Jump to content
Compatible Support Forums

news

Members
 View Profile  See their activity

  • Content count

    80899

  • Joined

  • Last visited

    Never

  • Days Won

    18

Everything posted by news

  1. news
    SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1632-1 Rating: important References: #1007853 #1007854 #1007855 #1007857 #1007858 #1011805 #1011812 #1015119 #1033448 #1036642 #988489 Cross-References: CVE-2016-0762 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-5647 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for tomcat6 fixes the following issues: Tomcat was updated to version 6.0.53: The full changelog is: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security issues fixed: - CVE-2017-5647: A bug in the handling of pipelined requests could lead to information disclosure (bsc#1036642) - CVE-2016-8745: Regression in the error handling methods could lead to information disclosure (bsc#1015119) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-6796: Manager Bypass (bsc#1007858) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5388: an arbitrary HTTP_PROXY environment variable might allow remote attackers to redirect outbound HTTP traffic (bsc#988489) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tomcat6-13162=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-tomcat6-13162=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tomcat6-13162=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): tomcat6-6.0.53-0.56.1 tomcat6-admin-webapps-6.0.53-0.56.1 tomcat6-docs-webapp-6.0.53-0.56.1 tomcat6-javadoc-6.0.53-0.56.1 tomcat6-jsp-2_1-api-6.0.53-0.56.1 tomcat6-lib-6.0.53-0.56.1 tomcat6-servlet-2_5-api-6.0.53-0.56.1 tomcat6-webapps-6.0.53-0.56.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): tomcat6-6.0.53-0.56.1 tomcat6-admin-webapps-6.0.53-0.56.1 tomcat6-docs-webapp-6.0.53-0.56.1 tomcat6-javadoc-6.0.53-0.56.1 tomcat6-jsp-2_1-api-6.0.53-0.56.1 tomcat6-lib-6.0.53-0.56.1 tomcat6-servlet-2_5-api-6.0.53-0.56.1 tomcat6-webapps-6.0.53-0.56.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): tomcat6-6.0.53-0.56.1 tomcat6-admin-webapps-6.0.53-0.56.1 tomcat6-docs-webapp-6.0.53-0.56.1 tomcat6-javadoc-6.0.53-0.56.1 tomcat6-jsp-2_1-api-6.0.53-0.56.1 tomcat6-lib-6.0.53-0.56.1 tomcat6-servlet-2_5-api-6.0.53-0.56.1 tomcat6-webapps-6.0.53-0.56.1 References: https://www.suse.com/security/cve/CVE-2016-0762.html https://www.suse.com/security/cve/CVE-2016-5018.html https://www.suse.com/security/cve/CVE-2016-5388.html https://www.suse.com/security/cve/CVE-2016-6794.html https://www.suse.com/security/cve/CVE-2016-6796.html https://www.suse.com/security/cve/CVE-2016-6797.html https://www.suse.com/security/cve/CVE-2016-6816.html https://www.suse.com/security/cve/CVE-2016-8735.html https://www.suse.com/security/cve/CVE-2016-8745.html https://www.suse.com/security/cve/CVE-2017-5647.html https://bugzilla.suse.com/1007853 https://bugzilla.suse.com/1007854 https://bugzilla.suse.com/1007855 https://bugzilla.suse.com/1007857 https://bugzilla.suse.com/1007858 https://bugzilla.suse.com/1011805 https://bugzilla.suse.com/1011812 https://bugzilla.suse.com/1015119 https://bugzilla.suse.com/1033448 https://bugzilla.suse.com/1036642 https://bugzilla.suse.com/988489 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  2. news
    ** TECHSPOT ------------------------------------------------------------ ** The Best $100 Entry-Level GPU: Radeon RX 560 vs. GeForce GTX 1050 ------------------------------------------------------------ ** http://www.techspot.com/review/1430-radeon-rx-560-vs-geforce-gtx-1050/ ------------------------------------------------------------ Enter the Radeon RX 560, AMD's last ditch effort to reclaim the entry-level market segment for this generation. Compared to its predecessor, the RX 560 packs 14% more cores that are slightly faster clocked for good measure. But the GTX 1050 enjoyed of a comfortable 18% lead against AMD's last-gen GPU, so it'll be interesting to see what this means for the RX 560. Thank you. Julio Franco Executive Editor | TECHSPOT ( -at -) juliofranco ----------------------------------- ============================================================ Our mailing address is: TechSpot 8237 NW 68 St Miami, FL 33166 USA
  3. news
    openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1633-1 Rating: important References: #1012060 #1012382 #1012422 #1012829 #1015452 #1022595 #1031796 #1032339 #1036638 #1037840 #1038085 #1039348 #1039900 #1040855 #1041242 #1041431 #1041810 #1042286 #1042356 #1042421 #1042517 #1042535 #1042536 #1042886 #1043014 #1043231 #1043236 #1043371 #1043467 #1043598 #1043935 #1044015 #1044125 #1044532 #863764 #966321 #966339 #971975 #995542 Cross-References: CVE-2017-1000364 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9242 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves four vulnerabilities and has 35 fixes is now available. Description: The openSUSE Leap 42.2 kernel was updated to 4.4.72 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010) (bnc#1039348). - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125). - CVE-2017-7346: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate certain levels data, which allowed local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031796). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431). The following non-security bugs were fixed: - ASoC: Intel: Skylake: Uninitialized variable in probe_codec() (bsc#1043231). - IB/core: Fix kernel crash during fail to initialize device (bsc#1022595 FATE#322350). - IB/core: For multicast functions, verify that LIDs are multicast LIDs (bsc#1022595 FATE#322350). - IB/core: If the MGID/MLID pair is not on the list return an error (bsc#1022595 FATE#322350). - IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow (bsc#1022595 FATE#322350). - Make __xfs_xattr_put_listen preperly report errors (bsc#1041242). - NFS: Fix an LOCK/OPEN race when unlinking an open file (git-fixes). - NFSv4: Fix the underestimation of delegation XDR space reservation (git-fixes). - NFSv4: fix a reference leak caused WARNING messages (git-fixes). - PM / QoS: Fix memory leak on resume_latency.notifiers (bsc#1043231). - SUNRPC: Silence WARN_ON when NFSv4.1 over RDMA is in use (git-fixes). - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() (git-fixes). - Update patches.fixes/xen-silence-efi-error-messge.patch (bnc#1039900). - [media] vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1043231). - bcache: fix calling ida_simple_remove() with incorrect minor (bsc#1038085). - bna: add missing per queue ethtool stat (bsc#966321 FATE#320156). - bna: integer overflow bug in debugfs (bsc#966321 FATE#320156). - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (bsc#1042286). - bonding: do not use stale speed and duplex information (bsc#1042286). - bonding: prevent out of bound accesses (bsc#1042286). - brcmfmac: add fallback for devices that do not report per-chain values (bsc#1043231). - brcmfmac: avoid writing channel out of allocated array (bsc#1043231). - ceph: fix potential use-after-free (bsc#1043371). - ceph: memory leak in ceph_direct_read_write callback (bsc#1041810). - cfq-iosched: fix the delay of cfq_group's vdisktime under iops mode (bsc#1012829). - cgroup: remove redundant cleanup in css_create (bsc#1012829). - cifs: small underflow in cnvrtDosUnixTm() (bnc#1043935). - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452, bsc#995542). - drm/nouveau/tmr: fully separate alarm execution/pending lists (bsc#1043467). - efi: Do not issue error message when booted under Xen (bnc#1036638). - ext4: fix data corruption for mmap writes (bsc#1012829). - ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO (bsc#1012829). - fuse: fix clearing suid, sgid for chown() (bsc#1012829). - ibmvnic: Check adapter state during ibmvnic_poll (fate#322021, bsc#1040855). - ibmvnic: Deactivate RX pool buffer replenishment on H_CLOSED (fate#322021, bsc#1040855). - ibmvnic: Fix cleanup of SKB's on driver close (fate#322021, bsc#1040855). - ibmvnic: Halt TX and report carrier off on H_CLOSED return code (fate#322021, bsc#1040855). - ibmvnic: Handle failover after failed init crq (fate#322021, bsc#1040855). - ibmvnic: Non-fatal error handling (fate#322021, bsc#1040855). - ibmvnic: Reset sub-crqs during driver reset (fate#322021, bsc#1040855). - ibmvnic: Reset the CRQ queue during driver reset (fate#322021, bsc#1040855). - ibmvnic: Reset tx/rx pools on driver reset (fate#322021, bsc#1040855). - ibmvnic: Return failure on attempted mtu change (bsc#1043236). - ibmvnic: Send gratuitous arp on reset (fate#322021, bsc#1040855). - ibmvnic: Track state of adapter napis (fate#322021, bsc#1040855). - ipv6: Do not use ufo handling on later transformed packets (bsc#1042286). - ipv6: fix endianness error in icmpv6_err (bsc#1042286). - kABI: protect struct fib_info (kabi). - kABI: protect struct pglist_data (kabi). - kABI: protect struct xlog (bsc#1043598). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - l2tp: fix race in l2tp_recv_common() (bsc#1042286). - libceph: NULL deref on crush_decode() error path (bsc#1044015). - md: allow creation of mdNNN arrays via md_mod/parameters/new_array (bsc#1032339). - md: support disabling of create-on-open semantics (bsc#1032339). - mm/hugetlb: check for reserved hugepages during memory offline (bnc#971975 VM -- git fixes). - mm/hugetlb: fix incorrect hugepages count during mem hotplug (bnc#971975 VM -- git fixes). - mmc: Downgrade error level (bsc#1042536). - module: fix memory leak on early load_module() failures (bsc#1043014). - net: bridge: start hello timer only if device is up (bnc#1012382). - net: fix compile error in skb_orphan_partial() (bnc#1012382). - net: ipv6: set route type for anycast routes (bsc#1042286). - netfilter: nf_conntrack_sip: extend request line validation (bsc#1042286). - netfilter: nf_ct_expect: remove the redundant slash when policy name is empty (bsc#1042286). - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags (bsc#1042286). - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register (bsc#1042286). - netfilter: nfnetlink_queue: reject verdict request from different portid (bsc#1042286). - netfilter: restart search if moved to other chain (bsc#1042286). - netfilter: use fwmark_reflect in nf_send_reset (bsc#1042286). - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd (bsc#966339 FATE#320150). - nfs: Fix "Do not increment lock sequence ID after NFS4ERR_MOVED" (git-fixes). - nsfs: mark dentry with DCACHE_RCUACCESS (bsc#1012829). - nvme: submit nvme_admin_activate_fw to admin queue (bsc#1044532). - percpu: remove unused chunk_alloc parameter from pcpu_get_pages() (bnc#971975 VM -- git fixes). - perf/x86/intel/rapl: Make Knights Landings support functional (bsc#1042517). - powerpc/64: Fix flush_(d|i)cache_range() called from