Jump to content
Compatible Support Forums

news

Members
 View Profile  See their activity

  • Content count

    80899

  • Joined

  • Last visited

    Never

  • Days Won

    18

Everything posted by news

  1. news
    We have posted a new solid state report!! ------------------------------------------------------------ http://us7.campaign-archive1.com/?u=3d9b6193ffd32dd60e84fc74b&id=9257010548&e=312ec141fb http://thessdreview.us7.list-manage.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=bbdf56edfc&e=312ec141fb TITLE: ADATA Ultimate SU800 SSD Review (512GB) – More 3D TLC For The Masses LINK: http://thessdreview.us7.list-manage.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=f607ebd873&e=312ec141fb PHOTO: http://thessdreview.us7.list-manage.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=ce9d3ab4e0&e=312ec141fb INFO: The ADATA Ultimate SU800, despite the name and in contrast to the last ADATA SSD we had reviewed (SX930) (http://thessdreview.us7.list-manage.com/track/click?u=3d9b6193ffd32dd60e84fc74b&id=a118705430&e=312ec141fb) , is not an enthusiast oriented SSD, rather, it is an entry level/ budget SSD. The SX930 utilized a JMicron controller and enterprise-grade MLC+ NAND. The Ultimate SU800, on the other hand, utilizes a newer Silicon Motion controller and is the second SSD in the market utilizing Micron's 3D TLC NAND. This combination of components has us charting into new waters when it comes to evaluating the performance. Initially Micron had performance issues with their MX300 and had to go back to the drawing board to improve their firmware with a Marvell controller. Could it be possible that ADATA and SMI took on the challenge that even the fab owners couldn't handle the first time around? Or could it be a flop they need to figure out how to fix for themselves? Let's get on with the review and find out! _________________________________________________________________________________________
  2. news
    View this email in your browser (http://us3.campaign-archive2.com/?u=efc4c507c2cf964fc2462caca&id=3f59cefc5d&e=0c004f9c13) Although WiFi router throughput and multi-client bandwidth has scaled-up nicely over the years, range perhaps hasn't improved quite as robustly and even the most powerful WiFi routers, like Netgear's beastly Nighthawk X8, with its active antennas, can still leave dead spots in large home or office installations. That's where the recent crop of mesh router technologies, that startups like Eero and Google with Google WiFi, are making significant advancements. By spreading out multiple, interconnected router access points (as well as their antennas), across a WiFi network, you blanket the area with a stronger, more contiguous signal. If you need to go the distance, mesh WiFi routers are the new way to go and Netgear is now entering the fray with a 3GHz tri-band setup called Orbi... Netgear Orbi AC3000 Mesh WiFi System Review (http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=9d93d84036&e=0c004f9c13) http://hothardware.us3.list-manage2.com/track/click?u=efc4c507c2cf964fc2462caca&id=0cde288e0d&e=0c004f9c13 http://hothardware.us3.list-manage1.com/track/click?u=efc4c507c2cf964fc2462caca&id=70f4cd53d8&e=0c004f9c13 Best Regards, HotHardware.com (http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=75d63bb802&e=0c004f9c13) http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=6635efea34&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=37256b86fd&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=81bf47b5bf&e=0c004f9c13 ============================================================
  3. news
    SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2662-1 Rating: critical References: #1007098 Cross-References: CVE-2016-7855 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for flash-player to version 11.2.202.643 fixes one security issue. This security issue was fixed: - CVE-2016-7855: Use-after-free vulnerability that could lead to code execution (bsc#1007098). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1566=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1566=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.643-146.1 flash-player-gnome-11.2.202.643-146.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.643-146.1 flash-player-gnome-11.2.202.643-146.1 References: https://www.suse.com/security/cve/CVE-2016-7855.html https://bugzilla.suse.com/1007098 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  4. news
    Title: Patriot Viper V360 7.1 Surround Gaming Headset Review ( -at -) NikKTech Description: It may not produce the most accurate and crisp mids and highs but thanks to its Ultra Bass Response technology the Viper V360 7.1 surround gaming headset by Patriot brings something new to the table at a very affordable price. Article Link: http://www.nikktech.com/main/articles/peripherals/headsets/7104-patriot-vipe r-v360-7-1-surround-gaming-headset-review Image Link: http://www.nikktech.com/main/images/pics/reviews/patriot/viper_v360/patriot_ viper_v360a.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas
  5. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2120-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2120.html Issue date: 2016-10-27 CVE Names: CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.75.1.el6.noarch.rpm kernel-doc-2.6.32-431.75.1.el6.noarch.rpm kernel-firmware-2.6.32-431.75.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm kernel-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-headers-2.6.32-431.75.1.el6.x86_64.rpm perf-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.75.1.el6.noarch.rpm kernel-doc-2.6.32-431.75.1.el6.noarch.rpm kernel-firmware-2.6.32-431.75.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm kernel-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-headers-2.6.32-431.75.1.el6.x86_64.rpm perf-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEcadXlSAg2UNWIIRApaQAKC+3ji01JFJQRL3eiuf2KjdfWsHFACeOTzI zDGZGJupVIu4rviID2pAIyQ= =jXhF -----END PGP SIGNATURE----- --
  6. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2120-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2120.html Issue date: 2016-10-27 CVE Names: CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.75.1.el6.noarch.rpm kernel-doc-2.6.32-431.75.1.el6.noarch.rpm kernel-firmware-2.6.32-431.75.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm kernel-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-headers-2.6.32-431.75.1.el6.x86_64.rpm perf-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.75.1.el6.noarch.rpm kernel-doc-2.6.32-431.75.1.el6.noarch.rpm kernel-firmware-2.6.32-431.75.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm kernel-devel-2.6.32-431.75.1.el6.x86_64.rpm kernel-headers-2.6.32-431.75.1.el6.x86_64.rpm perf-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.5): Source: kernel-2.6.32-431.75.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.75.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm python-perf-2.6.32-431.75.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.75.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEcadXlSAg2UNWIIRApaQAKC+3ji01JFJQRL3eiuf2KjdfWsHFACeOTzI zDGZGJupVIu4rviID2pAIyQ= =jXhF -----END PGP SIGNATURE----- --
