news

Sorry, that's 0.10.6 of course. > A bugfix version of GExiv2 was released! > > GExiv2 is a GObject wrapper around the Exiv2 image metadata library > > gexiv2 0.10.6 - 12 May 2017 > >  * Fix missing include file >  * Add a function to save meta-data in XMP sidecar file >  * Add a more complete Python test-suite >  * Fix a potential NULL dereference in _get_comment() >  * Fix compatibility with Exiv2 0.26 > > Bugs fixed in this release: >  - Coverity issue CID 167853 >  - https://bugs.gentoo.org/show_bug.cgi?id=613778 >  - https://bugzilla.gnome.org/show_bug.cgi?id=712455 >  - https://bugzilla.gnome.org/show_bug.cgi?id=780709 >  - https://bugzilla.gnome.org/show_bug.cgi?id=782449 > > All contributors to this release: >  - Jens Georg >  - Robert Bruce Park > > GExiv2 0.10.6 is avilable for download at > https://download.gnome.org/sources/gexiv2/0.10/gexiv2-0.10.6.tar.xz > > _______________________________________________

Sorry, that's 0.10.6 of course. > A bugfix version of GExiv2 was released! > > GExiv2 is a GObject wrapper around the Exiv2 image metadata library > > gexiv2 0.10.6 - 12 May 2017 > >  * Fix missing include file >  * Add a function to save meta-data in XMP sidecar file >  * Add a more complete Python test-suite >  * Fix a potential NULL dereference in _get_comment() >  * Fix compatibility with Exiv2 0.26 > > Bugs fixed in this release: >  - Coverity issue CID 167853 >  - https://bugs.gentoo.org/show_bug.cgi?id=613778 >  - https://bugzilla.gnome.org/show_bug.cgi?id=712455 >  - https://bugzilla.gnome.org/show_bug.cgi?id=780709 >  - https://bugzilla.gnome.org/show_bug.cgi?id=782449 > > All contributors to this release: >  - Jens Georg >  - Robert Bruce Park > > GExiv2 0.10.6 is avilable for download at > https://download.gnome.org/sources/gexiv2/0.10/gexiv2-0.10.6.tar.xz > > _______________________________________________

Visit Hardware Asylum - http://www.hardwareasylum.com body { margin: 0px; padding: 10px; text-align: left; background-color: #FFF; } #header { vertical-align: top; height: 80px; } #footer { font-family: arial, Helvetica, sans-serif; font-size: 10px; color: #000; margin-top: 5px; padding: 3px; } .titletext { font-family: Arial, Helvetica, sans-serif; font-size: 18px; font-weight: bold; color: #852222; } .subtitletext { font-family: Arial, Helvetica, sans-serif; font-size: 12px; font-weight: bold; color: #9E9E9E; } .bodytext { font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #000000; } .smalltext { font-family: Arial, Helvetica, sans-serif; font-size: 11px; color: #9E9E9E; } b { font-weight: bold; } i { font-style: italic; } a { color: #C00; } Hello Everyone,Guess what? no.. not chicken butt.Noctua has created a special edition of the D15 just for AM4 systems.Subject: Noctua NH-D15 SE-AM4 120mm U-Type Tower Heatsink Review ( -at -) Hardware AsylumURL: http://www.hardwareasylum.com/reviews/cooling/noctua_nh-d15se-am4Quote: In this review I’ll be taking a quick look at the NH-D15 SE AM4 Edition. This is the same great NH-D15 that we have seen before which has been configured exclusively for the AM4 platform.A news posting would be appreciated.ThanksDennis Garciahttp://www.hardwareasylum.com To no longer receive these types of emails please send a copy of this message to us at support ( -at -) hardwareasylum.com and we'll remove you from the list. Copyright © Hardware Asylum 1999-2013 All rights reserved

