Jump to content
Compatible Support Forums

news

Members
 View Profile  See their activity

  • Content count

    80899

  • Joined

  • Last visited

    Never

  • Days Won

    18

Everything posted by news

  1. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-ror41-rubygem-actionview security update Advisory ID: RHSA-2016:1856-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1856.html Issue date: 2016-09-13 CVE Names: CVE-2016-6316 ===================================================================== 1. Summary: An update for rh-ror41-rubygem-actionview is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action View implements the view component. Security Fix(es): * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316) Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications using rh-ror41-rubygem-actionviewmust be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1365008 - CVE-2016-6316 rubygem-actionview: cross-site scripting flaw in Action View 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ror41-rubygem-actionview-4.1.5-6.el6.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-ror41-rubygem-actionview-4.1.5-6.el6.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-ror41-rubygem-actionview-4.1.5-6.el6.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ror41-rubygem-actionview-4.1.5-6.el6.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ror41-rubygem-actionview-4.1.5-6.el7.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-ror41-rubygem-actionview-4.1.5-6.el7.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-ror41-rubygem-actionview-4.1.5-6.el7.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ror41-rubygem-actionview-4.1.5-6.el7.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6316 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX198pXlSAg2UNWIIRAtaRAJ40rTGE5OQvJcSTDcLGzfGfgD1J8wCfcDTw qa6PQ0emQrhPkLNKUjpFGpA= =K/Ov -----END PGP SIGNATURE----- --
  2. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-ror41-rubygem-actionview security update Advisory ID: RHSA-2016:1856-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1856.html Issue date: 2016-09-13 CVE Names: CVE-2016-6316 ===================================================================== 1. Summary: An update for rh-ror41-rubygem-actionview is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action View implements the view component. Security Fix(es): * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316) Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications using rh-ror41-rubygem-actionviewmust be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1365008 - CVE-2016-6316 rubygem-actionview: cross-site scripting flaw in Action View 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-ror41-rubygem-actionview-4.1.5-6.el6.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-ror41-rubygem-actionview-4.1.5-6.el6.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-ror41-rubygem-actionview-4.1.5-6.el6.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-ror41-rubygem-actionview-4.1.5-6.el6.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el6.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ror41-rubygem-actionview-4.1.5-6.el7.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-ror41-rubygem-actionview-4.1.5-6.el7.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-ror41-rubygem-actionview-4.1.5-6.el7.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ror41-rubygem-actionview-4.1.5-6.el7.src.rpm noarch: rh-ror41-rubygem-actionview-4.1.5-6.el7.noarch.rpm rh-ror41-rubygem-actionview-doc-4.1.5-6.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6316 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX198pXlSAg2UNWIIRAtaRAJ40rTGE5OQvJcSTDcLGzfGfgD1J8wCfcDTw qa6PQ0emQrhPkLNKUjpFGpA= =K/Ov -----END PGP SIGNATURE----- --
  3. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-ror42 security update Advisory ID: RHSA-2016:1855-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1855.html Issue date: 2016-09-13 CVE Names: CVE-2016-6316 CVE-2016-6317 ===================================================================== 1. Summary: An update for rh-ror42-rubygem-actionview, rh-ror42-rubygem-activerecord, and rh-ror42-rubygem-actionpack is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action View implements the view component, and Active Record implements the model component. Security Fix(es) in rubygem-actionview: * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316) Security Fix(es) in rubygem-activerecord: * A flaw was found in the way Active Record handled certain special values in dynamic finders and relations. If a Ruby on Rails application performed JSON parameter parsing, a remote attacker could possibly manipulate search conditions in SQL queries generated by the application. (CVE-2016-6317) Red Hat would like to thank the Ruby on Rails project for reporting these issues. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter of CVE-2016-6316; and joernchen (Phenoelit) as the original reporter of CVE-2016-6317. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1365008 - CVE-2016-6316 rubygem-actionview: cross-site scripting flaw in Action View 1365017 - CVE-2016-6317 rubygem-activerecord: unsafe query generation in Active Record 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-ror42-rubygem-actionpack-4.2.6-3.el7.src.rpm rh-ror42-rubygem-actionview-4.2.6-3.el7.src.rpm rh-ror42-rubygem-activerecord-4.2.6-3.el7.src.rpm noarch: rh-ror42-rubygem-actionpack-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionpack-doc-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionview-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionview-doc-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-activerecord-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-activerecord-doc-4.2.6-3.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-ror42-rubygem-actionpack-4.2.6-3.el7.src.rpm rh-ror42-rubygem-actionview-4.2.6-3.el7.src.rpm rh-ror42-rubygem-activerecord-4.2.6-3.el7.src.rpm noarch: rh-ror42-rubygem-actionpack-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionpack-doc-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionview-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionview-doc-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-activerecord-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-activerecord-doc-4.2.6-3.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-ror42-rubygem-actionpack-4.2.6-3.el7.src.rpm rh-ror42-rubygem-actionview-4.2.6-3.el7.src.rpm rh-ror42-rubygem-activerecord-4.2.6-3.el7.src.rpm noarch: rh-ror42-rubygem-actionpack-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionpack-doc-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionview-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionview-doc-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-activerecord-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-activerecord-doc-4.2.6-3.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-ror42-rubygem-actionpack-4.2.6-3.el7.src.rpm rh-ror42-rubygem-actionview-4.2.6-3.el7.src.rpm rh-ror42-rubygem-activerecord-4.2.6-3.el7.src.rpm noarch: rh-ror42-rubygem-actionpack-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionpack-doc-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionview-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-actionview-doc-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-activerecord-4.2.6-3.el7.noarch.rpm rh-ror42-rubygem-activerecord-doc-4.2.6-3.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6316 https://access.redhat.com/security/cve/CVE-2016-6317 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX1977XlSAg2UNWIIRAgmUAJ9CAZsdFov2snrXXLOrRTt0sUrfxgCgpwgG F0o+B5gJPw4TXZWYKzOkv5I= =n1+g -----END PGP SIGNATURE----- --
  4. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby193-rubygem-actionpack security update Advisory ID: RHSA-2016:1858-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1858.html Issue date: 2016-09-13 CVE Names: CVE-2016-6316 ===================================================================== 1. Summary: An update for ruby193-rubygem-actionpack is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316) Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications using ruby193-rubygem-actionpack must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1365008 - CVE-2016-6316 rubygem-actionview: cross-site scripting flaw in Action View 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: ruby193-rubygem-actionpack-3.2.8-20.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-20.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-20.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: ruby193-rubygem-actionpack-3.2.8-20.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-20.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-20.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: ruby193-rubygem-actionpack-3.2.8-20.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-20.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-20.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: ruby193-rubygem-actionpack-3.2.8-20.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-20.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-20.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: ruby193-rubygem-actionpack-3.2.8-20.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-20.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-20.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: ruby193-rubygem-actionpack-3.2.8-20.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-20.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-20.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: ruby193-rubygem-actionpack-3.2.8-20.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-20.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-20.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: ruby193-rubygem-actionpack-3.2.8-20.el7.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-20.el7.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-20.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6316 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX199vXlSAg2UNWIIRAoA8AJ9clPt0H/tu/Np3oZf5cBdoNP0ZGgCdEn0e 3hn6PJDDzZXjBNEmVp2xq/E= =sh6Z -----END PGP SIGNATURE----- --