  7. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:2119-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2119.html Issue date: 2016-10-27 CVE Names: CVE-2016-7855 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.643. Security Fix(es): * This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-7855) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1389033 - CVE-2016-7855 flash-plugin: user-after-free issues fixed in APSB16-36 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.643-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.643-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.643-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.643-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.643-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.643-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.643-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.643-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.643-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.643-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7855 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-36.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEYC8XlSAg2UNWIIRAujcAJ4rwkEsQoV/2/hgukzk4/GrZnOvLwCfanjg NxNfj9hHumBa5/VNbb0j74c= =95Yr -----END PGP SIGNATURE----- --
  8. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2657-1 Rating: important References: #1004419 Cross-References: CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1562=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1562=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_54-default-3-2.1 kgraft-patch-3_12_60-52_54-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_54-default-3-2.1 kgraft-patch-3_12_60-52_54-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004419 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  9. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2658-1 Rating: important References: #1004419 #986377 Cross-References: CVE-2016-4997 CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1561=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1561=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_49-default-3-2.1 kgraft-patch-3_12_60-52_49-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_49-default-3-2.1 kgraft-patch-3_12_60-52_49-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004419 https://bugzilla.suse.com/986377 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  10. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2659-1 Rating: important References: #1004419 #986377 Cross-References: CVE-2016-4997 CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1563=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1563=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_45-default-3-2.1 kgraft-patch-3_12_55-52_45-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_45-default-3-2.1 kgraft-patch-3_12_55-52_45-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004419 https://bugzilla.suse.com/986377 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  11. news
    Aimpad offered us a first look at the analog input technology it hopes will become commonplace in future mechanical keyboards. We've spent a lot of hands-on time with its analog secret sauce, and we're ready to say whether this technology is something every keyboard should have. Read more: http://techreport.com/review/30760/a-technology-overview-of-the-aimpad-r5-analog-keyboard --- The Tech Report - PC Hardware Explored http://techreport.com -- To unsubscribe from: TR-News, just follow this link: http://node1.techreport.com/cgi-bin/dada/mail.cgi/u/trnews/reviewnews// Click this link, or copy and paste the address into your browser.
  12. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-manila-ui security update Advisory ID: RHSA-2016:2117-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2117.html Issue date: 2016-10-26 CVE Names: CVE-2016-6519 ===================================================================== 1. Summary: An update for openstack-manila-ui is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 9.0 - noarch 3. Description: OpenStack's File Share Service (manila) provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix(es): * A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges. (CVE-2016-6519) Red Hat would like to thank SUSE for reporting this issue. SUSE acknowledges Niklaus Schiess as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1375147 - CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field 6. Package List: Red Hat OpenStack Platform 9.0: Source: openstack-manila-ui-2.1.0-2.el7ost.src.rpm noarch: openstack-manila-ui-2.1.0-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6519 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEP1HXlSAg2UNWIIRAifpAJ9HIe3OGxk1eDXVz82Ui16g2rbGRwCfYkTm iprhL47zImWgmoi3AXsMUb0= =4qz1 -----END PGP SIGNATURE----- --
  13. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-manila-ui security update Advisory ID: RHSA-2016:2116-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2116.html Issue date: 2016-10-26 CVE Names: CVE-2016-6519 ===================================================================== 1. Summary: An update for openstack-manila-ui is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - noarch 3. Description: OpenStack's File Share Service (manila) provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix(es): * A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges. (CVE-2016-6519) Red Hat would like to thank SUSE for reporting this issue. SUSE acknowledges Niklaus Schiess as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1375147 - CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: openstack-manila-ui-1.2.0-2.el7ost.src.rpm noarch: openstack-manila-ui-1.2.0-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6519 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEP0UXlSAg2UNWIIRAnWsAJ9V66l6+8TKX+1iMe2PH+uuIeV6TgCaAlC4 l0xWG+JmZ1jRSCM0N4MKr3w= =djVF -----END PGP SIGNATURE----- --
  14. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-manila-ui security update Advisory ID: RHSA-2016:2115-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2115.html Issue date: 2016-10-26 CVE Names: CVE-2016-6519 ===================================================================== 1. Summary: An update for openstack-manila-ui is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - noarch 3. Description: OpenStack's File Share Service (manila) provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix(es): * A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges. (CVE-2016-6519) Red Hat would like to thank SUSE for reporting this issue. SUSE acknowledges Niklaus Schiess as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1375147 - CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: openstack-manila-ui-1.0.1-3.el7ost.src.rpm noarch: openstack-manila-ui-1.0.1-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6519 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEPzpXlSAg2UNWIIRAmVYAJ9rj/ty/eMUK9pTTln8OCrjBMHdsgCeKmI5 c7nxiCTm2a5dja1SBakdI4M= =48PD -----END PGP SIGNATURE----- --
  15. news

