Jump to content
Compatible Support Forums

news

Members
 View Profile  See their activity

  • Content count

    80899

  • Joined

  • Last visited

    Never

  • Days Won

    18

Everything posted by news

  1. news
    A news post would be great. OCC has published a review on the ECS LIVA Z Plus Here is a quote from the review: Quote: â€ÂBack to the topic at hand! This being the second LIVA I had the pleasure to review, the process of setting up and getting real-world use out of it was much easier the second time around. I'm not saying it was overly complicated, but I spent a lot less time reading about SoC architectures in preparation for this review.The one thing that threw me off was the inclusion of Intel vPro technology. Going to Intels website has never helped in the past and it was no different this time. Using phases like "Strengthen Software Security from the Inside" and "Lighten Your Heaviest Workloads" isn't helpful on a website solely designed to sell you a product. After some Googling, I found out that it is basically an advanced remote desktop. The reason I bring this up is because the LIVA Z i5 7300U model just gained a whole new untapped market. The average consumer will never use the features and quite honestly, only businesses are going to be on the look out for such features. That being said, at my day job, the company bought a few used UCFF (Ultra-Compact Form Factor) PCs left over from an oil drilling company. It is not unheard of for companies to use this type of computers because they are low power and generally solid state, meaning no moving parts. Add in the ability to remote into the device in a secure fashion with offsite management and it becomes very desirable to IT workers out in the field.†Title: ECS LIVA Z Plus Review Link: http://www.overclockersclub.com/reviews/ecs_liva_z_plus_i5_7300u/ Img: http://www.overclockersclub.com/siteimages/articles/ecs_liva_z_plus_i5_7300u/3_thumb.jpg
  2. news
    View this email in your browser (http://mailchi.mp/b37575dc1e18/anidees-ai-crystal-cube-lite-case-review?e=8138df6da5) ** Benchmark Reviews Presents: ------------------------------------------------------------ TITLE: Anidees AI Crystal Cube Lite Case Review (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=66c03439cb&e=8138df6da5) QUOTE: With tempered glass becoming a trend on modern computer cases, the Anidees AI Crystal Cube Lite certainly stands out from the crowd with its 5mm thick tempered glass panels. But what exactly is Anidees? This design company was founded in 2011. It is popular in European countries, such as Germany, France, and more. Most people may not have heard of Anidees, but the company strives to provide great quality products by listening to ideas from people like you and me. With that in mind, the Crystal Cube Lite looks very promising with its flexible water and air cooling capabilities, glass panels, and small form-factor design. In this article for Benchmark Reviews, we will be taking a look at the AI Crystal Cube Lite case to see what Anidees has in store for us. LINK: http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=15e6267f82&e=8138df6da5 IMAGE: http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=e2c2ff64ac&e=8138df6da5 ============================================================ ** (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=e9f36a81ab&e=8138df6da5) ** (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=89ed6f6da0&e=8138df6da5) ** (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=f5112058ef&e=8138df6da5)
  3. news
    Title: OZONE Neon M50 Optical Pro Gaming Mouse Review ( -at -) NikKTech Description: Ozone Gaming is behind yet another high-performance pro gaming mouse aimed towards serious gamers and this time it's also RGB illuminated. Article Link: http://www.nikktech.com/main/articles/peripherals/mice/7748-ozone-neon-m50-o ptical-pro-gaming-mouse-review Image Link: http://www.nikktech.com/main/images/pics/reviews/ozone/neon_m50/ozone_neon_m 50a.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas
  4. news
    Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: Prey Performance Analysis Link: https://www.techpowerup.com/reviews/Performance_Analysis/Prey Brief: We test Prey on 14 graphics cards at 1080p, 1440p and 4K using highest settings and also take a look at VRAM usage, which is surprisingly modest. The article also describes how to adjust the field of view (which can't be changed in-game), how to remove the hidden FPS cap and how to skip the intro.
  5. news