  5. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ror40-rubygem-actionpack security update Advisory ID: RHSA-2016:1857-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1857.html Issue date: 2016-09-13 CVE Names: CVE-2016-6316 ===================================================================== 1. Summary: An update for ror40-rubygem-actionpack is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316) Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications using ror40-rubygem-actionpack must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1365008 - CVE-2016-6316 rubygem-actionview: cross-site scripting flaw in Action View 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: ror40-rubygem-actionpack-4.0.2-8.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-8.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-8.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: ror40-rubygem-actionpack-4.0.2-8.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-8.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-8.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: ror40-rubygem-actionpack-4.0.2-8.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-8.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-8.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: ror40-rubygem-actionpack-4.0.2-8.el6.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-8.el6.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-8.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: ror40-rubygem-actionpack-4.0.2-8.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-8.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-8.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: ror40-rubygem-actionpack-4.0.2-8.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-8.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-8.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: ror40-rubygem-actionpack-4.0.2-8.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-8.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-8.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: ror40-rubygem-actionpack-4.0.2-8.el7.src.rpm noarch: ror40-rubygem-actionpack-4.0.2-8.el7.noarch.rpm ror40-rubygem-actionpack-doc-4.0.2-8.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6316 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX199NXlSAg2UNWIIRAjWGAJ95vFDU/L3V3Fc6JPrrMCzhb8TenQCbBgwU 4Hl+Ut1R+baT+RM3HCRoPGE= =SA6M -----END PGP SIGNATURE----- --
  6. news
    openSUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2296-1 Rating: important References: #969732 #995932 #996032 #99606 #996648 #998328 Cross-References: CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: Chromium was updated to 53.0.2785.101 to fix a number of security issues and bugs. The following vulnerabilities were fixed: (boo#996648) - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free in Blink. - CVE-2016-5151: Use after free in PDFium. - CVE-2016-5152: Heap overflow in PDFium. - CVE-2016-5153: Use after destruction in Blink. - CVE-2016-5154: Heap overflow in PDFium. - CVE-2016-5155: Address bar spoofing. - CVE-2016-5156: Use after free in event bindings. - CVE-2016-5157: Heap overflow in PDFium. - CVE-2016-5158: Heap overflow in PDFium. - CVE-2016-5159: Heap overflow in PDFium. - CVE-2016-5161: Type confusion in Blink. - CVE-2016-5162: Extensions web accessible resources bypass. - CVE-2016-5163: Address bar spoofing. - CVE-2016-5164: Universal XSS using DevTools. - CVE-2016-5165: Script injection in DevTools. - CVE-2016-5166: SMB Relay Attack via Save Page As. - CVE-2016-5160: Extensions web accessible resources bypass. The following upstream fixes are included: - SPDY crasher fixes - Disable NV12 DXGI video on AMD - Forward --password-store switch to os_crypt - Tell the kernel to discard USB requests when they time out. - disallow WKBackForwardListItem navigations for pushState pages - arc: bluetooth: Fix advertised uuid - fix conflicting PendingIntent for stop button and swipe away A number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932) The following tracked regression fix is included: - Re-enable widevine plugin (boo#998328) rpmlint and rpmlint-mini were updated to work around a memory exhaustion problem with this package on 32 bit (boo#969732). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-1080=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): chromedriver-53.0.2785.101-120.1 chromedriver-debuginfo-53.0.2785.101-120.1 chromium-53.0.2785.101-120.1 chromium-debuginfo-53.0.2785.101-120.1 chromium-desktop-gnome-53.0.2785.101-120.1 chromium-desktop-kde-53.0.2785.101-120.1 chromium-ffmpegsumo-53.0.2785.101-120.1 chromium-ffmpegsumo-debuginfo-53.0.2785.101-120.1 rpmlint-mini-1.5-8.7.2 rpmlint-mini-debuginfo-1.5-8.7.2 rpmlint-mini-debugsource-1.5-8.7.2 - openSUSE 13.2 (noarch): rpmlint-1.5-39.4.1 References: https://www.suse.com/security/cve/CVE-2016-5147.html https://www.suse.com/security/cve/CVE-2016-5148.html https://www.suse.com/security/cve/CVE-2016-5149.html https://www.suse.com/security/cve/CVE-2016-5150.html https://www.suse.com/security/cve/CVE-2016-5151.html https://www.suse.com/security/cve/CVE-2016-5152.html https://www.suse.com/security/cve/CVE-2016-5153.html https://www.suse.com/security/cve/CVE-2016-5154.html https://www.suse.com/security/cve/CVE-2016-5155.html https://www.suse.com/security/cve/CVE-2016-5156.html https://www.suse.com/security/cve/CVE-2016-5157.html https://www.suse.com/security/cve/CVE-2016-5158.html https://www.suse.com/security/cve/CVE-2016-5159.html https://www.suse.com/security/cve/CVE-2016-5160.html https://www.suse.com/security/cve/CVE-2016-5161.html https://www.suse.com/security/cve/CVE-2016-5162.html https://www.suse.com/security/cve/CVE-2016-5163.html https://www.suse.com/security/cve/CVE-2016-5164.html https://www.suse.com/security/cve/CVE-2016-5165.html https://www.suse.com/security/cve/CVE-2016-5166.html https://bugzilla.suse.com/969732 https://bugzilla.suse.com/995932 https://bugzilla.suse.com/996032 https://bugzilla.suse.com/99606 https://bugzilla.suse.com/996648 https://bugzilla.suse.com/998328 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  7. news
    Welcome to the Ubuntu Weekly Newsletter, Issue 481 for the week September 5 - 11, 2016. == Links to UWN == * Wiki page: https://wiki.ubuntu.com/UbuntuWeeklyNewsletter/Issue481 == In This Issue == * Schedule of UbuCon Europe released - Registration is open * Ubuntu Stats * LoCo Events * Valorie Zimmerman: Kubuntu Alive and Thriving at KDE Akademy * Ubuntu App Developer Blog: Releasing the 4.1.0 Ubuntu SDK IDE * Launchpad News: Linking Git merge proposals to bugs * Robert Ancell: Introducing snapd-glib * Ted Gould: Click Hooks * Ubuntu GNOME: Ubuntu GNOME 16.10 wallpaper contest winners * Ubuntu Cloud News * Canonical News * In The Blogosphere * Featured Audio and Video * Weekly Ubuntu Development Team Meetings * Upcoming Meetings and Events * Updates and Security for 12.04, 14.04 and 16.04 * And much more! == General Community News == === Schedule of UbuCon Europe released - Registration is open === Sujeevan (svij) Vijayakumaran announces the schedule for UbuCon Europe coming up in November and opening of registration. He writes "Saturday and Sunday (the 19th and 20th November) are the days where all the talks and workshops are taking place. Our very special guest is Jane Silber, who is the CEO of Canonical. She will do the opening keynote on the first day. Furthermore we're happy to have talks from Canonical employees, from other other companies like Nextcloud and Microsoft and most importantly from the wider Ubuntu-Community." He concludes by putting a call out to the community for a venue in 2017. https://lists.ubuntu.com/archives/loco-contacts/2016-September/007160.html == Ubuntu Stats == === Bug Stats === * Open (125449) +210 over last week * Critical (394) +13 over last week * Unconfirmed (61932) +132 over last week As always, the Bug Squad needs more help. If you want to get started, please see https://wiki.ubuntu.com/BugSquad === Ask Ubuntu Top 5 Questions this week === ==== Most Active Questions ==== * Difference between '.' , '?' and '*' in regular expressions? http://askubuntu.com/questions/822779/difference-between-and-in-regular-expressions * How to install GimpShop on Ubuntu 16.04 http://askubuntu.com/questions/821983/how-to-install-gimpshop-on-ubuntu-16-04 * Battery Charged at 97% http://askubuntu.com/questions/821717/battery-charged-at-97 * Toggle format of gnome terminal prompt string by command? http://askubuntu.com/questions/822295/toggle-format-of-gnome-terminal-prompt-string-by-command * Adding 1 to a variable doesn't work as expected (Bash arithmetic) http://askubuntu.com/questions/823639/adding-1-to-a-variable-doesnt-work-as-expected-bash-arithmetic ==== Top Voted New Questions ==== * Battery Charged at 97% http://askubuntu.com/questions/821717/ * How to install GimpShop on Ubuntu 16.04 http://askubuntu.com/questions/821983/ * Difference between '.' , '?' and '*' in regular expressions? http://askubuntu.com/questions/822779/ * Adding 1 to a variable doesn't work as expected (Bash arithmetic) http://askubuntu.com/questions/823639/ * rm all but every 12th file http://askubuntu.com/questions/824004/ People Contributing the best questions and answers this week: Anwar (http://askubuntu.com/users/61218/anwar), heemayl (http://askubuntu.com/users/216503/heemayl), mook765 (http://askubuntu.com/users/590937/mook765), Zanna (http://askubuntu.com/users/527764/zanna) and Edity (http://askubuntu.com/users/527600/edity) Ask (and answer!) questions at http://askubuntu.com == LoCo Events == The following LoCo team events are currently scheduled in the next two weeks: * Dia Mundial de la Libertad del Software, Ubuntu Venezuela Team: http://loco.ubuntu.com/events/ubuntu-ve/3411-dia-mundial-de-la-libertad-del-software/ * AZLOCO Install-fest/Linux Workshop, Arizona LoCo Team: http://loco.ubuntu.com/events/ubuntu-arizona/3415-azloco-install-fest/linux-workshop/ * San Diego Ubuntu Social Meetup, Ubuntu California: http://loco.ubuntu.com/events/ubuntu-california/3433-san-diego-ubuntu-social-meetup/ * Encontro Ubuntu-pt ( -at -) Sintra, Ubuntu Portugal: http://loco.ubuntu.com/events/ubuntu-pt/3421-encontro-ubuntu-pt- ( -at -) -sintra/ * Sierra Vista Ubuntu Hour, Arizona LoCo Team: http://loco.ubuntu.com/events/ubuntu-arizona/3416-sierra-vista-ubuntu-hour/ * Tempe Ubuntu Hour, Arizona LoCo Team: http://loco.ubuntu.com/events/ubuntu-arizona/3417-tempe-ubuntu-hour/ Looking beyond the next two weeks? Visit the LoCo Team Portal to browse upcoming events around the world: http://loco.ubuntu.com/events/ == The Planet == === Valorie Zimmerman: Kubuntu Alive and Thriving at KDE Akademy === Valorie Zimmerman writes about attending KDE Akademy in Berlin. Meeting teams face-to-face is great, also having many teams at the one place is better. At KDE Akademy, Kubuntu e.V. also have their annual AGM. This year also had Qtcon hosted by KDAB, Qt, VideoLAN and the FSFE. Reflecting on Kubuntu, she shares that there are more candidates than positions for the Kubuntu Council, which she sees as a healthy indicator. http://linuxgrandma.blogspot.com/2016/09/kubuntu-alive-and-thriving-at-kde.html === Ubuntu App Developer Blog: Releasing the 4.1.0 Ubuntu SDK IDE === Benjamin Zeller and Zoltan Balogh announce the upgrade to the Ubuntu Software Development Kit (SDK) Integrated Development Environment (IDE) to most recent 4.1.0 QtCreator. A link to new features and fixes is provided. They share that LXD containers are used to run apps so the SDK IDE host doesn't need runtime dependencies. Commands to grab this IDE are provided. http://developer.ubuntu.com/en/blog/2016/09/07/releasing-410-ubuntu-sdk-ide/ === Launchpad News: Linking Git merge proposals to bugs === Colin Watson tells us of a new feature for Launchpad's Git repository: Git-based merge proposals can be linked to Launchpad bugs. Colin reveals the required commit text to make linking with bugs work, which is the same as for debian/changelog files. Colin notes that bugs don't automatically close, and there are differences to how Bazaar links. http://blog.launchpad.net/code/linking-git-merge-proposals-to-bugs === Robert Ancell: Introducing snapd-glib === Robert Ancell blogs about snapd-glib; a new library for glib projects to query, install and remove Snaps. It can accessed via C, python or Vala, and a Qt/QML wrapper is coming. Snapd uses the REST API, which snapd-glib closely matches. Robert provides sample code that will show you how to have your apps integrate Snap support. http://bobthegnome.blogspot.com/2016/08/introducing-snapd-glib.html === Ted Gould: Click Hooks === Ted Gould gives us the reasons as to why he likes Click hooks. Ted outlines the history for his post, what hooks are, including filesystem hooks. Ted tells us Click hooks work, including how they can help find bugs. Whilst the design may feel wrong at first, it'll fall into place after you create some hooks. http://gould.cx/ted/blog/Click_Hooks === Ubuntu GNOME: Ubuntu GNOME 16.10 wallpaper contest winners === Alfredo Hernandez shares the winners of the 16.10 wallpaper contest, with links to all the wallpapers. He also writes: "The team would like to thank all the gorgeous photographs and digital art that have been submitted to the contest" and shares some alterations to the rules for the next contest. http://ubuntugnome.org/1610-wallpaper-winners/ == Ubuntu Cloud News == * Cloud Chatter: September 2016 - http://insights.ubuntu.com/2016/09/07/cloud-chatter-september-2016/ == Canonical News == * Highlights from Intel's Developer Conference 2016! - http://insights.ubuntu.com/2016/09/07/highlights-from-intels-developer-conference-2016/ * 10 Desktop snaps written in August - http://insights.ubuntu.com/2016/09/07/10-desktop-snaps-written-in-august/ * Welcoming the Parrot S.L.A.M.dunk! The new drone development kit - http://insights.ubuntu.com/2016/09/07/welcoming-the-parrot-s-l-a-m-dunk-the-new-drone-development-kit/ * MAAS 2.0: High Availability API-driven bare metal provisioning - http://insights.ubuntu.com/2016/09/08/maas-2-0-released/ == In The Blogosphere == === Ubuntu 16.04 kisses the cloud, disses the desktop === Tom Henderson of Network World evaluates the latest Ubuntu release, 16.04. He is critical of the lack of changes on the desktop, but does talk about the new Snap package format. Most of his article dives into increased support on what is more traditionally thought of as the server and cloud side of Ubuntu, including ZFS, Ceph, LXC and OpenStack. http://www.itworld.com/article/3115059/software/ubuntu-16-04-kisses-the-cloud-disses-the-desktop.html === Intel Graphics Update Tool Adds Support for Ubuntu 16.04 === Joey Elijah Sneddon of OMG! Ubuntu! shares that the new version of Intel's Linux graphics driver update tool is now available for download, writing that this version "offers users the chance to upgrade to the 2016Q2 Intel Graphics Stack." He shares a download link and concludes by encouraging anyone trying it to "pay close attention to the list of known issues, caveats and install info on the downloads page, and heed the advice on not force-installing packages." http://www.omgubuntu.co.uk/2016/09/intel-graphics-update-ubuntu-16-04 === This drone kit doubles as a Ubuntu Linux PC === Agam Shah writes for PC World in this article about Parrot's S.L.A.M.dunk, "a development kit that runs on Ubuntu and the Robot Operating System and can be used to make auxiliary devices for drones." He provides some of the specs of the hardware included and notes that pricing has yet to be announced, and shipping of these kits should happen in the fourth quarter of this year. http://www.pcworld.com/article/3117562/hardware/this-drone-development-kit-can-also-be-an-ubuntu-pc.html === Tesla Autopilot 2.0 Capabilities Demoed With Ubuntu === In spite of his own lack of interest in cars, Joey Elijah Sneddon of OMG! Ubuntu! shares a video from a Tesla test drive. He writes, "The German electronics company Bosch supplies Tesla's radar equipment, and has its own autonomous vehicle program based on the Tesla Model S so that it can test its systems." and goes on before the video link to say "Ubuntu fans may be more interested in the OS that's used to help test it..." http://www.omgubuntu.co.uk/2016/09/tesla-autopilot-2-bosch-ubuntu-linux === Ubuntu Phone Now Has a Nifty, Native Photo Editing App === Scott Bouvier of OMG! Ubuntu! reveals Ubuntu phone's new native photo editing app. He writes that the app offers a number of filters and presets that are all individually adjustable in addition to a variety of cropping options. http://www.omgubuntu.co.uk/2016/09/instant-fx-ubuntu-phone-app-photos-filters === Meet The New Default Wallpaper of Ubuntu 16.10 === Joey Elijah Sneddon of OMG! Ubuntu! shares the default wallpaper of Ubuntu 16.10. The article contains a link to download a high resolution version of the wallpaper. http://www.omgubuntu.co.uk/2016/09/ubuntu-16-10-default-wallpaper == Featured Audio and Video == === Linux Luddites Episode #86 === At 38:04 in this Linux Luddites podcast Ubuntu community members Michael Hall and Sujeevan Vijayakumaran talk about the European UbuCon that will be held in Essen 18-20 November 2016. http://linuxluddites.com/shows/episode-86/ === Ubuntu Community Team Q&A - 6th September 2016 === David Planella and Alan Pope host this edition of the Ubuntu Community Team Q&A, answering questions posed to them by community members. === S09E28 - Death by Viking - Ubuntu Podcast === "It's Episode Twenty-Eight of Season-Nine of the Ubuntu Podcast! Mark Johnson, Alan Pope, Laura Cowen, and Martin Wimpress (just about) are here again." In this week's edition of the Ubuntu podcast, the team discusses why distributions rise and fall in popularity and the process for installing Ubuntu on the Nexus 7 2013 and more. http://ubuntupodcast.org/2016/09/08/s09e28-death-by-viking/ === Full Circle Weekly News #34 === Just a quick message to let you know that Full Circle Weekly News #34 is out: http://fullcirclemagazine.org/podcast/full-circle-weekly-news-34/ and, Full Circle Magazine #112 came out a couple of weeks ago: http://fullcirclemagazine.org/issue-112/ The show is also available via: RSS: http://fullcirclemagazine.org/feed/podcast Stitcher Radio: http://www.stitcher.com/s?fid=85347&refid=stpr TuneIn Radio: http://tunein.com/radio/Full-Circle-Weekly-News-p855064/ and PlayerFM: https://player.fm/series/the-full-circle-weekly-news == Weekly Ubuntu Development Team Meetings == * Kernel Team - September 6, 2016 - https://wiki.ubuntu.com/KernelTeam/Newsletter/2016-09-06 * Server Team - September 6, 2016 - https://wiki.ubuntu.com/MeetingLogs/Server/20160906 == Upcoming Meetings and Events == For upcoming meetings and events please visit the calendars at fridge.ubuntu.com: http://fridge.ubuntu.com/calendars/ == Updates and Security for 12.04, 14.04 and 16.04 == === Security Updates === * [uSN-3074-1] File Roller vulnerability - https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-September/003549.html * [uSN-3075-1] Imlib2 vulnerabilities - https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-September/003550.html * [uSN-3077-1] OpenJDK 6 vulnerabilities - https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-September/003551.html === Ubuntu 12.04 Updates === * imlib2 1.4.4-1ubuntu0.1 - https://lists.ubuntu.com/archives/precise-changes/2016-September/025572.html * imlib2 1.4.4-1ubuntu0.1 - https://lists.ubuntu.com/archives/precise-changes/2016-September/025573.html * inspircd 1.1.22+dfsg-4+squeeze3ubuntu0.1 - https://lists.ubuntu.com/archives/precise-changes/2016-September/025574.html * libtomcrypt 1.17-3.2+deb7u1ubuntu0.1 - https://lists.ubuntu.com/archives/precise-changes/2016-September/025575.html * libtomcrypt 1.17-3.2+deb7u1ubuntu0.1 - https://lists.ubuntu.com/archives/precise-changes/2016-September/025576.html * inspircd 1.1.22+dfsg-4+squeeze3ubuntu0.1 - https://lists.ubuntu.com/archives/precise-changes/2016-September/025577.html * openjdk-6 6b40-1.13.12-0ubuntu0.12.04.1 - https://lists.ubuntu.com/archives/precise-changes/2016-September/025578.html * openjdk-6 6b40-1.13.12-0ubuntu0.12.04.1 - https://lists.ubuntu.com/archives/precise-changes/2016-September/025579.html End of Life - April 2017 === Ubuntu 14.04 Updates === * gnome-maps 3.10.4-0ubuntu1 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022791.html * neutron 1:2014.1.5-0ubuntu6 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022792.html * chromium-browser 52.0.2743.116-0ubuntu0.14.04.1.1134 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022793.html * chromium-browser 52.0.2743.116-0ubuntu0.14.04.1.1134 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022794.html * update-manager 1:0.196.21 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022795.html * xorg-server-lts-xenial 2:1.18.3-1ubuntu2.2~trusty3 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022796.html * cloud-init 0.7.5-0ubuntu1.20 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022797.html * linux-keystone 3.13.0-67.95 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022798.html * linux-meta-keystone 3.13.0.67.65 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022799.html * curl 7.35.0-1ubuntu2.9 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022800.html * linux-signed-lts-xenial 4.4.0-38.57~14.04.1 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022801.html * linux-lts-xenial 4.4.0-38.57~14.04.1 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022802.html * linux-meta-lts-xenial 4.4.0.38.28 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022803.html * linux-lts-xenial_4.4.0-38.57~14.04.1_amd64.tar.gz - - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022804.html * isc-dhcp 4.2.4-7ubuntu12.6 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022805.html * file-roller 3.10.2.1-0ubuntu4.2 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022806.html * file-roller 3.10.2.1-0ubuntu4.2 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022807.html * imlib2 1.4.6-2ubuntu0.1 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022808.html * imlib2 1.4.6-2ubuntu0.1 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022809.html * dkms 2.2.0.3-1.1ubuntu5.14.04.8 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022810.html * ubuntu-gnome-wallpapers 14.04.2 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022811.html * openjdk-6 6b40-1.13.12-0ubuntu0.14.04.2 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022812.html * openjdk-6 6b40-1.13.12-0ubuntu0.14.04.2 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022813.html * sssd 1.11.8-0ubuntu0.2 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022814.html * percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-0ubuntu0.14.04.2 - https://lists.ubuntu.com/archives/trusty-changes/2016-September/022815.html End of Life - April 2019 === Ubuntu 16.04 Updates === * compiz 1:0.9.12.2+16.04.20160823-0ubuntu1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014453.html * bamf 0.5.3~bzr0+16.04.20160824-0ubuntu1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014454.html * p11-kit 0.23.2-5~ubuntu16.04.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014455.html * gnome-maps 3.18.4-0ubuntu1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014456.html * metacity 1:3.18.7-0ubuntu0.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014457.html * mesa 11.2.0-1ubuntu2.2 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014458.html * network-manager-applet 1.2.0-0ubuntu0.16.04.4 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014459.html * apt 1.2.14 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014460.html * borgbackup 1.0.7-0ubuntu1.16.04.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014461.html * livecd-rootfs 2.408.3 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014462.html * snap-confine 1.0.38-0ubuntu0.16.04.10 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014463.html * isc-dhcp 4.3.3-5ubuntu12.2 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014464.html * snapcraft 2.16 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014465.html * gstreamer1.0 1.8.3-1~ubuntu0.