The Wine development release 2.8 is now available. What's new in this release (see below for details): - Direct3D command stream runs asynchronously. - Better serial and parallel ports autodetection. - Still more fixes for high DPI settings. - System tray notifications on macOS. - Various bug fixes. The source is available from the following locations: http://dl.winehq.org/wine/source/2.x/wine-2.8.tar.xz http://mirrors.ibiblio.org/wine/source/2.x/wine-2.8.tar.xz Binary packages for various distributions will be available from: http://www.winehq.org/download You will find documentation on http://www.winehq.org/documentation You can also get the current source directly from the git repository. Check http://www.winehq.org/git for details. Wine is available thanks to the work of many people. See the file AUTHORS in the distribution for the complete list. ---------------------------------------------------------------- Bugs fixed in 2.8 (total 35): 11811 Multiple applications fail to enumerate serial ports ('HKLM\\HARDWARE\\DeviceMap\\Serialcomm' registry entries)(Coastal Explorer, GPS apps, HyperTerminal) 30105 Chessbase Ludwig 3: MS Visual C++ Runtime Error 32155 MS Office 2007 SP3 installation needs msi.dll.MsiGetPatchFileListW 34551 Necrovision demo sometimes crashes with builtin d3dx9 34977 WinDjView: missing checkbox in the set as default viewer dialog 36820 Multiple games (Rift, dynamarisa, ShipSimulator 2008 demo) crash on startup (ID3DXBaseEffect::GetPassDesc returns NULL ptr for vertex and pixel shader function) 37811 Xvid 1.3.x installer MPEG-4 Video Codec 'xvid.ax' registration fails (crash on unimplemented function mfplat.dll.MFTRegister) 39309 Prism Video Converter v2.48 crashes on unimplemented function mfplat.dll.MFTEnum 39314 WAtomic: Black OpenGL (wgl) components 39936 Toad Data Modeler v5.4.8.1 fails to install (needs 'Scriptlet.TypeLib' object, CLSID '{06290BD5-48AA-11D2-8432-006008C3FBFC}') 40955 Steam version of Left 4 Dead 2 v2.1.4.6 crashes randomly in Multiplayer because of a certificate problem in the MOTD 41796 Fill Up! (freely downloadable game) crashes when creating a player profile 42035 WindBot needs msvcp120.?_2 ( -at -) placeholders ( -at -) std ( -at -) ( -at -) 3V?$_Ph ( -at -) $01 ( -at -) 2 ( -at -) A 42478 Undeclared O_CLOEXEC use in qcap DLL 42605 B4J (Basic 4 Java) crashes when click menu 42652 CryptCreateHash error NTE_FAIL after CryptImportKey(public-key) 42712 Image-Bugs in Guild Wars 2 (Guild emblem) 42835 redefinition of typedef 'WSD*' 42838 Steuer-Spar-Erklärung 2017 crashes on launch 42905 Compile error Undefined GNUTLS_MAC_AEAD 42919 Witcher Enhanced Edition Director's Cut crashes (purist) 42923 Neverwinter Online new module crashes with wine-2.7-staging 42925 strftime() truncates output inappropriately when %z is used 42926 Cut-and-paste from Wine App to Linux App adds trailing hidden chars ^ ( -at -) ^ ( -at -) 42935 Dawn of War III crashes with unimplemented function concrt140.dll.??0scoped_lock_read ( -at -) reader_writer_lock ( -at -) Concurrency ( -at -) ( -at -) QEAA ( -at -) AEAV12 ( -at -) ( -at -) Z, 42946 FFXIV fails to render (D3D11) 42962 Multiple games use unimplemented d3d11_immediate_context_ClearState() (FFXIV, Gauntlet) 42965 BeamNG.drive 0.9.x crashes on unimplemented function api-ms-win-core-memory-l1-1-2.d.CreateFileMappingW 42975 Graphical glitches on Age of Empires 42986 wine can't be compiled by gcc-2.95.4 (amstream/mediastream.c) 42990 wine can't be compiled by gcc-2.95.4 (d3dx9_36/effect.c) 42991 wine can't be compiled by gcc-2.95.4 (dmusic/port.c) 42992 wine can't be compiled by gcc-2.95.4 (dwrite/opentype.c) 42995 wine can't be compiled by gcc-2.95.4 (netprofm/list.c) 42996 wine can't be compiled by gcc-2.95.4 (programs/ipconfig/ipconfig.c) ---------------------------------------------------------------- Changes since 2.7: Akihiro Sagawa (2): rsaenh/tests: Add CryptImportKey tests with a public key. rsaenh: Don't import a public key to a key container. Alex Henrie (3): mountmgr: Create devices and registry entries for serial ports. mountmgr: Create devices and registry entries for parallel ports. ntdll: Implement ProcessVmCounters for Linux for other processes. Alexandre Julliard (14): preloader: Add a fallback to the old mmap syscall just in case. mountmgr: Create the DEVICEMAP registry keys in their respective driver. mountmgr: Create symbolic links in DosDevices for serial and parallel ports. kernel32: Rely solely on the DosDevices symbolic links in QueryDosDevice. configure: Check for the necessary data structure for if_nameindex(). server: Implement IOCTL_SERIAL_GET_TIMEOUTS as an ioctl on the server side. server: Implement IOCTL_SERIAL_SET_TIMEOUTS as an ioctl on the server side. server: Implement IOCTL_SERIAL_SET_WAIT_MASK as an ioctl on the server side. server: Implement IOCTL_SERIAL_GET_WAIT_MASK as an ioctl on the server side. server: Store the SERIAL_TIMEOUTS structure directly in the object. qcap: Fix build when O_CLOEXEC isn't defined. winex11: Simplify the clipboard HTML export function. winex11: Remove all trailing nulls when exporting text strings. user32/tests: Test resulting size of strings with trailing nulls. Alistair Leslie-Hughes (3): include: Add drmexternals.idl and wmdrmsdk.idl. include/wmsdkidl.idl: Add more interfaces. wmvcore/tests: Add more interface tests. Andrew Wesie (1): setupapi: Fix SetupDiGetDeviceRegistryProperty if property does not exist. Andrey Gusev (2): ext-ms-win-authz-context-l1-1-0: Add dll. msi: Add MsiGetPatchFileListA/W stubs. Björn Bidar (1): wined3d: Add NVIDIA GTX 1080 Ti to the GPU list. Bruno Jesus (2): gdiplus: Use software mode to draw semi-transparent lines when necessary. ws2_32: Use unsigned interface index on interface_bind_check. Daniel Lehman (4): msvcp140: Remove forwards for some _Thrd functions. include: Remove references to SPARC. dbghelp: Add support for char16_t type. dbghelp: Add support for char32_t type. Dmitry Kislyuk (1): vbscript: Allow colons at the end of first line of loops. Dmitry Timoshkov (2): include: Fix the GUID_WICPixelFormat32bppCMYK definition. include: Fix typos in WICPersistOptions enumeration names. Hans Leidekker (6): webservices: Allow listeners to be cancelled. webservices: Don't trace output parameters in WsReadQualifiedName. webservices: Implement WsReadAttribute. iphlpapi: Return a fully initialized GUID from ConvertInterfaceLuidToGuid. netprofm: Fix compilation on systems that don't support nameless unions. iphlpapi: Adapter names returned from GetAdaptersAddresses are GUID strings. Henri Verbeet (30): ddraw/tests: Port test_texturemapblend() to ddraw4.c as well. ddraw: Validate that non-fill blits have a source surface in ddraw_surface7_Blt(). wined3d: Print a FIXME if the view format doesn't match the resource format in surface_cpu_blt_colour_fill(). wined3d: Use the CPU blitter for clearing depth/stencil textures that are current in the map binding. wined3d: Allow the command stream thread to run asynchronously. d3dx9/tests: Use compare_float() in D3DXFresnelTest(). d3dx9/tests: Use compare_float() in D3DXMatrixTest(). d3dx9/tests: Use compare_float() in D3DXQuaternionTest(). d3dx9/tests: Use compare_float() in D3DXVector2Test(). d3dx9/tests: Use compare_float() in D3DXVector3Test(). d3dx9/tests: Use compare_float() in D3DXVector4Test(). d3dx9/tests: Use compare_float() in test_D3DXFloat_Array(). d3dx9/tests: Use compare_float() in test_D3DXSHAdd(). d3dx9/tests: Use compare_float() in test_D3DXSHDot(). d3dx9/tests: Use compare_float() in test_D3DXSHEvalConeLight(). d3dx9/tests: Use compare_float() in test_D3DXSHEvalDirection(). d3dx9/tests: Use compare_float() in test_D3DXSHEvalDirectionalLight(). d3dx9/tests: Use compare_float() in test_D3DXSHEvalHemisphereLight(). d3dx9/tests: Use compare_float() in test_D3DXSHMultiply2(). d3dx9/tests: Use compare_float() in test_D3DXSHMultiply3(). d3dx9/tests: Use compare_float() in test_D3DXSHMultiply4(). d3dx9/tests: Use compare_float() in test_D3DXSHRotate(). d3dx9/tests: Use compare_float() in test_D3DXSHRotateZ(). d3dx9/tests: Use compare_float() in test_D3DXSHEvalSphericalLight(). d3dx9/tests: Use compare_float() in test_D3DXSHScale(). d3dx9/tests: Use a more reasonable ARRAY_SIZE macro. d3dx9/tests: Use ARRAY_SIZE in test_D3DXFloat_Array(). d3dx9/tests: Use ARRAY_SIZE in test_D3DXSHDot(). d3dx9/tests: Use ARRAY_SIZE in test_D3DXSHEvalConeLight(). d3dx9/tests: Use ARRAY_SIZE in test_D3DXSHEvalDirection(). Hugh McMaster (7): regedit: Add a missing 'break' statement (Coverity). regedit: Pass RegQueryValueEx() the actual buffer size (Coverity). regedit: Simplify clean-up in get_lineA/W(). regedit: Return a Unicode line from get_lineA(). regedit: Use a function pointer to read each registry line instead of calling get_lineA/W() directly. regedit: Merge header checks from processRegLinesA/W() to their caller. regedit: Merge processRegLinesA/W() into their caller. Huw D. M. Davies (12): explorer: Set the rebar band height to match the combobox. wordpad: Scale the comboboxes with font size and correctly set the rebar band height. shell32: Fix