Jump to content
Compatible Support Forums

news

Members
 View Profile  See their activity

  • Content count

    80899

  • Joined

  • Last visited

    Never

  • Days Won

    18

Everything posted by news

  1. news
    openSUSE Security Update: Security update for exim ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1625-1 Rating: important References: #1044692 Cross-References: CVE-2017-1000369 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for exim fixes the following issues: - CVE-2017-1000369: Fixed a memory leak in exim commandline handling, which could be used to exhaust memory and make "stack crash" attacks likely. (boo#1044692) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-714=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): exim-4.86.2-10.3.1 exim-debuginfo-4.86.2-10.3.1 exim-debugsource-4.86.2-10.3.1 eximon-4.86.2-10.3.1 eximon-debuginfo-4.86.2-10.3.1 eximstats-html-4.86.2-10.3.1 References: https://www.suse.com/security/cve/CVE-2017-1000369.html https://bugzilla.suse.com/1044692 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  2. news
    ** TECHSPOT ------------------------------------------------------------ ** Logitech G413 Carbon Mechanical Keyboard Review ------------------------------------------------------------ ** http://www.techspot.com/review/1421-logitech-g413-carbon/ ------------------------------------------------------------ Mechanical keyboards have long been all the rage for gamers, but they're still a long way off becoming ubiquitous due to their premium price point. The Logitech G413 is a full-sized mechanical gaming-oriented keyboard, but at $90 it undercuts most of its competition while packing in largely the same feature set. Thank you. Julio Franco Executive Editor | TECHSPOT ( -at -) juliofranco ----------------------------------- ============================================================ Our mailing address is: TechSpot 8237 NW 68 St Miami, FL 33166 USA
  3. news
    Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: Asus ROG Strix Magnus Link: https://www.techpowerup.com/reviews/Asus/ROG_Strix_Magnus Brief: Asus' first entry into the field of streaming microphones - the ones used by Twitch and YouTube streamers - is a great one. The ROG Strix Magnus is packed with features, comes in a compact form factor, and its sound quality will make your followers and subscribers happy.
  4. news
    CentOS Errata and Security Advisory 2017:1481 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1481.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 2ae484b46a13bd0bb12031e252a4e13ee5c74705fed8fb576698f2c4e11a6163 glibc-2.17-157.el7_3.4.i686.rpm e2b260088877521e9122cd4225af9607af32068704ce4f3220efb2b3758e462d glibc-2.17-157.el7_3.4.x86_64.rpm 494841b24fb8b5b25310766f7d8866609e1c8beb740540834657529667f1ae9d glibc-common-2.17-157.el7_3.4.x86_64.rpm 7a285d626ef8906c8fa960da93e1106dc231a50831d697f8cf0c90b3f93ed85a glibc-devel-2.17-157.el7_3.4.i686.rpm c79dfc8aeeaac7ece2088200c35fb52427149c0ed3f5a0ac22d6dd448a7cd555 glibc-devel-2.17-157.el7_3.4.x86_64.rpm 3792c94e171e9f22f85fc864cc69de84f58638c6424b30fcb2199a6561f0012e glibc-headers-2.17-157.el7_3.4.x86_64.rpm a1094b9495112757b4edeb87277a1f46b48c67f90dc5816cbdce3d7c57da356a glibc-static-2.17-157.el7_3.4.i686.rpm 07d95e1e00c887a417eafe8ecefd5655358a6c2431cda6e396c0385eaf574db2 glibc-static-2.17-157.el7_3.4.x86_64.rpm 4a35235842cd5ab357845a649a1d653a2cef3fd3c6c14d7148be4a1a7b94cb3a glibc-utils-2.17-157.el7_3.4.x86_64.rpm c640447bb665eaa3fb0e4732f75631bd517024f239fd0965b0c029d6a0df0d0d nscd-2.17-157.el7_3.4.x86_64.rpm Source: 43e73ff88b6a7974b167b492ab1797c9cce228f4e880b93da3398915dd54e998 glibc-2.17-157.el7_3.4.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos ( -at -) irc.freenode.net Twitter: ( -at -) JohnnyCentOS _______________________________________________
  5. news
    CentOS Errata and Security Advisory 2017:1480 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1480.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: c8c5562d6277f6546125c0b72fa632813376708c0929ed5966c6ecc1d60af267 glibc-2.12-1.209.el6_9.2.i686.rpm acf4bb8d9766178547f15a0fd2b9e4dcb03978a8a76e445cdee8298aff5c56e9 glibc-common-2.12-1.209.el6_9.2.i686.rpm 9e238d3b2bd69de6782d93b81dd3e0612297341fc291b3d48528234c9e74a603 glibc-devel-2.12-1.209.el6_9.2.i686.rpm eb1f7a972fca5638c89846144c43d8ed047826d54d3211a1cdcdf636d368cc73 glibc-headers-2.12-1.209.el6_9.2.i686.rpm e012693de52e984e6c8a9f1d372a5704ee88516d623f395149f39176a6e31123 glibc-static-2.12-1.209.el6_9.2.i686.rpm 3c461fb2d935fdf98ff2053bdc7ca2d7b89503bb83e58f0562731c467439f4d6 glibc-utils-2.12-1.209.el6_9.2.i686.rpm d6c2f6513becee9330d00adaed6843985c7f1d680fafc0834c6bed7aeefc791b nscd-2.12-1.209.el6_9.2.i686.rpm x86_64: c8c5562d6277f6546125c0b72fa632813376708c0929ed5966c6ecc1d60af267 glibc-2.12-1.209.el6_9.2.i686.rpm 0e0c823ee4eea6dd1093dadb523997fb82d1aa569240cf9656c8e7cbcb4570fc glibc-2.12-1.209.el6_9.2.x86_64.rpm a7f9dc551a52ca69dba42fea8af8c5ab1bc009ff7320ef921363d1ae515c0672 glibc-common-2.12-1.209.el6_9.2.x86_64.rpm 9e238d3b2bd69de6782d93b81dd3e0612297341fc291b3d48528234c9e74a603 glibc-devel-2.12-1.209.el6_9.2.i686.rpm 4f0a6c0baa9cfb07da2399e130d8770d37c17a83bb3e9f1899be5f79be7c6e2b glibc-devel-2.12-1.209.el6_9.2.x86_64.rpm 021becbbd47a5ddcd82b59a697918f7af7193539cf574039593016e0b2e44cc0 glibc-headers-2.12-1.209.el6_9.2.x86_64.rpm e012693de52e984e6c8a9f1d372a5704ee88516d623f395149f39176a6e31123 glibc-static-2.12-1.209.el6_9.2.i686.rpm 570ac84e27cfa78a0c3667f29c4bd1977dab00cb862368a226395e011f597bc7 glibc-static-2.12-1.209.el6_9.2.x86_64.rpm 0bbab0ee74648108c13799e8845da6de2bacd8d936f5e803e401c2deb5f53d97 glibc-utils-2.12-1.209.el6_9.2.x86_64.rpm 358fcd0052c34d2e3a60144740670cc86380cd7061ab2ed73e8f9857c919f8df nscd-2.12-1.209.el6_9.2.x86_64.rpm Source: 117b8365020b0540e92e01c9d34ae7351805551b8c8850068936e7fa54c83fb8 glibc-2.12-1.209.el6_9.2.