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014466.html * gst-plugins-bad1.0 1.8.3-1ubuntu0.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014467.html * gst-plugins-good1.0 1.8.3-1ubuntu0.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014468.html * gst-plugins-base1.0 1.8.3-1ubuntu0.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014469.html * gst-plugins-ugly1.0 1.8.3-1ubuntu0.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014470.html * gst-libav1.0 1.8.3-1ubuntu0.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014471.html * gtk2-engines-murrine 0.98.2-0ubuntu2.2 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014472.html * chromium-browser 52.0.2743.116-0ubuntu0.16.04.1.1250 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014473.html * chromium-browser 52.0.2743.116-0ubuntu0.16.04.1.1250 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014474.html * unity 7.4.0+16.04.20160906-0ubuntu1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014475.html * systemd 229-4ubuntu8 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014476.html * partman-auto 134ubuntu1.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014477.html * ubuntu-drivers-common 1:0.4.17.2 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014478.html * snapd 2.14.2~16.04 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014479.html * linux 4.4.0-38.57 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014481.html * linux-signed 4.4.0-38.57 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014480.html * linux-meta 4.4.0.38.40 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014482.html * linux-raspi2 4.4.0-1023.29 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014483.html * linux-meta-raspi2 4.4.0.1023.23 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014484.html * linux_4.4.0-38.57_amd64.tar.gz - - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014485.html * linux-snapdragon 4.4.0-1026.29 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014486.html * linux-meta-snapdragon 4.4.0.1026.18 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014487.html * snapcraft 2.16 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014488.html * nvidia-graphics-drivers-367 367.44-0ubuntu0.16.04.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014489.html * maas 2.0.0+bzr5189-0ubuntu1~16.04.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014490.html * appstream-glib 0.5.13-1ubuntu3 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014491.html * accountsservice 0.6.40-2ubuntu11.2 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014492.html * mtools 4.0.18-2ubuntu0.16.04 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014493.html * libmateweather 1.12.2-0ubuntu1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014494.html * bacula 7.0.5+dfsg-4ubuntu0.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014495.html * jtreg 4.2-b03-1~16.04 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014496.html * file-roller 3.16.5-0ubuntu1.2 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014497.html * file-roller 3.16.5-0ubuntu1.2 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014498.html * imlib2 1.4.7-1ubuntu0.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014499.html * imlib2 1.4.7-1ubuntu0.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014500.html * ubuntu-gnome-wallpapers 16.04.2 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014501.html * dkms 2.2.0.3-2ubuntu11.2 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014502.html * ubiquity 2.21.63.3 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014503.html * nvidia-graphics-drivers-367 367.44-0ubuntu0.16.04.2 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014504.html * percona-xtradb-cluster-5.6 5.6.21-25.8-0ubuntu3.2 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014505.html * ltt-control 2.7.1-2~fakesync1.1 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014506.html * livecd-rootfs 2.408.4 - https://lists.ubuntu.com/archives/xenial-changes/2016-September/014507.html End of Life - April 2021 == Subscribe == Get your copy of the Ubuntu Weekly Newsletter delivered each week to you via email at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-news == Archives == You can always find older Ubuntu Weekly Newsletter issues at: https://wiki.ubuntu.com/UbuntuWeeklyNewsletter == Additional Ubuntu News == As always you can find more news and announcements at: http://insights.ubuntu.com/ and http://fridge.ubuntu.com/ == Conclusion == Thank you for reading the Ubuntu Weekly Newsletter. See you next week! == Credits == The Ubuntu Weekly Newsletter is brought to you by: * Elizabeth K. Joseph * Chris Guiver * Chris Sirrs * And many others == Glossary of Terms == Other acronyms can be found at https://wiki.ubuntu.com/UbuntuWeeklyNewsletter/glossary == Ubuntu - Get Involved == The Ubuntu community consists of individuals and teams, working on different aspects of the distribution, giving advice and technical support, and helping to promote Ubuntu to a wider audience. No contribution is too small, and anyone can help. It's your chance to get in on all the community fun associated with developing and promoting Ubuntu. http://community.ubuntu.com/contribute/ Or get involved with the Ubuntu Weekly Newsletter team! We always need summary writers and editors, if you're interested, learn more at: https://wiki.ubuntu.com/UbuntuWeeklyNewsletter/Join == Feedback == This document is maintained by the Ubuntu Weekly News Team. If you have a story idea or suggestions for the Weekly Newsletter, join the
  8. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libarchive security update Advisory ID: RHSA-2016:1844-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1844.html Issue date: 2016-09-12 CVE Names: CVE-2015-8916 CVE-2015-8917 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8934 CVE-2016-1541 CVE-2016-4300 CVE-2016-4302 CVE-2016-4809 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-7166 ===================================================================== 1. Summary: An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418) * Multiple out-of-bounds write flaws were found in libarchive. Specially crafted ZIP, 7ZIP, or RAR files could cause a heap overflow, potentially allowing code execution in the context of the application using libarchive. (CVE-2016-1541, CVE-2016-4300, CVE-2016-4302) * Multiple out-of-bounds read flaws were found in libarchive. Specially crafted LZA/LZH, AR, MTREE, ZIP, TAR, or RAR files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8934) * Multiple NULL pointer dereference flaws were found in libarchive. Specially crafted RAR, CAB, or 7ZIP files could cause an application using libarchive to crash. (CVE-2015-8916, CVE-2015-8917, CVE-2015-8922) * Multiple infinite loop / resource exhaustion flaws were found in libarchive. Specially crafted GZIP or ISO files could cause the application to consume an excessive amount of resources, eventually leading to a crash on memory exhaustion. (CVE-2016-7166, CVE-2015-8930) * A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809) * An integer overflow flaw, leading to a buffer overflow, was found in libarchive's construction of ISO9660 volumes. Attempting to create an ISO9660 volume with 2 GB or 4 GB file names could cause the application to attempt to allocate 20 GB of memory. If this were to succeed, it could lead to an out of bounds write on the heap and potential code execution. (CVE-2016-6250) * Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted MTREE archives, Compress streams, or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8931, CVE-2015-8932, CVE-2016-5844) Red Hat would like to thank Insomnia Security for reporting CVE-2016-5418. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1334211 - CVE-2016-1541 libarchive: zip_read_mac_metadata() heap-based buffer overflow 1347084 - CVE-2016-4809 libarchive: Memory allocate error with symbolic links in cpio archives 1347085 - CVE-2016-6250 libarchive: Buffer overflow when writing large iso9660 containers 1347086 - CVE-2016-7166 libarchive: Denial of service using a crafted gzip file 1348412 - CVE-2015-8916 libarchive: NULL pointer access in RAR parser through bsdtar 1348413 - CVE-2015-8917 libarchive: NULL pointer access in CAB parser 1348414 - CVE-2015-8919 libarchive: Heap out of bounds read in LHA/LZH parser 1348416 - CVE-2015-8920 libarchive: Stack out of bounds read in ar parser 1348419 - CVE-2015-8922 libarchive: NULL pointer access in 7z parser 1348421 - CVE-2015-8924 libarchive: Heap out of bounds read in TAR parser 1348423 - CVE-2015-8925 libarchive: Unclear invalid memory read in mtree parser 1348424 - CVE-2015-8926 libarchive: NULL pointer access in RAR parser 1348429 - CVE-2015-8928 libarchive: Heap out of bounds read in mtree parser 1348439 - CVE-2016-4300 libarchive: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo 1348444 - CVE-2016-4302 libarchive: Heap buffer overflow in the Rar decompression functionality 1348772 - CVE-2015-8921 libarchive: Global out of bounds read in mtree parser 1348773 - CVE-2015-8923 libarchive: Unclear crashes in ZIP parser 1348779 - CVE-2015-8931 libarchive: Undefined behavior (signed integer overflow) in mtree parser 1348780 - CVE-2015-8932 libarchive: Undefined behavior / invalid shiftleft in TAR parser 1349204 - CVE-2015-8930 libarchive: Endless loop in ISO parser 1349229 - CVE-2015-8934 libarchive: out of bounds heap read in RAR parser 1350280 - CVE-2016-5844 libarchive: undefined behaviour (integer overflow) in iso parser 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libarchive-3.1.2-10.el7_2.src.rpm x86_64: libarchive-3.1.2-10.el7_2.i686.rpm libarchive-3.1.2-10.el7_2.x86_64.rpm libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bsdcpio-3.1.2-10.el7_2.x86_64.rpm bsdtar-3.1.2-10.el7_2.x86_64.rpm libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm libarchive-devel-3.1.2-10.el7_2.i686.rpm libarchive-devel-3.1.2-10.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libarchive-3.1.2-10.el7_2.src.rpm x86_64: libarchive-3.1.2-10.el7_2.i686.rpm libarchive-3.1.2-10.el7_2.x86_64.rpm libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bsdcpio-3.1.2-10.el7_2.x86_64.rpm bsdtar-3.1.2-10.el7_2.x86_64.rpm libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm libarchive-devel-3.1.2-10.el7_2.i686.rpm libarchive-devel-3.1.2-10.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libarchive-3.1.2-10.el7_2.src.rpm ppc64: libarchive-3.1.2-10.el7_2.ppc.rpm libarchive-3.1.2-10.el7_2.ppc64.rpm libarchive-debuginfo-3.1.2-10.el7_2.ppc.rpm libarchive-debuginfo-3.1.2-10.el7_2.ppc64.rpm ppc64le: libarchive-3.1.2-10.el7_2.ppc64le.rpm libarchive-debuginfo-3.1.2-10.el7_2.ppc64le.rpm s390x: libarchive-3.1.2-10.el7_2.s390.rpm libarchive-3.1.2-10.el7_2.s390x.rpm libarchive-debuginfo-3.1.2-10.el7_2.s390.rpm libarchive-debuginfo-3.1.2-10.el7_2.s390x.rpm x86_64: libarchive-3.1.2-10.el7_2.i686.rpm libarchive-3.1.2-10.el7_2.x86_64.rpm libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bsdcpio-3.1.2-10.el7_2.ppc64.rpm bsdtar-3.1.2-10.el7_2.ppc64.rpm libarchive-debuginfo-3.1.2-10.el7_2.ppc.rpm libarchive-debuginfo-3.1.2-10.el7_2.ppc64.rpm libarchive-devel-3.1.2-10.el7_2.ppc.rpm libarchive-devel-3.1.2-10.el7_2.ppc64.rpm ppc64le: bsdcpio-3.1.2-10.el7_2.ppc64le.rpm bsdtar-3.1.2-10.el7_2.ppc64le.rpm libarchive-debuginfo-3.1.2-10.el7_2.ppc64le.rpm libarchive-devel-3.1.2-10.el7_2.ppc64le.rpm s390x: bsdcpio-3.1.2-10.el7_2.s390x.rpm bsdtar-3.1.2-10.el7_2.s390x.rpm libarchive-debuginfo-3.1.2-10.el7_2.s390.rpm libarchive-debuginfo-3.1.2-10.el7_2.s390x.rpm libarchive-devel-3.1.2-10.el7_2.s390.rpm libarchive-devel-3.1.2-10.el7_2.s390x.rpm x86_64: bsdcpio-3.1.2-10.el7_2.x86_64.rpm bsdtar-3.1.2-10.el7_2.x86_64.rpm libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm libarchive-devel-3.1.2-10.el7_2.i686.rpm libarchive-devel-3.1.2-10.