Jump to content
Compatible Support Forums

news

Members
 View Profile  See their activity

  • Content count

    80899

  • Joined

  • Last visited

    Never

  • Days Won

    18

Everything posted by news

  1. news
    Package : icedove Version : 1:52.2.1-1~deb7u1 CVE ID : CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. For Debian 7 "Wheezy", these problems have been fixed in version 1:52.2.1-1~deb7u1. We recommend that you upgrade your icedove packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
  2. news
    Package : apache2 Version : 2.2.22-13+deb7u9 CVE ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of AdNovum Informatik AG discovered that mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port leading to a denial of service. CVE-2017-7668 Javier Jimenez reported that the HTTP strict parsing contains a flaw leading to a buffer overread in ap_find_token(). A remote attacker can take advantage of this flaw by carefully crafting a sequence of request headers to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. CVE-2017-7679 ChenQin and Hanno Boeck reported that mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. For Debian 7 "Wheezy", these problems have been fixed in version 2.2.22-13+deb7u9. We recommend that you upgrade your apache2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
  3. news
    -------- TP-LINK ARCHER C3150 WIRELESS ROUTER REVIEW ( -at -) APH NETWORKS ---------- Hello everyone! APH Networks has published a new review that your readers might enjoy. A post in your site's news section would be greatly appreciated! Don't forget to send your site news to us. As we promise to post your news articles on APH Networks periodically, we would certainly appreciate it if you do the same as well. Thank you for your support in advance! * Title: TP-Link Archer C3150 Wireless Router Review ( -at -) APH Networks * Description: The TP-Link Archer C3150 offers excellent performance and easy to use firmware at a competitive price. * Link: http://aphnetworks.com/reviews/tp-link-archer-c3150 * Image: http://aphnetworks.com/review/tp-link-archer-c3150/006.jpg Best Regards, Jonathan Kwan Editor-in-Chief APH Networks Inc. http://aphnetworks.com -- Unsubscribe from this newsletter: http://linkinbox.com/newsletter/confirm/remove/c77c84bd425t5
  4. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] glibc (SSA:2017-181-01) New glibc packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/glibc-2.23-i586-2_slack14.2.txz: Rebuilt. Applied upstream security hardening patches from git. For more information, see: https://sourceware.org/git/?p=glibc.git;a=commit;h=3c7cd21290cabdadd72984fb69bc51e64ff1002d https://sourceware.org/git/?p=glibc.git;a=commit;h=46703a3995aa3ca2b816814aa4ad05ed524194dd https://sourceware.org/git/?p=glibc.git;a=commit;h=c69d4a0f680a24fdbe323764a50382ad324041e9 https://sourceware.org/git/?p=glibc.git;a=commit;h=3776f38fcd267c127ba5eb222e2c614c191744aa https://sourceware.org/git/?p=glibc.git;a=commit;h=adc7e06fb412a2a1ee52f8cb788caf436335b9f3 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366 (* Security fix *) patches/packages/glibc-i18n-2.23-i586-2_slack14.2.txz: Rebuilt. patches/packages/glibc-profile-2.23-i586-2_slack14.2.txz: Rebuilt. (* Security fix *) patches/packages/glibc-solibs-2.23-i586-2_slack14.2.txz: Rebuilt. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-i18n-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-profile-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-solibs-2.23-i586-2_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-i18n-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-profile-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-solibs-2.23-x86_64-2_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.25-i586-3.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.25-x86_64-3.txz MD5 signatures: +-------------+ Slackware 14.2 packages: 663f47dc7d0dfedb2ebf7c61d3f2272c glibc-2.23-i586-2_slack14.2.txz 078372f057f25a9208065ab79057e177 glibc-i18n-2.23-i586-2_slack14.2.txz f071cea4355537664e48208f4af62eaf glibc-profile-2.23-i586-2_slack14.2.txz ab57d435ca54b173a9e68f71212fc461 glibc-solibs-2.23-i586-2_slack14.2.txz Slackware x86_64 14.2 packages: 1133b60a4c0ce35878a10bd4315fb648 glibc-2.23-x86_64-2_slack14.2.txz 089ce46a9649272054b9677a545db1e2 glibc-i18n-2.23-x86_64-2_slack14.2.txz 5ac5d520b831cd7f905302feab8d0e75 glibc-profile-2.23-x86_64-2_slack14.2.txz b8457b979d2a6652ce3c0362c2ec5638 glibc-solibs-2.23-x86_64-2_slack14.2.txz Slackware -current packages: 4dc6a08ad5905dcab5dba980b57d6b84 a/glibc-solibs-2.25-i586-3.txz 48c6c4a925eda4dc598470721edced9c l/glibc-2.25-i586-3.txz 1afd5bdb86c5450b1429e5c3ce7c8fd1 l/glibc-i18n-2.25-i586-3.txz 55908b021b0fdf6f00027579b885eea0 l/glibc-profile-2.25-i586-3.txz Slackware x86_64 -current packages: 1e479e2e03e837f66c95cacb2b7649f7 a/glibc-solibs-2.25-x86_64-3.txz ec307efb44585984181c4fe0ce01ce30 l/glibc-2.25-x86_64-3.txz 6503ac6fe173da8a2da47dcbd9c24bb1 l/glibc-i18n-2.25-x86_64-3.txz 22bc7dc3ec5b8b2bc0ca7aa2226a3094 l/glibc-profile-2.25-x86_64-3.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg glibc-*.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+