    [Shotwell] Shotwell 0.24.1

    news posted a topic in Upcoming News

    A Shotwell maintenance release is available for download at https://download.gnome.org/sources/shotwell/0.24/ And for Ubuntu 16.x in the Shotwell PPA https://launchpad.net/~yg-jensge/+archive/ubuntu/shotwell Changes since 0.24.0: ===================== Shotwell 0.24.1 - 16 Oct 2016  * Add debug output when shifting day of event  * Add debug output of Shotwell's current timezone  * Fix Vala generic handling with recent Vala compiler  * Fix focus handling when in fullscreen (#771969)  * Remove obsolete CSS style  * Prevent a critical in Piwigo uploader  * Fix issue with accessability in recent Vala compiler  * Fix album creation with Piwigo uploader (#772648)  * Add option to enable SQL debugging without recompilation  * Translation updates Bugs fixed in this release:  - https://bugzilla.gnome.org/show_bug.cgi?id=771969  - https://bugzilla.gnome.org/show_bug.cgi?id=772648 All contributors to this release:  - Jens Georg  - Rico Tzschichholz  - Marek Černocký  - Rafael Fontenelle  - Mario Blättermann  - Christian Kirbach  - Bernd Homuth  - Anders Jonsson Added/updated translations  - cs, courtesy of Marek Černocký  - de, courtesy of Bernd Homuth  - de, courtesy of Christian Kirbach  - pt_BR, courtesy of Rafael Fontenelle  - sv, courtesy of Anders Jonsson _______________________________________________
  16. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2118-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2118.html Issue date: 2016-10-26 CVE Names: CVE-2016-5195 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: kernel-3.10.0-229.42.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.42.2.el7.noarch.rpm kernel-doc-3.10.0-229.42.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.42.2.el7.x86_64.rpm kernel-devel-3.10.0-229.42.2.el7.x86_64.rpm kernel-headers-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.42.2.el7.x86_64.rpm perf-3.10.0-229.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: kernel-debug-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm python-perf-3.10.0-229.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.42.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.42.2.el7.noarch.rpm kernel-doc-3.10.0-229.42.2.el7.noarch.rpm ppc64: kernel-3.10.0-229.42.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.42.2.el7.ppc64.rpm kernel-debug-3.10.0-229.42.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.42.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.42.2.el7.ppc64.rpm kernel-devel-3.10.0-229.42.2.el7.ppc64.rpm kernel-headers-3.10.0-229.42.2.el7.ppc64.rpm kernel-tools-3.10.0-229.42.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.42.2.el7.ppc64.rpm perf-3.10.0-229.42.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm s390x: kernel-3.10.0-229.42.2.el7.s390x.rpm kernel-debug-3.10.0-229.42.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.42.2.el7.s390x.rpm kernel-debug-devel-3.10.0-229.42.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.42.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.42.2.el7.s390x.rpm kernel-devel-3.10.0-229.42.2.el7.s390x.rpm kernel-headers-3.10.0-229.42.2.el7.s390x.rpm kernel-kdump-3.10.0-229.42.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.42.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.42.2.el7.s390x.rpm perf-3.10.0-229.42.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.42.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.s390x.rpm x86_64: kernel-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.42.2.el7.x86_64.rpm kernel-devel-3.10.0-229.42.2.el7.x86_64.rpm kernel-headers-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.42.2.el7.x86_64.rpm perf-3.10.0-229.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.42.2.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.42.2.ael7b.noarch.rpm kernel-doc-3.10.0-229.42.2.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.42.2.ael7b.ppc64le.rpm perf-3.10.0-229.42.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: kernel-debug-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.42.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.42.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm python-perf-3.10.0-229.42.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.42.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.42.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.42.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.42.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.42.2.el7.s390x.rpm python-perf-3.10.0-229.42.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm python-perf-3.10.0-229.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.42.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: kernel-debug-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.42.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm python-perf-3.10.0-229.42.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.42.2.ael7b.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEP8eXlSAg2UNWIIRAo3nAJkBIY478UiXZN8llmLyDhRMEfES8ACeLMDw IlHiVaIgenYimWedWzqU0Fk= =i9jP -----END PGP SIGNATURE----- --
  17. news