the icon sizes of the shell imagelists. shell32: Simplify imagelist handling. shell32: Load icons with the correct size. user32: Fix the calculation of system metrics icon sizes. user32: Fix icon spacing minimium values. user32: Change IsProcessDPIAware() to always return TRUE. comdlg32: Scale the control size limits with dpi. comdlg32: Use pixel sizes throughout. comdlg32: Set the radiobuttons' font if they're part of a visual group. comdlg32: Select the correct font before querying the extents. Jacek Caban (15): jscript: Simplify pop_to_stat implementation. jscript: Added new opcode to enter catch block and use it to setup the scope. jscript: Ensure that OP_pop_except is called with proper stack depth. jscript: Pass finally offset instead of catch ident to OP_push_except. jscript: Always jump to finally block from OP_pop_exept when available. jscript/tests: Added more exception tests. ntdll/tests: Added more completion port tests. ieframe: Return DISP_E_UNKNOWNNAME in IShellUIHelper2::GetIDsOfNames. jscript: Added new debug channel printing details and backtrace of unwinded exceptions. mshtml: Don't expose doScroll in IE11 document mode. mshtml: Added separated IE5 and quicks mode compatibility mode. mshtml: Use IE version dependent on compatibility mode for conditional comments. server: Allocate wait handle on async object in queue_irp. ntdll/tests: Added FSCTL_PIPE_PEEK tests. kernel32/tests: Use shorter timeout for wait that we expect to time out. Józef Kucia (36): wined3d: Introduce wined3d_device_get_hs_resource_view(). d3d11: Implement d3d11_immediate_context_HSGetShaderResources(). wined3d: Introduce wined3d_device_get_ds_resource_view(). d3d11: Implement d3d11_immediate_context_DSGetShaderResources(). wined3d: Introduce wined3d_device_get_hs_sampler(). d3d11: Implement d3d11_immediate_context_HSGetSamplers(). d3d10: Validate SDK version. wined3d: Introduce wined3d_device_get_ds_sampler(). d3d11: Implement d3d11_immediate_context_DSGetSamplers(). wined3d: Rework geometry shader inputs/outputs handling. wined3d: Pass correct input count to shader_glsl_setup_sm3_rasterizer_input(). wined3d: Use interface blocks for shader inputs and outputs in GLSL 1.50. wined3d: Merge shader_glsl_generate_sm4_rasterizer_input_setup() into shader_glsl_generate_output_setup(). d3d11: Implement d3d11_immediate_context_OMGetRenderTargetsAndUnorderedAccessViews(). d3d11: Handle unsupported vertex buffer slots in better way. d3d11: Implement d3d11_immediate_context_ClearState(). wined3d: Set geometry shader irrespective of vertex shader. wined3d: Ignore unhandled shader data types. d3d11: Implement d3d11_class_linkage_GetDevice(). amstream: Fix compilation on systems that don't support nameless unions. ipconfig: Fix compilation on systems that don't support nameless unions. dmusic: Fix compilation on systems that don't support nameless structs or unions. wined3d: Disable only ARB_clip_control when ARB_viewport_array cannot be used for pixel center offsets. wined3d: Implement floating-point viewports. d3d11/tests: Add test for fractional viewports. wined3d: Make "value" optional in wined3d_device_get_predication(). wined3d: Add "parent_ops" for query objects. d3d11/tests: Add test for predication state refcounting. d3dx9: Fix compilation on systems that don't support nameless unions. mscoree: Fix compilation on systems that don't support nameless unions. wined3d: Add support for patch constant signatures. wined3d: Add ARB_clear_texture extension. wined3d: Add ARB_clear_buffer_object extension. wined3d: Implement clearing buffer unordered access views. d3d11: Implement d3d11_immediate_context_ClearUnorderedAccessViewUint(). d3d11/tests: Add test for clearing buffer unordered access views. Ken Thomases (2): winemac: Move CVDisplayLink operations out of ( -at -) synchronized blocks to avoid potential deadlock. winemac: Track whether a view has ever had an OpenGL context attached. Matteo Bruni (3): wined3d: Release context on CPU blit failure. wined3d: Fix specular lighting calculation. wined3d: Ignore lights out of maximum range for legacy FFP lighting too. Michael Müller (6): ntdll/tests: Add tests for LdrEnumerateLoadedModules. ntdll: Implement LdrEnumerateLoadedModules. mfplat: Implement MFTRegister. mfplat: Implement MFTUnregister. mfplat: Implement MFTEnum. mfplat/tests: Add tests. Michael Stefaniuc (25): dmusic: Use DMUS_EVENT_SIZE() to calculate the size of the message. dmusic: Implement IDirectMusicBuffer::PackUnstructured(). dmusic: Avoid an intermediate copy in PackStructured(). dmime/tests: Use simpler variable names in test_InitAudio(). dmime/tests: Add more InitAudio() tests. dmime: Properly use SetCooperativeLevel() on the dsound ifaces we create. dmusic/tests: Add some IDirectMusic_SetDirectSound() tests. dmusic/tests: Expand the dsound refcount testing with the port. dmusic: Use more sensible and consistent field names for IDirectMusic8Impl. dmusic: Implement IDirectMusic8::SetDirectSound(). dmusic: Pass only the needed stuff to the DMPort create functions. dmusic: Partially implement the synth IDirectMusicPort::SetDirectSound(). dmusic: Add dsound handling to the synth port Activate() method. dmime/tests: Add refcount test for generated dmusic/dsound. dmime: Simplify the check if the performance was initialized. dmime: Avoid a temporary variable in IDirectMusicPerformance8Impl_InitAudio(). dmime: Finish the reindentation in CloseDown(). dmime: Do not use Init() from InitAudio(). dmime: Finish the cleanup of InitAudio(). dmime: Forward Init() to InitAudio(). dmusic: Set the dsound pointer to NULL on an error path. dmusic: Remove the port from the ports list on the port destruction. dmime: Add proper error handling to InitAudio(). dmime: Initialize dmusic in InitAudio(). dmusic: Fail in CreatePort() if SetDirectSound() wasn't called. Nikolay Sivov (26): msxml3/tests: Consistently use non-null pointer value. msxml3/tests: Initialize string pointer on default case too (Coverity). comctl32/tests: Fully initialize message test data (Coverity). dwrite/tests: Fully initialize call sequence test data (Coverity). shell32: Move SHCreateShellFolderView/SHCreateShellFolderViewEx and tests to corresponding files. shell32/tests: Don't trace all messages sent to listview. shell32/shellview: Set provided callback in SHCreateShellFolderView(). shell32/shellview: Handle NULL folder pointer in SHCreateShellFolderViewEx(). shell32/shellview: Respond to special interface id CDefView. comctl32/taskdialog: Remove superfluous title pointer check (Coverity). inetcomm: Fixed buffer leak on error path (Coverity). dpnet/tests: Fix free buffer access (Coverity). dpnet/tests: Added missing break (Coverity). mshtml/tests: Fix BSTR double-free (Coverity). comctl32/listview: Remove internal autoarrange flag, it breaks positioning. ntdll: Move EventEnabled() to ntdll. ntdll: Move EventWrite() to ntdll. api-ms-win-core-memory-l1-1-2: Update spec file. user32/msgbox: Fix static control id. user32: Added a helper to get screen dc. dwrite: Update to IDWriteFactory5. webservices/tests: Enable WsInitializeMessage() tests (Coverity). comctl32/listview: Convert item text once when looking for insertion point. dwrite: Initial support for number substitution. dwrite: Fix compilation failure regarding nameless unions. comdlg32: Use existing symbol for Help button id. Owen Rudge (5): wsdapi: Implement WSD LinkedMemory functions. wsdapi: Implement WSDXMLAddChild, Sibling, BuildAnyForSingleElement, CleanupElement. wsdapi/tests: Add tests for WSDXMLBuildAnyForSingleElement. wsdapi/tests: Add tests for WSDXMLAddChild. wsdapi/tests: Add tests for WSDXMLAddSibling. Paul Gofman (11): d3dx9/tests: Add test for D3DXFX_LARGEADDRESSAWARE effect creation flag. d3dx9: Store effect creation flags in struct d3dx_base_effect. d3dx9: Don't call get_parameter_by_name() from get_valid_parameter() if D3DXFX_LARGEADDRESSAWARE flag is set. d3dx9/tests: Factor out test_effect_preshader_compare_shader_bytecode() function. d3dx9/tests: Add test for GetPassDesc() function. d3dx9: Return shader functions in d3dx9_base_effect_get_pass_desc(). d3dx9: Do not set active pass if BeginPass() failed. d3dx9/tests: Add tests for setting strings in effect. d3dx9: Support setting strings in effect. d3dx9: Sort preshader opcode table. d3dx9: Add 'log' preshader opcode. Piotr Caban (6): msvcrt: Fix '%z' format handling in strftime. msvcp90: Don't overwrite pointers to class members in basic_streambuf:swap. msvcr100: Add _invalid_parameter_noinfo_noreturn implementation. msvcp90: Call invalid_parameter_handler on index out of range in basic_string::operator[]. msvcp110: Add placeholder::_Ph* exports. msvcr100: Add reader_writer_lock::scoped_lock implementation. Sebastian Lackner (3): psapi/tests: Remove todo_wine from succeeding tests. mfplat: Fix invalid memory access. wined3d: Shutdown CS thread before deallocating resources. Stefan Dösinger (1): winemac.drv: Implement systray version 1-4 notifications. Zebediah Figura (1): kernel32: Use the full path as an argument to winevdm.exe. -- Alexandre Julliard julliard ( -at -) winehq.org

