news

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u18 CVE ID : CVE-2016-7909 CVE-2016-8909 CVE-2016-8910 Debian Bug : 839834 841950 841955 842455 842463 Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware based on Quick Emulator(Qemu). The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-7909 Quick Emulator(Qemu) built with the AMD PC-Net II emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets via pcnet_receive(). A privileged user/process inside guest could use this issue to crash the Qemu process on the host leading to DoS. CVE-2016-8909 Quick Emulator(Qemu) built with the Intel HDA controller emulation support is vulnerable to an infinite loop issue. It could occur while processing the DMA buffer stream while doing data transfer in 'intel_hda_xfer'. A privileged user inside guest could use this flaw to consume excessive CPU cycles on the host, resulting in DoS. CVE-2016-8910 Quick Emulator(Qemu) built with the RTL8139 ethernet controller emulation support is vulnerable to an infinite loop issue. It could occur while transmitting packets in C+ mode of operation. A privileged user inside guest could use this flaw to consume excessive CPU cycles on the host, resulting in DoS situation. Further issues fixed where the CVE requests are pending: * Quick Emulator(Qemu) built with the i8255x (PRO100) NIC emulation support is vulnerable to a memory leakage issue. It could occur while unplugging the device, and doing so repeatedly would result in leaking host memory affecting, other services on the host. A privileged user inside guest could use this flaw to cause a DoS on the host and/or potentially crash the Qemu process on the host. * Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to a several memory leakage issues. A privileged user inside guest could use this flaw to leak the host memory bytes resulting in DoS for other services. * Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an integer overflow issue. It could occur by accessing xattributes values. A privileged user inside guest could use this flaw to crash the Qemu process instance resulting in DoS. * Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to memory leakage issue. It could occur while creating extended attribute via 'Txattrcreate' message. A privileged user inside guest could use this flaw to leak host memory, thus affecting other services on the host and/or potentially crash the Qemu process on the host. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.2+dfsg-6+deb7u18. We recommend that you upgrade your qemu-kvm packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Title: HAVIT HV-KB378L RGB Backlit Mechanical Keyboard Review ( -at -) NikKTech Description: Featuring an aluminum body, Outemu blue mechanical switches, RGB key illumination and all that at a fraction of what most of the competition asks the HAVIT HV-KB378L could be your first/next mechanical keyboard. Article Link: http://www.nikktech.com/main/articles/peripherals/keyboards/7105-havit-hv-kb 378l-rgb-backlit-mechanical-keyboard-review Image Link: http://www.nikktech.com/main/images/pics/reviews/havit/hv_kb378l/havit_hv_kb 378lb.JPG A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas

At Phoronix we have posted a new article. A link to this from your site's news section would be greatly appreciated. Title: NVIDIA GeForce GTX 1050 Ti Linux Benchmarks ( -at -) Phoronix Direct Link: http://www.phoronix.com/vr.php?view=23688 Summary: "Yesterday I published the first GeForce GTX 1050 Linux benchmarks with OpenGL, OpenCL, and Vulkan coverage. With now having my hands on the EVGA GeForce GTX 1050 Ti SC GAMING graphics card, here are the first Linux benchmarks of the GTX 1050 Ti graphics card that can be fetched for less than $150 USD." Please feel free to contact us with any questions or comments you may

At Phoronix we have posted a new article. A link to this from your site's news section would be greatly appreciated. Title: NVIDIA GeForce GTX 1050 Ti Linux Benchmarks ( -at -) Phoronix Direct Link: http://www.phoronix.com/vr.php?view=23688 Summary: "Yesterday I published the first GeForce GTX 1050 Linux benchmarks with OpenGL, OpenCL, and Vulkan coverage. With now having my hands on the EVGA GeForce GTX 1050 Ti SC GAMING graphics card, here are the first Linux benchmarks of the GTX 1050 Ti graphics card that can be fetched for less than $150 USD." Please feel free to contact us with any questions or comments you may

TITLE: Mionix Naos QG Review ( -at -) Vortez CONTENT: Mionix created the Naos QG (Quantified Gaming) in association with thousands of Twitchcon viewers and received the backing of more than 800 people via kickstarter. Quite an impressive level of support for the humble hand-held device. So what makes the Naos QC different? Well it isn't the advanced 4 layer rubberised surface, or the awesome 12,000 DPI Pixart PWM3360 sensor. It isn't even the use of the latest ARM Cortex M3 processor. What is interesting is the addition of a Pixart PAH8001EI -2G heart rate sensor that can measure the users heart rate and be displayed live via a special overlay courtesy of the Overwolf app. LINK: http://www.vortez.net/review.php?id=1224 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.

TITLE: Mionix Naos QG Review ( -at -) Vortez CONTENT: Mionix created the Naos QG (Quantified Gaming) in association with thousands of Twitchcon viewers and received the backing of more than 800 people via kickstarter. Quite an impressive level of support for the humble hand-held device. So what makes the Naos QC different? Well it isn't the advanced 4 layer rubberised surface, or the awesome 12,000 DPI Pixart PWM3360 sensor. It isn't even the use of the latest ARM Cortex M3 processor. What is interesting is the addition of a Pixart PAH8001EI -2G heart rate sensor that can measure the users heart rate and be displayed live via a special overlay courtesy of the Overwolf app. LINK: http://www.vortez.net/review.php?id=1224 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.

TITLE: Mionix Naos QG Review ( -at -) Vortez CONTENT: Mionix created the Naos QG (Quantified Gaming) in association with thousands of Twitchcon viewers and received the backing of more than 800 people via kickstarter. Quite an impressive level of support for the humble hand-held device. So what makes the Naos QC different? Well it isn't the advanced 4 layer rubberised surface, or the awesome 12,000 DPI Pixart PWM3360 sensor. It isn't even the use of the latest ARM Cortex M3 processor. What is interesting is the addition of a Pixart PAH8001EI -2G heart rate sensor that can measure the users heart rate and be displayed live via a special overlay courtesy of the Overwolf app. LINK: http://www.vortez.net/review.php?id=1224 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.

The Wine development release 1.9.22 is now available. What's new in this release (see below for details): - macOS clipboard support adapted to the new design. - Initial implementation of bitmap rendering in Direct2D. - More WebServices implementation. - A few more steps towards HID support. - Various bug fixes. The source is available from the following locations: http://dl.winehq.org/wine/source/1.9/wine-1.9.22.tar.bz2 http://mirrors.ibiblio.org/wine/source/1.9/wine-1.9.22.tar.bz2 Binary packages for various distributions will be available from: http://www.winehq.org/download You will find documentation on http://www.winehq.org/documentation You can also get the current source directly from the git repository. Check http://www.winehq.org/git for details. Wine is available thanks to the work of many people. See the file AUTHORS in the distribution for the complete list. ---------------------------------------------------------------- Bugs fixed in 1.9.22 (total 25): 11910 Multiple games need msvcirt.dll.??0istrstream ( -at -) ( -at -) QAE ( -at -) PADH ( -at -) Z (Tron 2.0, NOLF2, Schizm 2) 16925 Star Trek: Borg does not run, needs msvcrt20.dll.??0ostrstream ( -at -) ( -at -) QAE ( -at -) PADHH ( -at -) Z 20569 Winamp's next page in the shoutcast radio/tv list doesn't respond 22671 Gestan crashes due to unimplemented msvcirt.dll.??0istrstream ( -at -) ( -at -) QAE ( -at -) PAD ( -at -) Z 24519 Fractal Time!: cannot select an area in the generated image to zoom in 26994 Microsoft reader crashes due to unimpl msvcirt.dll.?rdbuf ( -at -) ostrstream ( -at -) ( -at -) QBEPAVstrstreambuf ( -at -) ( -at -) XZ 27553 Reservoir Dogs: no videos and black menu right after starting 29174 L2German.net: Lineage II installer crashes 29412 Right click on system tray icon not work 31338 Max Payne 2: The Fall of Max Payne (Steam) shows white screen and nothing else 32672 Rainbow Six: Only the sky is rendered 35025 Max Payne 2 Demo: checkboxes in options dialog have missing window styles 35281 KCleaner hangs up in system tray 35452 Warhammer 40,000: Dawn of War II (Steam) crashes on startup, reporting 'Failed to verify content catalog integrity' 35630 New ReactOS shell crashes on unimplemented function shell32.dll.723 a.k.a. SHCreateSessionKey 36205 TrySim v5.0 demo doesn't exit cleanly (crashes/hangs on exit) 36690 Rockman 7FC has issues with Shade Man Easter Egg 37410 Might & Magic Heroes IV crashes on startup 39364 LFS.exe (Live for Speed) crash on copy/paste (Ctrl+C) operation on chat history 41449 Power DVD 15 (Cyberlink) needs unimplemented function SHELL32.dll.SHRemoveLocalizedName 41492 Failure to compile: redefinition of typedef ‘EVENT_FILTER_DESCRIPTOR’ 41565 WMI error in object Win32_ComputerSystemProduct, property UUID 41570 Xenia emulator needs unimplemented function api-ms-win-core-rtlsupport-l1-1.RtlLookupFunctionEntry called in 64-bit code 41572 Windows API crash (GetTimeZoneInformationForYear) 41575 Copy/Cut and paste do not work as of wine 1.9.21 ---------------------------------------------------------------- Changes since 1.9.21: Alexandre Julliard (1): rpcrt4: Remove noisy fixme. Alistair Leslie-Hughes (2): comtrl32/treeview: Display state value as hex. comdlg32/tests: Test when a directory is passed to OpenFileName Dialog. Andrew Eikum (4): quartz: Clarify debug strings. d2d1: Implement d2d_transformed_geometry_FillContainsPoint(). d2d1: Implement d2d_path_geometry_FillContainsPoint(). d2d1/tests: Add FillContainsPoint() tests. Andrey Gusev (8): user32: Add support for WS_EX_RIGHT style. wpc: Fix TRACE for WindowsParentalControls_CreateInstance. po: Update Ukrainian translation. api-ms-win-core-psapi-obsolete-l1-1-0: Add dll. ext-ms-win-gdi-dc-create-l1-1-1: Add dll. ext-ms-win-ntuser-message-l1-1-1: Add dll. ext-ms-win-rtcore-ntuser-dpi-l1-1-0: Add dll. ext-ms-win-ntuser-uicontext-ext-l1-1-0: Add dll. Aric Stewart (6): include: Correct NTSTATUS declaration for hidsdi.h. hidclass.sys: Use IoSetCompletionRoutine. hidclass.sys: Watch return for STATUS_PENDING not IRP status. winebus.sys: Handle device reports for hidraw devices. hid: Implement HidD_SetOutputReport. winebus.sys: Implement IOCTL_HID_SET_OUTPUT_REPORT for hidraw. Aurimas Fišeras (1): po: Update Lithuanian translation. Austin English (3): shell32: Add SHRemoveLocalizedName stub. shell32: Add SHCreateSessionKey stub. api-ms-win-core-rtlsupport-l1-1-0: Add missing forwards. Bruno Jesus (1): comdlg32: Avoid crash when a path is passed into Open File Dialog. Carlo Bramini (2): comdlg32: Uses SetDlgItemInt() to simplify the code. msi: Remove useless code. Christoph von Wittich (1): rpcrt4: Implement RpcBindingServerFromClient and populate NetworkAddr for each transport. Detlef Riekenberg (1): winspool: Add our driver for all usable Printer environments. Donat Enikeev (2): crypt32/tests: Add tests for Cert(Un)registerSystemStore. crypt32: Cert(Un)RegisterSystemStore semi-stubs. Frédéric Delanoy (1): po: Update French translation. Hadrien Boizard (1): winex11.drv: Use EqualRect() instead of memcmp() to compare RECTs. Hans Leidekker (13): advapi32: Avoid printing control characters in traces. davclnt: Return a fake handle from DavRegisterAuthCallback. include: Avoid redefinition of PEVENT_FILTER_DESCRIPTOR. netapi32: Implement DavGetUNCFromHTTPPath. wbemprox: Use the WS_ prefix to avoid conflicts with Unix headers. wbemprox: Return the hardware UUID for Win32_ComputerSystemProduct.UUID on macOS. msi: Accept descriptors without component. webservices: Implement WsReadBytes. webservices: Implement WsReadCharsUtf8. webservices: Implement WsReadChars. webservices: Add a stub implementation of WS_TYPE_ATTRIBUTE_FIELD_MAPPING in the reader. webservices: Explicitly pass the offset to read_type_struct_field. webservices: Implement WsCall. Henri Verbeet (1): wined3d: Get rid of WINED3DFMT_FLAG_GETDC. Hugh McMaster (7): regedit/tests: Replace the hard-coded subkey path with a define. regedit/tests: Open the registry key once in each test function. regedit/tests: Handle different data types with one verify_reg() function. regedit/tests: Add line break and complexity tests. reg/tests: Add line break and complexity tests for 'reg import'. regedit: Do not close the registy key handle when a line break is encountered. regedit: Close the registry key handle in the read function instead of the parser. Huw D. M. Davies (4): comctl32: Make the position variables signed to avoid wrapping in the HDF_RIGHT case. comctl32: Add support for the sort arrows. winemac: Update the keyboard layout data immediately after changing the input source. ntdll: Zero-init the buffer for non-linux versions of SystemProcessorPerformanceInformation. Iván Matellanes (10): msvcirt: Don't return negative values in in_avail and out_waiting. msvcirt: Add a partial implementation of class ostrstream. msvcirt: Implement ostrstream constructors. msvcirt/tests: Add tests of ostrstream::pcount. msvcirt: Add a partial implementation of class istrstream. msvcirt: Implement istrstream constructors. msvcirt: Add a partial implementation of class strstream. msvcirt: Implement strstream constructors. msvcirt: Add a partial implementation of class stdiostream. msvcirt: Implement stdiostream constructors. Jacek Caban (13): wintrust: Don't close key if RegOpenKeyExW failed. ntdll/tests: Added more registry symlink tests. ntdll: Return NULL key on NtCreateKey failure. advapi32: Pass options argument to NtOpenFileEx. advapi32: Initialize retkey value in open_key. ws2_32: Added FreeAddrInfoExW stub. kernel32: Improved GetUserPreferredUILanguages stub. taskschd: Added ITriggerCollection::Create implementation. taskschd: Added IDailyTrigger::DaysInterval property implementation. xmllite: Return success when setting XmlReaderProperty_MultiLanguage property. xmllite: Return success when setting XmlReaderProperty_MaxElementDepth property. ntdll: Cache error information for cacheable handles with no fd. server: Allow caching device file handles. Józef Kucia (17): wined3d: Let buffer_direct_upload() invalidate STATE_INDEXBUFFER if needed. wined3d: Clean up buffer_internal_preload(). wined3d: Rename buffer_internal_preload() to wined3d_buffer_load(). wined3d: Rename buffer_get_sysmem() to wined3d_buffer_load_sysmem(). wined3d: Explicitly track locations for buffers. wined3d: Introduce wined3d_buffer_prepapre_location(). wined3d: Introduce wined3d_buffer_load_location(). wined3d: Do not assume that WINED3D_LOCATION_SYSMEM is always valid for double buffered buffers. wined3d: Move buffer_get_memory() under wined3d_buffer_load_sysmem(). wined3d: Implement wined3d_buffer_prepare_location() for WINED3D_LOCATION_BUFFER. wined3d: Introduce wined3d_buffer_get_memory(). wined3d: Prefer current locations to WINED3D_LOCATION_SYSMEM in wined3d_buffer_copy(). wined3d: Replace wined3d_buffer_load_sysmem() calls with wined3d_buffer_load_location(). wined3d: Introduce buffer_conversion_upload() helper function. wined3d: Simplify remove_vbos(). wined3d: Fix index offset for immediate mode draws. wined3d: Use buffer_bind() in buffer_conversion_upload(). Ken Thomases (18): server: Make disconnecting a named pipe immediately close the client's connection and allow the server to initiate a new connection. kernel32/tests: Test that ConnectNamedPipe() works immediately after DisconnectNamedPipe() without waiting for the client to close. winemac: Allocate clipboard data as GMEM_FIXED. winemac: Convert old-Mac-style line breaks (CR) to Windows-style CRLF when importing UTF-16. winemac: Remove support for owner-displayed clipboard formats. winemac: Remove support for converting among standard clipboard formats. winemac: Don't export/import CF_BITMAP or CF_DIBV5 to/from a Mac-native data type. winemac: Don't export/import CF_TEXT or CF_OEMTEXT to/from Mac-native data types. winemac: Clamp the number of colors to

Hello LanOC Affiliates and newsletter subscribers, here is our newest posting. We would appreciate you spreading the word! LanOC Reviews has released a new article which you and your readers might enjoy. We would be grateful if you would please share it with them. *TITLE:* MSI GTX 1050 Ti Gaming X 4G ( -at -) LanOC Reviews <http://lanoc.org/review/video-cards/7355-msi-gtx-1050-ti-gaming-x-4g> *DESCRIPTION:* So earlier this week I took a look at both the GTX 1050 and the GTX 1050 Ti. Both of our samples were from Nvidia and MSI but around the same time I also ended up with a second MSI GTX 1050 Ti, the Gaming X model. It didn’t seem right to just slip the numbers into the other coverage so today I’m going to take a look at the card. It is longer than the other MSI cards and it has a full sized dual fan cooler. They also slipped a 6-pin power connection on it as well so today I’m going to run it through all of our normal tests and see how well it performs. *ARTICLE URL:* http://lanoc.org/review/video-cards/7355-msi-gtx-1050-ti-gaming-x-4g *LARGE IMAGE URL:* http://lanoc.org/images/reviews/2016/msi_gtx1050ti_gamingx/title.jpg *SMALL IMAGE URL:* http://lanoc.org/images/reviews/2016/msi_gtx1050ti_gamingx/email.jpg Thank you for your help Our content is syndicated by *RSS* 2.0 at: http://lanoc.org/review? format=feed&type=atom Check out our *YouTube* Channel: http://www.youtube.com/user/LanocReviews Follow us on *Twitter*: http://www.twitter.com/LanOC_Reviews Join our group on *Facebook*: http://www.facebook.com/LanOCReviews Join our *Steam* Group: http://steamcommunity.com/groups/lanoc *If this message has been sent to an incorrect address, or you no longer wish to receive our news, please email us back and let us know at reviews ( -at -) lanoc.org <reviews ( -at -) lanoc.org>* ---------------------------------------- Wes Compton Editor-in-Chief LanOC Reviews http://lanoc.org MSN/Skype: wes ( -at -) lanoc.org Phone: 419-605-0828 ( -at -) LanOC_Reviews <http://twitter.com/#!/LanOC_Reviews> Google Plus <https://plus.google.com/u/1/b/111054267662763089650/> Our Facebook Page <http://www.facebook.com/LanOCReviews>

SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2668-1 Rating: important References: #1001900 #1004924 #1005274 Cross-References: CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gd fixes the following security issues: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp (bsc#1001900) - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1571=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1571=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1571=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1571=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gd-32bit-2.1.0-17.1 gd-debuginfo-32bit-2.1.0-17.1 gd-debugsource-2.1.0-17.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gd-debuginfo-2.1.0-17.1 gd-debugsource-2.1.0-17.1 gd-devel-2.1.0-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gd-2.1.0-17.1 gd-debuginfo-2.1.0-17.1 gd-debugsource-2.1.0-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gd-2.1.0-17.1 gd-32bit-2.1.0-17.1 gd-debuginfo-2.1.0-17.1 gd-debuginfo-32bit-2.1.0-17.1 gd-debugsource-2.1.0-17.1 References: https://www.suse.com/security/cve/CVE-2016-6911.html https://www.suse.com/security/cve/CVE-2016-7568.html https://www.suse.com/security/cve/CVE-2016-8670.html https://bugzilla.suse.com/1001900 https://bugzilla.suse.com/1004924 https://bugzilla.suse.com/1005274 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2668-1 Rating: important References: #1001900 #1004924 #1005274 Cross-References: CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gd fixes the following security issues: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp (bsc#1001900) - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1571=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1571=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1571=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1571=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gd-32bit-2.1.0-17.1 gd-debuginfo-32bit-2.1.0-17.1 gd-debugsource-2.1.0-17.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gd-debuginfo-2.1.0-17.1 gd-debugsource-2.1.0-17.1 gd-devel-2.1.0-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gd-2.1.0-17.1 gd-debuginfo-2.1.0-17.1 gd-debugsource-2.1.0-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gd-2.1.0-17.1 gd-32bit-2.1.0-17.1 gd-debuginfo-2.1.0-17.1 gd-debuginfo-32bit-2.1.0-17.1 gd-debugsource-2.1.0-17.1 References: https://www.suse.com/security/cve/CVE-2016-6911.html https://www.suse.com/security/cve/CVE-2016-7568.html https://www.suse.com/security/cve/CVE-2016-8670.html https://bugzilla.suse.com/1001900 https://bugzilla.suse.com/1004924 https://bugzilla.suse.com/1005274 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

View this email in your browser (http://us3.campaign-archive2.com/?u=efc4c507c2cf964fc2462caca&id=d69d173531&e=0c004f9c13) Whether you’re just getting into PC gaming, or are a seasoned DIY PC gamer with dozens of monster builds under your belt, NVIDIA’s GeForce Experience can be a useful all-in-one tool for taking the drudgery out of fine tuning and expanding your PC gaming experience. Want to optimize all those settings in Gears of War 4 with the ideal configuration for your PC, capture and share your best Overwatch POTG, or manage driver updates with notifications and automatic downloads? NVIDIA's GeForce Experience 3.0 software suite does all of this and more... Exploring NVIDIA's GeForce Experience 3.0, A Beginner's Guide (http://hothardware.us3.list-manage1.com/track/click?u=efc4c507c2cf964fc2462caca&id=1bb845f8e8&e=0c004f9c13) http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=ba914bb887&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=ebf3153407&e=0c004f9c13 Best Regards, HotHardware.com (http://hothardware.us3.list-manage1.com/track/click?u=efc4c507c2cf964fc2462caca&id=952edc179c&e=0c004f9c13) http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=d8c68035c4&e=0c004f9c13 http://hothardware.us3.list-manage2.com/track/click?u=efc4c507c2cf964fc2462caca&id=a0be5249a6&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=405e802b7b&e=0c004f9c13 ============================================================

-------- AZIO MK RETRO MECHANICAL KEYBOARD REVIEW ( -at -) APH NETWORKS ------------- Hello everyone! APH Networks has published a new review that your readers might enjoy. A post in your site's news section would be greatly appreciated! Don't forget to send your site news to us. As we promise to post your news articles on APH Networks periodically, we would certainly appreciate it if you do the same as well. Thank you for your support in advance! * Title: AZIO MK Retro Mechanical Keyboard Review ( -at -) APH Networks * Description: With the MK Retro, AZIO has brought retro back, and all the other manufacturers do not know how to act. * Link: http://aphnetworks.com/reviews/azio-mk-retro * Image: http://aphnetworks.com/review/azio-mk-retro/004bw.jpg Best Regards, Jonathan Kwan Editor-in-Chief APH Networks Inc. http://aphnetworks.com -- Unsubscribe from this newsletter: http://aphnetworks.com/newsletter/confirm/remove/c77c84bd425t5

CentOS Errata and Security Advisory 2016:2124 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-2124.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 704498f1ec6f196882bf2dc25bf1f65d813ff84107a8476d5386663532f5206a kernel-2.6.18-416.el5.i686.rpm 0802fb601a7d1936e6607c747a0737c36791dcb2af156d6be30c81f2d0671465 kernel-debug-2.6.18-416.el5.i686.rpm bc8956c899a7fce81f371e15e9d4293297b1abb64da75c214ba086d046c6a9bd kernel-debug-devel-2.6.18-416.el5.i686.rpm db180509a4fa22d8e0151bed34f12dc1aa040b497f3ec0ba465388510a7b6df7 kernel-devel-2.6.18-416.el5.i686.rpm fcfabae71ac655ffaeaf5ab5f3a4c64d214684ef6f738ce2a5666c950ec9fdbd kernel-doc-2.6.18-416.el5.noarch.rpm 8489c9c93257895eb1b69ecebb173249fcf501ed10518bc2547222ec1c75f482 kernel-headers-2.6.18-416.el5.i386.rpm e7d00b03a37e0353c22343d3a996a33c893e220cccb1fb7f1981ba1d530b73ee kernel-PAE-2.6.18-416.el5.i686.rpm 36fefcec929f64c33b09d7e3f2924ce3c8b7d7a86d1272e7de731ad584a9b310 kernel-PAE-devel-2.6.18-416.el5.i686.rpm ad35ea63d8275960cafd5844f59babeb5199f2f7ba10df6e35f58f5cc63f3aa6 kernel-xen-2.6.18-416.el5.i686.rpm da05a5b93d8c3f1518ee7eb52792f655febc9b724301610bf7463fd91d14a41a kernel-xen-devel-2.6.18-416.el5.i686.rpm x86_64: cbedceb97046ac8274a6804c7da995dd8166c0d18f867e317e269091f197e68b kernel-2.6.18-416.el5.x86_64.rpm 31be4d5ec91c50abef7421dbdd3acd098d1d338b35a6b487cf4888071867852d kernel-debug-2.6.18-416.el5.x86_64.rpm 04a3c7d586ac2923ff1362cb1e72634cfe3aa54a5e84e175340043a51fa043ca kernel-debug-devel-2.6.18-416.el5.x86_64.rpm b0ce136908b8fb2575bdc11e882a705e494a0b1b423435f7f3d984556b7afd38 kernel-devel-2.6.18-416.el5.x86_64.rpm fcfabae71ac655ffaeaf5ab5f3a4c64d214684ef6f738ce2a5666c950ec9fdbd kernel-doc-2.6.18-416.el5.noarch.rpm 058216a53ff8b1bd75333ed1c700076f54365d209bfd4d54109299318edd1a49 kernel-headers-2.6.18-416.el5.x86_64.rpm 738534a54a6ca2d9b04e8116ec1147900eeff7b8a7b07f7fe6ca177ecaa51c66 kernel-xen-2.6.18-416.el5.x86_64.rpm 18a2ea3fe7513fd882ea8d9c84772bbfed55700e748a96fc0ebfacbab4da7380 kernel-xen-devel-2.6.18-416.el5.x86_64.rpm Source: 724e9e10418be6bbb6a1408b12344edcab9f745373013f337be3180d3877c7f4 kernel-2.6.18-416.el5.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos ( -at -) irc.freenode.net Twitter: JohnnyCentOS _______________________________________________

It can be difficult having to frequently drop what you’re doing on the PC and pick up your phone to respond to a text, tweet, or snap only to have to drop the phone when you realized the enemy mid has nearly made it to your top lane and your screen full of warning pings. There are other ways to avoid that gank while still trying to maintain your social media presence or simply type out messages on your phone. ROCCAT has produced a keyboard that can do just that and more... Article Title: ROCCAT Skeltr RGB Gaming Keyboard Review ( -at -) Legit Reviews Article URL: http://www.legitreviews.com/roccat-skeltr-gaming-keyboard-review_187216 Unsubscribe: http://adserv.legitreviews.com/cgi-bin/dada/mail.cgi/u/legitpr/reviewnews// =

At Phoronix we have posted a new article. A link to this from your site's news section would be greatly appreciated. Title: NVIDIA GeForce GTX 1050 OpenGL/Vulkan/OpenCL Linux Performance ( -at -) Phoronix Direct Link: http://www.phoronix.com/vr.php?view=23681 Summary: "Earlier this week NVIDIA began shipping the GeForce GTX 1050 graphics cards and our first review is of a Zotac GeForce GTX 1050 Mini. A GeForce GTX 1050 Ti Linux review is still coming up plus some other articles looking at performance-per-Watt and other interesting areas for these low-cost Pascal-based GPUs. Here are results of the latest NVIDIA Linux performance compared to the latest open-source AMD Linux driver with various Radeon GPUs." Please feel free to contact us with any questions or comments you may

Plextor M8PeG 512GB M.2 NVMe SSD Review ------------------------------------------------------------ http://us2.campaign-archive2.com/?u=bfb2b902b5fb045ad6f841f98&id=9931d74d27&e=872093acb5 http://www.kitguru.net =PLEXTOR M8PEG 512GB M.2 NVME SSD REVIEW= The latest addition to Plextor’s range of SSDs is the M8P line of drives. The M8P family is the company’s first SSD range to use NVMe (Non-Volatile Memory) architecture and comes in two formats – an HHHL add-in card for motherboards without an M.2 slot and a 2280 M.2 drive, both using a PCI-e Gen3 x4 interface. Read the review here: http://www.kitguru.net/components/ssd-drives/simon-crisp/plextor-m8peg-512gb-m-2-nvme-ssd-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend1.com/forward?u=bfb2b902b5fb045ad6f841f98&id=9931d74d27&e=872093acb5) Copyright © 2016 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:2124-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2124.html Issue date: 2016-10-28 CVE Names: CVE-2016-1583 CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. Bug Fix(es): * In some cases, a kernel crash or file system corruption occurred when running journal mode 'ordered'. The kernel crash was caused by a null pointer dereference due to a race condition between two journal functions. The file system corruption occurred due to a race condition between the do_get_write_access() function and buffer writeout. This update fixes both race conditions. As a result, neither the kernel crash, nor the file system corruption now occur. (BZ#1067708) * Prior to this update, some Global File System 2 (GFS2) files had incorrect time stamp values due to two problems with handling time stamps of such files. The first problem concerned the atime time stamp, which ended up with an arbitrary value ahead of the actual value, when a GFS2 file was accessed. The second problem was related to the mtime and ctime time stamp updates, which got lost when a GFS2 file was written to from one node and read from or written to from another node. With this update, a set of patches has been applied that fix these problems. As a result, the time stamps of GFS2 files are now handled correctly. (BZ#1374861) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1344721 - CVE-2016-1583 kernel: Stack overflow via ecryptfs and /proc/$pid/environ 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: kernel-2.6.18-416.el5.src.rpm i386: kernel-2.6.18-416.el5.i686.rpm kernel-PAE-2.6.18-416.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-416.el5.i686.rpm kernel-PAE-devel-2.6.18-416.el5.i686.rpm kernel-debug-2.6.18-416.el5.i686.rpm kernel-debug-debuginfo-2.6.18-416.el5.i686.rpm kernel-debug-devel-2.6.18-416.el5.i686.rpm kernel-debuginfo-2.6.18-416.el5.i686.rpm kernel-debuginfo-common-2.6.18-416.el5.i686.rpm kernel-devel-2.6.18-416.el5.i686.rpm kernel-headers-2.6.18-416.el5.i386.rpm kernel-xen-2.6.18-416.el5.i686.rpm kernel-xen-debuginfo-2.6.18-416.el5.i686.rpm kernel-xen-devel-2.6.18-416.el5.i686.rpm noarch: kernel-doc-2.6.18-416.el5.noarch.rpm x86_64: kernel-2.6.18-416.el5.x86_64.rpm kernel-debug-2.6.18-416.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-debug-devel-2.6.18-416.el5.x86_64.rpm kernel-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-416.el5.x86_64.rpm kernel-devel-2.6.18-416.el5.x86_64.rpm kernel-headers-2.6.18-416.el5.x86_64.rpm kernel-xen-2.6.18-416.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-xen-devel-2.6.18-416.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: kernel-2.6.18-416.el5.src.rpm i386: kernel-2.6.18-416.el5.i686.rpm kernel-PAE-2.6.18-416.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-416.el5.i686.rpm kernel-PAE-devel-2.6.18-416.el5.i686.rpm kernel-debug-2.6.18-416.el5.i686.rpm kernel-debug-debuginfo-2.6.18-416.el5.i686.rpm kernel-debug-devel-2.6.18-416.el5.i686.rpm kernel-debuginfo-2.6.18-416.el5.i686.rpm kernel-debuginfo-common-2.6.18-416.el5.i686.rpm kernel-devel-2.6.18-416.el5.i686.rpm kernel-headers-2.6.18-416.el5.i386.rpm kernel-xen-2.6.18-416.el5.i686.rpm kernel-xen-debuginfo-2.6.18-416.el5.i686.rpm kernel-xen-devel-2.6.18-416.el5.i686.rpm ia64: kernel-2.6.18-416.el5.ia64.rpm kernel-debug-2.6.18-416.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-416.el5.ia64.rpm kernel-debug-devel-2.6.18-416.el5.ia64.rpm kernel-debuginfo-2.6.18-416.el5.ia64.rpm kernel-debuginfo-common-2.6.18-416.el5.ia64.rpm kernel-devel-2.6.18-416.el5.ia64.rpm kernel-headers-2.6.18-416.el5.ia64.rpm kernel-xen-2.6.18-416.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-416.el5.ia64.rpm kernel-xen-devel-2.6.18-416.el5.ia64.rpm noarch: kernel-doc-2.6.18-416.el5.noarch.rpm ppc: kernel-2.6.18-416.el5.ppc64.rpm kernel-debug-2.6.18-416.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-416.el5.ppc64.rpm kernel-debug-devel-2.6.18-416.el5.ppc64.rpm kernel-debuginfo-2.6.18-416.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-416.el5.ppc64.rpm kernel-devel-2.6.18-416.el5.ppc64.rpm kernel-headers-2.6.18-416.el5.ppc.rpm kernel-headers-2.6.18-416.el5.ppc64.rpm kernel-kdump-2.6.18-416.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-416.el5.ppc64.rpm kernel-kdump-devel-2.6.18-416.el5.ppc64.rpm s390x: kernel-2.6.18-416.el5.s390x.rpm kernel-debug-2.6.18-416.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-416.el5.s390x.rpm kernel-debug-devel-2.6.18-416.el5.s390x.rpm kernel-debuginfo-2.6.18-416.el5.s390x.rpm kernel-debuginfo-common-2.6.18-416.el5.s390x.rpm kernel-devel-2.6.18-416.el5.s390x.rpm kernel-headers-2.6.18-416.el5.s390x.rpm kernel-kdump-2.6.18-416.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-416.el5.s390x.rpm kernel-kdump-devel-2.6.18-416.el5.s390x.rpm x86_64: kernel-2.6.18-416.el5.x86_64.rpm kernel-debug-2.6.18-416.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-debug-devel-2.6.18-416.el5.x86_64.rpm kernel-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-416.el5.x86_64.rpm kernel-devel-2.6.18-416.el5.x86_64.rpm kernel-headers-2.6.18-416.el5.x86_64.rpm kernel-xen-2.6.18-416.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-416.el5.x86_64.rpm kernel-xen-devel-2.6.18-416.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1583 https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEyW/XlSAg2UNWIIRAu6bAKCAZkga9pOAO12NeSKKcoSyTwWfswCeKQVq FooeyHBgHP7undDI6+lxBHc= =cbDn -----END PGP SIGNATURE----- --

** TECHSPOT ------------------------------------------------------------ ** Xiaomi Redmi Pro Review ------------------------------------------------------------ ** http://www.techspot.com/review/1252-xiaomi-redmi-pro/ ------------------------------------------------------------ The Xiaomi Redmi Pro immediately caught the eye of many budget smartphone hunters. It packs a 5.5-inch 1080p AMOLED, a dual-camera system for refocusing and creating bokeh effects, a massive 4,050 mAh battery, and a decent MediaTek Helio X20 SoC with 32 GB of storage. All of this can be had for just under $250. Thank you. Julio Franco Executive Editor | TECHSPOT (http://www.techspot.com) ( -at -) juliofranco ----------------------------------- ============================================================ Our mailing address is: TechSpot 8237 NW 68 St Miami, FL 33166 USA

Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: Synology RackStation RS816 4-Bay NAS Link: http://www.techpowerup.com/reviews/Synology/RS816 Brief: The RackStation RS816 is a rackmount NAS for small business environments in need of a capable and highly energy efficient file server. It features four drive slots packed into a 19" rack 1U height enclosure. This Synology NAS is powered by an energy efficient Marvell ARM processor.

openSUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2665-1 Rating: important References: #1007098 Cross-References: CVE-2016-7855 Affected Products: openSUSE 13.1 NonFree ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for Adobe Flash Player to 11.2.202.643 fixes the following vulnerability: - CVE-2016-7855: use-after-free vulnerability (APSB16-36, boo#1007098) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1 NonFree: zypper in -t patch 2016-1240=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 NonFree (i586 x86_64): flash-player-11.2.202.643-177.1 flash-player-gnome-11.2.202.643-177.1 flash-player-kde4-11.2.202.643-177.1 References: https://www.suse.com/security/cve/CVE-2016-7855.html https://bugzilla.suse.com/1007098 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

View this email in your browser (http://us3.campaign-archive1.com/?u=efc4c507c2cf964fc2462caca&id=2bfaf68913&e=0c004f9c13) Microsoft unveiled its first all-in-one desktop system yesterday, known as the Surface Studio. The new Surface Studio is a premium, all-in-one PC that’s outfitted with an Intel processor, NVIDIA graphics, and hybrid storage system. It also has a super-thin, ultra-high resolution 28†/ 125mm thin touch display that is optimized for color accuracy and wide viewing angles. The Surface Studio also includes a new Surface Dial that offers a new input method, and of course, Surface Pen input is supported too... Hands On And First Impressions Of The Microsoft Surface Studio AIO PC (http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=ec94d9a81e&e=0c004f9c13) http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=4d65027232&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=d2d5732951&e=0c004f9c13 Best Regards, HotHardware.com (http://hothardware.us3.list-manage1.com/track/click?u=efc4c507c2cf964fc2462caca&id=797d81d170&e=0c004f9c13) http://hothardware.us3.list-manage1.com/track/click?u=efc4c507c2cf964fc2462caca&id=9ee16a63c6&e=0c004f9c13 http://hothardware.us3.list-manage2.com/track/click?u=efc4c507c2cf964fc2462caca&id=67613e0694&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=17a286e8c0&e=0c004f9c13 ============================================================

Morning Sirs HardwareOverclock.com has just posted another review. Last week we have taken a look at the SilentiumPC Grandis 2 XE1436 CPU cooler. The Grandis 2 XE1436 is the pinnacle of SilentiumPC CPU cooler lineup. This dual-radiator monster offers stellar cooling potential for the hottest processors on the market. Title: SilentiumPC Grandis 2 XE1436 CPU cooler ( -at -) HardwareOverclock.com Link: http://hardwareoverclock.com/SilentiumPC-Grandis-2-XE1436-CPU-Kuehler.htm Image: http://hardwareoverclock.com/kuehler/SPC-Grandis-2-XE1436-036.jpg Thanks for posting kr Rene Ruf Chefredakteur HardwareOverclock.com <mailto:admin ( -at -) hardwareoverclock.com> mailto:admin ( -at -) hardwareoverclock.com hardwareoverclock.com

openSUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2663-1 Rating: important References: #1007098 Cross-References: CVE-2016-7855 Affected Products: openSUSE 13.2 NonFree ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for Adobe Flash Player to 11.2.202.643 fixes the following vulnerability: - CVE-2016-7855: use-after-free vulnerability (APSB16-36, boo#1007098) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2 NonFree: zypper in -t patch openSUSE-2016-1239=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 NonFree (i586 x86_64): flash-player-11.2.202.643-2.115.1 flash-player-gnome-11.2.202.643-2.115.1 flash-player-kde4-11.2.202.643-2.115.1 References: https://www.suse.com/security/cve/CVE-2016-7855.html https://bugzilla.suse.com/1007098 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nodejs and nodejs-tough-cookie security, bug fix, and enhancement update Advisory ID: RHSA-2016:2101-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:2101 Issue date: 2016-10-27 CVE Names: CVE-2016-1000232 CVE-2016-5325 ===================================================================== 1. Summary: An update for nodejs-tough-cookie and nodejs is now available for Red Hat OpenShift Container Platform 3.1, 3.2, and 3.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 3.3 - noarch, x86_64 Red Hat OpenShift Enterprise 3.1 - noarch, x86_64 Red Hat OpenShift Enterprise 3.2 - noarch, x86_64 3. Description: Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es): * A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU. (CVE-2016-1000232) * It was found that the reason argument in ServerResponse#writeHead() was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request. (CVE-2016-5325) This advisory contains the RPM packages for this release. See the following advisory for the container images fixes for this release: https://access.redhat.com/errata/RHBA-2016:2100 4. Solution: For details on how to apply this update in OpenShift Container Platform 3, see the Solution section of the following advisory: https://access.redhat.com/errata/RHBA-2016:2100 5. Bugs fixed (https://bugzilla.redhat.com/): 1346910 - CVE-2016-5325 nodejs: reason argument in ServerResponse#writeHead() not properly validated 1359818 - CVE-2016-1000232 nodejs-tough-cookie: regular expression DoS via Cookie header with many semicolons 1382854 - [3.1,3.2,3.3] nodejs rpm updates for logging-auth-proxy 6. Package List: Red Hat OpenShift Enterprise 3.1: Source: nodejs-0.10.47-2.el7.src.rpm nodejs-tough-cookie-2.3.1-1.el7.src.rpm noarch: nodejs-docs-0.10.47-2.el7.noarch.rpm nodejs-tough-cookie-2.3.1-1.el7.noarch.rpm x86_64: nodejs-0.10.47-2.el7.x86_64.rpm nodejs-debuginfo-0.10.47-2.el7.x86_64.rpm nodejs-devel-0.10.47-2.el7.x86_64.rpm Red Hat OpenShift Enterprise 3.2: Source: nodejs-0.10.47-2.el7.src.rpm nodejs-tough-cookie-2.3.1-1.el7.src.rpm noarch: nodejs-docs-0.10.47-2.el7.noarch.rpm nodejs-tough-cookie-2.3.1-1.el7.noarch.rpm x86_64: nodejs-0.10.47-2.el7.x86_64.rpm nodejs-debuginfo-0.10.47-2.el7.x86_64.rpm nodejs-devel-0.10.47-2.el7.x86_64.rpm Red Hat OpenShift Container Platform 3.3: Source: nodejs-0.10.47-2.el7.src.rpm nodejs-tough-cookie-2.3.1-1.el7.src.rpm noarch: nodejs-docs-0.10.47-2.el7.noarch.rpm nodejs-tough-cookie-2.3.1-1.el7.noarch.rpm x86_64: nodejs-0.10.47-2.el7.x86_64.rpm nodejs-debuginfo-0.10.47-2.el7.x86_64.rpm nodejs-devel-0.10.47-2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1000232 https://access.redhat.com/security/cve/CVE-2016-5325 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEjZhXlSAg2UNWIIRAvpBAKDEWC6ztC/S4dgLmh/ODSF864GxvACfYW9c lWMlqAZ1pvo+ZnOKWYemVfA= =tgnX -----END PGP SIGNATURE----- --