modules (bnc#863764 fate#315275, LTC#103998). - quota: fill in Q_XGETQSTAT inode information for inactive quotas (bsc#1042356). - radix-tree: fix radix_tree_iter_retry() for tagged iterators (bsc#1012829). - rpm/kernel-binary.spec: remove superfluous flags This should make build logs more readable and people adding more flags should have easier time finding a place to add them in the spec file. - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060) - rtnl: reset calcit fptr in rtnl_unregister() (bsc#1042286). - series.conf: remove silly comment - tcp: account for ts offset only if tsecr not zero (bsc#1042286). - tcp: fastopen: accept data/FIN present in SYNACK message (bsc#1042286). - tcp: fastopen: avoid negative sk_forward_alloc (bsc#1042286). - tcp: fastopen: call tcp_fin() if FIN present in SYNACK (bsc#1042286). - tcp: fastopen: fix rcv_wup initialization for TFO server on SYN/data (bsc#1042286). - tpm: Downgrade error level (bsc#1042535). - udp: avoid ufo handling on IP payload compression packets (bsc#1042286). - udplite: call proper backlog handlers (bsc#1042286). - x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs (bsc#9048891). - xen/mce: do not issue error message for failed /dev/mcelog registration (bnc#1036638). - xen: add sysfs node for guest type (bnc#1037840). - xfrm: Fix memory leak of aead algorithm name (bsc#1042286). - xfs: add missing include dependencies to xfs_dir2.h (bsc#1042421). - xfs: do not warn on buffers not being recovered due to LSN (bsc#1043598). - xfs: fix xfs_mode_to_ftype() prototype (bsc#1043598). - xfs: log recovery tracepoints to track current lsn and buffer submission (bsc#1043598). - xfs: pass current lsn to log recovery buffer validation (bsc#1043598). - xfs: refactor log record unpack and data processing (bsc#1043598). - xfs: replace xfs_mode_to_ftype table with switch statement (bsc#1042421). - xfs: rework log recovery to submit buffers on LSN boundaries (bsc#1043598). - xfs: rework the inline directory verifiers (bsc#1042421). - xfs: sanity check directory inode di_size (bsc#1042421). - xfs: sanity check inode di_mode (bsc#1042421). - xfs: update metadata LSN in buffers during log recovery (bsc#1043598). - xfs: verify inline directory data forks (bsc#1042421). - zswap: do not param_set_charp while holding spinlock (VM Functionality, bsc#1042886). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-716=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (noarch): kernel-devel-4.4.72-18.12.1 kernel-docs-4.4.72-18.12.3 kernel-docs-html-4.4.72-18.12.3 kernel-docs-pdf-4.4.72-18.12.3 kernel-macros-4.4.72-18.12.1 kernel-source-4.4.72-18.12.1 kernel-source-vanilla-4.4.72-18.12.1 - openSUSE Leap 42.2 (x86_64): kernel-debug-4.4.72-18.12.2 kernel-debug-base-4.4.72-18.12.2 kernel-debug-base-debuginfo-4.4.72-18.12.2 kernel-debug-debuginfo-4.4.72-18.12.2 kernel-debug-debugsource-4.4.72-18.12.2 kernel-debug-devel-4.4.72-18.12.2 kernel-debug-devel-debuginfo-4.4.72-18.12.2 kernel-default-4.4.72-18.12.2 kernel-default-base-4.4.72-18.12.2 kernel-default-base-debuginfo-4.4.72-18.12.2 kernel-default-debuginfo-4.4.72-18.12.2 kernel-default-debugsource-4.4.72-18.12.2 kernel-default-devel-4.4.72-18.12.2 kernel-obs-build-4.4.72-18.12.2 kernel-obs-build-debugsource-4.4.72-18.12.2 kernel-obs-qa-4.4.72-18.12.1 kernel-syms-4.4.72-18.12.1 kernel-vanilla-4.4.72-18.12.2 kernel-vanilla-base-4.4.72-18.12.2 kernel-vanilla-base-debuginfo-4.4.72-18.12.2 kernel-vanilla-debuginfo-4.4.72-18.12.2 kernel-vanilla-debugsource-4.4.72-18.12.2 kernel-vanilla-devel-4.4.72-18.12.2 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://www.suse.com/security/cve/CVE-2017-1000380.html https://www.suse.com/security/cve/CVE-2017-7346.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1012060 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1012829 https://bugzilla.suse.com/1015452 https://bugzilla.suse.com/1022595 https://bugzilla.suse.com/1031796 https://bugzilla.suse.com/1032339 https://bugzilla.suse.com/1036638 https://bugzilla.suse.com/1037840 https://bugzilla.suse.com/1038085 https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1039900 https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1041242 https://bugzilla.suse.com/1041431 https://bugzilla.suse.com/1041810 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1042356 https://bugzilla.suse.com/1042421 https://bugzilla.suse.com/1042517 https://bugzilla.suse.com/1042535 https://bugzilla.suse.com/1042536 https://bugzilla.suse.com/1042886 https://bugzilla.suse.com/1043014 https://bugzilla.suse.com/1043231 https://bugzilla.suse.com/1043236 https://bugzilla.suse.com/1043371 https://bugzilla.suse.com/1043467 https://bugzilla.suse.com/1043598 https://bugzilla.suse.com/1043935 https://bugzilla.suse.com/1044015 https://bugzilla.suse.com/1044125 https://bugzilla.suse.com/1044532 https://bugzilla.suse.com/863764 https://bugzilla.suse.com/966321 https://bugzilla.suse.com/966339 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/995542 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  4. news