Corsair's Dominator Platinum Special Edition Torque RAM boasts swift 3200 MT/s speeds and hot-rod-inspired looks to match. We ran it down the drag strip at stock and overclocked speeds to get a sense of whether this kit offers more than just slick looks. Read more: http://techreport.com/review/31893/corsair-dominator-platinum-special-edition-torque-memory-reviewed --- The Tech Report - PC Hardware Explored http://techreport.com -- To unsubscribe from: TR-News, just follow this link: http://node1.techreport.com/cgi-bin/dada/mail.cgi/u/trnews/reviewnews// Click this link, or copy and paste the address into your browser.

It’s been a long time since we’ve looked at a 2.5-inch SATA III SSD aimed at the consumer market, so we thought we’d mix up our storage content a little bit and do a review on one. Yes, SATA III SSDs feel like yesterday’s news since we’ve been saturating the SATA III 6Gbps interface for years, but the form factor will still be around for many more years. If you have been looking for the ultimate 2.5-inch SATA III SSD you are in for a treat today as we will be looking at the ADATA SU900 Ultimate SSD that uses 3D MLC NAND Flash and the SMI 2258 4-channel controller... Article Title: ADATA SU900 512GB Ultimate SATA SSD Review ( -at -) Legit Reviews Article URL: http://www.legitreviews.com/adata-su900-512gb-ultimate-sata-ssd-review_194527 Happy Friday! Unsubscribe: http://adserv.legitreviews.com/cgi-bin/dada/mail.cgi/u/legitpr/news// =

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ghostscript security update Advisory ID: RHSA-2017:1230-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1230 Issue date: 2017-05-12 CVE Names: CVE-2017-8291 ===================================================================== 1. Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1446063 - CVE-2017-8291 ghostscript: corruption of operand stack 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ghostscript-8.70-23.el6_9.2.src.rpm i386: ghostscript-8.70-23.el6_9.2.i686.rpm ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm x86_64: ghostscript-8.70-23.el6_9.2.i686.rpm ghostscript-8.70-23.el6_9.2.x86_64.rpm ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ghostscript-devel-8.70-23.el6_9.2.i686.rpm ghostscript-doc-8.70-23.el6_9.2.i686.rpm ghostscript-gtk-8.70-23.el6_9.2.i686.rpm x86_64: ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm ghostscript-devel-8.70-23.el6_9.2.i686.rpm ghostscript-devel-8.70-23.el6_9.2.x86_64.rpm ghostscript-doc-8.70-23.el6_9.2.x86_64.rpm ghostscript-gtk-8.70-23.el6_9.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ghostscript-8.70-23.el6_9.2.src.rpm x86_64: ghostscript-8.70-23.el6_9.2.i686.rpm ghostscript-8.70-23.el6_9.2.x86_64.rpm ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm ghostscript-devel-8.70-23.el6_9.2.i686.rpm ghostscript-devel-8.70-23.el6_9.2.x86_64.rpm ghostscript-doc-8.70-23.el6_9.2.x86_64.rpm ghostscript-gtk-8.70-23.el6_9.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ghostscript-8.70-23.el6_9.2.src.rpm i386: ghostscript-8.70-23.el6_9.2.i686.rpm ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ppc64: ghostscript-8.70-23.el6_9.2.ppc.rpm ghostscript-8.70-23.el6_9.2.ppc64.rpm ghostscript-debuginfo-8.70-23.el6_9.2.ppc.rpm ghostscript-debuginfo-8.70-23.el6_9.2.ppc64.rpm s390x: ghostscript-8.70-23.el6_9.2.s390.rpm ghostscript-8.70-23.el6_9.2.s390x.rpm ghostscript-debuginfo-8.70-23.el6_9.2.s390.rpm ghostscript-debuginfo-8.70-23.el6_9.2.s390x.rpm x86_64: ghostscript-8.70-23.el6_9.2.i686.rpm ghostscript-8.70-23.el6_9.2.x86_64.rpm ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ghostscript-devel-8.70-23.el6_9.2.i686.rpm ghostscript-doc-8.70-23.el6_9.2.i686.rpm ghostscript-gtk-8.70-23.el6_9.2.i686.rpm ppc64: ghostscript-debuginfo-8.70-23.el6_9.2.ppc.rpm ghostscript-debuginfo-8.70-23.el6_9.2.ppc64.rpm ghostscript-devel-8.70-23.el6_9.2.ppc.rpm ghostscript-devel-8.70-23.el6_9.2.ppc64.rpm ghostscript-doc-8.70-23.el6_9.2.ppc64.rpm ghostscript-gtk-8.70-23.el6_9.2.ppc64.rpm s390x: ghostscript-debuginfo-8.70-23.el6_9.2.s390.rpm ghostscript-debuginfo-8.70-23.el6_9.2.s390x.rpm ghostscript-devel-8.70-23.el6_9.2.s390.rpm ghostscript-devel-8.70-23.el6_9.2.s390x.rpm ghostscript-doc-8.70-23.el6_9.2.s390x.rpm ghostscript-gtk-8.70-23.el6_9.2.s390x.rpm x86_64: ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm ghostscript-devel-8.70-23.el6_9.2.i686.rpm ghostscript-devel-8.70-23.el6_9.2.x86_64.rpm ghostscript-doc-8.70-23.el6_9.2.x86_64.rpm ghostscript-gtk-8.70-23.el6_9.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ghostscript-8.70-23.el6_9.2.src.rpm i386: ghostscript-8.70-23.el6_9.2.i686.rpm ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm x86_64: ghostscript-8.70-23.el6_9.2.i686.rpm ghostscript-8.70-23.el6_9.2.x86_64.rpm ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ghostscript-devel-8.70-23.el6_9.2.i686.rpm ghostscript-doc-8.70-23.el6_9.2.i686.rpm ghostscript-gtk-8.70-23.el6_9.2.i686.rpm x86_64: ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm ghostscript-devel-8.70-23.el6_9.2.i686.rpm ghostscript-devel-8.70-23.el6_9.2.x86_64.rpm ghostscript-doc-8.70-23.el6_9.2.x86_64.rpm ghostscript-gtk-8.70-23.el6_9.2.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ghostscript-9.07-20.el7_3.5.src.rpm x86_64: ghostscript-9.07-20.el7_3.5.i686.rpm ghostscript-9.07-20.el7_3.5.x86_64.rpm ghostscript-cups-9.07-20.el7_3.5.x86_64.rpm ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ghostscript-doc-9.07-20.el7_3.5.noarch.rpm x86_64: ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm ghostscript-devel-9.07-20.el7_3.5.i686.rpm ghostscript-devel-9.07-20.el7_3.5.x86_64.rpm ghostscript-gtk-9.07-20.el7_3.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ghostscript-9.07-20.el7_3.5.src.rpm x86_64: ghostscript-9.07-20.el7_3.5.i686.rpm ghostscript-9.07-20.el7_3.5.x86_64.rpm ghostscript-cups-9.07-20.el7_3.5.x86_64.rpm ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ghostscript-doc-9.07-20.el7_3.5.noarch.rpm x86_64: ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm ghostscript-devel-9.07-20.el7_3.5.i686.rpm ghostscript-devel-9.07-20.el7_3.5.x86_64.rpm ghostscript-gtk-9.07-20.el7_3.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ghostscript-9.07-20.el7_3.5.src.rpm aarch64: ghostscript-9.07-20.el7_3.5.aarch64.rpm ghostscript-cups-9.07-20.el7_3.5.aarch64.rpm ghostscript-debuginfo-9.07-20.el7_3.5.aarch64.rpm ppc64: ghostscript-9.07-20.el7_3.5.ppc.rpm ghostscript-9.07-20.el7_3.5.ppc64.rpm ghostscript-cups-9.07-20.el7_3.5.ppc64.rpm ghostscript-debuginfo-9.07-20.el7_3.5.ppc.rpm ghostscript-debuginfo-9.07-20.el7_3.5.ppc64.rpm ppc64le: ghostscript-9.07-20.el7_3.5.ppc64le.rpm ghostscript-cups-9.07-20.el7_3.5.ppc64le.rpm ghostscript-debuginfo-9.07-20.el7_3.5.ppc64le.rpm s390x: ghostscript-9.07-20.el7_3.5.s390.rpm ghostscript-9.07-20.el7_3.5.s390x.rpm ghostscript-cups-9.07-20.el7_3.5.s390x.rpm ghostscript-debuginfo-9.07-20.el7_3.5.s390.rpm ghostscript-debuginfo-9.07-20.el7_3.5.s390x.rpm x86_64: ghostscript-9.07-20.el7_3.5.i686.rpm ghostscript-9.07-20.el7_3.5.x86_64.rpm ghostscript-cups-9.07-20.el7_3.5.x86_64.rpm ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: ghostscript-debuginfo-9.07-20.el7_3.5.aarch64.rpm ghostscript-devel-9.07-20.el7_3.5.aarch64.rpm ghostscript-gtk-9.07-20.el7_3.5.aarch64.rpm noarch: ghostscript-doc-9.07-20.el7_3.5.noarch.rpm ppc64: ghostscript-debuginfo-9.07-20.el7_3.5.ppc.rpm ghostscript-debuginfo-9.07-20.el7_3.5.ppc64.rpm ghostscript-devel-9.07-20.el7_3.5.ppc.rpm ghostscript-devel-9.07-20.el7_3.5.ppc64.rpm ghostscript-gtk-9.07-20.el7_3.5.ppc64.rpm ppc64le: ghostscript-debuginfo-9.07-20.el7_3.5.ppc64le.rpm ghostscript-devel-9.07-20.el7_3.5.ppc64le.rpm ghostscript-gtk-9.07-20.el7_3.5.ppc64le.rpm s390x: ghostscript-debuginfo-9.07-20.el7_3.5.s390.rpm ghostscript-debuginfo-9.07-20.el7_3.5.s390x.rpm ghostscript-devel-9.07-20.el7_3.5.s390.rpm ghostscript-devel-9.07-20.el7_3.5.s390x.rpm ghostscript-gtk-9.07-20.el7_3.5.s390x.rpm x86_64: ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm ghostscript-devel-9.07-20.el7_3.5.i686.rpm ghostscript-devel-9.07-20.el7_3.5.x86_64.rpm ghostscript-gtk-9.07-20.el7_3.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ghostscript-9.07-20.el7_3.5.src.rpm x86_64: ghostscript-9.07-20.el7_3.5.i686.rpm ghostscript-9.07-20.el7_3.5.x86_64.rpm ghostscript-cups-9.07-20.el7_3.5.x86_64.rpm ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ghostscript-doc-9.07-20.el7_3.5.noarch.rpm x86_64: ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm ghostscript-devel-9.07-20.el7_3.5.i686.rpm ghostscript-devel-9.07-20.el7_3.5.x86_64.rpm ghostscript-gtk-9.07-20.el7_3.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-8291 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZFYy0XlSAg2UNWIIRAipXAJ4rcg5WDTUPj1FZHorIBKq2r8ku/wCgnP4U LZENSjSfcYRRl+hf4pfol10= =6EN3 -----END PGP SIGNATURE----- --