    [Shotwell] Shotwell 0.25.0

    news posted a topic in Upcoming News

    A new unstable release series started! Shotwell is available for download at https://download.gnome.org/sources/shotwell/0.25/ Or for Ubuntu 16.x at the UNSTABLE PPA: https://launchpad.net/~yg-jensge/+archive/ubuntu/shotwell-unstable Shotwell 0.25.0 - 24 Oct 2016  * Add contrast to improvements  * Add a log when shifting events  * Add a debug output of the current timezone  * Fix compilation with recent Vala compiler  * Fix focus handling of full-screen viewer  * Remove obsolete CSS style property  * Support ACDSEE tags  * Use unicode characters  * Remove deprecated calls  * Silence two C warnings that are usually caused by valac  * Refactor web authenticator  * Spelling fixes  * Piwigo: Add option to override SSL certificate handling  * Piwigo: Add option to show the SSL certificate  * Remove an old GTK+ work-around  * Remove deprecated GSettings calls  * Persist export dialog settings  * Remove deprecated elements from export dialog  * Port web plugins to new libsoup API  * Fix libraw binding  * Piwigo: Fix new album creation  * Blacklist vaapi decoder to prevent crashes in video meta data extraction  * Hide "Folder" side-bar when empty  * Enable SQL debugging through environment variable Added/Updated requirements:  GExiv2 >= 0.10.4  GCR-3  GLib >= 2.40  GTK+ >= 3.14 Bugs fixed in this release:  - https://bugzilla.gnome.org/show_bug.cgi?id=716259  - https://bugzilla.gnome.org/show_bug.cgi?id=716660  - https://bugzilla.gnome.org/show_bug.cgi?id=718586  - https://bugzilla.gnome.org/show_bug.cgi?id=719127  - https://bugzilla.gnome.org/show_bug.cgi?id=762416  - https://bugzilla.gnome.org/show_bug.cgi?id=765149  - https://bugzilla.gnome.org/show_bug.cgi?id=767126  - https://bugzilla.gnome.org/show_bug.cgi?id=767473  - https://bugzilla.gnome.org/show_bug.cgi?id=771969  - https://bugzilla.gnome.org/show_bug.cgi?id=772295  - https://bugzilla.gnome.org/show_bug.cgi?id=772339  - https://bugzilla.gnome.org/show_bug.cgi?id=772648 All contributors to this release:  - Jens Georg  - Piotr Drąg  - Marek Černocký  - Gábor Kelemen  - Rico Tzschichholz  - Rafael Fontenelle  - Mario Blättermann  - Jordi Mas  - Josh Freeman  - Daniel Mustieles  - Benedikt M. Thoma  - Balázs Meskó  - Anders Jonsson Added/updated translations  - ca, courtesy of Jordi Mas  - cs, courtesy of Marek Černocký  - de, courtesy of Christian Kirbach  - de, courtesy of Mario Blättermann  - es, courtesy of Daniel Mustieles  - hu, courtesy of Meskó Balázs  - pl, courtesy of Piotr Drąg  - pt_BR, courtesy of Rafael Fontenelle  - sv, courtesy of Anders Jonsson _______________________________________________
  18. news
    TITLE: ZOTAC GTX 1050 Mini Review ( -at -) Vortez CONTENT: Today we'll be looking to ZOTAC for a detailed review of the GTX 1050 MINI. As its name suggests, this graphics card bears a super-small footprint at just 145mm in length. Not only is this GTX 1050 ideal for small form factor systems but it also obtains power to operate from the PCI express slot - so no need for a PCI-E cable from the PSU. LINK: http://www.vortez.net/review.php?id=1223 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.
  19. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2655-1 Rating: important References: #1004419 #986377 Cross-References: CVE-2016-4997 CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1559=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1559=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_42-default-3-2.1 kgraft-patch-3_12_55-52_42-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_42-default-3-2.1 kgraft-patch-3_12_55-52_42-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004419 https://bugzilla.suse.com/986377 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  20. news
    openSUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2648-1 Rating: important References: #1001951 #1004237 Cross-References: CVE-2013-5653 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ghostscript fixes the following issues: - CVE-2016-8602: Fixes a NULL dereference in .sethalftone5 (boo#1004237). - CVE-2013-5653, CVE-2016-7978, CVE-2016-7979: Fix multiple -dsafer related CVE's (boo#1001951). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-1237=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): ghostscript-9.15-6.1 ghostscript-debuginfo-9.15-6.1 ghostscript-debugsource-9.15-6.1 ghostscript-devel-9.15-6.1 ghostscript-mini-9.15-6.1 ghostscript-mini-debuginfo-9.15-6.1 ghostscript-mini-debugsource-9.15-6.1 ghostscript-mini-devel-9.15-6.1 ghostscript-x11-9.15-6.1 ghostscript-x11-debuginfo-9.15-6.1 References: https://www.suse.com/security/cve/CVE-2013-5653.html https://www.suse.com/security/cve/CVE-2016-7978.html https://www.suse.com/security/cve/CVE-2016-7979.html https://www.suse.com/security/cve/CVE-2016-8602.html https://bugzilla.suse.com/1001951 https://bugzilla.suse.com/1004237 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  21. news
    openSUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2648-1 Rating: important References: #1001951 #1004237 Cross-References: CVE-2013-5653 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ghostscript fixes the following issues: - CVE-2016-8602: Fixes a NULL dereference in .sethalftone5 (boo#1004237). - CVE-2013-5653, CVE-2016-7978, CVE-2016-7979: Fix multiple -dsafer related CVE's (boo#1001951). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-1237=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): ghostscript-9.15-6.1 ghostscript-debuginfo-9.15-6.1 ghostscript-debugsource-9.15-6.1 ghostscript-devel-9.15-6.1 ghostscript-mini-9.15-6.1 ghostscript-mini-debuginfo-9.15-6.1 ghostscript-mini-debugsource-9.15-6.1 ghostscript-mini-devel-9.15-6.1 ghostscript-x11-9.15-6.1 ghostscript-x11-debuginfo-9.15-6.1 References: https://www.suse.com/security/cve/CVE-2013-5653.html https://www.suse.com/security/cve/CVE-2016-7978.html https://www.suse.com/security/cve/CVE-2016-7979.html https://www.suse.com/security/cve/CVE-2016-8602.html https://bugzilla.suse.com/1001951 https://bugzilla.suse.com/1004237 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  22. news
    openSUSE Security Update: kernel update for Evergreen 11.4 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2649-1 Rating: important References: #1004418 #758540 #816446 #861093 #917648 #928130 #935757 #939826 #942367 #944296 #945825 #946117 #946309 #948562 #949744 #949936 #951440 #952384 #953527 #954404 #955354 #955654 #956708 #956709 #958463 #958886 #958951 #959190 #959399 #961500 #961509 #961512 #963765 #963767 #964201 #966437 #966460 #966662 #966693 #967972 #967973 #967974 #967975 #968010 #968011 #968012 #968013 #968670 #969356 #970504 #970892 #970909 #970911 #970948 #970956 #970958 #970970 #971124 #971125 #971126 #971360 #972510 #973570 #975945 #977847 #978822 Cross-References: CVE-2013-7446 CVE-2015-0272 CVE-2015-1339 CVE-2015-3339 CVE-2015-5307 CVE-2015-6252 CVE-2015-6937 CVE-2015-7509 CVE-2015-7515 CVE-2015-7550 CVE-2015-7566 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 CVE-2015-8539 CVE-2015-8543 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2016-0723 CVE-2016-2069 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-4486 CVE-2016-5195 Affected Products: openSUSE Evergreen 11.4 ______________________________________________________________________________ An update that solves 49 vulnerabilities and has 17 fixes is now available. Description: This kernel update fixes the well known "Dirty COW" issue as well as a bunch of other security and non-security related issues. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Evergreen 11.4: zypper in -t patch 2016-1236=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Evergreen 11.4 (i586 x86_64): kernel-debug-3.0.101-105.1 kernel-debug-base-3.0.101-105.1 kernel-debug-base-debuginfo-3.0.101-105.1 kernel-debug-debuginfo-3.0.101-105.1 kernel-debug-debugsource-3.0.101-105.1 kernel-debug-devel-3.0.101-105.1 kernel-debug-devel-debuginfo-3.0.101-105.1 kernel-debug-hmac-3.0.101-105.1 kernel-default-3.0.101-105.1 kernel-default-base-3.0.101-105.1 kernel-default-base-debuginfo-3.0.101-105.1 kernel-default-debuginfo-3.0.101-105.1 kernel-default-debugsource-3.0.101-105.1 kernel-default-devel-3.0.101-105.1 kernel-default-devel-debuginfo-3.0.101-105.1 kernel-default-hmac-3.0.101-105.1 kernel-desktop-3.0.101-105.1 kernel-desktop-base-3.0.101-105.1 kernel-desktop-base-debuginfo-3.0.101-105.1 kernel-desktop-debuginfo-3.0.101-105.1 kernel-desktop-debugsource-3.0.101-105.1 kernel-desktop-devel-3.0.101-105.1 kernel-desktop-devel-debuginfo-3.0.101-105.1 