    Asus ROG GX501VI Zephyrus with Nvidia Max-Q technology EXCLUSIVE ------------------------------------------------------------ http://mailchi.mp/kitguru/asus-rog-gx501vi-zephyrus-with-nvidia-max-q-technology-exclusive?e=872093acb5 http://www.kitguru.net Asus ROG GX501VI Zephyrus with Nvidia Max-Q technology EXCLUSIVE Asus has given the ROG GX501VI Zephyrus laptop a name that is a mouthful however the fact of the matter is that the name is not really long enough. In an ideal world Asus would have found some extra space to include the term Max-Q as Zephyrus is the first laptop we have seen that includes Nvidia Max-Q technology since it was announced at Computex 2017. Furthermore Asus has an exclusive arrangement with Nvidia for GTX 1080 Max-Q so while you will be able to buy the GTX 1070 Max-Q from at least two laptop companies, when it comes to GTX-1080 Max-Q it is Asus all the way. Read the preview here: https://www.kitguru.net/lifestyle/mobile/laptops/leo-waldock/asus-rog-gx501vi-zephyrus-with-nvidia-max-q-technology-exclusive/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=82822747b7&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  5. news
    openSUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1629-1 Rating: important References: #1039357 #1040043 Cross-References: CVE-2017-1000366 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - A bug in glibc that could result in deadlocks between malloc() and fork() has been fixed. [bsc#1040043] This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-715=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 i686 x86_64): glibc-2.22-4.9.1 glibc-debuginfo-2.22-4.9.1 glibc-debugsource-2.22-4.9.1 glibc-devel-2.22-4.9.1 glibc-devel-debuginfo-2.22-4.9.1 glibc-devel-static-2.22-4.9.1 glibc-locale-2.22-4.9.1 glibc-locale-debuginfo-2.22-4.9.1 glibc-profile-2.22-4.9.1 - openSUSE Leap 42.2 (i586 x86_64): glibc-extra-2.22-4.9.1 glibc-extra-debuginfo-2.22-4.9.1 glibc-utils-2.22-4.9.1 glibc-utils-debuginfo-2.22-4.9.1 glibc-utils-debugsource-2.22-4.9.1 nscd-2.22-4.9.1 nscd-debuginfo-2.22-4.9.1 - openSUSE Leap 42.2 (x86_64): glibc-32bit-2.22-4.9.1 glibc-debuginfo-32bit-2.22-4.9.1 glibc-devel-32bit-2.22-4.9.1 glibc-devel-debuginfo-32bit-2.22-4.9.1 glibc-devel-static-32bit-2.22-4.9.1 glibc-locale-32bit-2.22-4.9.1 glibc-locale-debuginfo-32bit-2.22-4.9.1 glibc-profile-32bit-2.22-4.9.1 glibc-utils-32bit-2.22-4.9.1 glibc-utils-debuginfo-32bit-2.22-4.9.1 - openSUSE Leap 42.2 (noarch): glibc-html-2.22-4.9.1 glibc-i18ndata-2.22-4.9.1 glibc-info-2.22-4.9.1 - openSUSE Leap 42.2 (i586): glibc-obsolete-2.22-4.9.1 glibc-obsolete-debuginfo-2.22-4.9.1 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1039357 https://bugzilla.suse.com/1040043 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  6. news
    openSUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1629-1 Rating: important References: #1039357 #1040043 Cross-References: CVE-2017-1000366 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - A bug in glibc that could result in deadlocks between malloc() and fork() has been fixed. [bsc#1040043] This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-715=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 i686 x86_64): glibc-2.22-4.9.1 glibc-debuginfo-2.22-4.9.1 glibc-debugsource-2.22-4.9.1 glibc-devel-2.22-4.9.1 glibc-devel-debuginfo-2.22-4.9.1 glibc-devel-static-2.22-4.9.1 glibc-locale-2.22-4.9.1 glibc-locale-debuginfo-2.22-4.9.1 glibc-profile-2.22-4.9.1 - openSUSE Leap 42.2 (i586 x86_64): glibc-extra-2.22-4.9.1 glibc-extra-debuginfo-2.22-4.9.1 glibc-utils-2.22-4.9.1 glibc-utils-debuginfo-2.22-4.9.1 glibc-utils-debugsource-2.22-4.9.1 nscd-2.22-4.9.1 nscd-debuginfo-2.22-4.9.1 - openSUSE Leap 42.2 (x86_64): glibc-32bit-2.22-4.9.1 glibc-debuginfo-32bit-2.22-4.9.1 glibc-devel-32bit-2.22-4.9.1 glibc-devel-debuginfo-32bit-2.22-4.9.1 glibc-devel-static-32bit-2.22-4.9.1 glibc-locale-32bit-2.22-4.9.1 glibc-locale-debuginfo-32bit-2.22-4.9.1 glibc-profile-32bit-2.22-4.9.1 glibc-utils-32bit-2.22-4.9.1 glibc-utils-debuginfo-32bit-2.22-4.9.1 - openSUSE Leap 42.2 (noarch): glibc-html-2.22-4.9.1 glibc-i18ndata-2.22-4.9.1 glibc-info-2.22-4.9.1 - openSUSE Leap 42.2 (i586): glibc-obsolete-2.22-4.9.1 glibc-obsolete-debuginfo-2.22-4.9.1 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1039357 https://bugzilla.suse.com/1040043 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  7. news
    A simple application to access, organize and share your photos on GNOME. It is meant to be a simple and elegant replacement for using a file manager to deal with photos. Seamless cloud integration is offered through GNOME Online Accounts. Overview of changes in 3.25.3 ============================= * Support zooming (742662) * Bugs fixed: 763712 Use G_DECLARE_FINAL_TYPE 764423 Use G_DECLARE_INTERFACE 776082 Port PhotosSearchbar to GtkSearchBar 778354 photos:insta-curve should support buffers with alpha channel 780424 Port widgets to templates 782012 Remove the g_auto* macros for GEGL * Updated translations: Friulian German Indonesian Kazakh Polish Spanish Bugs: https://bugzilla.gnome.org/enter_bug.cgi?product=gnome-photos Design: https://wiki.gnome.org/Design/Apps/Photos Download: http://download.gnome.org/sources/gnome-photos/3.25/ Git: http://git.gnome.org/browse/gnome-photos Website: https://wiki.gnome.org/Apps/Photos Happy hacking, Debarshi _______________________________________________
  8. news
    SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1628-1 Rating: critical References: #1018074 #1035920 #1039348 #1042921 #1043234 Cross-References: CVE-2017-1000364 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: - fnic now returns 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic is now using rport->dd_data to check if rport is online instead of rport_lookup (bsc#1035920). - The rport check location in fnic_queuecommand_lck was corrected (bsc#1035920). - xfs: remove patches that caused regression (bsc#1043234). - mm: enlarge stack guard gap (bnc#1039348, CVE-2017-1000364, bnc#1042921). - PCI: Allow access to VPD attributes with size 0 (bsc#1018074). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-13160=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-13160=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13160=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-13160=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-104.7 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-104.2 kernel-default-base-3.0.101-104.2 kernel-default-devel-3.0.101-104.2 kernel-source-3.0.101-104.2 kernel-syms-3.0.101-104.2 kernel-trace-3.0.101-104.2 kernel-trace-base-3.0.101-104.2 kernel-trace-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-104.2 kernel-ec2-base-3.0.101-104.2 kernel-ec2-devel-3.0.101-104.2 kernel-xen-3.0.101-104.2 kernel-xen-base-3.0.101-104.2 kernel-xen-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-104.2 kernel-bigmem-base-3.0.101-104.2 kernel-bigmem-devel-3.0.101-104.2 kernel-ppc64-3.0.101-104.2 kernel-ppc64-base-3.0.101-104.2 kernel-ppc64-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-104.2 kernel-pae-base-3.0.101-104.2 kernel-pae-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-104.2 kernel-default-debugsource-3.0.101-104.2 kernel-trace-debuginfo-3.0.101-104.2 kernel-trace-debugsource-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-104.2 kernel-trace-devel-debuginfo-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-104.2 kernel-ec2-debugsource-3.0.101-104.2 kernel-xen-debuginfo-3.0.101-104.2 kernel-xen-debugsource-3.0.101-104.2 kernel-xen-devel-debuginfo-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-104.2 kernel-bigmem-debugsource-3.0.101-104.2 kernel-ppc64-debuginfo-3.0.101-104.2 kernel-ppc64-debugsource-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-104.2 kernel-pae-debugsource-3.0.101-104.2 kernel-pae-devel-debuginfo-3.0.101-104.2 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1018074 https://bugzilla.suse.com/1035920 https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1042921 https://bugzilla.suse.com/1043234 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  9. news
    View this email in your browser (http://mailchi.mp/hothardware/intel-optane-memory-with-3d-xpoint-review-easy-robust-pc-acceleration-1082821?e=0c004f9c13) Today marks the launch of AMD's EPYC family of processors for data center servers. Based on the company's Zen microarchitecture, it has become abundantly clear that AMD was targeting the lucrative data center market first and foremost with its new CPU architecture and the highly scalable Naples platform that leverages it. Of course Zen scales well for client/consumer desktop applications, as we've seen with AMD's successful Ryzen processor launch. However, the data center is near and dear to the AMD's heart, due to significantly higher chip pricing and better profit margins; not to mention the explosion of the cloud, from software as a service-built platforms like Amazon AWS, to AI, and big data analytics. Today, AMD is giving us a detailed picture of how its Zen-based EPYC processor lineup will flesh-out... AMD Unveils EPYC 7000 Series Processors And Platform To Take On Intel In the Data Center (http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=e367140eab&e=0c004f9c13) http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=abd98b8f66&e=0c004f9c13 http://hothardware.us3.list-manage1.com/track/click?u=efc4c507c2cf964fc2462caca&id=899014ffd8&e=0c004f9c13 Best Regards, HotHardware.com (http://hothardware.us3.list-manage1.com/track/click?u=efc4c507c2cf964fc2462caca&id=7014392c62&e=0c004f9c13) http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=ea500c9039&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=49c7f3cd90&e=0c004f9c13 http://hothardware.us3.list-manage.com/track/click?u=efc4c507c2cf964fc2462caca&id=9464f7501f&e=0c004f9c13 ============================================================
  10. news
    Hi all, a new kirigami release has just been done, it can be found at https://download.kde.org/stable/kirigami/kirigami2-2.2.0.tar.xz sha256:b8e0b5088c39740dd002d5bf8046ea219cb63f7d9e19083202f7ba05cc3a4c05 https://download.kde.org/stable/kirigami/kirigami2-2.2.0.tar.xz.asc sha256:2ef2b5fc0aa0f4897ac47ec68cea3600009d2f1a4e1b6c99a78f36025edf4b12 -- Marco Matin
  11. news
    Hi all, a new kirigami release has just been done, it can be found at https://download.kde.org/stable/kirigami/kirigami2-2.2.0.tar.xz sha256:b8e0b5088c39740dd002d5bf8046ea219cb63f7d9e19083202f7ba05cc3a4c05 https://download.kde.org/stable/kirigami/kirigami2-2.2.0.tar.xz.asc sha256:2ef2b5fc0aa0f4897ac47ec68cea3600009d2f1a4e1b6c99a78f36025edf4b12 -- Marco Matin
  12. news
    AMD's Epyc server CPU lineup is here. We take a tour of AMD's implementations of Zen for the data center and explore the company's first competitive estimates of performance for the platform versus Intel's Broadwell Xeons. Read more: http://techreport.com/review/32125/amd-epyc-7000-series-cpus-revealed -- To unsubscribe from: TR-News, just follow this link: http://node1.techreport.com/cgi-bin/dada/mail.cgi/u/trnews/reviewnews// Click this link, or copy and paste the address into your browser.