Good news, everyone! A new Clutter release is now available at: https://download.gnome.org/sources/clutter/1.26/ SHA256 Checksum: e7233314983055e9018f94f56882e29e7fc34d8d35de030789fdcd9b2d0e2e56 clutter-1.26.2.tar.xz Additionally, a git clone of the source tree: git clone git://git.gnome.org/clutter will include a signed 1.26.2 tag which points to a commit named: 2faa83baf3ce9b9c94635311ad79944ab2a73c84 which can be verified with: git verify-tag 1.26.2 and can be checked out with a command such as: git checkout -b build 1.26.2 Clutter is a library for creating compelling, dynamic, and portable graphical user interfaces. Clutter is released under the terms of the GNU Lesser General Public License, version 2.1 or (at your option) later. Clutter depends on: GLib ≥ 2.44.0 JSON-GLib ≥ 0.12.0 Cogl ≥ 1.21.2 Cairo ≥ 1.14.0 Pango ≥ 1.30 Atk ≥ 2.5.3 Clutter also has platform-specific dependencies; for more information, see the README file included in the release. Documentation: Clutter: https://developer.gnome.org/clutter/stable/ Cookbook: https://developer.gnome.org/clutter-cookbook/1.26/ Release Notes: - This version is API and ABI compatible with the previous stable release of Clutter. - Installing the contents of this release will overwrite the files from the installation of the previous release of Clutter. - Bugs should be reported on the Clutter Bugzilla product, at: https://bugzilla.gnome.org/enter_bug.cgi?product=clutter • List of changes since Clutter 1.26.0 - Accept upper case 'A' when selecting all content in a Text actor This is similar to what GTK+ allows, and makes it easier to select text with Caps Lock enabled. - Use GDK API when using Wayland sub-surfaces The GDK backend on Wayland uses sub-surfaces to allow Cogl to manage the rendering surface; now that GDK exposes the necessary API, we can avoid using the Wayland API directly, and instead let GDK manage the surface for us. - Documentation fixes - Translation updates Danish, Basque, Chinese (Traditional), Occitan, Indonesian, Polish, Spanish, Slovak, Kazakh, British English, Croatian, Hungarian, Norwegian bokmål, Belarusian. • List of bugs fixed since Clutter 1.26.0 #766326 - text: Bind A in addition to a #768243 - Don't create the Cogl GLib source multiple times #768734 - actor: Clarify that add_effect() sinks floating references on the effect #781975 - Under Wayland, Totem spawns a new window without controls for some files and then gnome-shell crashes #759085 - seg fault in actor-graph test #774546 - [Wayland][gdk][stage] Use GDK API instead of Wayland directly #762888 - [PATCH] backend: check for wayland before x11 #772412 - clutter-script: Document support for top-level arrays #770288 - clutter-script: Add an example of translation in ClutterScript #768898 - clutter: Fix typo in docs for ClutterActor::queue-relayout Many thanks to: Piotr Drąg, Philip Withnall, Olivier Fourdan, Cédric Valmary, Fabio Tomat, Andika Triwidada, Ask Hjorth Larsen, Baurzhan Muftakhidinov, David King, Dušan Kazik, Florian Müllner, Gustavo Noronha Silva, Gábor Kelemen, Inaki Larranaga Murgoitio, Jeff Bai, Jeremy Bicha, Kjartan Maraas, Marc-Antoine Perennou, Nigel Taylor, Owen W. Taylor, Peter Mráz, Yuras Shumovich, gogo Have fun with Clutter! -- https://www.bassi.io [ ( -at -) ] ebassi [ ( -at -) gmail.com] _______________________________________________

Corsair One Pro (USA version) ------------------------------------------------------------ http://mailchi.mp/kitguru/corsair-one-pro-usa-version?e=872093acb5 http://www.kitguru.net Corsair One Pro (USA version) Corsair One started life as a concept for a new case and evolved into a fully built gaming PC. We have previously seen the Corsair Bulldog barebones but Corsair One is different as it is a fully functioning Windows 10 PC that requires no assembly. The aluminium tower is considerably smaller than you might expect and only stands 380mm high, which means you should have little difficulty finding room for it near your TV or stood on your desk. Inside you’ll find an Intel Core i7 and Nvidia graphics which each have their own liquid cooling set-up. Read the review here: http://www.kitguru.net/desktop-pc/leo-waldock/corsair-one-pro-usa-version/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend2.com/forward?u=bfb2b902b5fb045ad6f841f98&id=06b2850727&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.