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos ( -at -) irc.freenode.net Twitter: ( -at -) JohnnyCentOS _______________________________________________
  6. news
    CentOS Errata and Security Advisory 2017:1486 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1486.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 790cdc53532b77753320fd610a36d447d6ed3c83f43554198b9408978a00ec60 kernel-2.6.32-696.3.2.el6.i686.rpm ad40e5ec53d5db75c99d6ce89c5ea27c8f06a8d531a4b576d923f43e023a13ef kernel-abi-whitelists-2.6.32-696.3.2.el6.noarch.rpm 09c037d970b18ca14074ef2b716c697444e8e78a6ccfe8f5c2c84f456855ddd5 kernel-debug-2.6.32-696.3.2.el6.i686.rpm bbe480c0b64e67265eb03aa06418ec67e2cfa2b194a0e6403ff98ed8598f0781 kernel-debug-devel-2.6.32-696.3.2.el6.i686.rpm ae5c82efa501750c4506ba98baaadc41b7d2a3077e620124aa114d19fe82275e kernel-devel-2.6.32-696.3.2.el6.i686.rpm 1f719db2f6f308802b0db4c984ecac0d06afbc246e530a9a6bc1aa72518bc4d6 kernel-doc-2.6.32-696.3.2.el6.noarch.rpm af483e736b9ad6fbc428c88e98e9c9719d8aada1c6060efac1eb6d7efcf47b69 kernel-firmware-2.6.32-696.3.2.el6.noarch.rpm d821e117dfa8ee68108120528ce82166756ee12ba45840c6aac8b9294e384918 kernel-headers-2.6.32-696.3.2.el6.i686.rpm 5dd2ba9f556bb57ef5b4d293789a84e7786f24faf4a44bd1a3f4ecaf529e4e34 perf-2.6.32-696.3.2.el6.i686.rpm 9e2f9cab9c0a20028f94b18e5cacfd5e122c4e5297449cbac0bd5085f0a16e43 python-perf-2.6.32-696.3.2.el6.i686.rpm x86_64: 9522470de2e280716f47ed1bbcf97eb7b579124a0c2303e67e1563d7437baef4 kernel-2.6.32-696.3.2.el6.x86_64.rpm ad40e5ec53d5db75c99d6ce89c5ea27c8f06a8d531a4b576d923f43e023a13ef kernel-abi-whitelists-2.6.32-696.3.2.el6.noarch.rpm 80461a5f802c929a46a49de62292c2e8ff55b3b602d7b457bc0f1edc82826dc8 kernel-debug-2.6.32-696.3.2.el6.x86_64.rpm bbe480c0b64e67265eb03aa06418ec67e2cfa2b194a0e6403ff98ed8598f0781 kernel-debug-devel-2.6.32-696.3.2.el6.i686.rpm 7fb4d1fc2d88741aa63c7c9a14ca8f0cbb220ec62b8b9ea9686603cb4bb1ca91 kernel-debug-devel-2.6.32-696.3.2.el6.x86_64.rpm bf71154a743547f6c62bd3febfdc04b9c0364d971eb3178093f4499c26fa177a kernel-devel-2.6.32-696.3.2.el6.x86_64.rpm 1f719db2f6f308802b0db4c984ecac0d06afbc246e530a9a6bc1aa72518bc4d6 kernel-doc-2.6.32-696.3.2.el6.noarch.rpm af483e736b9ad6fbc428c88e98e9c9719d8aada1c6060efac1eb6d7efcf47b69 kernel-firmware-2.6.32-696.3.2.el6.noarch.rpm 590859bdff07c0760d3b8d464afcb8c9a9cc65005f7197b3487fffd129e36499 kernel-headers-2.6.32-696.3.2.el6.x86_64.rpm a2f03b1b889b68e64515646232d53408729d91a103546dc1f2b897894acf1691 perf-2.6.32-696.3.2.el6.x86_64.rpm 8ec387ae3f109fda19599dafd59ca4825eec62cfeb6cb00add50dd6d1c2bb82a python-perf-2.6.32-696.3.2.el6.x86_64.rpm Source: a30a967dec1e315ac74ca839749037217e01441fed806a25e075108e99fb07db kernel-2.6.32-696.3.2.el6.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos ( -at -) irc.freenode.net Twitter: ( -at -) JohnnyCentOS _______________________________________________
  7. news
    SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1622-1 Rating: important References: #1038709 #1038711 #1038713 #995374 Cross-References: CVE-2016-6329 CVE-2017-7478 CVE-2017-7479 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for openvpn fixes the following issues: - CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers (bsc#995374) - CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709) - CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711) - Hardening measures found by internal audit (bsc#1038713) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-998=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-998=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-998=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openvpn-2.3.8-16.14.1 openvpn-auth-pam-plugin-2.3.8-16.14.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): openvpn-2.3.8-16.14.1 openvpn-auth-pam-plugin-2.3.8-16.14.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): openvpn-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1 References: https://www.suse.com/security/cve/CVE-2016-6329.html https://www.suse.com/security/cve/CVE-2017-7478.html https://www.suse.com/security/cve/CVE-2017-7479.html https://bugzilla.suse.com/1038709 https://bugzilla.suse.com/1038711 https://bugzilla.suse.com/1038713 https://bugzilla.suse.com/995374 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  8. news
    SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1621-1 Rating: important References: #1039357 Cross-References: CVE-2017-1000366 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-13158=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-13158=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-glibc-13158=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glibc-13158=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-13158=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-13158=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.109.1 glibc-devel-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.109.1 glibc-i18ndata-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 glibc-locale-2.11.3-17.109.1 glibc-profile-2.11.3-17.109.1 nscd-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.109.1 glibc-devel-32bit-2.11.3-17.109.1 glibc-locale-32bit-2.11.3-17.109.1 glibc-profile-32bit-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.109.1 glibc-profile-x86-2.11.3-17.109.1 glibc-x86-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.109.1 glibc-devel-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.109.1 glibc-i18ndata-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 glibc-locale-2.11.3-17.109.1 glibc-profile-2.11.3-17.109.1 nscd-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): glibc-32bit-2.11.3-17.109.1 glibc-devel-32bit-2.11.3-17.109.1 glibc-locale-32bit-2.11.3-17.109.1 glibc-profile-32bit-2.11.3-17.109.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 i686): glibc-2.11.3-17.109.1 glibc-devel-2.11.3-17.109.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glibc-html-2.11.3-17.109.1 glibc-i18ndata-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 glibc-locale-2.11.3-17.109.1 glibc-profile-2.11.3-17.109.1 nscd-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.109.1 glibc-debugsource-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): glibc-debuginfo-x86-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.109.1 glibc-debugsource-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.109.1 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1039357 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  9. news
    Synology RT2600ac AC2600 Wireless Router Review ------------------------------------------------------------ http://mailchi.mp/kitguru/synology-rt2600ac-ac2600-wireless-router-review?e=872093acb5 http://www.kitguru.net Synology RT2600ac AC2600 Wireless Router Review Synology has a solid reputation for making high-quality, feature-rich network-attached storage (NAS) devices. But the company also started making wireless routers about two years ago (https://www.kitguru.net/professional/networking/anton-shilov/synology-rolls-out-its-first-router-802-11ac-wi-fi-ethernet-and-nas-capabilities/) . It has taken a while for these to arrive in the UK, but our first look is finally here, and begins with the flagship of the two-product range – the RT2600ac. Read the review here: https://www.kitguru.net/peripherals/james-morris/synology-rt2600ac-ac2600-wireless-router-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend1.com/forward?u=bfb2b902b5fb045ad6f841f98&id=dae15095e6&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  10. news
    openSUSE Security Update: Security update for Mozilla based packages ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1620-1 Rating: important References: #1040105 #1043960 Cross-References: CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7760 CVE-2017-7761 CVE-2017-7764 CVE-2017-7765 CVE-2017-7766 CVE-2017-7767 CVE-2017-7768 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes 26 vulnerabilities is now available. Description: This update for Mozilla Firefox, Thunderbird, and NSS fixes the following issues: Mozilla Firefox was updated to 52.2esr (boo#1043960) MFSA 2017-16: * CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when regenerating trees * CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading * CVE-2017-7750 (bmo#1356558) Use-after-free with track elements * CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners * CVE-2017-7752 (bmo#1359547) Use-after-free with IME input * CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo object * CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox Installer with same directory DLL files (Windows only) * CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging XHR header errors * CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777 Vulnerabilities in the Graphite 2 library * CVE-2017-7758 (bmo#1368490) Out-of-bounds read in Opus encoder * CVE-2017-7760 (bmo#1348645) File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service (Windows only) * CVE-2017-7761 (bmo#1215648) File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application (Windows only) * CVE-2017-7764 (bmo#1364283) Domain spoofing with combination of Canadian Syllabics and other unicode blocks * CVE-2017-7765 (bmo#1273265) Mark of the Web bypass when saving executable files (Windows only) * CVE-2017-7766 (bmo#1342742) File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service (Windows only) * CVE-2017-7767 (bmo#1336964) Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service (Windows only) * CVE-2017-7768 (bmo#1336979) 32 byte arbitrary file read through Mozilla Maintenance Service (Windows only) * CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - remove -fno-inline-small-functions and explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105) Mozilla NSS was updated to NSS 3.28.5 * Implemented domain name constraints for CA: TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1. (bmo#1350859) * March 2017 batch of root CA changes (bmo#1350859) (version 2.14) CA certificates removed: O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = TURKTRUST Elektronik Sertifika Hizmet H6 CN = Microsec e-Szigno Root CA certificates added: CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 java-1_8_0-openjdk was rebuild against NSS 3.28.5 to satisfy a runtime dependency. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-712=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): MozillaFirefox-52.2-57.12.2 MozillaFirefox-branding-upstream-52.2-57.12.2 MozillaFirefox-buildsymbols-52.2-57.12.2 MozillaFirefox-debuginfo-52.2-57.12.2 MozillaFirefox-debugsource-52.2-57.12.2 MozillaFirefox-devel-52.2-57.12.2 MozillaFirefox-translations-common-52.2-57.12.2 MozillaFirefox-translations-other-52.2-57.12.2 MozillaThunderbird-52.2-41.9.2 MozillaThunderbird-buildsymbols-52.2-41.9.2 MozillaThunderbird-debuginfo-52.2-41.9.2 MozillaThunderbird-debugsource-52.2-41.9.2 MozillaThunderbird-devel-52.2-41.9.2 MozillaThunderbird-translations-common-52.2-41.9.2 MozillaThunderbird-translations-other-52.2-41.9.2 java-1_8_0-openjdk-1.8.0.131-10.10.3 java-1_8_0-openjdk-accessibility-1.8.0.131-10.10.3 java-1_8_0-openjdk-debuginfo-1.8.0.131-10.10.3 java-1_8_0-openjdk-debugsource-1.8.0.131-10.10.3 java-1_8_0-openjdk-demo-1.8.0.131-10.10.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.131-10.10.3 java-1_8_0-openjdk-devel-1.8.0.131-10.10.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.131-10.10.3 java-1_8_0-openjdk-headless-1.8.0.131-10.10.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-10.10.3 java-1_8_0-openjdk-src-1.8.0.131-10.10.3 libfreebl3-3.28.5-40.6.1 libfreebl3-debuginfo-3.28.5-40.6.1 libsoftokn3-3.28.5-40.6.1 libsoftokn3-debuginfo-3.28.5-40.6.1 mozilla-nss-3.28.5-40.6.1 mozilla-nss-certs-3.28.5-40.6.1 mozilla-nss-certs-debuginfo-3.28.5-40.6.1 mozilla-nss-debuginfo-3.28.5-40.6.1 mozilla-nss-debugsource-3.28.5-40.6.1 mozilla-nss-devel-3.28.5-40.6.1 mozilla-nss-sysinit-3.28.5-40.6.1 mozilla-nss-sysinit-debuginfo-3.28.5-40.6.1 mozilla-nss-tools-3.28.5-40.6.1 mozilla-nss-tools-debuginfo-3.28.5-40.6.1 - openSUSE Leap 42.2 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.131-10.10.3 - openSUSE Leap 42.2 (x86_64): libfreebl3-32bit-3.28.5-40.6.1 libfreebl3-debuginfo-32bit-3.28.5-40.6.1 libsoftokn3-32bit-3.28.5-40.6.1 libsoftokn3-debuginfo-32bit-3.28.5-40.6.1 mozilla-nss-32bit-3.28.5-40.6.1 mozilla-nss-certs-32bit-3.28.5-40.6.1 mozilla-nss-certs-debuginfo-32bit-3.28.5-40.6.1 mozilla-nss-debuginfo-32bit-3.28.5-40.6.1 mozilla-nss-sysinit-32bit-3.28.5-40.6.1 mozilla-nss-sysinit-debuginfo-32bit-3.28.5-40.6.1 References: https://www.suse.com/security/cve/CVE-2017-5470.html https://www.suse.com/security/cve/CVE-2017-5472.html https://www.suse.com/security/cve/CVE-2017-7749.html https://www.suse.com/security/cve/CVE-2017-7750.html https://www.suse.com/security/cve/CVE-2017-7751.html https://www.suse.com/security/cve/CVE-2017-7752.html https://www.suse.com/security/cve/CVE-2017-7754.html https://www.suse.com/security/cve/CVE-2017-7755.html https://www.suse.com/security/cve/CVE-2017-7756.html https://www.suse.com/security/cve/CVE-2017-7757.html https://www.suse.com/security/cve/CVE-2017-7758.html https://www.suse.com/security/cve/CVE-2017-7760.html https://www.suse.com/security/cve/CVE-2017-7761.html https://www.suse.com/security/cve/CVE-2017-7764.html https://www.suse.com/security/cve/CVE-2017-7765.html https://www.suse.com/security/cve/CVE-2017-7766.html https://www.suse.com/security/cve/CVE-2017-7767.html https://www.suse.com/security/cve/CVE-2017-7768.html https://www.suse.com/security/cve/CVE-2017-7771.html https://www.suse.com/security/cve/CVE-2017-7772.html https://www.suse.com/security/cve/CVE-2017-7773.html https://www.suse.com/security/cve/CVE-2017-7774.html https://www.suse.com/security/cve/CVE-2017-7775.html https://www.suse.com/security/cve/CVE-2017-7776.html https://www.suse.com/security/cve/CVE-2017-7777.html https://www.suse.com/security/cve/CVE-2017-7778.html https://bugzilla.suse.com/1040105 https://bugzilla.suse.com/1043960 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  11. news
    SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1611-1 Rating: important References: #1038690 #1039357 #987216 Cross-References: CVE-2017-1000366 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - The incorrectly defined constant O_TMPFILE has been fixed. [bsc#1038690] - A defect in glibc's regression test suite has been remedied to avoid false positives. [bsc#987216] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-988=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-988=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): glibc-2.19-22.21.1 glibc-32bit-2.19-22.21.1 glibc-debuginfo-2.19-22.21.1 glibc-debuginfo-32bit-2.19-22.21.1 glibc-debugsource-2.19-22.21.1 glibc-devel-2.19-22.21.1 glibc-devel-32bit-2.19-22.21.1 glibc-devel-debuginfo-2.19-22.21.1 glibc-devel-debuginfo-32bit-2.19-22.21.1 glibc-locale-2.19-22.21.1 glibc-locale-32bit-2.19-22.21.1 glibc-locale-debuginfo-2.19-22.21.1 glibc-locale-debuginfo-32bit-2.19-22.21.1 glibc-profile-2.19-22.21.1 glibc-profile-32bit-2.19-22.21.1 nscd-2.19-22.21.1 nscd-debuginfo-2.19-22.21.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): glibc-html-2.19-22.21.1 glibc-i18ndata-2.19-22.21.1 glibc-info-2.19-22.21.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): glibc-2.19-22.21.1 glibc-debuginfo-2.19-22.21.1 glibc-debugsource-2.19-22.21.1 glibc-devel-2.19-22.21.1 glibc-devel-debuginfo-2.19-22.21.1 glibc-locale-2.19-22.21.1 glibc-locale-debuginfo-2.19-22.21.1 glibc-profile-2.19-22.21.1 nscd-2.19-22.21.1 nscd-debuginfo-2.19-22.21.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): glibc-32bit-2.19-22.21.1 glibc-debuginfo-32bit-2.19-22.21.1 glibc-devel-32bit-2.19-22.21.1 glibc-devel-debuginfo-32bit-2.19-22.21.1 glibc-locale-32bit-2.19-22.21.1 glibc-locale-debuginfo-32bit-2.19-22.21.1 glibc-profile-32bit-2.19-22.21.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): glibc-html-2.19-22.21.1 glibc-i18ndata-2.19-22.21.1 glibc-info-2.19-22.21.1 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1038690 https://bugzilla.suse.com/1039357 https://bugzilla.suse.com/987216 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  12. news
    SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1613-1 Rating: critical References: #1039348 #979021 Cross-References: CVE-2015-3288 CVE-2017-1000364 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security fixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bnc#979021). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-13156=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13156=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-13156=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-13156=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.102.1 kernel-default-base-3.0.101-0.47.102.1 kernel-default-devel-3.0.101-0.47.102.1 kernel-source-3.0.101-0.47.102.1 kernel-syms-3.0.101-0.47.102.1 kernel-trace-3.0.101-0.47.102.1 kernel-trace-base-3.0.101-0.47.102.1 kernel-trace-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.102.1 kernel-ec2-base-3.0.101-0.47.102.1 kernel-ec2-devel-3.0.101-0.47.102.1 kernel-xen-3.0.101-0.47.102.1 kernel-xen-base-3.0.101-0.47.102.1 kernel-xen-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.102.1 kernel-bigsmp-base-3.0.101-0.47.102.1 kernel-bigsmp-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.102.1 kernel-pae-base-3.0.101-0.47.102.1 kernel-pae-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.102.1 kernel-trace-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.102.1 kernel-default-base-3.0.101-0.47.102.1 kernel-default-devel-3.0.101-0.47.102.1 kernel-ec2-3.0.101-0.47.102.1 kernel-ec2-base-3.0.101-0.47.102.1 kernel-ec2-devel-3.0.101-0.47.102.1 kernel-pae-3.0.101-0.47.102.1 kernel-pae-base-3.0.101-0.47.102.1 kernel-pae-devel-3.0.101-0.47.102.1 kernel-source-3.0.101-0.47.102.1 kernel-syms-3.0.101-0.47.102.1 kernel-trace-3.0.101-0.47.102.1 kernel-trace-base-3.0.101-0.47.102.1 kernel-trace-devel-3.0.101-0.47.102.1 kernel-xen-3.0.101-0.47.102.1 kernel-xen-base-3.0.101-0.47.102.1 kernel-xen-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.102.1 kernel-default-debugsource-3.0.101-0.47.102.1 kernel-trace-debuginfo-3.0.101-0.47.102.1 kernel-trace-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.102.1 kernel-ec2-debugsource-3.0.101-0.47.102.1 kernel-xen-debuginfo-3.0.101-0.47.102.1 kernel-xen-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.102.1 kernel-bigsmp-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.102.1 kernel-pae-debugsource-3.0.101-0.47.102.1 References: https://www.suse.com/security/cve/CVE-2015-3288.html https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/979021 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  13. news
    SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1618-1 Rating: critical References: #1039348 #1042292 Cross-References: CVE-2017-1000364 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: netfilter: A use-after-free was fixed that could cause a kernel panic on a system shutdown. (bsc#1042292) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-995=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-995=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-995=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.77.1 kernel-macros-3.12.61-52.77.1 kernel-source-3.12.61-52.77.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.77.1 kernel-default-base-3.12.61-52.77.1 kernel-default-base-debuginfo-3.12.61-52.77.1 kernel-default-debuginfo-3.12.61-52.77.1 kernel-default-debugsource-3.12.61-52.77.1 kernel-default-devel-3.12.61-52.77.1 kernel-syms-3.12.61-52.77.1 kernel-xen-3.12.61-52.77.1 kernel-xen-base-3.12.61-52.77.1 kernel-xen-base-debuginfo-3.12.61-52.77.1 kernel-xen-debuginfo-3.12.61-52.77.1 kernel-xen-debugsource-3.12.61-52.77.1 kernel-xen-devel-3.12.61-52.77.1 kgraft-patch-3_12_61-52_77-default-1-4.1 kgraft-patch-3_12_61-52_77-xen-1-4.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.77.1 kernel-default-base-3.12.61-52.77.1 kernel-default-base-debuginfo-3.12.61-52.77.1 kernel-default-debuginfo-3.12.61-52.77.1 kernel-default-debugsource-3.12.61-52.77.1 kernel-default-devel-3.12.61-52.77.1 kernel-syms-3.12.61-52.77.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.77.1 kernel-xen-base-3.12.61-52.77.1 kernel-xen-base-debuginfo-3.12.61-52.77.1 kernel-xen-debuginfo-3.12.61-52.77.1 kernel-xen-debugsource-3.12.61-52.77.1 kernel-xen-devel-3.12.61-52.77.1 kgraft-patch-3_12_61-52_77-default-1-4.1 kgraft-patch-3_12_61-52_77-xen-1-4.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.77.1 kernel-macros-3.12.61-52.77.1 kernel-source-3.12.61-52.77.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.77.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.77.1 kernel-ec2-debuginfo-3.12.61-52.77.1 kernel-ec2-debugsource-3.12.61-52.77.1 kernel-ec2-devel-3.12.61-52.77.1 kernel-ec2-extra-3.12.61-52.77.1 kernel-ec2-extra-debuginfo-3.12.61-52.77.1 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1042292 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  14. news
    SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1614-1 Rating: important References: #1038690 #1039357 #986858 Cross-References: CVE-2017-1000366 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - The incorrectly defined constant O_TMPFILE has been fixed. [bsc#1038690] - An incorrectly specified buffer length in nscd netgroup queries has been fixed. [bsc#986858] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-989=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-989=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-989=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): glibc-2.19-40.6.1 glibc-32bit-2.19-40.6.1 glibc-debuginfo-2.19-40.6.1 glibc-debuginfo-32bit-2.19-40.6.1 glibc-debugsource-2.19-40.6.1 glibc-devel-2.19-40.6.1 glibc-devel-32bit-2.19-40.6.1 glibc-devel-debuginfo-2.19-40.6.1 glibc-devel-debuginfo-32bit-2.19-40.6.1 glibc-locale-2.19-40.6.1 glibc-locale-32bit-2.19-40.6.1 glibc-locale-debuginfo-2.19-40.6.1 glibc-locale-debuginfo-32bit-2.19-40.6.1 glibc-profile-2.19-40.6.1 glibc-profile-32bit-2.19-40.6.1 nscd-2.19-40.6.1 nscd-debuginfo-2.19-40.6.1 - SUSE OpenStack Cloud 6 (noarch): glibc-html-2.19-40.6.1 glibc-i18ndata-2.19-40.6.1 glibc-info-2.19-40.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): glibc-2.19-40.6.1 glibc-debuginfo-2.19-40.6.1 glibc-debugsource-2.19-40.6.1 glibc-devel-2.19-40.6.1 glibc-devel-debuginfo-2.19-40.6.1 glibc-locale-2.19-40.6.1 glibc-locale-debuginfo-2.19-40.6.1 glibc-profile-2.19-40.6.1 nscd-2.19-40.6.1 nscd-debuginfo-2.19-40.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): glibc-32bit-2.19-40.6.1 glibc-debuginfo-32bit-2.19-40.6.1 glibc-devel-32bit-2.19-40.6.1 glibc-devel-debuginfo-32bit-2.19-40.6.1 glibc-locale-32bit-2.19-40.6.1 glibc-locale-debuginfo-32bit-2.19-40.6.1 glibc-profile-32bit-2.19-40.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): glibc-html-2.19-40.6.1 glibc-i18ndata-2.19-40.6.1 glibc-info-2.19-40.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): glibc-2.19-40.6.1 glibc-debuginfo-2.19-40.6.1 glibc-debugsource-2.19-40.6.1 glibc-devel-2.19-40.6.1 glibc-devel-debuginfo-2.19-40.6.1 glibc-locale-2.19-40.6.1 glibc-locale-debuginfo-2.19-40.6.1 glibc-profile-2.19-40.6.1 nscd-2.19-40.6.1 nscd-debuginfo-2.19-40.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): glibc-32bit-2.19-40.6.1 glibc-debuginfo-32bit-2.19-40.6.1 glibc-devel-32bit-2.19-40.6.1 glibc-devel-debuginfo-32bit-2.19-40.6.1 glibc-locale-32bit-2.19-40.6.1 glibc-locale-debuginfo-32bit-2.19-40.6.1 glibc-profile-32bit-2.19-40.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): glibc-html-2.19-40.6.1 glibc-i18ndata-2.19-40.6.1 glibc-info-2.19-40.6.1 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1038690 https://bugzilla.suse.com/1039357 https://bugzilla.suse.com/986858 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  15. news
    SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1615-1 Rating: critical References: #1039348 #1042292 Cross-References: CVE-2017-1000364 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: netfilter: A use-after-free was fixed that could cause a kernel panic on a system shutdown. (bsc#1042292) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-996=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-996=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-996=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-996=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.45.1 kernel-default-base-3.12.74-60.64.45.1 kernel-default-base-debuginfo-3.12.74-60.64.45.1 kernel-default-debuginfo-3.12.74-60.64.45.1 kernel-default-debugsource-3.12.74-60.64.45.1 kernel-default-devel-3.12.74-60.64.45.1 kernel-syms-3.12.74-60.64.45.1 kernel-xen-3.12.74-60.64.45.1 kernel-xen-base-3.12.74-60.64.45.1 kernel-xen-base-debuginfo-3.12.74-60.64.45.1 kernel-xen-debuginfo-3.12.74-60.64.45.1 kernel-xen-debugsource-3.12.74-60.64.45.1 kernel-xen-devel-3.12.74-60.64.45.1 kgraft-patch-3_12_74-60_64_45-default-1-4.1 kgraft-patch-3_12_74-60_64_45-xen-1-4.1 - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.45.1 kernel-macros-3.12.74-60.64.45.1 kernel-source-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.45.1 kernel-default-base-3.12.74-60.64.45.1 kernel-default-base-debuginfo-3.12.74-60.64.45.1 kernel-default-debuginfo-3.12.74-60.64.45.1 kernel-default-debugsource-3.12.74-60.64.45.1 kernel-default-devel-3.12.74-60.64.45.1 kernel-syms-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.45.1 kernel-macros-3.12.74-60.64.45.1 kernel-source-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.45.1 kernel-xen-base-3.12.74-60.64.45.1 kernel-xen-base-debuginfo-3.12.74-60.64.45.1 kernel-xen-debuginfo-3.12.74-60.64.45.1 kernel-xen-debugsource-3.12.74-60.64.45.1 kernel-xen-devel-3.12.74-60.64.45.1 kgraft-patch-3_12_74-60_64_45-default-1-4.1 kgraft-patch-3_12_74-60_64_45-xen-1-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.45.1 kernel-default-base-3.12.74-60.64.45.1 kernel-default-base-debuginfo-3.12.74-60.64.45.1 kernel-default-debuginfo-3.12.74-60.64.45.1 kernel-default-debugsource-3.12.74-60.64.45.1 kernel-default-devel-3.12.74-60.64.45.1 kernel-syms-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.45.1 kernel-macros-3.12.74-60.64.45.1 kernel-source-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.45.1 kernel-xen-base-3.12.74-60.64.45.1 kernel-xen-base-debuginfo-3.12.74-60.64.45.1 kernel-xen-debuginfo-3.12.74-60.64.45.1 kernel-xen-debugsource-3.12.74-60.64.45.1 kernel-xen-devel-3.12.74-60.64.45.1 kgraft-patch-3_12_74-60_64_45-default-1-4.1 kgraft-patch-3_12_74-60_64_45-xen-1-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.45.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.45.1 kernel-ec2-debuginfo-3.12.74-60.64.45.1 kernel-ec2-debugsource-3.12.74-60.64.45.1 kernel-ec2-devel-3.12.74-60.64.45.1 kernel-ec2-extra-3.12.74-60.64.45.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.45.1 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1042292 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  16. news
    SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1619-1 Rating: important References: #1039357 #1040043 Cross-References: CVE-2017-1000366 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - A bug in glibc that could result in deadlocks between malloc() and fork() has been fixed. [bsc#1040043] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-990=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-990=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-990=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-990=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-990=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-static-2.22-61.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): glibc-info-2.22-61.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): glibc-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-2.22-61.3 glibc-devel-debuginfo-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 glibc-profile-2.22-61.3 nscd-2.22-61.3 nscd-debuginfo-2.22-61.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): glibc-html-2.22-61.3 glibc-i18ndata-2.22-61.3 glibc-info-2.22-61.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): glibc-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-2.22-61.3 glibc-devel-debuginfo-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 glibc-profile-2.22-61.3 nscd-2.22-61.3 nscd-debuginfo-2.22-61.3 - SUSE Linux Enterprise Server 12-SP2 (noarch): glibc-html-2.22-61.3 glibc-i18ndata-2.22-61.3 glibc-info-2.22-61.3 - SUSE Linux Enterprise Server 12-SP2 (x86_64): glibc-32bit-2.22-61.3 glibc-debuginfo-32bit-2.22-61.3 glibc-devel-32bit-2.22-61.3 glibc-devel-debuginfo-32bit-2.22-61.3 glibc-locale-32bit-2.22-61.3 glibc-locale-debuginfo-32bit-2.22-61.3 glibc-profile-32bit-2.22-61.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): glibc-i18ndata-2.22-61.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): glibc-2.22-61.3 glibc-32bit-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debuginfo-32bit-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-2.22-61.3 glibc-devel-32bit-2.22-61.3 glibc-devel-debuginfo-2.22-61.3 glibc-devel-debuginfo-32bit-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-32bit-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 glibc-locale-debuginfo-32bit-2.22-61.3 nscd-2.22-61.3 nscd-debuginfo-2.22-61.3 - OpenStack Cloud Magnum Orchestration 7 (x86_64): glibc-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1039357 https://bugzilla.suse.com/1040043 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  17. news
    TITLE MSI X299 GAMING PRO CARBON AC Review ( -at -) Vortez CONTENT: The X299 GAMING PRO CARBON AC is a mid-high end motherboard found within the HEDT platform. MSI has kitted this board out with features which should satisfy both gamers and enthusiasts. For storage needs this board utilises U.2, M.2 and SATA 3 6GB/s. In the USB department USB 3.1 features heavily on the back panel and we even get a new USB 3.1 header for the front panel connectivity. LINK: https://www.vortez.net/review.php?id=1311 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.
  18. news
    TITLE Intel Kaby Lake-X Core i7-7740X Review: Better Than 7700K? ( -at -) Vortez CONTENT: Intel's next-generation HEDT platform is here in the form of Skylake-X, Kaby Lake-X and the X299 chipset. Today we weigh up whether the quad-core Kaby Lake-X Core i7-7740X is a better investment over the well-established 7700K. LINK: <https://www.vortez.net/review.php?id=1309> https://www.vortez.net/review.php?id=1309 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.
  19. news
    Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: G.SKILL TridentZ RGB 3600 MHz C16 DDR4 Link: https://www.techpowerup.com/reviews/G.SKILL/F4-3600C16Q-32GTZR Brief: G.SKILL's at the forefront of RGB memory with their TridentZ RGB series of DDR4 modules. These sticks don't differ that much from past TridentZ modules at first glance, but built with high-quality memory ICs and G.SKILL's own RGB design, these DDR4 sticks are so very different from most other DDR4 sticks on the market..
  20. news
    Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: G.SKILL TridentZ RGB 3600 MHz C16 DDR4 Link: https://www.techpowerup.com/reviews/G.SKILL/F4-3600C16Q-32GTZR Brief: G.SKILL's at the forefront of RGB memory with their TridentZ RGB series of DDR4 modules. These sticks don't differ that much from past TridentZ modules at first glance, but built with high-quality memory ICs and G.SKILL's own RGB design, these DDR4 sticks are so very different from most other DDR4 sticks on the market..
  21. news
    Antec A40 Pro & C400 Air Cooler Review ------------------------------------------------------------ http://mailchi.mp/kitguru/antec-a40-pro-c400-air-cooler-review?e=872093acb5 http://www.kitguru.net Antec A40 Pro & C400 Air Cooler Review The budget air cooling market is fiercely competitive, and it is this segment that Antec is targeting with its A40 Pro and C400 coolers. Oddly, the A40 Pro is the cheaper (and smaller) of the two despite its ‘Pro’ moniker, coming in at £21.95, while its bigger brother costs £30.95. Can they do enough to stand out in this market? Read the review here: https://www.kitguru.net/components/cooling/dominic-moass/antec-a40-pro-c400-air-cooler-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend2.com/forward?u=bfb2b902b5fb045ad6f841f98&id=843d431eb7&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  22. news
    ** TECHSPOT ------------------------------------------------------------ ** The State of Mining: Guide to Ethereum ------------------------------------------------------------ ** http://www.techspot.com/article/1423-state-of-mining-ethereum/ ------------------------------------------------------------ If you've ever tried getting into cryptocurrencies, you were probably met with a barrage of technical terms and buzzwords. I heard I can make easy money by mining on my home computer; how does that work? Why are there so many types of coins? How do I get started buying and selling cryptocurrencies? In this article we'll focus on the state of mining, exploring the practical side of it, as we hopefully demystify some of the world of digital currencies. Thank you. Julio Franco Executive Editor | TECHSPOT ( -at -) juliofranco ----------------------------------- ============================================================ Our mailing address is: TechSpot 8237 NW 68 St Miami, FL 33166 USA
  23. news
    Title: Kingston DataTraveler Ultimate GT 2TB USB 3.1 Gen 1 Flash Drive Review ( -at -) NikKTech Description: The Ultimate GT 2TB USB 3.1 Gen 1 Flash Drive by Kingston may not be able to keep up with the latest Portable SSDs in both price and performance but there's no denying that because of its size, overall performance and capacity it has its very own audience. Article Link: https://www.nikktech.com/main/articles/peripherals/external-storage/usb-flas h-drives/7911-kingston-datatraveler-ultimate-gt-2tb-usb-3-1-gen-1-flash-driv e-review Image Link: http://www.nikktech.com/main/images/pics/reviews/kingston/dt_ultimate_gt_2tb /kingston_datatraveler_ultimate_gt_2tba.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas
  24. news
    Title: Kingston DataTraveler Ultimate GT 2TB USB 3.1 Gen 1 Flash Drive Review ( -at -) NikKTech Description: The Ultimate GT 2TB USB 3.1 Gen 1 Flash Drive by Kingston may not be able to keep up with the latest Portable SSDs in both price and performance but there's no denying that because of its size, overall performance and capacity it has its very own audience. Article Link: https://www.nikktech.com/main/articles/peripherals/external-storage/usb-flas h-drives/7911-kingston-datatraveler-ultimate-gt-2tb-usb-3-1-gen-1-flash-driv e-review Image Link: http://www.nikktech.com/main/images/pics/reviews/kingston/dt_ultimate_gt_2tb /kingston_datatraveler_ultimate_gt_2tba.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas
  25. news
    -------- GAMDIAS HEBE M1 RGB GAMING HEADSET REVIEW ( -at -) APH NETWORKS ------------ Hello everyone! APH Networks has published a new review that your readers might enjoy. A post in your site's news section would be greatly appreciated! Don't forget to send your site news to us. As we promise to post your news articles on APH Networks periodically, we would certainly appreciate it if you do the same as well. Thank you for your support in advance! * Title: GAMDIAS HEBE M1 RGB Gaming Headset Review ( -at -) APH Networks * Description: The GAMDIES HEBE M1 RGB is a well-designed and sturdily built headset that works well for gaming. * Link: http://aphnetworks.com/reviews/gamdias-hebe-m1 * Image: http://aphnetworks.com/review/gamdias-hebe-m1/008.jpg Best Regards, Jonathan Kwan Editor-in-Chief APH Networks Inc. http://aphnetworks.com -- Unsubscribe from this newsletter: http://aphnetworks.com/newsletter/confirm/remove/c77c84bd425t5
×