  5. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kernel (SSA:2017-181-02) New kernel packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.75/*: Upgraded. This kernel fixes security issues that include possible stack exhaustion, memory corruption, and arbitrary code execution. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7482 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.75/kernel-generic-4.4.75-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.75/kernel-generic-smp-4.4.75_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.75/kernel-headers-4.4.75_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.75/kernel-huge-4.4.75-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.75/kernel-huge-smp-4.4.75_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.75/kernel-modules-4.4.75-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.75/kernel-modules-smp-4.4.75_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.75/kernel-source-4.4.75_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.75/kernel-generic-4.4.75-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.75/kernel-headers-4.4.75-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.75/kernel-huge-4.4.75-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.75/kernel-modules-4.4.75-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.75/kernel-source-4.4.75-noarch-1.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-generic-4.9.35-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-generic-smp-4.9.35_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-huge-4.9.35-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-huge-smp-4.9.35_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-modules-4.9.35-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-modules-smp-4.9.35_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/kernel-headers-4.9.35_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/k/kernel-source-4.9.35_smp-noarch-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-generic-4.9.35-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-huge-4.9.35-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-modules-4.9.35-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/kernel-headers-4.9.35-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/k/kernel-source-4.9.35-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: 57d55b0d62204538fac224b22741bdad kernel-generic-4.4.75-i586-1.txz 81d3bce28234fc627aca0cfe53b82473 kernel-generic-smp-4.4.75_smp-i686-1.txz 80a17782de46338e4577adf869764659 kernel-headers-4.4.75_smp-x86-1.txz cd27938c62bb39e80ebf09702e63a36b kernel-huge-4.4.75-i586-1.txz 56fea090e299bf0039ae85784beef935 kernel-huge-smp-4.4.75_smp-i686-1.txz 4f6123e1c6887943544ce183916974c7 kernel-modules-4.4.75-i586-1.txz fe263ee83e9937a819bd00850044e6b7 kernel-modules-smp-4.4.75_smp-i686-1.txz 8e54d04753ad5c24760cf0aad23b3fa6 kernel-source-4.4.75_smp-noarch-1.txz Slackware x86_64 14.2 packages: 450e4e05eea49c96905b2b389bec8984 kernel-generic-4.4.75-x86_64-1.txz bee08c3d724db810fc0f67a42fe0d41c kernel-headers-4.4.75-x86-1.txz a4a8c40118016fa1cf46eb436d81a626 kernel-huge-4.4.75-x86_64-1.txz 05a55276038269c6c73ca2620b19545c kernel-modules-4.4.75-x86_64-1.txz c86fb02a7bc94c5486869e2ec280576b kernel-source-4.4.75-noarch-1.txz Slackware -current packages: e81ea5be1ca603d09e3b92fb12853c95 a/kernel-generic-4.9.35-i586-1.txz 22936292dfddbc1c492702831a29ef1e a/kernel-generic-smp-4.9.35_smp-i686-1.txz 6ebdffe28023be0b27f3bab2f41f08ba a/kernel-huge-4.9.35-i586-1.txz dbb94e3dcbd3090bca7d925c87585a04 a/kernel-huge-smp-4.9.35_smp-i686-1.txz 6d34cafdef750d823ade2e9cc344635f a/kernel-modules-4.9.35-i586-1.txz bc28d36ba0fa5a2a20a299d070b5fada a/kernel-modules-smp-4.9.35_smp-i686-1.txz 39f37944b9c2ae4a1242ef4979a4256e d/kernel-headers-4.9.35_smp-x86-1.txz 4837a920917e21ed1f63c3c7ce39ef59 k/kernel-source-4.9.35_smp-noarch-1.txz Slackware x86_64 -current packages: 08bc5e406d79bc2e77414e78d9960c3a a/kernel-generic-4.9.35-x86_64-1.txz ea2471ae126f28c8b9f0f478773735da a/kernel-huge-4.9.35-x86_64-1.txz 844c05b167224a60c65c3c64a087b3f2 a/kernel-modules-4.9.35-x86_64-1.txz df544f0ff4479cc2caec796f2dc44ac3 d/kernel-headers-4.9.35-x86-1.txz 574f6135608a364e4471360903a49380 k/kernel-source-4.9.35-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.75-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.75 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.75-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.75 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+
  6. news
    Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: Cooler Master MasterKeys L PBT Link: https://www.techpowerup.com/reviews/Cooler_Master/MasterKeys_L_PBT Brief: Cooler Master have listened to consumer feedback and with their MasterKeys PBT series they have thick PBT plastic keycaps out of the box on all the switches. The keyboard also includes onboard support for multiple OS and typing layouts, macro recording and an option for the rare Cherry MX Green switches; all for less than $100.
  7. news
    SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1742-1 Rating: important References: #1027519 #1035642 #1037243 #1042160 #1042882 #1042893 #1042915 #1042923 #1042924 #1042931 #1042938 Cross-References: CVE-2017-8309 CVE-2017-9330 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 9 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924) - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931) - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243) - PKRU and BND* leakage between vCPU-s might have leaked information to other guests (XSA-220, bsc#1042923) These non-security issues were fixed: - bsc#1027519: Included various upstream patches - bsc#1035642: Ensure that rpmbuild works Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1087=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1087=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1087=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): xen-debugsource-4.7.2_06-42.1 xen-devel-4.7.2_06-42.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): xen-4.7.2_06-42.1 xen-debugsource-4.7.2_06-42.1 xen-doc-html-4.7.2_06-42.1 xen-libs-32bit-4.7.2_06-42.1 xen-libs-4.7.2_06-42.1 xen-libs-debuginfo-32bit-4.7.2_06-42.1 xen-libs-debuginfo-4.7.2_06-42.1 xen-tools-4.7.2_06-42.1 xen-tools-debuginfo-4.7.2_06-42.1 xen-tools-domU-4.7.2_06-42.1 xen-tools-domU-debuginfo-4.7.2_06-42.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xen-4.7.2_06-42.1 xen-debugsource-4.7.2_06-42.1 xen-libs-32bit-4.7.2_06-42.1 xen-libs-4.7.2_06-42.1 xen-libs-debuginfo-32bit-4.7.2_06-42.1 xen-libs-debuginfo-4.7.2_06-42.1 References: https://www.suse.com/security/cve/CVE-2017-8309.html https://www.suse.com/security/cve/CVE-2017-9330.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1035642 https://bugzilla.suse.com/1037243 https://bugzilla.suse.com/1042160 https://bugzilla.suse.com/1042882 https://bugzilla.suse.com/1042893 https://bugzilla.suse.com/1042915 https://bugzilla.suse.com/1042923 https://bugzilla.suse.com/1042924 https://bugzilla.suse.com/1042931 https://bugzilla.suse.com/1042938 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  8. news
    SUSE Security Update: Security update for python-pycrypto ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1744-1 Rating: important References: #1017420 Cross-References: CVE-2013-7459 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-pycrypto fixes the following issues: - CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew (bsc#1017420). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-python-pycrypto-13187=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-python-pycrypto-13187=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python-pycrypto-2.6.1-5.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python-pycrypto-2.6.1-5.1 References: https://www.suse.com/security/cve/CVE-2013-7459.html https://bugzilla.suse.com/1017420 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  9. news
    SUSE Security Update: Security update for unrar ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1745-1 Rating: important References: #1045315 Cross-References: CVE-2012-6706 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for unrar fixes the following issues: - CVE-2012-6706: decoding malicious RAR files could have lead to memory corruption or code execution. (bsc#1045315). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1085=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1085=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1085=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1085=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1085=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1085=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1085=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1085=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1085=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): unrar-5.0.14-3.1 unrar-debuginfo-5.0.14-3.1 unrar-debugsource-5.0.14-3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libunrar-devel-5.0.14-3.1 libunrar5_0_14-5.0.14-3.1 libunrar5_0_14-debuginfo-5.0.14-3.1 unrar-debuginfo-5.0.14-3.1 unrar-debugsource-5.0.14-3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): unrar-5.0.14-3.1 unrar-debuginfo-5.0.14-3.1 unrar-debugsource-5.0.14-3.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): unrar-5.0.14-3.1 unrar-debuginfo-5.0.14-3.1 unrar-debugsource-5.0.14-3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): unrar-5.0.14-3.1 unrar-debuginfo-5.0.14-3.1 unrar-debugsource-5.0.14-3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): unrar-5.0.14-3.1 unrar-debuginfo-5.0.14-3.1 unrar-debugsource-5.0.14-3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): unrar-5.0.14-3.1 unrar-debuginfo-5.0.14-3.1 unrar-debugsource-5.0.14-3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): unrar-5.0.14-3.1 unrar-debuginfo-5.0.14-3.1 unrar-debugsource-5.0.14-3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): unrar-5.0.14-3.1 unrar-debuginfo-5.0.14-3.1 unrar-debugsource-5.0.14-3.1 References: https://www.suse.com/security/cve/CVE-2012-6706.html https://bugzilla.suse.com/1045315 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  10. news
    -------- V-MODA CROSSFADE II WIRELESS BLUETOOTH HEADSET REVIEW ( -at -) APH NETWORKS Hello everyone! APH Networks has published a new review that your readers might enjoy. A post in your site's news section would be greatly appreciated! Don't forget to send your site news to us. As we promise to post your news articles on APH Networks periodically, we would certainly appreciate it if you do the same as well. Thank you for your support in advance! * Title: V-MODA Crossfade II Wireless Bluetooth Headset Review ( -at -) APH Networks * Description: Make way for the king: The V-MODA Crossfade II Wireless are the best headphones ever tested here at APH Networks. * Link: http://aphnetworks.com/reviews/v-moda-crossfade-ii-wireless * Image: http://aphnetworks.com/review/v-moda-crossfade-ii-wireless/007.JPG Best Regards, Jonathan Kwan Editor-in-Chief APH Networks Inc. http://aphnetworks.com -- Unsubscribe from this newsletter: http://linkinbox.com/newsletter/confirm/remove/c77c84bd425t5
  11. news
    Title:   Azpen A848 Projector Tablet Review ( -at -) TechwareLabs.com Description:   The A848 Projector Tablet from Azpen addresses a need that many users have had without knowing it.  The A848 is a product that lends itself equally well to both business users as well as home consumers. It allows users the freedom to share in a way that works well for groups of people in a small setting. No more will people have to look over your shoulder, the A848 is a presentation tool for media and games alike. Article Link:   https://www.techwarelabs.com/cgi-bin/listman/mail.cgi/r/twl_news/283990693692/reviewnews// Image Link:    https://www.techwarelabs.com/cgi-bin/listman/mail.cgi/r/twl_news/638917454219/reviewnews// A News Post Would Be Appreciated. Thanks In Advance. Sincerely Jason Jacobs © 2011 TechwareLabs LLC. All rights reserved worldwide.
  12. news
    Hi News Poster HardwareOverclock.com has just posted another review. Last week we have tested the Corsair Carbide Series Clear 400C chasis. "Corsair have engineered the Carbide Clear 400C to pack all the performance and expandability you need into a beautifully compact case design. Put your components on display through the gorgeous, full-size window panel that opens with a touch - and keep it all running cool and quiet with Direct Airflow technology." Title: Corsair Carbide Series Clear 400C chasis ( -at -) HardwareOverclock.com Link: http://hardwareoverclock.com/Corsair-Carbide-Series-Clear-400C-Tower.htm Image: http://hardwareoverclock.com/NEWS-BILDER/Corsair-Carbide-Series-Clear-400C-0 17.jpg Thanks for posting our news. Pls feel free and send us your News too. Rene Ruf Chefredakteuer HardwareOverclock.com <mailto:admin ( -at -) hardwareoverclock.com> admin ( -at -) hardwareoverclock.com <http://www.hardwareoverclock.com/> HardwareOverclock.com
  13. news
    *MSI GeForce GTX 1080 Ti Lightning Z Review* In this new article we review the new MSI flagship graphics card, the mighty GeForce GTX 1080 Ti Lightning Z edition. This GTX 1080 Ti comes customized with high-factory clocks, a triple fan and cooler and a very impressive RGB setup. Read the full review here <http://www.guru3d.com/articles-pages/msi-geforce-gtx-1080-ti-lightning-z-review,1.html>'>http://www.guru3d.com/articles-pages/msi-geforce-gtx-1080-ti-lightning-z-review,1.html> . URL: http://www.guru3d.com/articles-pages/msi-geforce-gtx-1080-ti-lightning-z-review,1.html <http://www.guru3d.com/articles-pages/msi-geforce-gtx-1080-ti-lightning-z-review,1.html> --
  14. news
    be quiet! Shadow Rock TF 2 Review ------------------------------------------------------------ http://mailchi.mp/kitguru/be-quiet-shadow-rock-tf-2-review?e=872093acb5 http://www.kitguru.net be quiet! Shadow Rock TF 2 Review The be quiet! Shadow Rock TF 2 is of course the successor to the original Shadow Rock TopFlow air cooler. Essentially, it is a new low-profile cooler from the German company aimed at those with who don’t want to compromise on cooling despite owning a ITX or SFF case. But is it worth £59.99? Read the review here: https://www.kitguru.net/components/cooling/dominic-moass/be-quiet-shadow-rock-tf-2-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=58b22d94d6&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  15. news
    "Ten billion ants in this world, and I'm having trouble with just one." - Aardvark from The Ant and the Aardvark The first alpha of the Artful Aardvark (to become 17.10) has now been released! This milestone features images for Lubuntu, Kubuntu, and Ubuntu Kylin. Pre-releases of the Artful Aardvark are *not* encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage. They are, however, recommended for Ubuntu flavor developers and those who want to help in testing, reporting, and fixing bugs as we work towards getting this release ready. Alpha 1 includes a number of software updates that are ready for wider testing. This is quite an early set of images, so you should expect some bugs. While these Alpha 1 images have been tested and work, except as noted in the release notes, Ubuntu developers are continuing to improve the Artful Aardvark. In particular, once newer daily images are available, system installation bugs identified in the Alpha 1 installer should be verified against the current daily image before being reported in Launchpad. Using an obsolete image to re-report bugs that have already been fixed wastes your time and the time of developers who are busy trying to make 17.10 the best Ubuntu release yet. Always ensure your system is up to date before reporting bugs. Lubuntu: Lubuntu is a flavor of Ubuntu based on LXDE and focused on providing a very lightweight distribution. The Lubuntu 17.10 Alpha 1 images can be downloaded from: * http://cdimage.ubuntu.com/lubuntu/releases/artful/alpha-1/ More information about Lubuntu 17.10 Alpha 1 can be found here: * https://wiki.ubuntu.com/ArtfulAardvark/Alpha1/Lubuntu Also in this milestone is Lubuntu Next, an experimental flavor of Ubuntu based on LXQt and focused on providing a modern, lightweight, Qt-based distribution. The Lubuntu Next 17.10 Alpha 1 images can be downloaded from: * http://cdimage.ubuntu.com/lubuntu-next/releases/artful/alpha-1/ More information about Lubuntu Next 17.10 Alpha 1 can be found here: * https://wiki.ubuntu.com/ArtfulAardvark/Alpha1/LubuntuNext Kubuntu: Kubuntu is the KDE-based flavor of Ubuntu. It uses the Plasma desktop and includes a wide selection of tools from the KDE project. The Kubuntu 17.10 Alpha 1 images can be downloaded from: * http://cdimage.ubuntu.com/kubuntu/releases/artful/alpha-1/ More information about Kubuntu 17.10 Alpha 1 can be found here: * https://wiki.ubuntu.com/ArtfulAardvark/Alpha1/Kubuntu Ubuntu Kylin: Ubuntu Kylin is a flavor of Ubuntu that is more suitable for Chinese users. The Ubuntu Kylin 17.10 Alpha 1 images can be downloaded from: * http://cdimage.ubuntu.com/ubuntukylin/releases/artful/alpha-1/ More information about Ubuntu Kylin 17.10 Alpha 1 can be found here: * https://wiki.ubuntu.com/ArtfulAardvark/Alpha1/UbuntuKylin If you're interested in following the changes as we further develop the Artful Aardvark, we suggest that you subscribe to the ubuntu-devel-announce list. This is a low-traffic list (a few posts a week) carrying announcements of approved specifications, policy changes, alpha releases and other interesting events. * http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-announce A big thank you to the developers and testers for their efforts to pull together this Alpha release! On behalf of Ubuntu Release Team, Simon Quigley --
  16. news
    SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1737-1 Rating: important References: #1046554 #1046555 Cross-References: CVE-2017-3142 CVE-2017-3143 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-13185=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-13185=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-13185=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-13185=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-13185=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-13185=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.50.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.50.1 bind-chrootenv-9.9.6P1-0.50.1 bind-doc-9.9.6P1-0.50.1 bind-libs-9.9.6P1-0.50.1 bind-utils-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.50.1 bind-chrootenv-9.9.6P1-0.50.1 bind-devel-9.9.6P1-0.50.1 bind-doc-9.9.6P1-0.50.1 bind-libs-9.9.6P1-0.50.1 bind-utils-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.50.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.50.1 bind-chrootenv-9.9.6P1-0.50.1 bind-devel-9.9.6P1-0.50.1 bind-doc-9.9.6P1-0.50.1 bind-libs-9.9.6P1-0.50.1 bind-utils-9.9.6P1-0.50.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.50.1 bind-debugsource-9.9.6P1-0.50.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.50.1 bind-debugsource-9.9.6P1-0.50.1 References: https://www.suse.com/security/cve/CVE-2017-3142.html https://www.suse.com/security/cve/CVE-2017-3143.html https://bugzilla.suse.com/1046554 https://bugzilla.suse.com/1046555 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  17. news
    SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1738-1 Rating: important References: #1046554 #1046555 Cross-References: CVE-2017-3142 CVE-2017-3143 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1078=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1078=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): bind-doc-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): bind-9.9.9P1-28.37.1 bind-chrootenv-9.9.9P1-28.37.1 bind-debuginfo-9.9.9P1-28.37.1 bind-debugsource-9.9.9P1-28.37.1 bind-devel-9.9.9P1-28.37.1 bind-libs-32bit-9.9.9P1-28.37.1 bind-libs-9.9.9P1-28.37.1 bind-libs-debuginfo-32bit-9.9.9P1-28.37.1 bind-libs-debuginfo-9.9.9P1-28.37.1 bind-utils-9.9.9P1-28.37.1 bind-utils-debuginfo-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-28.37.1 bind-chrootenv-9.9.9P1-28.37.1 bind-debuginfo-9.9.9P1-28.37.1 bind-debugsource-9.9.9P1-28.37.1 bind-devel-9.9.9P1-28.37.1 bind-libs-9.9.9P1-28.37.1 bind-libs-debuginfo-9.9.9P1-28.37.1 bind-utils-9.9.9P1-28.37.1 bind-utils-debuginfo-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-28.37.1 bind-libs-debuginfo-32bit-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bind-doc-9.9.9P1-28.37.1 References: https://www.suse.com/security/cve/CVE-2017-3142.html https://www.suse.com/security/cve/CVE-2017-3143.html https://bugzilla.suse.com/1046554 https://bugzilla.suse.com/1046555 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  18. news
    Title: TP-Link TL-PA9020P AV2000 2-Port Gigabit Passthrough Powerline Adapter Kit Review ( -at -) NikKTech Description: Thanks to its high data transfer numbers the latest TL-PA9020P AV2000 2-Port Gigabit Passthrough Powerline Adapter Kit by TP-Link is a step forward in bridging the performance gap between powerline and wired connectivity. Article Link: https://www.nikktech.com/main/articles/peripherals/network/powerline-adapter s/7943-tp-link-tl-pa9020p-av2000-2-port-gigabit-passthrough-powerline-adapte r-kit-review Image Link: http://www.nikktech.com/main/images/pics/reviews/tp_link/tl_pa9020p_kit/tp_l ink_tl_pa9020pa.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas
  19. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libgcrypt (SSA:2017-180-04) New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libgcrypt-1.7.8-i586-1_slack14.2.txz: Upgraded. Mitigate a local flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For more information, see: https://eprint.iacr.org/2017/627 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libgcrypt-1.7.8-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libgcrypt-1.7.8-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/libgcrypt-1.7.8-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/libgcrypt-1.7.8-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 package: 204496613f4747c2d5578527483c4bd4 libgcrypt-1.7.8-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 22d1d1de8cfabc896afd94338df3d53c libgcrypt-1.7.8-x86_64-1_slack14.2.txz Slackware -current package: 83f8139bb564ffbea9590a429c7ca856 n/libgcrypt-1.7.8-i586-1.txz Slackware x86_64 -current package: cfa6085a8832331bd70d484a92704af6 n/libgcrypt-1.7.8-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libgcrypt-1.7.8-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+
  20. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2017-180-03) New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.26-i586-1_slack14.2.txz: Upgraded. This update fixes security issues which may lead to an authentication bypass or a denial of service: important: ap_get_basic_auth_pw() Authentication Bypass CVE-2017-3167 important: mod_ssl Null Pointer Dereference CVE-2017-3169 important: mod_http2 Null Pointer Dereference CVE-2017-7659 important: ap_find_token() Buffer Overread CVE-2017-7668 important: mod_mime Buffer Overread CVE-2017-7679 For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.32-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.32-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.32-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.32-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.32-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.32-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.26-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.26-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.26-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.26-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.26-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.26-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.26-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.26-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 3f00c09d7f7fc679c60edea24aa2e24f httpd-2.2.32-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 398ee8c9e198e6f87dafa12092f52681 httpd-2.2.32-x86_64-1_slack13.0.txz Slackware 13.1 package: 6c07977ed9799064aef4ac18f9b45df1 httpd-2.2.32-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 3a80ee6b2d459fe3b49476b205fa1472 httpd-2.2.32-x86_64-1_slack13.1.txz Slackware 13.37 package: ff470f6bbeb553d55a083ce023340dfd httpd-2.2.32-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 65e42ac5f38385c935fdf6937d52e44e httpd-2.2.32-x86_64-1_slack13.37.txz Slackware 14.0 package: 145ed3cb94caf035f2399eede0ef05e3 httpd-2.4.26-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 9e48513a5508757dd856309dd7bc86ec httpd-2.4.26-x86_64-1_slack14.0.txz Slackware 14.1 package: 8ddfb545db9fd25ce9a8c25f468c93d1 httpd-2.4.26-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 48dcd26874858ce96d83b102e8117877 httpd-2.4.26-x86_64-1_slack14.1.txz Slackware 14.2 package: c5e9b0490d7c2dc29c04e288956ea3e6 httpd-2.4.26-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 1947fc3942e8716580c84cbd92c42329 httpd-2.4.26-x86_64-1_slack14.2.txz Slackware -current package: 231eee45f432bb10e8edd51d03cde20c n/httpd-2.4.26-i586-1.txz Slackware x86_64 -current package: 2326f05f1e51895956b419d682122cdd n/httpd-2.4.26-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.26-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+