*Corsair GLAIVE RGB game mouse review* We review the new 16K DPI Corsair Gaming GLAIVE RGB game mouse, the device is sturdy and aesthetically pleasing with configurable RGB LEDs and has a grip that is intensely impressive. Oh hey, and did we mention it has magnetic removable thumb grips already? Read the full review here <http://www.guru3d.com/articles-pages/corsair-glaive-rgb-game-mouse-review,1.html>'>http://www.guru3d.com/articles-pages/corsair-glaive-rgb-game-mouse-review,1.html> . URL: http://www.guru3d.com/articles-pages/corsair-glaive-rgb-game-mouse-review,1.html <http://www.guru3d.com/articles-pages/corsair-glaive-rgb-game-mouse-review,1.html> --

Corsair TX 750M Power Supply Review (80 Plus Gold) ------------------------------------------------------------ http://mailchi.mp/kitguru/corsair-tx-750m-power-supply-review-80-plus-gold?e=872093acb5 http://www.kitguru.net Corsair TX 750M Power Supply Review (80 Plus Gold) Today we test a Corsair power supply from their new TX-M series comprising a semi modular design, tight voltage control and 80 Plus Gold efficiency levels. Corsair say they have placed a lot of effort into reducing coil whine and are offering a 7 year warranty with this specific range of units. Read the review here: http://www.kitguru.net/components/power-supplies/zardon/corsair-tx-750m-power-supply-review-80-plus-gold/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=e009d9621e&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.

Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: Roccat Kone Pure Owl-Eye Link: https://www.techpowerup.com/reviews/Roccat/Kone_Pure_Owl_Eye Brief: Roccat's Kone Pure Owl-Eye can be considered a revamped Kone Optical or Military, using an updated PixArt 3361 sensor and more compact dimensions. This $70 mouse is also lighter and delivers outstanding precision and tracking performance. The mouse wheel is probably the best we ever used, both for scrolling and clicking.

** EpicGear Morpha X Modular Mouse Review ------------------------------------------------------------ ------------------------------------------------------------ http://mailchi.mp/kitguru/epicgear-morpha-x-modular-mouse-review?e=872093acb5 http://www.kitguru.net ** EpicGear Morpha X Modular Mouse Review ------------------------------------------------------------ EpicGear really likes modular peripherals. First we saw the DeFiant keyboard, which lets users change the mechanical switches on a per-key basis, and today we are looking at the Morpha X mouse. What makes the Morpha X modular is the fact that you can change pretty much everything about it – its colour, its weight, its button switches and even the sensor type. Read the review here: http://www.kitguru.net/peripherals/mouse/dominic-moass/epicgear-morpha-x-modular-mouse-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=1e49c7b660&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.