kernel-desktop-hmac-3.0.101-105.1 kernel-ec2-3.0.101-105.1 kernel-ec2-base-3.0.101-105.1 kernel-ec2-base-debuginfo-3.0.101-105.1 kernel-ec2-debuginfo-3.0.101-105.1 kernel-ec2-debugsource-3.0.101-105.1 kernel-ec2-devel-3.0.101-105.1 kernel-ec2-devel-debuginfo-3.0.101-105.1 kernel-ec2-extra-3.0.101-105.1 kernel-ec2-extra-debuginfo-3.0.101-105.1 kernel-ec2-hmac-3.0.101-105.1 kernel-source-3.0.101-105.1 kernel-source-vanilla-3.0.101-105.1 kernel-syms-3.0.101-105.1 kernel-trace-3.0.101-105.1 kernel-trace-base-3.0.101-105.1 kernel-trace-base-debuginfo-3.0.101-105.1 kernel-trace-debuginfo-3.0.101-105.1 kernel-trace-debugsource-3.0.101-105.1 kernel-trace-devel-3.0.101-105.1 kernel-trace-devel-debuginfo-3.0.101-105.1 kernel-trace-hmac-3.0.101-105.1 kernel-vanilla-3.0.101-105.1 kernel-vanilla-base-3.0.101-105.1 kernel-vanilla-base-debuginfo-3.0.101-105.1 kernel-vanilla-debuginfo-3.0.101-105.1 kernel-vanilla-debugsource-3.0.101-105.1 kernel-vanilla-devel-3.0.101-105.1 kernel-vanilla-devel-debuginfo-3.0.101-105.1 kernel-vanilla-hmac-3.0.101-105.1 kernel-xen-3.0.101-105.1 kernel-xen-base-3.0.101-105.1 kernel-xen-base-debuginfo-3.0.101-105.1 kernel-xen-debuginfo-3.0.101-105.1 kernel-xen-debugsource-3.0.101-105.1 kernel-xen-devel-3.0.101-105.1 kernel-xen-devel-debuginfo-3.0.101-105.1 kernel-xen-hmac-3.0.101-105.1 preload-1.2-6.83.1 preload-debuginfo-1.2-6.83.1 preload-debugsource-1.2-6.83.1 preload-kmp-default-1.2_3.0.101_105-6.83.1 preload-kmp-default-debuginfo-1.2_3.0.101_105-6.83.1 preload-kmp-desktop-1.2_3.0.101_105-6.83.1 preload-kmp-desktop-debuginfo-1.2_3.0.101_105-6.83.1 - openSUSE Evergreen 11.4 (noarch): kernel-docs-3.0.101-105.2 - openSUSE Evergreen 11.4 (i586): kernel-pae-3.0.101-105.1 kernel-pae-base-3.0.101-105.1 kernel-pae-base-debuginfo-3.0.101-105.1 kernel-pae-debuginfo-3.0.101-105.1 kernel-pae-debugsource-3.0.101-105.1 kernel-pae-devel-3.0.101-105.1 kernel-pae-devel-debuginfo-3.0.101-105.1 kernel-pae-hmac-3.0.101-105.1 kernel-vmi-3.0.101-105.1 kernel-vmi-base-3.0.101-105.1 kernel-vmi-base-debuginfo-3.0.101-105.1 kernel-vmi-debuginfo-3.0.101-105.1 kernel-vmi-debugsource-3.0.101-105.1 kernel-vmi-devel-3.0.101-105.1 kernel-vmi-devel-debuginfo-3.0.101-105.1 kernel-vmi-hmac-3.0.101-105.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-1339.html https://www.suse.com/security/cve/CVE-2015-3339.html https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-6252.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7509.html https://www.suse.com/security/cve/CVE-2015-7515.html https://www.suse.com/security/cve/CVE-2015-7550.html https://www.suse.com/security/cve/CVE-2015-7566.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8215.html https://www.suse.com/security/cve/CVE-2015-8539.html https://www.suse.com/security/cve/CVE-2015-8543.html https://www.suse.com/security/cve/CVE-2015-8569.html https://www.suse.com/security/cve/CVE-2015-8575.html https://www.suse.com/security/cve/CVE-2015-8767.html https://www.suse.com/security/cve/CVE-2015-8785.html https://www.suse.com/security/cve/CVE-2015-8812.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0723.html https://www.suse.com/security/cve/CVE-2016-2069.html https://www.suse.com/security/cve/CVE-2016-2143.html https://www.suse.com/security/cve/CVE-2016-2184.html https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2384.html https://www.suse.com/security/cve/CVE-2016-2543.html https://www.suse.com/security/cve/CVE-2016-2544.html https://www.suse.com/security/cve/CVE-2016-2545.html https://www.suse.com/security/cve/CVE-2016-2546.html https://www.suse.com/security/cve/CVE-2016-2547.html https://www.suse.com/security/cve/CVE-2016-2548.html https://www.suse.com/security/cve/CVE-2016-2549.html https://www.suse.com/security/cve/CVE-2016-2782.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3139.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004418 https://bugzilla.suse.com/758540 https://bugzilla.suse.com/816446 https://bugzilla.suse.com/861093 https://bugzilla.suse.com/917648 https://bugzilla.suse.com/928130 https://bugzilla.suse.com/935757 https://bugzilla.suse.com/939826 https://bugzilla.suse.com/942367 https://bugzilla.suse.com/944296 https://bugzilla.suse.com/945825 https://bugzilla.suse.com/946117 https://bugzilla.suse.com/946309 https://bugzilla.suse.com/948562 https://bugzilla.suse.com/949744 https://bugzilla.suse.com/949936 https://bugzilla.suse.com/951440 https://bugzilla.suse.com/952384 https://bugzilla.suse.com/953527 https://bugzilla.suse.com/954404 https://bugzilla.suse.com/955354 https://bugzilla.suse.com/955654 https://bugzilla.suse.com/956708 https://bugzilla.suse.com/956709 https://bugzilla.suse.com/958463 https://bugzilla.suse.com/958886 https://bugzilla.suse.com/958951 https://bugzilla.suse.com/959190 https://bugzilla.suse.com/959399 https://bugzilla.suse.com/961500 https://bugzilla.suse.com/961509 https://bugzilla.suse.com/961512 https://bugzilla.suse.com/963765 https://bugzilla.suse.com/963767 https://bugzilla.suse.com/964201 https://bugzilla.suse.com/966437 https://bugzilla.suse.com/966460 https://bugzilla.suse.com/966662 https://bugzilla.suse.com/966693 https://bugzilla.suse.com/967972 https://bugzilla.suse.com/967973 https://bugzilla.suse.com/967974 https://bugzilla.suse.com/967975 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/968011 https://bugzilla.suse.com/968012 https://bugzilla.suse.com/968013 https://bugzilla.suse.com/968670 https://bugzilla.suse.com/969356 https://bugzilla.suse.com/970504 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970909 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971125 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/972510 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/975945 https://bugzilla.suse.com/977847 https://bugzilla.suse.com/978822 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  23. news
    openSUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2642-1 Rating: important References: #1000048 #967012 #967013 #982017 #982018 #982019 #982222 #982223 #982285 #982959 #983961 #983982 #991080 #991466 #994760 #994771 #994774 #996441 #997858 #997859 Cross-References: CVE-2016-2391 CVE-2016-2392 CVE-2016-4453 CVE-2016-4454 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has one errata is now available. Description: qemu was updated to fix 19 security issues. These security issues were fixed: - CVE-2016-2392: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet (bsc#967012) - CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers (bsc#967013) - CVE-2016-5106: The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982018) - CVE-2016-5105: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, used an uninitialized variable, which allowed local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982017) - CVE-2016-5107: The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors (bsc#982019) - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982285) - CVE-2016-4454: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read (bsc#982222) - CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982223) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer (bsc#983982) - CVE-2016-5337: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983961) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982959) - CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion (bsc#991080) - CVE-2016-6490: Infinite loop in the virtio framework. A privileged user inside the guest could have used this flaw to crash the Qemu instance on the host resulting in DoS (bsc#991466) - CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS (bsc#994771) - CVE-2016-6833: Use-after-free issue in the VMWARE VMXNET3 NIC device support. A privileged user inside guest could have used this issue to crash the Qemu instance resulting in DoS (bsc#994774) - CVE-2016-7116: Host directory sharing via Plan 9 File System(9pfs) was vulnerable to a directory/path traversal issue. A privileged user inside guest could have used this flaw to access undue files on the host (bsc#996441) - CVE-2016-6836: VMWARE VMXNET3 NIC device support was leaging information leakage. A privileged user inside guest could have used this to leak host memory bytes to a guest (bsc#994760) - CVE-2016-7155: In the VMWARE PVSCSI paravirtual SCSI bus a OOB access and/or infinite loop issue could have allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#997858) - CVE-2016-7156: In the VMWARE PVSCSI paravirtual SCSI bus a infinite loop issue could have allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#997859) This non-security issue was fixed: - bsc#1000048: Fix migration failure where target host is a soon to be released SLES 12 SP2. Qemu's spice code gets an assertion. This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1234=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): qemu-2.3.1-19.3 qemu-arm-2.3.1-19.3 qemu-arm-debuginfo-2.3.1-19.3 qemu-block-curl-2.3.1-19.3 qemu-block-curl-debuginfo-2.3.1-19.3 qemu-debugsource-2.3.1-19.3 qemu-extra-2.3.1-19.3 qemu-extra-debuginfo-2.3.1-19.3 qemu-guest-agent-2.3.1-19.3 qemu-guest-agent-debuginfo-2.3.1-19.3 qemu-kvm-2.3.1-19.3 qemu-lang-2.3.1-19.3 qemu-linux-user-2.3.1-19.1 qemu-linux-user-debuginfo-2.3.1-19.1 qemu-linux-user-debugsource-2.3.1-19.1 qemu-ppc-2.3.1-19.3 qemu-ppc-debuginfo-2.3.1-19.3 qemu-s390-2.3.1-19.3 qemu-s390-debuginfo-2.3.1-19.3 qemu-tools-2.3.1-19.3 qemu-tools-debuginfo-2.3.1-19.3 qemu-x86-2.3.1-19.3 qemu-x86-debuginfo-2.3.1-19.3 - openSUSE Leap 42.1 (noarch): qemu-ipxe-1.0.0-19.3 qemu-seabios-1.8.1-19.3 qemu-sgabios-8-19.3 qemu-vgabios-1.8.1-19.3 - openSUSE Leap 42.1 (x86_64): qemu-block-rbd-2.3.1-19.3 qemu-block-rbd-debuginfo-2.3.1-19.3 qemu-testsuite-2.3.1-19.6 References: https://www.suse.com/security/cve/CVE-2016-2391.html https://www.suse.com/security/cve/CVE-2016-2392.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-5105.html https://www.suse.com/security/cve/CVE-2016-5106.html https://www.suse.com/security/cve/CVE-2016-5107.html https://www.suse.com/security/cve/CVE-2016-5126.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5337.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6490.html https://www.suse.com/security/cve/CVE-2016-6833.html https://www.suse.com/security/cve/CVE-2016-6836.html https://www.suse.com/security/cve/CVE-2016-6888.html https://www.suse.com/security/cve/CVE-2016-7116.html https://www.suse.com/security/cve/CVE-2016-7155.html https://www.suse.com/security/cve/CVE-2016-7156.html https://bugzilla.suse.com/1000048 https://bugzilla.suse.com/967012 https://bugzilla.suse.com/967013 https://bugzilla.suse.com/982017 https://bugzilla.suse.com/982018 https://bugzilla.suse.com/982019 https://bugzilla.suse.com/982222 https://bugzilla.suse.com/982223 https://bugzilla.suse.com/982285 https://bugzilla.suse.com/982959 https://bugzilla.suse.com/983961 https://bugzilla.suse.com/983982 https://bugzilla.suse.com/991080 https://bugzilla.suse.com/991466 https://bugzilla.suse.com/994760 https://bugzilla.suse.com/994771 https://bugzilla.suse.com/994774 https://bugzilla.suse.com/996441 https://bugzilla.suse.com/997858 https://bugzilla.suse.com/997859 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  24. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security update Advisory ID: RHSA-2016:2107-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2107.html Issue date: 2016-10-26 CVE Names: CVE-2016-5195 CVE-2016-7039 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path; As an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375944 - CVE-2016-7039 kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash 1384344 - CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-327.rt56.198.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-327.rt56.198.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-327.rt56.198.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-327.rt56.198.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-327.rt56.198.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5195 https://access.redhat.com/security/cve/CVE-2016-7039 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYEJhHXlSAg2UNWIIRAhVFAKCOr9hFKmULw40HLTysdp3q1tG6FgCfQre/ yP8nUMzPBpidyfLW+n4BhSQ= =dxF5 -----END PGP SIGNATURE----- --
  25. news
    openSUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2646-1 Rating: important References: #1005258 Cross-References: CVE-2016-1245 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for quagga fixes the following issue: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code. (bsc#1005258). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1233=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): quagga-0.99.24.1-14.1 quagga-debuginfo-0.99.24.1-14.1 quagga-debugsource-0.99.24.1-14.1 quagga-devel-0.99.24.1-14.1 References: https://www.suse.com/security/cve/CVE-2016-1245.html https://bugzilla.suse.com/1005258 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
×