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libarchive-3.1.2-10.el7_2.src.rpm x86_64: libarchive-3.1.2-10.el7_2.i686.rpm libarchive-3.1.2-10.el7_2.x86_64.rpm libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bsdcpio-3.1.2-10.el7_2.x86_64.rpm bsdtar-3.1.2-10.el7_2.x86_64.rpm libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm libarchive-devel-3.1.2-10.el7_2.i686.rpm libarchive-devel-3.1.2-10.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8916 https://access.redhat.com/security/cve/CVE-2015-8917 https://access.redhat.com/security/cve/CVE-2015-8919 https://access.redhat.com/security/cve/CVE-2015-8920 https://access.redhat.com/security/cve/CVE-2015-8921 https://access.redhat.com/security/cve/CVE-2015-8922 https://access.redhat.com/security/cve/CVE-2015-8923 https://access.redhat.com/security/cve/CVE-2015-8924 https://access.redhat.com/security/cve/CVE-2015-8925 https://access.redhat.com/security/cve/CVE-2015-8926 https://access.redhat.com/security/cve/CVE-2015-8928 https://access.redhat.com/security/cve/CVE-2015-8930 https://access.redhat.com/security/cve/CVE-2015-8931 https://access.redhat.com/security/cve/CVE-2015-8932 https://access.redhat.com/security/cve/CVE-2015-8934 https://access.redhat.com/security/cve/CVE-2016-1541 https://access.redhat.com/security/cve/CVE-2016-4300 https://access.redhat.com/security/cve/CVE-2016-4302 https://access.redhat.com/security/cve/CVE-2016-4809 https://access.redhat.com/security/cve/CVE-2016-5418 https://access.redhat.com/security/cve/CVE-2016-5844 https://access.redhat.com/security/cve/CVE-2016-6250 https://access.redhat.com/security/cve/CVE-2016-7166 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX1wxAXlSAg2UNWIIRAu+sAJ9YBTSA1dpQZcFYj711f5PjfV1VDACfayj8 9/KldGYTdVwUF8hM+CWE2uU= =pIdF -----END PGP SIGNATURE----- --
  9. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2016:1854-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1854.html Issue date: 2016-09-12 CVE Names: CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166 CVE-2016-5167 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 53.0.2785.89. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1372207 - CVE-2016-5147 chromium-browser: universal xss in blink 1372208 - CVE-2016-5148 chromium-browser: universal xss in blink 1372209 - CVE-2016-5149 chromium-browser: script injection in extensions 1372210 - CVE-2016-5150 chromium-browser: use after free in blink 1372212 - CVE-2016-5151 chromium-browser: use after free in pdfium 1372213 - CVE-2016-5152 chromium-browser: heap overflow in pdfium 1372214 - CVE-2016-5153 chromium-browser: use after destruction in blink 1372215 - CVE-2016-5154 chromium-browser: heap overflow in pdfium 1372216 - CVE-2016-5155 chromium-browser: address bar spoofing 1372217 - CVE-2016-5156 chromium-browser: use after free in event bindings 1372218 - CVE-2016-5157 chromium-browser: heap overflow in pdfium 1372219 - CVE-2016-5158 chromium-browser: heap overflow in pdfium 1372220 - CVE-2016-5159 chromium-browser: heap overflow in pdfium 1372221 - CVE-2016-5161 chromium-browser: type confusion in blink 1372222 - CVE-2016-5162 chromium-browser: extensions web accessible resources bypass 1372223 - CVE-2016-5163 chromium-browser: address bar spoofing 1372224 - CVE-2016-5164 chromium-browser: universal xss using devtools 1372225 - CVE-2016-5165 chromium-browser: script injection in devtools 1372227 - CVE-2016-5166 chromium-browser: smb relay attack via save page as 1372228 - CVE-2016-5160 chromium-browser: extensions web accessible resources bypass 1372229 - CVE-2016-5167 chromium-browser: various fixes from internal audits 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-53.0.2785.89-3.el6.i686.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm x86_64: chromium-browser-53.0.2785.89-3.el6.x86_64.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-53.0.2785.89-3.el6.i686.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm x86_64: chromium-browser-53.0.2785.89-3.el6.x86_64.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-53.0.2785.89-3.el6.i686.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm x86_64: chromium-browser-53.0.2785.89-3.el6.x86_64.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5147 https://access.redhat.com/security/cve/CVE-2016-5148 https://access.redhat.com/security/cve/CVE-2016-5149 https://access.redhat.com/security/cve/CVE-2016-5150 https://access.redhat.com/security/cve/CVE-2016-5151 https://access.redhat.com/security/cve/CVE-2016-5152 https://access.redhat.com/security/cve/CVE-2016-5153 https://access.redhat.com/security/cve/CVE-2016-5154 https://access.redhat.com/security/cve/CVE-2016-5155 https://access.redhat.com/security/cve/CVE-2016-5156 https://access.redhat.com/security/cve/CVE-2016-5157 https://access.redhat.com/security/cve/CVE-2016-5158 https://access.redhat.com/security/cve/CVE-2016-5159 https://access.redhat.com/security/cve/CVE-2016-5160 https://access.redhat.com/security/cve/CVE-2016-5161 https://access.redhat.com/security/cve/CVE-2016-5162 https://access.redhat.com/security/cve/CVE-2016-5163 https://access.redhat.com/security/cve/CVE-2016-5164 https://access.redhat.com/security/cve/CVE-2016-5165 https://access.redhat.com/security/cve/CVE-2016-5166 https://access.redhat.com/security/cve/CVE-2016-5167 https://access.redhat.com/security/updates/classification/#important https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX1wkdXlSAg2UNWIIRAo19AKCYY24BGTS3pCe88UaKl6eCZ4ykmACgv0iJ SAjzzrBiLDEH4/kIVLeFMUU= =33re -----END PGP SIGNATURE----- --
  10. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libarchive security update Advisory ID: RHSA-2016:1850-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1850.html Issue date: 2016-09-12 CVE Names: CVE-2015-8920 CVE-2015-8921 CVE-2015-8932 CVE-2016-4809 CVE-2016-5418 CVE-2016-5844 CVE-2016-7166 ===================================================================== 1. Summary: An update for libarchive is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418) * Multiple out-of-bounds read flaws were found in libarchive. Specially crafted AR or MTREE files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8920, CVE-2015-8921) * A denial of service vulnerability was found in libarchive's handling of GZIP streams. A crafted GZIP file could cause libarchive to allocate an excessive amount of memory, eventually leading to a crash. (CVE-2016-7166) * A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809) * Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted Compress streams or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8932, CVE-2016-5844) Red Hat would like to thank Insomnia Security for reporting CVE-2016-5418. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1347084 - CVE-2016-4809 libarchive: Memory allocate error with symbolic links in cpio archives 1347086 - CVE-2016-7166 libarchive: Denial of service using a crafted gzip file 1348416 - CVE-2015-8920 libarchive: Stack out of bounds read in ar parser 1348772 - CVE-2015-8921 libarchive: Global out of bounds read in mtree parser 1348780 - CVE-2015-8932 libarchive: Undefined behavior / invalid shiftleft in TAR parser 1350280 - CVE-2016-5844 libarchive: undefined behaviour (integer overflow) in iso parser 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libarchive-2.8.3-7.el6_8.src.rpm i386: libarchive-2.8.3-7.el6_8.i686.rpm libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm x86_64: libarchive-2.8.3-7.el6_8.i686.rpm libarchive-2.8.3-7.el6_8.x86_64.rpm libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm libarchive-debuginfo-2.8.3-7.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm libarchive-devel-2.8.3-7.el6_8.i686.rpm x86_64: libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm libarchive-debuginfo-2.8.3-7.el6_8.x86_64.rpm libarchive-devel-2.8.3-7.el6_8.i686.rpm libarchive-devel-2.8.3-7.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: libarchive-2.8.3-7.el6_8.src.rpm x86_64: libarchive-2.8.3-7.el6_8.i686.rpm libarchive-2.8.3-7.el6_8.x86_64.rpm libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm libarchive-debuginfo-2.8.3-7.el6_8.x86_64.rpm libarchive-devel-2.8.3-7.el6_8.i686.rpm libarchive-devel-2.8.3-7.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libarchive-2.8.3-7.el6_8.src.rpm i386: libarchive-2.8.3-7.el6_8.i686.rpm libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm ppc64: libarchive-2.8.3-7.el6_8.ppc.rpm libarchive-2.8.3-7.el6_8.ppc64.rpm libarchive-debuginfo-2.8.3-7.el6_8.ppc.rpm libarchive-debuginfo-2.8.3-7.el6_8.ppc64.rpm s390x: libarchive-2.8.3-7.el6_8.s390.rpm libarchive-2.8.3-7.el6_8.s390x.rpm libarchive-debuginfo-2.8.3-7.el6_8.s390.rpm libarchive-debuginfo-2.8.3-7.el6_8.s390x.rpm x86_64: libarchive-2.8.3-7.el6_8.i686.rpm libarchive-2.8.3-7.el6_8.x86_64.rpm libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm libarchive-debuginfo-2.8.3-7.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm libarchive-devel-2.8.3-7.el6_8.i686.rpm ppc64: libarchive-debuginfo-2.8.3-7.el6_8.ppc.rpm libarchive-debuginfo-2.8.3-7.el6_8.ppc64.rpm libarchive-devel-2.8.3-7.el6_8.ppc.rpm libarchive-devel-2.8.3-7.el6_8.ppc64.rpm s390x: libarchive-debuginfo-2.8.3-7.el6_8.s390.rpm libarchive-debuginfo-2.8.3-7.el6_8.s390x.rpm libarchive-devel-2.8.3-7.el6_8.s390.rpm libarchive-devel-2.8.3-7.el6_8.s390x.rpm x86_64: libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm libarchive-debuginfo-2.8.3-7.el6_8.x86_64.rpm libarchive-devel-2.8.3-7.el6_8.i686.rpm libarchive-devel-2.8.3-7.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libarchive-2.8.3-7.el6_8.src.rpm i386: libarchive-2.8.3-7.el6_8.i686.rpm libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm x86_64: libarchive-2.8.3-7.el6_8.i686.rpm libarchive-2.8.3-7.el6_8.x86_64.rpm libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm libarchive-debuginfo-2.8.3-7.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm libarchive-devel-2.8.3-7.el6_8.i686.rpm x86_64: libarchive-debuginfo-2.8.3-7.el6_8.i686.rpm libarchive-debuginfo-2.8.3-7.el6_8.x86_64.rpm libarchive-devel-2.8.3-7.el6_8.i686.rpm libarchive-devel-2.8.3-7.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8920 https://access.redhat.com/security/cve/CVE-2015-8921 https://access.redhat.com/security/cve/CVE-2015-8932 https://access.redhat.com/security/cve/CVE-2016-4809 https://access.redhat.com/security/cve/CVE-2016-5418 https://access.redhat.com/security/cve/CVE-2016-5844 https://access.redhat.com/security/cve/CVE-2016-7166 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX1wxlXlSAg2UNWIIRAiK3AJoDa+37CtcxIy2UFieXxeNXLotiCgCcD411 h4H/7wKipV7MTN2z247GmnM= =RwwI -----END PGP SIGNATURE----- --
  11. news
    TITLE: MSI GE62VR 6RF Apache Pro Review ( -at -) Vortez CONTENT: Today, we'll be taking a detailed look at the new GE62VR 6RF Apache Pro. This gaming notebook arrives with some exciting hardware courtesy of a number of renowned vendors - including Intel's Core i7-6700HQ, NVIDIA's GTX 1060 and a Kingston M.2 SSD. LINK: http://www.vortez.net/review.php?id=1206 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.
  12. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Enterprise 3.2 security update and bug fix update Advisory ID: RHSA-2016:1853-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:1853 Issue date: 2016-09-12 CVE Names: CVE-2016-5418 ===================================================================== 1. Summary: An update for atomic-openshift and heapster is now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.2 - noarch, x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es): * When processing an archive file that contains an archive entry with type 1 (hardlink) but also having a non-zero data size a file overwrite can occur. This would allow an attacker that can pass data to an application that uses libarchive to unpack it to overwrite arbitrary files with arbitrary data. (CVE-2016-5418) Red Hat would like to thank Insomnia Security for reporting this issue. This update also fixes the following bugs: * Previously, pods that had a resource request of 0 and specified limits were classified as BestEffort when they should have been classified as Burstable. This bug fix ensures that those pods are correctly classified as Burstable.(BZ#1357475) * Future versions of docker will require containerized installations of OpenShift Container Platform to mount /var/lib/origin with the `rslave` flag. New installations of OpenShift Container Platform 3.2 have this value set. However, upgrades from 3.1 did not properly set this value. This bug fix ensures that this flag is now set during upgrades, ensuring that OpenShift Container Platform works properly under future versions of docker. (BZ#1358197) * The PersistentVolumeLabel admission plug-in is now enabled by default. This plug-in labels AWS and GCE volumes with their zone so the scheduler can limit the nodes for a pod to only those in the same zone as the persistent volumes being used by the pod. (BZ#1365600) * Previously, heapster incorrectly generated error messages indicating that it "Failed to find node". This bug fix corrects that error and ensures that erroneous warnings are generated.(BZ#1366367) * The deployment controllers' resync interval can now be configured. The previously hard-coded 2-minute default is the likely cause of performance regressions when thousands of deploymentconfigs are present in the system. Increase the resync interval by setting deploymentControllerResyncMinute in /etc/origin/master/master-config.yaml.(BZ#1366381) * Previously, AWS-related environment variables were removed from /etc/sysconfig/atomic-openshift-master files during an upgrade if these values were not included in the advanced installer's inventory file. This bug fix ensures that these variables are now preserved during upgrades. (BZ#1370641) * Previously, updates to the containerized atomic-openshift-node service were not properly reloaded during upgrades. This bug fix corrects this error and ensures that the service is reloaded during upgrades. (BZ#1371708) * Previously the installer did not properly configure an environment for flannel when openshift_use_flannel was set to `true`. This bug fix corrects those errors and the installer will now correctly deploy environments using flannel. (BZ#1372026) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The following images are included in this errata : openshift3/openvswitch:v3.2.1.15 openshift3/ose-pod:v3.2.1.15 openshift3/ose:v3.2.1.15 openshift3/ose-docker-registry:v3.2.1.15 openshift3/ose-keepalived-ipfailover:v3.2.1.15 openshift3/ose-recycler:v3.2.1.15 openshift3/ose-f5-router:v3.2.1.15 openshift3/ose-deployer:v3.2.1.15 openshift3/node:v3.2.1.15 openshift3/ose-sti-builder:v3.2.1.15 openshift3/ose-docker-builder:v3.2.1.15 openshift3/ose-haproxy-router:v3.2.1.15 openshift3/metrics-heapster:3.2.1-4 5. Bugs fixed (https://bugzilla.redhat.com/): 1357475 - Pod QoS Tier are different between OpenShift 3.2 and 3.3 1358197 - docker's per-mount propagation mode wasn't turn on after upgrade 1365600 - Volume affinity in OCP 3.2 1366367 - Heapster "Failed to find node" warning and verbose logging 1366381 - [ocp3.2.1] deployments and scale up/down are very, very slow 1370641 - Upgrade from 3.1 to 3.2 overwrites AWS variables in /etc/sysconfig/atomic-openshift-master-* 1371708 - atomic-openshift-node service wasn't reload on containerized env. 1372026 - openshift_use_flannel=true does not work properly 6. Package List: Red Hat OpenShift Enterprise 3.2: Source: atomic-openshift-3.2.1.15-1.git.0.d84be7f.el7.src.rpm heapster-1.1.0-1.beta2.el7.1.src.rpm openshift-ansible-3.2.28-1.git.0.5a85fc5.el7.src.rpm noarch: atomic-openshift-utils-3.2.28-1.git.0.5a85fc5.el7.noarch.rpm openshift-ansible-3.2.28-1.git.0.5a85fc5.el7.noarch.rpm openshift-ansible-docs-3.2.28-1.git.0.5a85fc5.el7.noarch.rpm openshift-ansible-filter-plugins-3.2.28-1.git.0.5a85fc5.el7.noarch.rpm openshift-ansible-lookup-plugins-3.2.28-1.git.0.5a85fc5.el7.noarch.rpm openshift-ansible-playbooks-3.2.28-1.git.0.5a85fc5.el7.noarch.rpm openshift-ansible-roles-3.2.28-1.git.0.5a85fc5.el7.noarch.rpm x86_64: atomic-openshift-3.2.1.15-1.git.0.d84be7f.el7.x86_64.rpm atomic-openshift-clients-3.2.1.15-1.git.0.d84be7f.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.2.1.15-1.git.0.d84be7f.el7.x86_64.rpm atomic-openshift-dockerregistry-3.2.1.15-1.git.0.d84be7f.el7.x86_64.rpm atomic-openshift-master-3.2.1.15-1.git.0.d84be7f.el7.x86_64.rpm atomic-openshift-node-3.2.1.15-1.git.0.d84be7f.el7.x86_64.rpm atomic-openshift-pod-3.2.1.15-1.git.0.d84be7f.el7.x86_64.rpm atomic-openshift-recycle-3.2.1.15-1.git.0.d84be7f.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.2.1.15-1.git.0.d84be7f.el7.x86_64.rpm atomic-openshift-tests-3.2.1.15-1.git.0.d84be7f.el7.x86_64.rpm heapster-1.1.0-1.beta2.el7.1.x86_64.rpm tuned-profiles-atomic-openshift-node-3.2.1.15-1.git.0.d84be7f.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5418 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX1v6fXlSAg2UNWIIRAvbAAKC6BJtJfOnHdVFYSA/35fCykCp7GgCcDb1V PpZ3NXDMRufi0djHizYJoqc= =obun -----END PGP SIGNATURE----- --
  13. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Enterprise 3.1 security update Advisory ID: RHSA-2016:1852-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:1852 Issue date: 2016-09-12 CVE Names: CVE-2016-5418 ===================================================================== 1. Summary: An update for Red Hat OpenShift Enterprise 3.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.1 - x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es): * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418) Red Hat would like to thank Insomnia Security for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The following images are included in this errata: openshift3/openvswitch:v3.1.1.7 openshift3/ose-pod:v3.1.1.7 openshift3/ose:v3.1.1.7 openshift3/ose-docker-registry:v3.1.1.7 openshift3/ose-keepalived-ipfailover:v3.1.1.7 openshift3/ose-recycler:v3.1.1.7 openshift3/ose-f5-router:v3.1.1.7 openshift3/ose-deployer:v3.1.1.7 openshift3/node:v3.1.1.7 openshift3/ose-sti-builder:v3.1.1.7 openshift3/ose-docker-builder:v3.1.1.7 openshift3/ose-haproxy-router:v3.1.1.7 5. Package List: Red Hat OpenShift Enterprise 3.1: Source: atomic-openshift-3.1.1.7-1.git.0.65f396b.el7aos.src.rpm x86_64: atomic-openshift-3.1.1.7-1.git.0.65f396b.el7aos.x86_64.rpm atomic-openshift-clients-3.1.1.7-1.git.0.65f396b.el7aos.x86_64.rpm atomic-openshift-clients-redistributable-3.1.1.7-1.git.0.65f396b.el7aos.x86_64.rpm atomic-openshift-dockerregistry-3.1.1.7-1.git.0.65f396b.el7aos.x86_64.rpm atomic-openshift-master-3.1.1.7-1.git.0.65f396b.el7aos.x86_64.rpm atomic-openshift-node-3.1.1.7-1.git.0.65f396b.el7aos.x86_64.rpm atomic-openshift-pod-3.1.1.7-1.git.0.65f396b.el7aos.x86_64.rpm atomic-openshift-recycle-3.1.1.7-1.git.0.65f396b.el7aos.x86_64.rpm atomic-openshift-sdn-ovs-3.1.1.7-1.git.0.65f396b.el7aos.x86_64.rpm tuned-profiles-atomic-openshift-node-3.1.1.7-1.git.0.65f396b.el7aos.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/cve/CVE-2016-5418 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX1v6PXlSAg2UNWIIRAl+UAJ93KBaeMJ7x1g9M8Kmx7HD/zPpZagCdFRwM 9VJNvChhErG1DKP+kW7VlMg= =IX/9 -----END PGP SIGNATURE----- --
  14. news
    Hello editors, Today we have on our review bench MSI's GeForce GTX 1080 and GTX 1070 Gaming X 8G, featuring factory overclocks over the NVIDIA GeForce 10 series cards yet still offering near-silent operation thanks to the TWIN FROZR VI cooling solutions. Note that this will the first installment in our look at these beastly cards, so please stay tuned for an overclocking-centric follow-up very soon! http://www.neoseeker.com/Articles/Hardware/Reviews/msi-gtx-1080-gtx-1070-gaming-x-8g/ "The new GeForce GTX 1080 and GTX 1070 Gaming X 8G sit right at the top of > MSI's Pascal-based product stack, and bring a host of clever customizations > to an already powerful platform. From custom design to enhanced clocks and > cooling solutions, MSI rebuilt the GTX 1080 and GTX 1070 according to its > Gaming brand. These Gaming X cards are factory overclocked and clad in a > custom shroud that sports RGB LEDs and TORX 2.0 fans." Thanks as always for any linkage! Neoseeker Hardware http://www.neoseeker.com/ hardware ( -at -) neoseeker.com
  15. news
    -------- SILVERSTONE PRIMERA PM01 COMPUTER CASE REVIEW ( -at -) APH NETWORKS -------- Hello everyone! APH Networks has published a new review that your readers might enjoy. A post in your site's news section would be greatly appreciated! Don't forget to send your site news to us. As we promise to post your news articles on APH Networks periodically, we would certainly appreciate it if you do the same as well. Thank you for your support in advance! * Title: SilverStone Primera PM01 Computer Case Review ( -at -) APH Networks * Description: The SilverStone Primera PM01 is an aggressive looking case filled with features and advanced cooling performance for the enthusiast. * Link: http://aphnetworks.com/reviews/silverstone-primera-pm01 * Image: http://aphnetworks.com/review/silverstone-primera-pm01/014.jpg Best Regards, Jonathan Kwan Editor-in-Chief APH Networks Inc. http://aphnetworks.com -- Unsubscribe from this newsletter: http://aphnetworks.com/newsletter/confirm/remove/c77c84bd425t5
  16. news

    gscan2pdf v1.5.2 released

    news posted a topic in Upcoming News

    gscan2pdf - A GUI to produce a multipage PDF or DjVu from a scan. http://gscan2pdf.sourceforge.net/ Five clicks are required to scan several pages and then save all or a selection as a PDF or DjVu file, including metadata if required. gscan2pdf can control regular or sheet-fed (ADF) scanners with SANE via libsane-perl, scanimage or scanadf, and can scan multiple pages at once. It presents a thumbnail view of scanned pages, and permits simple operations such as cropping, rotating and deleting pages. OCR can be used to recognise text in the scans, and the output embedded in the PDF or DjVu. PDF conversion is done by PDF::API2. The resulting document may be saved as a PDF, DjVu, multipage TIFF file, or single page image file. Changelog for 1.5.1: * Fixed bug prepending or appending to a PDF with a space in the path. * Refactored code handling geometry options to reduce complexity and duplication * Removed metadata variables %h, %i, %s, adding %H, %I, %S. Closes bug #226 (Formatting timestamp for filename template broken) * Encode document date in ASCII to workaround a bug in PDF::API2 where UTF-8 encoding caused garbage in the metadata. Closes bug #224 (CreationDate and ModDate fields are missing) * If the output from user-defined tool is pnm, there is no way to tell the resolution, so assume that it is the same as the input. Closes bug #227 (Page size corruption in 1.5.1) * Support hand-scanner option in test backend. Closes bug #223 ("Auto length detection" option does not work with ScanSnap IX500) * Filter out double memory address from unpaper warning. Closes Debian bug #833521 (unpaper AVStream codec deprecation warning) * Update to Slovak translation (thanks to Dusan Kazik) _______________________________________________
  17. news
    A new release of grilo, 0.3.2, has been released. What is it? =========== Grilo is a framework that provides access to various sources of multimedia content, using a pluggable system. Where can I find out more? ========================== https://wiki.gnome.org/Projects/Grilo What is new in 0.3.2? ====================== * Updated translations * Bugs fixed: * BGO#766386 - GrlSource resolution functions don't declare taking ownership of media param * BGO#769331 - Fix throttling in core and lua-factory * BGO#769830 - Fix annotation Who contributed to it? ====================== * Adrien Plazas * Andika Triwidada * Bastien Nocera * Juan A. Suarez Romero * Mathieu Bridon * Piotr Drąg * Reinout van Schouwen * Victor Toso Where can I get it? =================== https://download.gnome.org/sources/grilo/0.3/ _______________________________________________
  18. news
    openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2290-1 Rating: important References: #963931 #970948 #971126 #971360 #974266 #978821 #978822 #979018 #979213 #979879 #980371 #981058 #981267 #986362 #986365 #986570 #987886 #989084 #989152 #989176 #990058 #991110 #991608 #991665 #994296 #994520 Cross-References: CVE-2015-8787 CVE-2016-1237 CVE-2016-2847 CVE-2016-3134 CVE-2016-3156 CVE-2016-4485 CVE-2016-4486 CVE-2016-4557 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4951 CVE-2016-4998 CVE-2016-5696 CVE-2016-6480 CVE-2016-6828 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 9 fixes is now available. Description: The openSUSE Leap 42.1 kernel was updated to 4.1.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandled destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-4557: The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel did not properly maintain an fd data structure, which allowed local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor (bnc#979018). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel did not verify socket existence, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation (bnc#981058). - CVE-2015-8787: The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604 (bnc#963931). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-6828: A use after free in tcp_xmit_retransmit_queue() was fixed that could be used by local attackers to crash the kernel (bsc#994296). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986362 986365 990058). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-1237: nfsd in the Linux kernel allowed local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c (bnc#986570). The following non-security bugs were fixed: - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520). - KVM: arm/arm64: Handle forward time correction gracefully (bnc#974266). - Linux 4.1.29. Refreshed patch: patches.xen/xen3-fixup-xen Deleted patches: patches.fixes/0001-Revert-ecryptfs-forbid-opening-files-without-mmap-ha.pat ch patches.fixes/0001-ecryptfs-don-t-allow-mmap-when-the-lower-file-system.pat ch patches.rpmify/Revert-mm-swap.c-flush-lru-pvecs-on-compound-page-ar patches.rpmify/Revert-powerpc-Update-TM-user-feature-bits-in-scan_f - Revert "mm/swap.c: flush lru pvecs on compound page arrival" (boo#989084). - Revert "powerpc: Update TM user feature bits in scan_features()". Fix the build error of 4.1.28 on ppc. - Revive i8042_check_power_owner() for 4.1.31 kabi fix. - USB: OHCI: Do not mark EDs as ED_OPER if scheduling fails (bnc#987886). - USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - Update patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch (bsc#986570 CVE-2016-1237). - Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch (bsc#986570 CVE-2016-1237). - netfilter: x_tables: fix 4.1 stable backport (bsc#989176). - nfsd: check permissions when setting ACLs (bsc#986570). - posix_acl: Add set_posix_acl (bsc#986570). - ppp: defer netns reference release for ppp channel (bsc#980371). - series.conf: Move a kABI patch to its own section - supported.conf: enable i2c-designware driver (bsc#991110) - tcp: enable per-socket rate limiting of all "challenge acks" (bsc#989152). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1076=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): hdjmod-debugsource-1.28-24.1 hdjmod-kmp-default-1.28_k4.1.31_30-24.1 hdjmod-kmp-default-debuginfo-1.28_k4.1.31_30-24.1 hdjmod-kmp-pv-1.28_k4.1.31_30-24.1 hdjmod-kmp-pv-debuginfo-1.28_k4.1.31_30-24.1 hdjmod-kmp-xen-1.28_k4.1.31_30-24.1 hdjmod-kmp-xen-debuginfo-1.28_k4.1.31_30-24.1 ipset-6.25.1-5.1 ipset-debuginfo-6.25.1-5.1 ipset-debugsource-6.25.1-5.1 ipset-devel-6.25.1-5.1 ipset-kmp-default-6.25.1_k4.1.31_30-5.1 ipset-kmp-default-debuginfo-6.25.1_k4.1.31_30-5.1 ipset-kmp-pv-6.25.1_k4.1.31_30-5.1 ipset-kmp-pv-debuginfo-6.25.1_k4.1.31_30-5.1 ipset-kmp-xen-6.25.1_k4.1.31_30-5.1 ipset-kmp-xen-debuginfo-6.25.1_k4.1.31_30-5.1 kernel-default-4.1.31-30.2 kernel-default-base-4.1.31-30.2 kernel-default-base-debuginfo-4.1.31-30.2 kernel-default-debuginfo-4.1.31-30.2 kernel-default-debugsource-4.1.31-30.2 kernel-default-devel-4.1.31-30.2 kernel-obs-build-4.1.31-30.3 kernel-obs-build-debugsource-4.1.31-30.3 kernel-obs-qa-4.1.31-30.1 kernel-obs-qa-xen-4.1.31-30.1 kernel-syms-4.1.31-30.1 libipset3-6.25.1-5.1 libipset3-debuginfo-6.25.1-5.1 pcfclock-0.44-266.1 pcfclock-debuginfo-0.44-266.1 pcfclock-debugsource-0.44-266.1 pcfclock-kmp-default-0.44_k4.1.31_30-266.1 pcfclock-kmp-default-debuginfo-0.44_k4.1.31_30-266.1 pcfclock-kmp-pv-0.44_k4.1.31_30-266.1 pcfclock-kmp-pv-debuginfo-0.44_k4.1.31_30-266.1 vhba-kmp-debugsource-20140928-5.1 vhba-kmp-default-20140928_k4.1.31_30-5.1 vhba-kmp-default-debuginfo-20140928_k4.1.31_30-5.1 vhba-kmp-pv-20140928_k4.1.31_30-5.1 vhba-kmp-pv-debuginfo-20140928_k4.1.31_30-5.1 vhba-kmp-xen-20140928_k4.1.31_30-5.1 vhba-kmp-xen-debuginfo-20140928_k4.1.31_30-5.1 - openSUSE Leap 42.1 (i686 x86_64): kernel-debug-4.1.31-30.2 kernel-debug-base-4.1.31-30.2 kernel-debug-base-debuginfo-4.1.31-30.2 kernel-debug-debuginfo-4.1.31-30.2 kernel-debug-debugsource-4.1.31-30.2 kernel-debug-devel-4.1.31-30.2 kernel-debug-devel-debuginfo-4.1.31-30.2 kernel-ec2-4.1.31-30.2 kernel-ec2-base-4.1.31-30.2 kernel-ec2-base-debuginfo-4.1.31-30.2 kernel-ec2-debuginfo-4.1.31-30.2 kernel-ec2-debugsource-4.1.31-30.2 kernel-ec2-devel-4.1.31-30.2 kernel-pv-4.1.31-30.2 kernel-pv-base-4.1.31-30.2 kernel-pv-base-debuginfo-4.1.31-30.2 kernel-pv-debuginfo-4.1.31-30.2 kernel-pv-debugsource-4.1.31-30.2 kernel-pv-devel-4.1.31-30.2 kernel-vanilla-4.1.31-30.2 kernel-vanilla-debuginfo-4.1.31-30.2 kernel-vanilla-debugsource-4.1.31-30.2 kernel-vanilla-devel-4.1.31-30.2 kernel-xen-4.1.31-30.2 kernel-xen-base-4.1.31-30.2 kernel-xen-base-debuginfo-4.1.31-30.2 kernel-xen-debuginfo-4.1.31-30.2 kernel-xen-debugsource-4.1.31-30.2 kernel-xen-devel-4.1.31-30.2 - openSUSE Leap 42.1 (x86_64): drbd-8.4.6-8.1 drbd-debugsource-8.4.6-8.1 drbd-kmp-default-8.4.6_k4.1.31_30-8.1 drbd-kmp-default-debuginfo-8.4.6_k4.1.31_30-8.1 drbd-kmp-pv-8.4.6_k4.1.31_30-8.1 drbd-kmp-pv-debuginfo-8.4.6_k4.1.31_30-8.1 drbd-kmp-xen-8.4.6_k4.1.31_30-8.1 drbd-kmp-xen-debuginfo-8.4.6_k4.1.31_30-8.1 lttng-modules-2.7.0-2.1 lttng-modules-debugsource-2.7.0-2.1 lttng-modules-kmp-default-2.7.0_k4.1.31_30-2.1 lttng-modules-kmp-default-debuginfo-2.7.0_k4.1.31_30-2.1 lttng-modules-kmp-pv-2.7.0_k4.1.31_30-2.1 lttng-modules-kmp-pv-debuginfo-2.7.0_k4.1.31_30-2.1 - openSUSE Leap 42.1 (noarch): kernel-devel-4.1.31-30.1 kernel-docs-4.1.31-30.3 kernel-docs-html-4.1.31-30.3 kernel-docs-pdf-4.1.31-30.3 kernel-macros-4.1.31-30.1 kernel-source-4.1.31-30.1 kernel-source-vanilla-4.1.31-30.1 - openSUSE Leap 42.1 (i686): kernel-pae-4.1.31-30.2 kernel-pae-base-4.1.31-30.2 kernel-pae-base-debuginfo-4.1.31-30.2 kernel-pae-debuginfo-4.1.31-30.2 kernel-pae-debugsource-4.1.31-30.2 kernel-pae-devel-4.1.31-30.2 - openSUSE Leap 42.1 (i586): hdjmod-kmp-pae-1.28_k4.1.31_30-24.1 hdjmod-kmp-pae-debuginfo-1.28_k4.1.31_30-24.1 ipset-kmp-pae-6.25.1_k4.1.31_30-5.1 ipset-kmp-pae-debuginfo-6.25.1_k4.1.31_30-5.1 pcfclock-kmp-pae-0.44_k4.1.31_30-266.1 pcfclock-kmp-pae-debuginfo-0.44_k4.1.31_30-266.1 vhba-kmp-pae-20140928_k4.1.31_30-5.1 vhba-kmp-pae-debuginfo-20140928_k4.1.31_30-5.1 References: https://www.suse.com/security/cve/CVE-2015-8787.html https://www.suse.com/security/cve/CVE-2016-1237.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-4485.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4557.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4580.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4951.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5696.html https://www.suse.com/security/cve/CVE-2016-6480.html https://www.suse.com/security/cve/CVE-2016-6828.html https://bugzilla.suse.com/963931 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/974266 https://bugzilla.suse.com/978821 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979018 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/981058 https://bugzilla.suse.com/981267 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986570 https://bugzilla.suse.com/987886 https://bugzilla.suse.com/989084 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/989176 https://bugzilla.suse.com/990058 https://bugzilla.suse.com/991110 https://bugzilla.suse.com/991608 https://bugzilla.suse.com/991665 https://bugzilla.suse.com/994296 https://bugzilla.suse.com/994520 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  19. news
    Title: CHJGD 10000mAh Ultra Compact PowerBank Review ( -at -) NikKTech Description: With a battery capacity of 10.000mAh, single 2.1A USB charging port, tempting price tag and a compact rubber coated enclosure that also features a nice picture/drawing at the top the ULTRA COMPACT POWERBANK by CHJGD could be the power bank you've been looking for. Article Link: http://www.nikktech.com/main/articles/gadgets/portable-batteries/6947-chjgd- 10000mah-ultra-compact-powerbank-review Image Link: http://www.nikktech.com/main/images/pics/reviews/chjgd/chjgd_ultra_compacta. JPG A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas
  20. news
    =AEROCOOL STRIKE-X AIR REVIEW= ------------------------------------------------------------ http://us2.campaign-archive1.com/?u=bfb2b902b5fb045ad6f841f98&id=d3e3c076f6&e=872093acb5 http://www.kitguru.net =BENQ XR3501 CURVED GAMING MONITOR REVIEW= Everybody loves nice curves, or at least BenQ is hoping they do with the XR3501. This 35in-diagonal screen boasts a 2,560 x 1,080 resolution and 2000R curvature. This, and the 21:9 aspect ratio, provide an expansive display that will stretch your peripheral vision. Read the review here: http://www.kitguru.net/peripherals/james-morris/benq-xr3501-curved-gaming-monitor-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend1.com/forward?u=bfb2b902b5fb045ad6f841f98&id=d3e3c076f6&e=872093acb5) Copyright © 2016 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  21. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnutls (SSA:2016-254-01) New gnutls packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/gnutls-3.4.15-i586-1_slack14.2.txz: Upgraded. This update fixes some bugs and security issues. For more information, see: http://www.gnutls.org/security.html#GNUTLS-SA-2015-2 http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6251 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnutls-3.3.24-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnutls-3.3.24-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gnutls-3.3.24-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gnutls-3.3.24-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gnutls-3.4.15-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gnutls-3.4.15-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.4.15-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.4.15-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 9fb4d8cc5fc3934456bfcc45ef206288 gnutls-3.3.24-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 096978e66dccf37f7182bcbef8550d98 gnutls-3.3.24-x86_64-1_slack14.0.txz Slackware 14.1 package: 991a332f840cb55112ecc937d3dcbec7 gnutls-3.3.24-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 0916d0add976a12b59f7a52afbc7fb98 gnutls-3.3.24-x86_64-1_slack14.1.txz Slackware 14.2 package: d3c1e223880db5b366149e04c30fcbc5 gnutls-3.4.15-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 5d6e3da9c353774c60a7ed9b22214203 gnutls-3.4.15-x86_64-1_slack14.2.txz Slackware -current package: 67ff2dcd327cc5a0781bfa6cb6553932 n/gnutls-3.4.15-i586-1.txz Slackware x86_64 -current package: 95037c7af4bc6528b6333085d7ae3aca n/gnutls-3.4.15-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gnutls-3.4.15-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+
  22. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gtk+2 (SSA:2016-254-02) New gtk+2 packages are available for Slackware 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/gtk+2-2.24.31-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7447 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gtk+2-2.24.20-i486-2_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gtk+2-2.24.20-x86_64-2_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gtk+2-2.24.31-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gtk+2-2.24.31-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/gtk+2-2.24.31-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/gtk+2-2.24.31-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.1 package: af7bdd1ab5b724e44e1b79cc90f5e341 gtk+2-2.24.20-i486-2_slack14.1.txz Slackware x86_64 14.1 package: 42bd98bb9e354403cac04a6be9c61775 gtk+2-2.24.20-x86_64-2_slack14.1.txz Slackware 14.2 package: 752cfc2d26bcbff6fcded7fa8ea737e7 gtk+2-2.24.31-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 73ee0d92b662133f0c4daea0ff353dde gtk+2-2.24.31-x86_64-1_slack14.2.txz Slackware -current package: 7749e50ced2082872223d932701e6033 l/gtk+2-2.24.31-i586-1.txz Slackware x86_64 -current package: 9b563e9692cb84f05ee01cb87af75cbe l/gtk+2-2.24.31-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gtk+2-2.24.31-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+
  23. news
    SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2286-1 Rating: important References: #992537 Cross-References: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues (bsc#992537). Security issues fixed: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_7_0-ibm-12737=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_7_0-ibm-12737=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_7_0-ibm-12737=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_7_0-ibm-12737=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_7_0-ibm-12737=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-12737=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 - SUSE Manager Proxy 2.1 (x86_64): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 - SUSE Manager 2.1 (s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 - SUSE Manager 2.1 (x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 References: https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3598.html https://bugzilla.suse.com/992537 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  24. news
    -------- SHOULD I BUY AN OLDER FLAGSHIP OR A NEW MIDRANGE PHONE? FT. LG X POWER REPORT ( -at -) APH NETWORKS ----------------------------------------- Hello everyone! APH Networks has published a new review that your readers might enjoy. A post in your site's news section would be greatly appreciated! Don't forget to send your site news to us. As we promise to post your news articles on APH Networks periodically, we would certainly appreciate it if you do the same as well. Thank you for your support in advance! * Title: Should I buy an older flagship or a new midrange phone? ft. LG X power Report ( -at -) APH Networks * Description: Older flagship or new midrange phone? We got an LG X power in to answer this first world problem. * Link: http://aphnetworks.com/reports/should-i-buy-an-older-flagship-or-a-new-midrange-phone * Image: http://aphnetworks.com/report/should-i-buy-an-older-flagship-or-a-new-midrange-phone/003.jpg Best Regards, Jonathan Kwan Editor-in-Chief APH Networks Inc. http://aphnetworks.com -- Unsubscribe from this newsletter: http://aphnetworks.com/newsletter/confirm/remove/c77c84bd425t5
  25. news
    An early version of Deus Ex: Mankind Divided's DirectX 12 rendering path is available now, and many sites and AMD itself are already producing average FPS numbers using that software. We go inside the second to see what the real story is. Read more: http://techreport.com/review/30639/examining-early-directx-12-performance-in-deus-ex-mankind-divided --- The Tech Report - PC Hardware Explored http://techreport.com -- To unsubscribe from: TR-News, just follow this link: http://node1.techreport.com/cgi-bin/dada/mail.cgi/u/trnews/reviewnews// Click this link, or copy and paste the address into your browser.
×