SUSE Security Update: Security update for MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1248-1 Rating: important References: #1015499 #1015547 #1021636 #1026102 #1030071 #1035082 #983639 Cross-References: CVE-2016-1950 CVE-2016-2834 CVE-2016-8635 CVE-2016-9574 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs: - Update to NSS 3.29.5: * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). * requires NSPR >= 4.13.1 - Update to NSS 3.29.3 * enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. * The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 * The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality: * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes: * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for "export" grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAs after October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. - Update to NSS 3.27.2 * Fixed SSL_SetTrustAnchors leaks (bmo#1318561) - raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636) - Update to NSS 3.26.2 New Functionality: * the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT * added support for the System-wide crypto policy available on Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of NSS without the libpkix library Notable Changes: * The following CA certificate was Added CN = ISRG Root X1 * NPN is disabled and ALPN is enabled by default * the NSS test suite now completes with the experimental TLS 1.3 code enabled * several test improvements and additions, including a NIST known answer test Changes in 3.26.2 * MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored. Previously, with rare server configurations, an MD5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after. - Update to NSS 3.25 New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 - Update to NSS 3.24 New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a "slot" into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version. * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType. * Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH. * Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages. * Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS. * Update NSS to protect it against the Cachebleed attack. * Disable support for DTLS compression. * Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use. - Update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. Notable changes: * The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA - G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA - G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - Update to NSS 3.22.3 * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) * Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. (CVE-2016-1950, bmo#1245528) - Update to NSS 3.22.2 New functionality: * RSA-PSS signatures are now supported (bmo#1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bmo#1009429) - CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547) Mozilla NSPR was updated to version 4.13.1: The previously released version 4.13 had changed pipes to be nonblocking by default, and as a consequence, PollEvent was changed to not block on clear. The NSPR development team received reports that these changes caused regressions in some applications that use NSPR, and it has been decided to revert the changes made in NSPR 4.13. NSPR 4.13.1 restores the traditional behavior of pipes and PollEvent. Mozilla NSPR update to version 4.13 had these changes: - PL_strcmp (and others) were fixed to return consistent results when one of the arguments is NULL. - PollEvent was fixed to not block on clear. - Pipes are always nonblocking. - PR_GetNameForIdentity: added thread safety lock and bound checks. - Removed the PLArena freelist. - Avoid some integer overflows. - fixed several comments. This update also contains java-1_8_0-openjdk that needed to be rebuilt against the new mozilla-nss version. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-748=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-748=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-748=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-748=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-748=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-748=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-748=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-748=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-748=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 libfreebl3-3.29.5-57.1 libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-demo-1.8.0.121-23.4 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-devel-1.8.0.121-23.4 java-1_8_0-openjdk-devel-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-demo-1.8.0.121-23.4 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-devel-1.8.0.121-23.4 java-1_8_0-openjdk-devel-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-demo-1.8.0.121-23.4 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-devel-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 References: https://www.suse.com/security/cve/CVE-2016-1950.html https://www.suse.com/security/cve/CVE-2016-2834.html https://www.suse.com/security/cve/CVE-2016-8635.html https://www.suse.com/security/cve/CVE-2016-9574.html https://www.suse.com/security/cve/CVE-2017-5429.html https://www.suse.com/security/cve/CVE-2017-5432.html https://www.suse.com/security/cve/CVE-2017-5433.html https://www.suse.com/security/cve/CVE-2017-5434.html https://www.suse.com/security/cve/CVE-2017-5435.html https://www.suse.com/security/cve/CVE-2017-5436.html https://www.suse.com/security/cve/CVE-2017-5437.html https://www.suse.com/security/cve/CVE-2017-5438.html https://www.suse.com/security/cve/CVE-2017-5439.html https://www.suse.com/security/cve/CVE-2017-5440.html https://www.suse.com/security/cve/CVE-2017-5441.html https://www.suse.com/security/cve/CVE-2017-5442.html https://www.suse.com/security/cve/CVE-2017-5443.html https://www.suse.com/security/cve/CVE-2017-5444.html https://www.suse.com/security/cve/CVE-2017-5445.html https://www.suse.com/security/cve/CVE-2017-5446.html https://www.suse.com/security/cve/CVE-2017-5447.html https://www.suse.com/security/cve/CVE-2017-5448.html https://www.suse.com/security/cve/CVE-2017-5459.html https://www.suse.com/security/cve/CVE-2017-5460.html https://www.suse.com/security/cve/CVE-2017-5461.html https://www.suse.com/security/cve/CVE-2017-5462.html https://www.suse.com/security/cve/CVE-2017-5464.html https://www.suse.com/security/cve/CVE-2017-5465.html https://www.suse.com/security/cve/CVE-2017-5469.html https://bugzilla.suse.com/1015499 https://bugzilla.suse.com/1015547 https://bugzilla.suse.com/1021636 https://bugzilla.suse.com/1026102 https://bugzilla.suse.com/1030071 https://bugzilla.suse.com/1035082 https://bugzilla.suse.com/983639 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1247-1 Rating: important References: #1003077 #1015703 #1021256 #1021762 #1023377 #1023762 #1023992 #1024938 #1025235 #1026024 #1026722 #1026914 #1027066 #1027149 #1027178 #1027189 #1027190 #1028415 #1028895 #1029986 #1030118 #1030213 #1030901 #1031003 #1031052 #1031440 #1031579 #1032344 #1033336 #914939 #954763 #968697 #979215 #983212 #989056 Cross-References: CVE-2015-1350 CVE-2016-10044 CVE-2016-10200 CVE-2016-10208 CVE-2016-2117 CVE-2016-3070 CVE-2016-5243 CVE-2016-7117 CVE-2016-9588 CVE-2017-2671 CVE-2017-5669 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 CVE-2017-6353 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7616 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has 10 fixes is now available. Description: The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacted with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215). - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bnc#1015703). - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914). - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bnc#1023762). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336). The following non-security bugs were fixed: - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986). - hwrng: virtio - ensure reads happen after successful probe (bsc#954763 bsc#1032344). - kgr/module: make a taint flag module-specific (fate#313296). - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415). - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415). - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415). - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415). - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 (bsc#1028415). - l2tp: lock socket before checking flags in connect() (bsc#1028415). - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118). - module: move add_taint_module() to a header file (fate#313296). - netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149). - nfs: flush out dirty data on file fput() (bsc#1021762). - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895). - powerpc: Reject binutils 2.24 when building little endian (boo#1028895). - revert "procfs: mark thread stack correctly in proc//maps" (bnc#1030901). - taint/module: Clean up global and module taint flags handling (fate#313296). - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-749=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-749=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-749=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.72.1 kernel-default-base-3.12.61-52.72.1 kernel-default-base-debuginfo-3.12.61-52.72.1 kernel-default-debuginfo-3.12.61-52.72.1 kernel-default-debugsource-3.12.61-52.72.1 kernel-default-devel-3.12.61-52.72.1 kernel-syms-3.12.61-52.72.1 kernel-xen-3.12.61-52.72.1 kernel-xen-base-3.12.61-52.72.1 kernel-xen-base-debuginfo-3.12.61-52.72.1 kernel-xen-debuginfo-3.12.61-52.72.1 kernel-xen-debugsource-3.12.61-52.72.1 kernel-xen-devel-3.12.61-52.72.1 kgraft-patch-3_12_61-52_72-default-1-2.1 kgraft-patch-3_12_61-52_72-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.72.1 kernel-macros-3.12.61-52.72.1 kernel-source-3.12.61-52.72.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.72.1 kernel-default-base-3.12.61-52.72.1 kernel-default-base-debuginfo-3.12.61-52.72.1 kernel-default-debuginfo-3.12.61-52.72.1 kernel-default-debugsource-3.12.61-52.72.1 kernel-default-devel-3.12.61-52.72.1 kernel-syms-3.12.61-52.72.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.72.1 kernel-macros-3.12.61-52.72.1 kernel-source-3.12.61-52.72.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.72.1 kernel-xen-base-3.12.61-52.72.1 kernel-xen-base-debuginfo-3.12.61-52.72.1 kernel-xen-debuginfo-3.12.61-52.72.1 kernel-xen-debugsource-3.12.61-52.72.1 kernel-xen-devel-3.12.61-52.72.1 kgraft-patch-3_12_61-52_72-default-1-2.1 kgraft-patch-3_12_61-52_72-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.72.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.72.1 kernel-ec2-debuginfo-3.12.61-52.72.1 kernel-ec2-debugsource-3.12.61-52.72.1 kernel-ec2-devel-3.12.61-52.72.1 kernel-ec2-extra-3.12.61-52.72.1 kernel-ec2-extra-debuginfo-3.12.61-52.72.1 References: https://www.suse.com/security/cve/CVE-2015-1350.html https://www.suse.com/security/cve/CVE-2016-10044.html https://www.suse.com/security/cve/CVE-2016-10200.html https://www.suse.com/security/cve/CVE-2016-10208.html https://www.suse.com/security/cve/CVE-2016-2117.html https://www.suse.com/security/cve/CVE-2016-3070.html https://www.suse.com/security/cve/CVE-2016-5243.html https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-9588.html https://www.suse.com/security/cve/CVE-2017-2671.html https://www.suse.com/security/cve/CVE-2017-5669.html https://www.suse.com/security/cve/CVE-2017-5897.html https://www.suse.com/security/cve/CVE-2017-5970.html https://www.suse.com/security/cve/CVE-2017-5986.html https://www.suse.com/security/cve/CVE-2017-6074.html https://www.suse.com/security/cve/CVE-2017-6214.html https://www.suse.com/security/cve/CVE-2017-6345.html https://www.suse.com/security/cve/CVE-2017-6346.html https://www.suse.com/security/cve/CVE-2017-6348.html https://www.suse.com/security/cve/CVE-2017-6353.html https://www.suse.com/security/cve/CVE-2017-7187.html https://www.suse.com/security/cve/CVE-2017-7261.html https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://www.suse.com/security/cve/CVE-2017-7616.html https://bugzilla.suse.com/1003077 https://bugzilla.suse.com/1015703 https://bugzilla.suse.com/1021256 https://bugzilla.suse.com/1021762 https://bugzilla.suse.com/1023377 https://bugzilla.suse.com/1023762 https://bugzilla.suse.com/1023992 https://bugzilla.suse.com/1024938 https://bugzilla.suse.com/1025235 https://bugzilla.suse.com/1026024 https://bugzilla.suse.com/1026722 https://bugzilla.suse.com/1026914 https://bugzilla.suse.com/1027066 https://bugzilla.suse.com/1027149 https://bugzilla.suse.com/1027178 https://bugzilla.suse.com/1027189 https://bugzilla.suse.com/1027190 https://bugzilla.suse.com/1028415 https://bugzilla.suse.com/1028895 https://bugzilla.suse.com/1029986 https://bugzilla.suse.com/1030118 https://bugzilla.suse.com/1030213 https://bugzilla.suse.com/1030901 https://bugzilla.suse.com/1031003 https://bugzilla.suse.com/1031052 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031579 https://bugzilla.suse.com/1032344 https://bugzilla.suse.com/1033336 https://bugzilla.suse.com/914939 https://bugzilla.suse.com/954763 https://bugzilla.suse.com/968697 https://bugzilla.suse.com/979215 https://bugzilla.suse.com/983212 https://bugzilla.suse.com/989056 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2017:1228-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2017:1228 Issue date: 2017-05-11 CVE Names: CVE-2017-5068 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 58.0.3029.96. Security Fix(es): * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5068) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1448031 - CVE-2017-5068 chromium-browser: race condition in webrtc 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-58.0.3029.96-1.el6_9.i686.rpm chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm x86_64: chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-58.0.3029.96-1.el6_9.i686.rpm chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm x86_64: chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-58.0.3029.96-1.el6_9.i686.rpm chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm x86_64: chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-5068 https://access.redhat.com/security/updates/classification/#important https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZFJFMXlSAg2UNWIIRAtjDAJwIXjcTHRZjHJfKlOYLjl35yL1CsQCfVR4Y 3I/wzStk0yuQ+NRPDE3XU0I= =ysSV -----END PGP SIGNATURE----- --