  21. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2017-180-02) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bind-9.10.5_P2-i586-1_slack14.2.txz: Upgraded. This update fixes a high severity security issue: An error in TSIG handling could permit unauthorized zone transfers or zone updates. For more information, see: https://kb.isc.org/article/AA-01503/0 https://kb.isc.org/article/AA-01504/0 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.10_P2-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.10_P2-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.10_P2-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.10_P2-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.10_P2-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.10_P2-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.10_P2-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.10_P2-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.10_P2-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.10_P2-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.10.5_P2-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.10.5_P2-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.11.1_P2-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.11.1_P2-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 4a855f5e3fa128a4abac68b00d65c3ef bind-9.9.10_P2-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 91d856c0f5ae2f775a08c7a6ce7bb1a9 bind-9.9.10_P2-x86_64-1_slack13.0.txz Slackware 13.1 package: ca0c4f4f4e6d9c8261b2e1b385363a8e bind-9.9.10_P2-i486-1_slack13.1.txz Slackware x86_64 13.1 package: a3d6419bc4287c719877e6a912d04a32 bind-9.9.10_P2-x86_64-1_slack13.1.txz Slackware 13.37 package: 105dc3696b8abdd39b9262878426c851 bind-9.9.10_P2-i486-1_slack13.37.txz Slackware x86_64 13.37 package: d0191c72b85fc479f85aafb7ac4ebeb9 bind-9.9.10_P2-x86_64-1_slack13.37.txz Slackware 14.0 package: fcb0568b682b82852915de806014619f bind-9.9.10_P2-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 594eb4de02aabb93a9a91173b12283c2 bind-9.9.10_P2-x86_64-1_slack14.0.txz Slackware 14.1 package: 764b017792c297c87be1a2638fec8042 bind-9.9.10_P2-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 714b71e509a5b6808224d46a6b87a55d bind-9.9.10_P2-x86_64-1_slack14.1.txz Slackware 14.2 package: b2a695b4b2ca664463202c9e834c035b bind-9.10.5_P2-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 33402c08402a2ccbaa85f664f82221db bind-9.10.5_P2-x86_64-1_slack14.2.txz Slackware -current package: 9d1ba79294a6743c425b63e87c4726f5 n/bind-9.11.1_P2-i586-1.txz Slackware x86_64 -current package: 6a3e3071c59d369df9d21a04416adbb9 n/bind-9.11.1_P2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.10.5_P2-i586-1_slack14.2.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+
  22. news
    SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1736-1 Rating: important References: #1046554 #1046555 Cross-References: CVE-2017-3142 CVE-2017-3143 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1080=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1080=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1080=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1080=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1080=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1080=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1080=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): bind-doc-9.9.9P1-62.1 - SUSE OpenStack Cloud 6 (x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 bind-libs-32bit-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): bind-libs-32bit-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): bind-libs-32bit-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-libs-32bit-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 References: https://www.suse.com/security/cve/CVE-2017-3142.html https://www.suse.com/security/cve/CVE-2017-3143.html https://bugzilla.suse.com/1046554 https://bugzilla.suse.com/1046555 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  23. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.1 kernel (SSA:2017-180-01) New kernel packages are available for Slackware 14.1 to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/linux-3.10.107/*: Upgraded. This kernel fixes two "Stack Clash" vulnerabilities reported by Qualys. The first issue may allow attackers to execute arbitrary code with elevated privileges. Failed attack attempts will likely result in denial-of-service conditions. The second issue can be exploited to bypass certain security restrictions and perform unauthorized actions. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365 (* Security fix *) In addition, a patch is included and preapplied to guard against other == sk in unix_dgram_sendmsg. This bug has been known to cause Samba related stalls. Thanks to Ben Stern for the bug report. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-generic-3.10.107-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-generic-smp-3.10.107_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-headers-3.10.107_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-huge-3.10.107-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-huge-smp-3.10.107_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-modules-3.10.107-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-modules-smp-3.10.107_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/linux-3.10.107/kernel-source-3.10.107_smp-noarch-1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-generic-3.10.107-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-headers-3.10.107-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-huge-3.10.107-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-modules-3.10.107-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/linux-3.10.107/kernel-source-3.10.107-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.1 packages: 7a3dc2cd4c1067984d0cbc5e257eb0f8 kernel-generic-3.10.107-i486-1.txz 1ec7b64fec890841337dcb0b85c4189e kernel-generic-smp-3.10.107_smp-i686-1.txz 42be9d29509261878e11ee142ddc5835 kernel-headers-3.10.107_smp-x86-1.txz c68758ab09860d8d9585eff27aa7b341 kernel-huge-3.10.107-i486-1.txz 1f27891b34076dfe3b1f1aa56c820017 kernel-huge-smp-3.10.107_smp-i686-1.txz 9b2f9044654c44b7fdaaf1dfa86c1f2b kernel-modules-3.10.107-i486-1.txz 68835ec8daffd1c101651cb1213917ea kernel-modules-smp-3.10.107_smp-i686-1.txz c6b18ccd52ef37879f4791557b1350d1 kernel-source-3.10.107_smp-noarch-1.txz Slackware x86_64 14.1 packages: c363284f807203eb8fedfc0db35ab9c3 kernel-generic-3.10.107-x86_64-1.txz 7101db4ec1cbeb294f41fb65709fb030 kernel-headers-3.10.107-x86-1.txz fef8c622ea91dcaeae915bf11de54aa1 kernel-huge-3.10.107-x86_64-1.txz 4985fb9284200278dd57f8ce14bc1670 kernel-modules-3.10.107-x86_64-1.txz fdced05a099ab697bd91e75118163320 kernel-source-3.10.107-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 3.10.107-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 3.10.107 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 3.10.107-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 3.10.107 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+
  24. news
    SUSE Security Update: Security update for the Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1735-1 Rating: important References: #1045340 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This Linux kernel update for SUSE Linux Enterprise 12 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1077=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1077=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1077=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.80.1 kernel-macros-3.12.61-52.80.1 kernel-source-3.12.61-52.80.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.80.1 kernel-default-base-3.12.61-52.80.1 kernel-default-base-debuginfo-3.12.61-52.80.1 kernel-default-debuginfo-3.12.61-52.80.1 kernel-default-debugsource-3.12.61-52.80.1 kernel-default-devel-3.12.61-52.80.1 kernel-syms-3.12.61-52.80.1 kernel-xen-3.12.61-52.80.1 kernel-xen-base-3.12.61-52.80.1 kernel-xen-base-debuginfo-3.12.61-52.80.1 kernel-xen-debuginfo-3.12.61-52.80.1 kernel-xen-debugsource-3.12.61-52.80.1 kernel-xen-devel-3.12.61-52.80.1 kgraft-patch-3_12_61-52_80-default-1-2.1 kgraft-patch-3_12_61-52_80-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.80.1 kernel-default-base-3.12.61-52.80.1 kernel-default-base-debuginfo-3.12.61-52.80.1 kernel-default-debuginfo-3.12.61-52.80.1 kernel-default-debugsource-3.12.61-52.80.1 kernel-default-devel-3.12.61-52.80.1 kernel-syms-3.12.61-52.80.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.80.1 kernel-macros-3.12.61-52.80.1 kernel-source-3.12.61-52.80.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.80.1 kernel-xen-base-3.12.61-52.80.1 kernel-xen-base-debuginfo-3.12.61-52.80.1 kernel-xen-debuginfo-3.12.61-52.80.1 kernel-xen-debugsource-3.12.61-52.80.1 kernel-xen-devel-3.12.61-52.80.1 kgraft-patch-3_12_61-52_80-default-1-2.1 kgraft-patch-3_12_61-52_80-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.80.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.80.1 kernel-ec2-debuginfo-3.12.61-52.80.1 kernel-ec2-debugsource-3.12.61-52.80.1 kernel-ec2-devel-3.12.61-52.80.1 kernel-ec2-extra-3.12.61-52.80.1 kernel-ec2-extra-debuginfo-3.12.61-52.80.1 References: https://bugzilla.suse.com/1045340 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  25. news
    CentOS Errata and Security Advisory 2017:1615 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1615.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 31a6c6f9fe0e42858b6af987ef713ec0db2ddefb464fe7dc5fa4a05ff3dcd773 kernel-3.10.0-514.26.1.el7.x86_64.rpm ff6512c2d9b003f146ca1be129c8fd40189be0c7e58a2108809416ccd688e96e kernel-abi-whitelists-3.10.0-514.26.1.el7.noarch.rpm 88208dca6251f2c890acf13c4f024bc7145ace3c16160d0246e9dd502da681c1 kernel-debug-3.10.0-514.26.1.el7.x86_64.rpm 9c2c518be28e4fe26575cab4be90ba63e90cf2e8712d00b71a6d57775adff813 kernel-debug-devel-3.10.0-514.26.1.el7.x86_64.rpm 4009bd33aa57abd3d0aa5d8087a938d902ae9981712b107bca161f5824c320d5 kernel-devel-3.10.0-514.26.1.el7.x86_64.rpm a978179ef67f270b75bccb9774a3edd2107bc394c808330191da9853627dfddd kernel-doc-3.10.0-514.26.1.el7.noarch.rpm 92cdc8bf0b60961cbc228748c13505751d41ab4a7c35f932fa9513ebc612fa3a kernel-headers-3.10.0-514.26.1.el7.x86_64.rpm 59311b7ceae3188e2528e20efa066fa42ee61ae3e081002c738462522997b60e kernel-tools-3.10.0-514.26.1.el7.x86_64.rpm 2b1e51e94f5d2d3cbcf3344f2e37eafc71c695c90ac325bc2ea4ca8c76060b16 kernel-tools-libs-3.10.0-514.26.1.el7.x86_64.rpm 126bab17d082fe773812f72ccd8b3af26155e3caed4f1bce4285a35c96378235 kernel-tools-libs-devel-3.10.0-514.26.1.el7.x86_64.rpm 98600f1d4c3c6062987201cb803b001bf34f9d4a8f0074e96a94f537aea60028 perf-3.10.0-514.26.1.el7.x86_64.rpm 6656a25508be20ea3edb35197688f247c0ccd4d01639ecc498efedfd29db12cc python-perf-3.10.0-514.26.1.el7.x86_64.rpm Source: 3b6d34f5e8fac41a1d2788cce6fab6f7f2b54cc81a666974ca9179e26a4712cd kernel-3.10.0-514.26.1.el7.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos ( -at -) irc.freenode.net Twitter: ( -at -) JohnnyCentOS _______________________________________________
×