  13. news
    Cherry MX 6.0 Red Switch LED Keyboard Cherry taking the front on the quality and the design of their line of fantastic mechanical keyboards has brought the goliath of all keyboards. The Cherry MX 6.0 takes the mechanics of the Silent Red Cherry Switch series alongside a very vibrant and smooth red LED backlighting... MEGACON 2017 Gallery MegaCon Orlando is the South East’s largest comics, sci-fi, horror, anime, and gaming event, attracting over 100,000 fans each year across four big days. Everyone is a fan of something, and MegaCon is a place to celebrate all things pop culture. Get an autograph or a photo with your favorite guest and get the inside scoop about your favorite movies & TV shows at our celebrity panels! Watch professional comic artists battle it out in our popular Sketch Duels, learn from our “How To†workshops, and take photos with your favorite costumed characters! It’s also a great place to buy a unique gift (or treat yourself!) with over 400,000 square feet of shopping madness. TechwareLabs Featured Product Here we are: the new PowerColor sequel to the RX line has arrived, boasting new physical designs as well as internal modifications to achieve highly scalable efficiency. While most internal hardware features compare similarly to the Red Dragon, such as 4GB 256-bit GDDR5, it does feature some minor internal changes like a 4% increase of boost clock frequency and a decrease by 14% in stream processor count. OUR RECENT REVIEWS 3 Possible Follow-Ups to Google’s Pixel How to Make a 3D Scanner from an Xbox 360 Kinect Kanex GoPower Plus Premium Portable Power Hands on with the Lenovo Yoga Book Hot Product Highlight Monster Fatal1ty FXM 200 BEFORE YOU GO: [*]Check out our Facebook Page! [*]Check out our YouTube Channel! Subscribe to our RSS Feed A news post would be greatly appreciated!
  14. news
    Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: AMD EPYC Architecture & Technical Overview Link: https://www.techpowerup.com/reviews/AMD/Epyc_Server_Architecture Brief: Today AMD took the wraps off their new EPYC server processors, which feature up to 64 threads and can support one or two CPUs per motherboard. Our article details the technical and architectural changes and also explains how AMD's Infinity Fabric interconnect works.
  15. news
    When AMD first dreamed up the Zen core architecture they did it to disrupt the datacenter platforms and they new they needed a 32-core processor to do that. AMD came up with a new architecture from the ground up and that would be AMD’s new EPYC server chip (previously codenamed Naples). AMD EPYC hopes to chisel some market share away from Intel, who currently has 99% of this market. Read on to see what EPYC will deliver! Article Title: AMD EPYC 7000 Series Processor Set To Change The Game ( -at -) Legit Reviews Article URL: http://www.legitreviews.com/amd-epyc-7000-series-processor-set-change-game_195601 Unsubscribe: http://adserv.legitreviews.com/cgi-bin/dada/mail.cgi/u/legitpr/reviewnews// =
  16. news
    Hi News Poster HardwareOverclock.com has just posted another review. Last week we have tested the EK Waterblocks Monoblock MSI Z270 Gaming RGB. "EK-FB MSI Z270 GAMING Monoblock RGB is a complete all-in-one (CPU and motherboard) liquid cooling solution for IntelR LGA-1151 socket Kaby Lake, Sky Lake CPU's. This monoblock is compatible with a lot of MSI Z270 motherboards from the carbon series." Title: EK Waterblocks Monoblock MSI Z270 Gaming RGB ( -at -) HardwareOverclock.com Link: http://hardwareoverclock.com/EK-Waterblocks-Monoblock-MSI-Z270-Gaming-RGB.ht m Image: http://hardwareoverclock.com/Wasserkuehlung/Monoblock-MSI-Z270-Gaming-033_sm all.jpg Thanks for posting our news. Pls feel free and send us your News too. Rene Ruf Chefredakteuer HardwareOverclock.com <mailto:admin ( -at -) hardwareoverclock.com> admin ( -at -) hardwareoverclock.com <http://www.hardwareoverclock.com/> HardwareOverclock.com
  17. news
    Hi News Poster HardwareOverclock.com has just posted another review. Last week we have tested the EK Waterblocks Monoblock MSI Z270 Gaming RGB. "EK-FB MSI Z270 GAMING Monoblock RGB is a complete all-in-one (CPU and motherboard) liquid cooling solution for IntelR LGA-1151 socket Kaby Lake, Sky Lake CPU's. This monoblock is compatible with a lot of MSI Z270 motherboards from the carbon series." Title: EK Waterblocks Monoblock MSI Z270 Gaming RGB ( -at -) HardwareOverclock.com Link: http://hardwareoverclock.com/EK-Waterblocks-Monoblock-MSI-Z270-Gaming-RGB.ht m Image: http://hardwareoverclock.com/Wasserkuehlung/Monoblock-MSI-Z270-Gaming-033_sm all.jpg Thanks for posting our news. Pls feel free and send us your News too. Rene Ruf Chefredakteuer HardwareOverclock.com <mailto:admin ( -at -) hardwareoverclock.com> admin ( -at -) hardwareoverclock.com <http://www.hardwareoverclock.com/> HardwareOverclock.com
  18. news
    Hi News Poster HardwareOverclock.com has just posted another review. Last week we have tested the EK Waterblocks Monoblock MSI Z270 Gaming RGB. "EK-FB MSI Z270 GAMING Monoblock RGB is a complete all-in-one (CPU and motherboard) liquid cooling solution for IntelR LGA-1151 socket Kaby Lake, Sky Lake CPU's. This monoblock is compatible with a lot of MSI Z270 motherboards from the carbon series." Title: EK Waterblocks Monoblock MSI Z270 Gaming RGB ( -at -) HardwareOverclock.com Link: http://hardwareoverclock.com/EK-Waterblocks-Monoblock-MSI-Z270-Gaming-RGB.ht m Image: http://hardwareoverclock.com/Wasserkuehlung/Monoblock-MSI-Z270-Gaming-033_sm all.jpg Thanks for posting our news. Pls feel free and send us your News too. Rene Ruf Chefredakteuer HardwareOverclock.com <mailto:admin ( -at -) hardwareoverclock.com> admin ( -at -) hardwareoverclock.com <http://www.hardwareoverclock.com/> HardwareOverclock.com
  19. news
    Hi News Poster HardwareOverclock.com has just posted another review. Last week we have tested the EK Waterblocks Monoblock MSI Z270 Gaming RGB. "EK-FB MSI Z270 GAMING Monoblock RGB is a complete all-in-one (CPU and motherboard) liquid cooling solution for IntelR LGA-1151 socket Kaby Lake, Sky Lake CPU's. This monoblock is compatible with a lot of MSI Z270 motherboards from the carbon series." Title: EK Waterblocks Monoblock MSI Z270 Gaming RGB ( -at -) HardwareOverclock.com Link: http://hardwareoverclock.com/EK-Waterblocks-Monoblock-MSI-Z270-Gaming-RGB.ht m Image: http://hardwareoverclock.com/Wasserkuehlung/Monoblock-MSI-Z270-Gaming-033_sm all.jpg Thanks for posting our news. Pls feel free and send us your News too. Rene Ruf Chefredakteuer HardwareOverclock.com <mailto:admin ( -at -) hardwareoverclock.com> admin ( -at -) hardwareoverclock.com <http://www.hardwareoverclock.com/> HardwareOverclock.com
  20. news
    SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1626-1 Rating: important References: #1034560 #1042146 Cross-References: CVE-2017-1000368 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. (bsc#1042146) Also the following non security bug was fixed: - Link the "system_group" plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1002=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1002=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1002=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1002=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1002=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 sudo-devel-1.8.10p3-10.10.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 References: https://www.suse.com/security/cve/CVE-2017-1000368.html https://bugzilla.suse.com/1034560 https://bugzilla.suse.com/1042146 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  21. news
    SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1627-1 Rating: important References: #1034560 #1042146 Cross-References: CVE-2017-1000368 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sudo fixes the following issues: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. (bsc#1042146) Also the following non security bug was fixed: - Link the "system_group" plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1001=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1001=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1001=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1001=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1001=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 References: https://www.suse.com/security/cve/CVE-2017-1000368.html https://bugzilla.suse.com/1034560 https://bugzilla.suse.com/1042146 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  22. news

    Shotwell 0.27.0

    news posted a topic in Upcoming News

    A new unstable release of Shotwell is available. Changes since 0.26.2:  * Remove F-Spot import support  * Create a commandline utility to test image transformations  * Speed up color transformations a bit  * Bump GTK+ requirement to 3.18 and remove deprecated functions  * Clean-up histogram drawing code  * Run thumbnailer with nice 19  * Update VAAPI blacklisting for video thumbnailer and new plugin structure  * Add configurable image background  * Split several dialogs from shotwell.ui file  * Move Tumblr to default plugin set  * Remove some unnecessary memcpys on import  * Add Meson build support  * Some more ngettext for plurals  * Add --fullscreen/-f option for viewer  * Add option to install Ubuntu apport hook  * Fix issue when importing to NTFS-backed vboxfs  * Fix GSettings schema search path for running out-of-tree  * Work around "Camera locked: -53" error on GNOME  * Fix issue with missing highlight on dnd actions Bugs fixed in this release:  - https://bugzilla.gnome.org/show_bug.cgi?id=716448  - https://bugzilla.gnome.org/show_bug.cgi?id=716499  - https://bugzilla.gnome.org/show_bug.cgi?id=716547  - https://bugzilla.gnome.org/show_bug.cgi?id=716599  - https://bugzilla.gnome.org/show_bug.cgi?id=716708  - https://bugzilla.gnome.org/show_bug.cgi?id=716830  - https://bugzilla.gnome.org/show_bug.cgi?id=717767  - https://bugzilla.gnome.org/show_bug.cgi?id=718809  - https://bugzilla.gnome.org/show_bug.cgi?id=718846  - https://bugzilla.gnome.org/show_bug.cgi?id=719020  - https://bugzilla.gnome.org/show_bug.cgi?id=719031  - https://bugzilla.gnome.org/show_bug.cgi?id=719240  - https://bugzilla.gnome.org/show_bug.cgi?id=733652  - https://bugzilla.gnome.org/show_bug.cgi?id=742563  - https://bugzilla.gnome.org/show_bug.cgi?id=752008  - https://bugzilla.gnome.org/show_bug.cgi?id=760868  - https://bugzilla.gnome.org/show_bug.cgi?id=768938  - https://bugzilla.gnome.org/show_bug.cgi?id=773267  - https://bugzilla.gnome.org/show_bug.cgi?id=774650  - https://bugzilla.gnome.org/show_bug.cgi?id=780811  - https://bugzilla.gnome.org/show_bug.cgi?id=781567  - https://bugzilla.gnome.org/show_bug.cgi?id=781897  - https://bugzilla.gnome.org/show_bug.cgi?id=783250 All contributors to this release:  - Jens Georg  - Piotr Drąg  - Jordi Mas  - gogo  - Andika Triwidada  - Rafael Fontenelle  - Mario Blättermann  - Jeremy Bicha  - Enrico Nicoletto  - Emin Tufan Çetin  - Dušan Kazik  - Daniel Mustieles  - Claude Paroz  - Anders Jonsson  - Alan Mortensen Added/updated translations  - ca, courtesy of Jordi Mas  - da, courtesy of Alan Mortensen  - de, courtesy of Mario Blättermann  - es, courtesy of Daniel Mustieles  - fr, courtesy of Claude Paroz  - hr, courtesy of gogo  - id, courtesy of Andika Triwidada  - pl, courtesy of Piotr Drąg  - pt_BR, courtesy of Enrico Nicoletto  - sk, courtesy of Dušan Kazik  - sv, courtesy of Anders Jonsson  - tr, courtesy of Emin Tufan Çetin Shotwell 0.27.0 is available for download at https://download.gnome.org/sources/shotwell/0.27/shotwell-0.27.0.tar.xz Or for Ubuntu >= 16.04 at the unstable PPA: https://launchpad.net/~yg-jensge/+archive/ubuntu/shotwell-unstable _______________________________________________
  23. news
    CentOS Errata and Security Advisory 2017:1484 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1484.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 5bf01ddf86b01221e0958422ec627961d035551e0474ac10245dc4958800705f kernel-3.10.0-514.21.2.el7.x86_64.rpm 232a0f622143e55d9011f3808471aad219396cccd156f24687b156b6d432a608 kernel-abi-whitelists-3.10.0-514.21.2.el7.noarch.rpm 967dc375e96b08d16737aad6d9630e6b47903dd02ce6d7a916c741eee78afc51 kernel-debug-3.10.0-514.21.2.el7.x86_64.rpm e68aa2a3377cdf058843658dbf4447d0091538891b0fa1bcd79c1a0dd2c9ce34 kernel-debug-devel-3.10.0-514.21.2.el7.x86_64.rpm 5000ca51295103b942c4941a5d2e53a6a78aadc08708d32c2ace22c227a58c4d kernel-devel-3.10.0-514.21.2.el7.x86_64.rpm ad28e256a053af55c9167e6d4ef737bf334b128df16cddc023e845c9f6a94480 kernel-doc-3.10.0-514.21.2.el7.noarch.rpm 62b49e8818f09e2833753e8bd1d861aa36a05b1f8982adcb80bf7f5cc9c8af24 kernel-headers-3.10.0-514.21.2.el7.x86_64.rpm 4a5b113ba6761d64045250d364470007c8961d8f374d4321bd3db24c629c4a9b kernel-tools-3.10.0-514.21.2.el7.x86_64.rpm 2c4d3a43385253a681618b4d0135753d893bd312fb82f19eb4d958c713d28bb9 kernel-tools-libs-3.10.0-514.21.2.el7.x86_64.rpm 7bc126ec06ffde55cf2217eb43cc44fdf96628131a5806f6303faad8e6b63252 kernel-tools-libs-devel-3.10.0-514.21.2.el7.x86_64.rpm 9d55662dadce103200676da60fce559da8d9bacea7fc38930e461c2a52665a7b perf-3.10.0-514.21.2.el7.x86_64.rpm d9ef263dba6b41ad7d4e1282a63ae04a1614788a1988485455448c0cf0034eb8 python-perf-3.10.0-514.21.2.el7.x86_64.rpm Source: 3235af92f1e1681e86df0c33bf822a56c7f9f54bdb88746dffb8764cf8bc7db5 kernel-3.10.0-514.21.2.el7.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos ( -at -) irc.freenode.net Twitter: ( -at -) JohnnyCentOS _______________________________________________
  24. news
    View this email in your browser (http://us10.campaign-archive1.com/?u=9a2f239b17114c9008e3dfda9&id=59ed45d9c4&e=8138df6da5) ** Benchmark Reviews Presents: ------------------------------------------------------------ TITLE: Roccat Leadr Gaming Mouse Review (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=49b1935d54&e=8138df6da5) QUOTE: Roccat has gone wireless with its Leadr optical gaming mouse. The Leadr includes a few new features, like the Owl-Eye 12000 DPI optical sensor (PixArt 3361). This is a modified version of the PixArt 3360 with improved responsiveness and manual surface calibration. With a body design similar to the Roccat Tyon, the Leadr also includes RGB lighting, an elegant charging dock, and customizable settings and profiles via the Swarm software. It does have a 20 hours battery life, which should set some great expectations for long gaming sessions. Benchmark Reviews has a chance to review the Roccat Leadr with its new Owl-Eye optical sensor, so let’s jump in to a quick overview of this wireless gaming product. LINK: http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=efff438116&e=8138df6da5 IMAGE: http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=067d460055&e=8138df6da5 ============================================================ ** (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=3e234af1bb&e=8138df6da5) ** (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=1e5a2de8b7&e=8138df6da5) ** (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=4bf95d875d&e=8138df6da5)
  25. news
    =AEROCOOL STRIKE-X AIR REVIEW= ------------------------------------------------------------ http://mailchi.mp/kitguru/ccl-athena-aura-i51070-system-review?e=872093acb5 http://www.kitguru.net =AEROCOOL STRIKE-X AIR REVIEW= Today we are going to look at the Aerocool Strike-X Air which is a very innovative chassis, designed to appeal to those enthusiasts who spend a lot of time inside their PC and change hardware frequently. It uses an open design, similar to a test bench, which features a large mesh cover to hide the components . Read the review here: http://www.kitguru.net/components/cases/henry-butt/aerocool-strike-x-air-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=9970ba6d98&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
×