Hello editors, Today we're taking a look at XFX's factory overclocked Radeon RX 570 RS "XXX Edition", boasting 1264MHz "True" core and 7GHz memory clocks out of the box with the promise of even higher overclocking potential. Ringing in at under $200 USD, it's intended to deliver value for performance when it comes to 1080p gaming. https://www.neoseeker.com/Articles/Hardware/Reviews/xfx-rx-570-rs-4gb-xxx/ "This factory overclocked card runs at 1264 MHz right out of the box, which > XFX refers to as "True Clock", while the 4GB of memory run at 7000MHz. But > don't let these seemingly conservative numbers discourage you, this card is > XFX OC+ capable. What is that exactly you might ask? In a nut shell, it > means that the good folks at XFX spent sleepless nights making sure that > every one of these cards is rigorously tested at the factory level to go > beyond the True Clock speeds. And I can confirm this fact right here and > now!" > Thanks as always for any links, we appreciate your support! Neoseeker Hardware https://www.neoseeker.com/ hardware ( -at -) neoseeker.com

TITLE: ASRock X370 Killer SLI Review ( -at -) Vortez CONTENT: As Killer SLI is an X370 motherboard, it will enjoy a host of other features including RGB lighting, 8x VR-ready USB 3.1 ports, and a HDMI 1.4a port for when used with a (currently unreleased) APU. Finished off with stylish white on black design and RGB LED lighting (along with 2x additional RGB LED strip, there are plenty of customisation options available to those concerned with creating their dream system LINK: https://www.vortez.net/review.php?id=1299 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.

TITLE: Corsair ONE Pro Review ( -at -) Vortez CONTENT: In what could be regarded as a pillar of power, the ONE Pro is one of many prebuilt computer systems by Corsair which sits at the top of the pack. This compact PC is based on the Mini-ITX form factor and bears a strong lineup of features such as Intel's Core i7-7700K, 16GB DDR4 and the GTX 1080. LINK: https://www.vortez.net/review.php?id=1300 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.

SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1241-1 Rating: important References: #1013285 #1014109 #1014111 #1014702 #1015048 #1015169 #1016779 #1020491 #1020589 #1020928 #1021129 #1022541 #1023004 #1023053 #1023907 #1024972 #937125 Cross-References: CVE-2016-10155 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5525 CVE-2017-5526 CVE-2017-5667 CVE-2017-5856 CVE-2017-5898 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has four fixes is now available. Description: This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589) - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491) - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) These non-security issues were fixed: - Fix post script for qemu-guest-agent rpm to actually activate the guest agent at rpm install time - Fixed various inaccuracies in cirrus vga device emulation - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928) - Fixed virtio interface failure (bsc#1015048) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) - Fixed uint64 property parsing and add regression tests (bsc#937125) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-740=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-740=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): qemu-2.3.1-32.11 qemu-block-curl-2.3.1-32.11 qemu-block-curl-debuginfo-2.3.1-32.11 qemu-debugsource-2.3.1-32.11 qemu-guest-agent-2.3.1-32.11 qemu-guest-agent-debuginfo-2.3.1-32.11 qemu-lang-2.3.1-32.11 qemu-tools-2.3.1-32.11 qemu-tools-debuginfo-2.3.1-32.11 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): qemu-kvm-2.3.1-32.11 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): qemu-ppc-2.3.1-32.11 qemu-ppc-debuginfo-2.3.1-32.11 - SUSE Linux Enterprise Server 12-SP1 (noarch): qemu-ipxe-1.0.0-32.11 qemu-seabios-1.8.1-32.11 qemu-sgabios-8-32.11 qemu-vgabios-1.8.1-32.11 - SUSE Linux Enterprise Server 12-SP1 (x86_64): qemu-block-rbd-2.3.1-32.11 qemu-block-rbd-debuginfo-2.3.1-32.11 qemu-x86-2.3.1-32.11 - SUSE Linux Enterprise Server 12-SP1 (s390x): qemu-s390-2.3.1-32.11 qemu-s390-debuginfo-2.3.1-32.11 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): qemu-ipxe-1.0.0-32.11 qemu-seabios-1.8.1-32.11 qemu-sgabios-8-32.11 qemu-vgabios-1.8.1-32.11 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): qemu-2.3.1-32.11 qemu-block-curl-2.3.1-32.11 qemu-block-curl-debuginfo-2.3.1-32.11 qemu-debugsource-2.3.1-32.11 qemu-kvm-2.3.1-32.11 qemu-tools-2.3.1-32.11 qemu-tools-debuginfo-2.3.1-32.11 qemu-x86-2.3.1-32.11 References: https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5525.html https://www.suse.com/security/cve/CVE-2017-5526.html https://www.suse.com/security/cve/CVE-2017-5667.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5898.html https://bugzilla.suse.com/1013285 https://bugzilla.suse.com/1014109 https://bugzilla.suse.com/1014111 https://bugzilla.suse.com/1014702 https://bugzilla.suse.com/1015048 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/1020491 https://bugzilla.suse.com/1020589 https://bugzilla.suse.com/1020928 https://bugzilla.suse.com/1021129 https://bugzilla.suse.com/1022541 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1023053 https://bugzilla.suse.com/1023907 https://bugzilla.suse.com/1024972 https://bugzilla.suse.com/937125 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

TITLE: Tesoro Excalibur SE Spectrum Review ( -at -) Vortez CONTENT: The Excalibur SE Spectrum itself has some other tricks up its sleeve too, including RGB lighting and a driverless design, not to mention that the switches are hot-swappable, allowing you to easily remote the switches and replace them with other types depending on preference. LINK: https://www.vortez.net/review.php?id=1298 ---------------------------------------------------------------------------- -------------------- Please post this news item in your news section. Thank you.

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u21 CVE ID : CVE-2016-9603 CVE-2017-7718 CVE-2017-7980 Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware based on Quick Emulator(Qemu). The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9603 qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support is vulnerable to a heap buffer overflow issue. It could occur when Vnc client attempts to update its display after a vga operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the Qemu process resulting in DoS OR potentially leverage it to execute arbitrary code on the host with privileges of the Qemu process. CVE-2017-7718 qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt functions cirrus_bitblt_rop_fwd_transp_ and/or cirrus_bitblt_rop_fwd_. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. CVE-2017-7980 qemu-kvm built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds r/w access issues. It could occur while copying VGA data via various bitblt functions. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS OR potentially execute arbitrary code on a host with privileges of Qemu process on the host. For Debian 7 "Wheezy", these problems have been fixed in version 1.1.2+dfsg-6+deb7u21. We recommend that you upgrade your qemu-kvm packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Hardware Canucks is pleased to present our review of the new Fractal Design Celsius S36 AIO cooler. *Article URL:* http://www.hardwarecanucks.com/forum/hardware-canucks-reviews/75288-fractal-design-celsius-s36-aio-review.html *Quote: * *All in one water CPU coolers are everywhere these days but Fractal Design's new Celsius S36 dares to do things differently. At 360mm, it may be long but its price to performance is incredible.* We would appreciate it if you would post this in your News section. Regards, -- Hardware Canucks News Team

Title: AZiO MK Retro Typewriter Mechanical Keyboard Review ( -at -) NikKTech Description: With the MK Retro typewriter mechanical keyboard AZiO takes us for a trip down memory lane and although it leaves us asking for me we do feel they're on the right track. Article Link: http://www.nikktech.com/main/articles/peripherals/keyboards/7753-azio-mk-ret ro-typewriter-mechanical-keyboard-review Image Link: http://www.nikktech.com/main/images/pics/reviews/azio/mk_retro/azio_mk_retro b.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas

Title: AZiO MK Retro Typewriter Mechanical Keyboard Review ( -at -) NikKTech Description: With the MK Retro typewriter mechanical keyboard AZiO takes us for a trip down memory lane and although it leaves us asking for me we do feel they're on the right track. Article Link: http://www.nikktech.com/main/articles/peripherals/keyboards/7753-azio-mk-ret ro-typewriter-mechanical-keyboard-review Image Link: http://www.nikktech.com/main/images/pics/reviews/azio/mk_retro/azio_mk_retro b.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas