.5.5_06-18.1 xen-doc-html-4.5.5_06-18.1 xen-kmp-default-4.5.5_06_k4.1.36_41-18.1 xen-kmp-default-debuginfo-4.5.5_06_k4.1.36_41-18.1 xen-libs-32bit-4.5.5_06-18.1 xen-libs-debuginfo-32bit-4.5.5_06-18.1 xen-tools-4.5.5_06-18.1 xen-tools-debuginfo-4.5.5_06-18.1 References: https://www.suse.com/security/cve/CVE-2016-10013.html https://www.suse.com/security/cve/CVE-2016-10024.html https://www.suse.com/security/cve/CVE-2016-7777.html https://www.suse.com/security/cve/CVE-2016-7908.html https://www.suse.com/security/cve/CVE-2016-7909.html https://www.suse.com/security/cve/CVE-2016-7995.html https://www.suse.com/security/cve/CVE-2016-8576.html https://www.suse.com/security/cve/CVE-2016-8667.html https://www.suse.com/security/cve/CVE-2016-8669.html https://www.suse.com/security/cve/CVE-2016-8909.html https://www.suse.com/security/cve/CVE-2016-8910.html https://www.suse.com/security/cve/CVE-2016-9101.html https://www.suse.com/security/cve/CVE-2016-9377.html https://www.suse.com/security/cve/CVE-2016-9378.html https://www.suse.com/security/cve/CVE-2016-9379.html https://www.suse.com/security/cve/CVE-2016-9380.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9382.html https://www.suse.com/security/cve/CVE-2016-9383.html https://www.suse.com/security/cve/CVE-2016-9385.html https://www.suse.com/security/cve/CVE-2016-9386.html https://www.suse.com/security/cve/CVE-2016-9637.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9932.html https://bugzilla.suse.com/1000106 https://bugzilla.suse.com/1002496 https://bugzilla.suse.com/1003030 https://bugzilla.suse.com/1003032 https://bugzilla.suse.com/1003870 https://bugzilla.suse.com/1004016 https://bugzilla.suse.com/1005004 https://bugzilla.suse.com/1005005 https://bugzilla.suse.com/1007157 https://bugzilla.suse.com/1007160 https://bugzilla.suse.com/1009100 https://bugzilla.suse.com/1009103 https://bugzilla.suse.com/1009104 https://bugzilla.suse.com/1009107 https://bugzilla.suse.com/1009108 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1009111 https://bugzilla.suse.com/1011652 https://bugzilla.suse.com/1012651 https://bugzilla.suse.com/1013657 https://bugzilla.suse.com/1013668 https://bugzilla.suse.com/1014298 https://bugzilla.suse.com/1016340 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  18. news
    openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0002-1 Rating: important References: #1013038 #1014943 Cross-References: CVE-2016-9756 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The openSUSE 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-9756: KVM: x86: drop error recovery in em_jmp_far and em_ret_far (bsc#1013038). The following non-security bugs were fixed: - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (bsc#1014943). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-1=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): kernel-default-4.1.36-44.1 kernel-default-base-4.1.36-44.1 kernel-default-base-debuginfo-4.1.36-44.1 kernel-default-debuginfo-4.1.36-44.1 kernel-default-debugsource-4.1.36-44.1 kernel-default-devel-4.1.36-44.1 kernel-obs-build-4.1.36-44.3 kernel-obs-build-debugsource-4.1.36-44.3 kernel-obs-qa-4.1.36-44.1 kernel-syms-4.1.36-44.1 - openSUSE Leap 42.1 (i686 x86_64): kernel-debug-4.1.36-44.1 kernel-debug-base-4.1.36-44.1 kernel-debug-base-debuginfo-4.1.36-44.1 kernel-debug-debuginfo-4.1.36-44.1 kernel-debug-debugsource-4.1.36-44.1 kernel-debug-devel-4.1.36-44.1 kernel-debug-devel-debuginfo-4.1.36-44.1 kernel-ec2-4.1.36-44.1 kernel-ec2-base-4.1.36-44.1 kernel-ec2-base-debuginfo-4.1.36-44.1 kernel-ec2-debuginfo-4.1.36-44.1 kernel-ec2-debugsource-4.1.36-44.1 kernel-ec2-devel-4.1.36-44.1 kernel-pv-4.1.36-44.1 kernel-pv-base-4.1.36-44.1 kernel-pv-base-debuginfo-4.1.36-44.1 kernel-pv-debuginfo-4.1.36-44.1 kernel-pv-debugsource-4.1.36-44.1 kernel-pv-devel-4.1.36-44.1 kernel-vanilla-4.1.36-44.1 kernel-vanilla-debuginfo-4.1.36-44.1 kernel-vanilla-debugsource-4.1.36-44.1 kernel-vanilla-devel-4.1.36-44.1 kernel-xen-4.1.36-44.1 kernel-xen-base-4.1.36-44.1 kernel-xen-base-debuginfo-4.1.36-44.1 kernel-xen-debuginfo-4.1.36-44.1 kernel-xen-debugsource-4.1.36-44.1 kernel-xen-devel-4.1.36-44.1 - openSUSE Leap 42.1 (noarch): kernel-devel-4.1.36-44.1 kernel-docs-4.1.36-44.2 kernel-docs-html-4.1.36-44.2 kernel-docs-pdf-4.1.36-44.2 kernel-macros-4.1.36-44.1 kernel-source-4.1.36-44.1 kernel-source-vanilla-4.1.36-44.1 - openSUSE Leap 42.1 (i686): kernel-pae-4.1.36-44.1 kernel-pae-base-4.1.36-44.1 kernel-pae-base-debuginfo-4.1.36-44.1 kernel-pae-debuginfo-4.1.36-44.1 kernel-pae-debugsource-4.1.36-44.1 kernel-pae-devel-4.1.36-44.1 References: https://www.suse.com/security/cve/CVE-2016-9756.html https://bugzilla.suse.com/1013038 https://bugzilla.suse.com/1014943 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  19. news
    ** TECHSPOT ------------------------------------------------------------ ** Corsair Force MP500 480GB Review ------------------------------------------------------------ ** http://www.techspot.com/review/1302-corsair-force-mp500-ssd/ ------------------------------------------------------------ A tough act to follow for the competition, even for the likes of Intel, Corsair announced the Force MP500 SSD shortly after the release of the dominating Samsung 960 Series. The Force MP500 is a high-speed NVMe SSD targeting power users available in a variety of capacities: 480GB, 240GB and even a piddly 120GBer. Thank you. Julio Franco Executive Editor | TECHSPOT ( -at -) juliofranco ----------------------------------- ============================================================ Our mailing address is: TechSpot 8237 NW 68 St Miami, FL 33166 USA
  20. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : hdf5 Version : 1.8.8-9+deb7u1 CVE ID : CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333 Debian Bug : 845301 Cisco Talos discovered that hdf5, a file format and library for storing scientific data, contained several vulnerabilities that could lead to arbitrary code execution when handling untrusted data. For Debian 7 "Wheezy", these problems have been fixed in version 1.8.8-9+deb7u1. We recommend that you upgrade your hdf5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJYZ9+/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHbPQP/jzc3DihTbS5IY4bt36MUeCF xvppLu/HXZ/F2iN2MY4c/AbsmAYvY+DjsqX9XuhJZQkO3YPaU4UH2VHlWalgk7lH 7XbhOgLcjPt3rkS18S1tDSj2OaGjCwuZxtuxwJR4Ap5wdLHT3JXPcYVu1JOo2Urr ZGPZ5/SKF8iYyh7uqOudaSsI8TrtjRc1VUgwVkg9ji4jND3yacV/mAycFl5KfrUG uHuwN85XrDSppqef/7EmMHSCjf7g/G/V8J9YIvLytnY3lnXldJeMyGYgRzSp22YC bEdbesyShI9lTpPmqiD0ePvoz7yqcIcpvPusn8YShYDlF6MLtIuJPrmRnms62S1g Xgp9ToZb95ASlhzKUzq5Yhou63sMP7v9Cs59Qa/ag9rQLvF1hQbs4KxEOMIU2Wa5 HIwLpn9bTyRbHyJfuEVOT6EoYwbKAy41ZbarODtRyZzSykB4KmbgyNb5qg2F817f xYUwjzuwv1AsK0amRBaIawF6OAU1jjffUlGNNmsSpSaJPnthDLqkHUP51k1YBTNq Bt3ENnlEfp/0jFTMZ7OBnBlaxrMWCCcEhuk0pfzRfq1MBMe1leJ2XQg4nrP19QDE nGR+S6hPsxbdP1+2wsKk8gQDIWbHgzB0pw/ybhG7xhxWZQbbajZHieNjsY4Q5Rgc SKCo8u+O98y4jimKeJqg =UdMo -----END PGP SIGNATURE-----
  21. news
    -------- SILVERSTONE ARM23BS MONITOR STAND REVIEW ( -at -) APH NETWORKS ------------- Hello everyone! APH Networks has published a new review that your readers might enjoy. A post in your site's news section would be greatly appreciated! Don't forget to send your site news to us. As we promise to post your news articles on APH Networks periodically, we would certainly appreciate it if you do the same as well. Thank you for your support in advance! * Title: SilverStone ARM23BS Monitor Stand Review ( -at -) APH Networks * Description: The SilverStone ARM23BS is an excellent wallet-friendly option for those looking to add a bit more flexibility to their multiple monitor setups. * Link: http://aphnetworks.com/reviews/silverstone-arm23bs * Image: http://aphnetworks.com/review/silverstone-arm23bs/006.jpg Best Regards, Jonathan Kwan Editor-in-Chief APH Networks Inc. http://aphnetworks.com -- Unsubscribe from this newsletter: http://aphnetworks.com/newsletter/confirm/remove/c77c84bd425t5
  22. news
    openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:3309-1 Rating: important References: #1001856 #1012493 #982003 Cross-References: CVE-2016-5103 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for roundcubemail fixes the following issues: - A maliciously crafted email could cause untrusted code to be executed (cross site scripting using $lt;area href=javascript:...>) (boo#982003, CVE-2016-5103) - Avoid HTML styles that could cause potential click jacking (boo#1001856) - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command (boo#1012493) - Avoid sending completely empty text parts for multipart/alternative messages - Don't create multipart/alternative messages with empty text/plain part - Improved validation of FROM argument when sending mails Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch 2016-1533=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (noarch): roundcubemail-1.0.9-2.36.1 References: https://www.suse.com/security/cve/CVE-2016-5103.html https://bugzilla.suse.com/1001856 https://bugzilla.suse.com/1012493 https://bugzilla.suse.com/982003 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  23. news
    openSUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:3310-1 Rating: important References: #1011922 #1015422 Cross-References: CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9904 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update to MozillaFirefox 50.1.0 fixes the following vulnerabilities: - CVE-2016-9894: Buffer overflow in SkiaGL - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9896: Use-after-free with WebVR - CVE-2016-9897: Memory corruption in libGLES - CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees - CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs - CVE-2016-9904: Cross-origin information leak in shared atoms - CVE-2016-9901: Data from Pocket server improperly sanitized before execution - CVE-2016-9902: Pocket extension does not validate the origin of events - CVE-2016-9903: XSS injection vulnerability in add-ons SDK - CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 - CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 The following bugs were fixed: - boo#1011922: fix crash after a few seconds of usage on AArch64 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch 2016-1534=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): MozillaFirefox-50.1.0-134.1 MozillaFirefox-branding-upstream-50.1.0-134.1 MozillaFirefox-buildsymbols-50.1.0-134.1 MozillaFirefox-debuginfo-50.1.0-134.1 MozillaFirefox-debugsource-50.1.0-134.1 MozillaFirefox-devel-50.1.0-134.1 MozillaFirefox-translations-common-50.1.0-134.1 MozillaFirefox-translations-other-50.1.0-134.1 References: https://www.suse.com/security/cve/CVE-2016-9080.html https://www.suse.com/security/cve/CVE-2016-9893.html https://www.suse.com/security/cve/CVE-2016-9894.html https://www.suse.com/security/cve/CVE-2016-9895.html https://www.suse.com/security/cve/CVE-2016-9896.html https://www.suse.com/security/cve/CVE-2016-9897.html https://www.suse.com/security/cve/CVE-2016-9898.html https://www.suse.com/security/cve/CVE-2016-9899.html https://www.suse.com/security/cve/CVE-2016-9900.html https://www.suse.com/security/cve/CVE-2016-9901.html https://www.suse.com/security/cve/CVE-2016-9902.html https://www.suse.com/security/cve/CVE-2016-9903.html https://www.suse.com/security/cve/CVE-2016-9904.html https://bugzilla.suse.com/1011922 https://bugzilla.suse.com/1015422 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  24. news
    Static pressure vs airflow fans – is there a real difference? ------------------------------------------------------------ http://us2.campaign-archive1.com/?u=bfb2b902b5fb045ad6f841f98&id=2441a4f597&e=872093acb5 http://www.kitguru.net Static pressure vs airflow fans – is there a real difference? We are often told by online pundits that you have to use a static pressure fan for your heatsink or radiator, and that you have to use an airflow fan to intake or exhaust air from your chassis. In another fact-finding mission, I want to find out if the first claim is true – does it really matter if you want to put an airflow fan on your heatsink, not a static pressure model? Read the review here: http://www.kitguru.net/components/cooling/dominic-moass/static-pressure-vs-airflow-fans-is-there-a-real-difference/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend1.com/forward?u=bfb2b902b5fb045ad6f841f98&id=2441a4f597&e=872093acb5) Copyright © 2016 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  25. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2016-365-03) New seamonkey packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/seamonkey-2.46-i586-1_slack14.2.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.seamonkey-project.org/releases/seamonkey2.46 (* Security fix *) patches/packages/seamonkey-solibs-2.46-i586-1_slack14.2.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/seamonkey-2.46-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/seamonkey-solibs-2.46-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/seamonkey-2.46-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/seamonkey-solibs-2.46-x86_64-1_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/seamonkey-2.46-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/seamonkey-solibs-2.46-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/seamonkey-2.46-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/seamonkey-solibs-2.46-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.46-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.46-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.46-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.46-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.1 packages: 8c9209b993131ff9b1b3d2f8bc3beabc seamonkey-2.46-i486-1_slack14.1.txz 4a24c7f38b63a7a76129722b0b0bd87b seamonkey-solibs-2.46-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: 42c0338ed0e61d66d61907b283165a01 seamonkey-2.46-x86_64-1_slack14.1.txz 66b794a1e6b36c3909f7d5ca218acab3 seamonkey-solibs-2.46-x86_64-1_slack14.1.txz Slackware 14.2 packages: 1e8e6326a71dc9a8f1ff9486d6befa90 seamonkey-2.46-i586-1_slack14.2.txz 06e683807975e2dc2c47b4fc62b66a56 seamonkey-solibs-2.46-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 750330ec1cc276ee471aa2b09964f5d8 seamonkey-2.46-x86_64-1_slack14.2.txz 2b4b181483f3d24621a886f289513d3c seamonkey-solibs-2.46-x86_64-1_slack14.2.txz Slackware -current packages: 9da5550b295269810f907676af48ac2b l/seamonkey-solibs-2.46-i586-1.txz 6e6a56cd9cd6ee2dc780879314b9dd45 xap/seamonkey-2.46-i586-1.txz Slackware x86_64 -current packages: 475267353c497433c7cfc5ef721e714b l/seamonkey-solibs-2.46-x86_64-1.txz aca82e97690261f36fe572e5f231a5fa xap/seamonkey-2.46-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg seamonkey-2.46-i586-1_slack14.2.txz seamonkey-solibs-2.46-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+
×