    -------- CORSAIR GAMING GLAIVE RGB OPTICAL MOUSE REVIEW ( -at -) APH NETWORKS ------- Hello everyone! APH Networks has published a new review that your readers might enjoy. A post in your site's news section would be greatly appreciated! Don't forget to send your site news to us. As we promise to post your news articles on APH Networks periodically, we would certainly appreciate it if you do the same as well. Thank you for your support in advance! * Title: Corsair Gaming Glaive RGB Optical Mouse Review ( -at -) APH Networks * Description: Featuring some top notch hardware under the hood for an MSRP of $70, if the Corsair Gaming Glaive RGB fits your hand, then it will be a mouse that fits the bill, too. * Link: http://aphnetworks.com/reviews/corsair-gaming-glaive-rgb * Image: http://aphnetworks.com/review/corsair-gaming-glaive-rgb/007.JPG Best Regards, Jonathan Kwan Editor-in-Chief APH Networks Inc. http://aphnetworks.com -- Unsubscribe from this newsletter: http://aphnetworks.com/newsletter/confirm/remove/c77c84bd425t5
  6. news
    Fierce PC Blackfire Hammerhead (R5 1500X/RX 580) System Review ------------------------------------------------------------ http://mailchi.mp/kitguru/fierce-pc-blackfire-hammerhead-r5-1500xrx-580-system-review?e=872093acb5 http://www.kitguru.net Fierce PC Blackfire Hammerhead (R5 1500X/RX 580) System Review With both AMD’s RX 500-series GPUs and Ryzen 5 processors launching over the past few weeks, Fierce PC thought it would be a good idea to bring both components together in an all-AMD gaming rig. Priced at £1199.95, does the Blackfire Hammerhead hit the price-to-performance sweet-spot? Read the review here: http://www.kitguru.net/desktop-pc/gaming-rig/dominic-moass/fierce-pc-blackfire-hammerhead-r5-1500xrx-580-system-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=d797e8bdb6&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  7. news
    Fierce PC Blackfire Hammerhead (R5 1500X/RX 580) System Review ------------------------------------------------------------ http://mailchi.mp/kitguru/fierce-pc-blackfire-hammerhead-r5-1500xrx-580-system-review?e=872093acb5 http://www.kitguru.net Fierce PC Blackfire Hammerhead (R5 1500X/RX 580) System Review With both AMD’s RX 500-series GPUs and Ryzen 5 processors launching over the past few weeks, Fierce PC thought it would be a good idea to bring both components together in an all-AMD gaming rig. Priced at £1199.95, does the Blackfire Hammerhead hit the price-to-performance sweet-spot? Read the review here: http://www.kitguru.net/desktop-pc/gaming-rig/dominic-moass/fierce-pc-blackfire-hammerhead-r5-1500xrx-580-system-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=d797e8bdb6&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  8. news
    CentOS Errata and Enhancement Advisory 2017:1194 Upstream details at : https://rhn.redhat.com/errata/RHEA-2017-1194.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: ead8dfcb3828518aed74380b77d990bb193ee63417354c20c4b91b2ef95a720f kmod-redhat-ixgbevf-3.2.2_k_rh7.4_z-1.el7_3.x86_64.rpm Source: dccc0b49f0cdf5751526307d6572aec90d0b28cad6c0137898affeb6ed6cdf2b kmod-redhat-ixgbevf-3.2.2_k_rh7.4_z-1.el7_3.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos ( -at -) irc.freenode.net Twitter: ( -at -) JohnnyCentOS _______________________________________________
  9. news
    CentOS Errata and Enhancement Advisory 2017:1194 Upstream details at : https://rhn.redhat.com/errata/RHEA-2017-1194.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: cd47bdab22ce9c387beaf066c0e36d63633b07bfcbcad4bda1dac53c74a095e2 kmod-redhat-ixgbe-4.4.0_k_rh7.4_z-2.el7_3.x86_64.rpm Source: 6566b60dd49a2156360e3c60e819acf37c652c931d5d52f995c8dd7d225486e4 kmod-redhat-ixgbe-4.4.0_k_rh7.4_z-2.el7_3.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos ( -at -) irc.freenode.net Twitter: ( -at -) JohnnyCentOS _______________________________________________
  10. news
    SUSE Security Update: Security update for MozillaFirefox, mozilla-nss, mozilla-nspr ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1175-1 Rating: important References: #1015499 #1015547 #1021636 #1030071 #1035082 #983639 Cross-References: CVE-2016-1950 CVE-2016-2834 CVE-2016-8635 CVE-2016-9574 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs: - Update to NSS 3.29.5: * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). * requires NSPR >= 4.13.1 - Update to NSS 3.29.3 * enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. * The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 * The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality: * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes: * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for "export" grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAs after October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. - Update to NSS 3.27.2 * Fixed SSL_SetTrustAnchors leaks (bmo#1318561) - raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636) - Update to NSS 3.26.2 New Functionality: * the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT * added support for the System-wide crypto policy available on Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of NSS without the libpkix library Notable Changes: * The following CA certificate was Added CN = ISRG Root X1 * NPN is disabled and ALPN is enabled by default * the NSS test suite now completes with the experimental TLS 1.3 code enabled * several test improvements and additions, including a NIST known answer test Changes in 3.26.2 * MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored. Previously, with rare server configurations, an MD5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after. - Update to NSS 3.25 New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 - Update to NSS 3.24 New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a "slot" into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version. * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType. * Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH. * Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages. * Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS. * Update NSS to protect it against the Cachebleed attack. * Disable support for DTLS compression. * Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use. - Update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. Notable changes: * The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA - G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA - G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - Update to NSS 3.22.3 * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) * Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. (CVE-2016-1950, bmo#1245528) - Update to NSS 3.22.2 New functionality: * RSA-PSS signatures are now supported (bmo#1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bmo#1009429) - CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547) Mozilla NSPR was updated to version 4.13.1: The previously released version 4.13 had changed pipes to be nonblocking by default, and as a consequence, PollEvent was changed to not block on clear. The NSPR development team received reports that these changes caused regressions in some applications that use NSPR, and it has been decided to revert the changes made in NSPR 4.13. NSPR 4.13.1 restores the traditional behavior of pipes and PollEvent. Mozilla NSPR update to version 4.13 had these changes: - PL_strcmp (and others) were fixed to return consistent results when one of the arguments is NULL. - PollEvent was fixed to not block on clear. - Pipes are always nonblocking. - PR_GetNameForIdentity: added thread safety lock and bound checks. - Removed the PLArena freelist. - Avoid some integer overflows. - fixed several comments. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-MozillaFirefox-13090=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-MozillaFirefox-13090=1 - SUSE Manager 2.1: zypper in -t patch sleman21-MozillaFirefox-13090=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-13090=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-13090=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-13090=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-13090=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-13090=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-13090=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libfreebl3-32bit-3.29.5-46.1 libsoftokn3-3.29.5-46.1 libsoftokn3-32bit-3.29.5-46.1 mozilla-nspr-32bit-4.13.1-32.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-32bit-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Manager Proxy 2.1 (x86_64): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libfreebl3-32bit-3.29.5-46.1 libsoftokn3-3.29.5-46.1 libsoftokn3-32bit-3.29.5-46.1 mozilla-nspr-32bit-4.13.1-32.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-32bit-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Manager 2.1 (s390x x86_64): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libfreebl3-32bit-3.29.5-46.1 libsoftokn3-3.29.5-46.1 libsoftokn3-32bit-3.29.5-46.1 mozilla-nspr-32bit-4.13.1-32.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-32bit-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-45.9.0esr-71.2 mozilla-nspr-devel-4.13.1-32.1 mozilla-nss-devel-3.29.5-46.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libsoftokn3-3.29.5-46.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libfreebl3-32bit-3.29.5-46.1 libsoftokn3-32bit-3.29.5-46.1 mozilla-nspr-32bit-4.13.1-32.1 mozilla-nss-32bit-3.29.5-46.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.29.5-46.1 libsoftokn3-x86-3.29.5-46.1 mozilla-nspr-x86-4.13.1-32.1 mozilla-nss-x86-3.29.5-46.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libsoftokn3-3.29.5-46.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.29.5-46.1 libsoftokn3-32bit-3.29.5-46.1 mozilla-nspr-32bit-4.13.1-32.1 mozilla-nss-32bit-3.29.5-46.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libsoftokn3-3.29.5-46.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-45.9.0esr-71.2 MozillaFirefox-debugsource-45.9.0esr-71.2 mozilla-nspr-debuginfo-4.13.1-32.1 mozilla-nspr-debugsource-4.13.1-32.1 mozilla-nss-debuginfo-3.29.5-46.1 mozilla-nss-debugsource-3.29.5-46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): mozilla-nspr-debuginfo-32bit-4.13.1-32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): mozilla-nspr-debuginfo-x86-4.13.1-32.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.9.0esr-71.2 MozillaFirefox-debugsource-45.9.0esr-71.2 mozilla-nspr-debuginfo-4.13.1-32.1 mozilla-nspr-debugsource-4.13.1-32.1 mozilla-nss-debuginfo-3.29.5-46.1 mozilla-nss-debugsource-3.29.5-46.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): mozilla-nspr-debuginfo-32bit-4.13.1-32.1 References: https://www.suse.com/security/cve/CVE-2016-1950.html https://www.suse.com/security/cve/CVE-2016-2834.html https://www.suse.com/security/cve/CVE-2016-8635.html https://www.suse.com/security/cve/CVE-2016-9574.html https://www.suse.com/security/cve/CVE-2017-5429.html https://www.suse.com/security/cve/CVE-2017-5432.html https://www.suse.com/security/cve/CVE-2017-5433.html https://www.suse.com/security/cve/CVE-2017-5434.html https://www.suse.com/security/cve/CVE-2017-5435.html https://www.suse.com/security/cve/CVE-2017-5436.html https://www.suse.com/security/cve/CVE-2017-5437.html https://www.suse.com/security/cve/CVE-2017-5438.html https://www.suse.com/security/cve/CVE-2017-5439.html https://www.suse.com/security/cve/CVE-2017-5440.html https://www.suse.com/security/cve/CVE-2017-5441.html https://www.suse.com/security/cve/CVE-2017-5442.html https://www.suse.com/security/cve/CVE-2017-5443.html https://www.suse.com/security/cve/CVE-2017-5444.html https://www.suse.com/security/cve/CVE-2017-5445.html https://www.suse.com/security/cve/CVE-2017-5446.html https://www.suse.com/security/cve/CVE-2017-5447.html https://www.suse.com/security/cve/CVE-2017-5448.html https://www.suse.com/security/cve/CVE-2017-5459.html https://www.suse.com/security/cve/CVE-2017-5460.html https://www.suse.com/security/cve/CVE-2017-5461.html https://www.suse.com/security/cve/CVE-2017-5462.html https://www.suse.com/security/cve/CVE-2017-5464.html https://www.suse.com/security/cve/CVE-2017-5465.html https://www.suse.com/security/cve/CVE-2017-5469.html https://bugzilla.suse.com/1015499 https://bugzilla.suse.com/1015547 https://bugzilla.suse.com/1021636 https://bugzilla.suse.com/1030071 https://bugzilla.suse.com/1035082 https://bugzilla.suse.com/983639 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  11. news
    Corsair Glaive RGB Gaming Mouse Review ( -at -) ThinkComputers.org Review Link: http://www.thinkcomputers.org/corsair-glaive-rgb-gaming-mouse-review/ Image URL: http://www.thinkcomputers.org/reviews/corsair_glaive/email.jpg Alt Image URL: http://www.thinkcomputers.org/reviews/corsair_glaive/small.jpg Quote: "When you think of Corsair gaming products the first thing you probably think about is their gaming keyboards, but their gaming mice are pretty great too. I am actually still using their Scimitar Pro RGB as my everyday mouse. Today Corsair is introducing a brand new gaming mouse, the Glaive RGB. Glaive has been designed specifically for FPS and MOBA gamers to deliver ultimate performance as well as comfort. It features a 16000 DPI optical sensor, interchangeable thumb grips, OMRON switches, 6 programmable buttons, and the ability to save profiles on the mouse itself. Let’s see if this is the ultimate gaming mouse!"
  12. news
    ** Raijintek Asterion Plus Aluminium Case – Black Window ------------------------------------------------------------ ------------------------------------------------------------ http://mailchi.mp/kitguru/raijintek-asterion-plus-aluminium-case-black-window?e=872093acb5 http://www.kitguru.net ** Raijintek Asterion Plus Aluminium Case – Black Window ------------------------------------------------------------ The Raijintek Asterion is a lovely looking chassis, it is crafted from aluminum and inside there is enough physical depth to install a CPU cooler up to 180mm high. There is also the option for either a closed liquid cooling loop or even custom loop with space at both the top and front with room for a 360mm Radiator. The Asterion Plus features a hinged door system for ease of access on both sides of the case, something we delve into later in the review. Read the review here: http://www.kitguru.net/components/cases/dale-shaughnessy/raijintek-asterion-plus-aluminium-case-black-window/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=73ffb97249&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  13. news
    <http://www.eteknix.com> HyperX CLOUD Revolver S Pro Gaming Headset Review HyperX takes their pro gaming seriously and having sponsored many winning eSports teams around the world; they have more than a few friends who know a thing or two about what makes a great gaming peripheral. We've seen a fair few headsets from HyperX over the years, including the highly praised and award-winning CloudX <http://www.eteknix.com/hyperx-cloudx-pro-gaming-headset-review/> , Cloud II <http://www.eteknix.com/kingston-cloud-ii-gaming-headset-review/> , Revolver <http://www.eteknix.com/hyperx-cloud-revolver-pro-gaming-headset-review/> , Stinger <http://www.eteknix.com/hyperx-cloud-stringer-multi-format-gaming-headset-review/> , and now the latest addition to the collection, the high-end CLOUD Revolver S Pro, which promises Dolby 7.1 Virtual Surround, a built-in DSP sound card, powerful 50mm drivers, and much more! URL - http://www.eteknix.com/hyperx-cloud-revolver-s-pro-gaming-headset-review/ --
  14. news
    <http://www.eteknix.com> Toshiba N300 6TB NAS HDD Review Toshiba released their new N300 series of hard disk drives designed for use with NAS devices a little while ago, and I'm pleased to have the 6TB capacity version in my lab for a closer look and some benchmarking today. Toshiba is one of the largest growing storage companies at the moment and we already had a look at their X300 desktop series a little while ago. Today we're moving towards headless units with the N300 series designed for NAS usage. Toshiba worked closely with NAS manufacturers in order to deliver a product that is optimised for NAS usage, and the N300 is just that. It is certified for 24/7/365 usage in multi-RAID systems with up to 8 hard disk drives. Whether it is for streaming, backup, or archiving, the N300 delivers. URL - http://www.eteknix.com/toshiba-n300-6tb-nas-hdd-review/ --
  15. news
    ** MSI Z270 Gaming M3 Motherboard Review ------------------------------------------------------------ ------------------------------------------------------------ http://mailchi.mp/kitguru/msi-z270-gaming-m3-motherboard-review?e=872093acb5 http://www.kitguru.net ** MSI Z270 Gaming M3 Motherboard Review ------------------------------------------------------------ New AMD motherboards and Ryzen processors have been gathering the limelight for the past few weeks but there is still a fiercely-contested battle under way between Intel and AMD. Adding fuel to the fire are motherboard vendors who are jostling for a position in which they can enjoy the spoils of an in-demand platform. We examine MSI’s competitively-priced, mid-range Z270 Gaming M3 motherboard to see what it brings to the table. Read the review here: http://www.kitguru.net/components/motherboard/luke-hill/msi-z270-gaming-m3-motherboard-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=af0114ee97&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  16. news
    Title: NikKTech & AVM Network Upgrade EU Giveaway ( -at -) NikKTech Description: Our EU followers and readers have every right to be happy this May since up for grabs today we have 4 top of the line FRITZ! network devices by our good friends over at AVM. Article Link: http://www.nikktech.com/main/contests/7747-69-nikktech-avm-network-upgrade-e u-giveaway Image Link: http://www.nikktech.com/main/images/pics/contests/020517/02052017.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas
  17. news
    A news post would be great. OCC has published a article on Sins of a Solar Empire: Rebellion - Producer Interview Here is a quote from the article: Quote: â€ÂSins of a Solar Empire: Rebellion recently celebrated its five-year anniversary, and to mark the occasion, Ironclad Games and Stardock released a Modernization patch. With this update came 4K UI scaling, the ability for the game to use 4 GB of RAM, where before it was limited to 2 GB, and many optimizations and tweaks to the graphics, performance, and gameplay. Along with this patch came an opportunity, as Stardock PR offered to set up an interview with series producer Blair Fraser. I was not going to pass this up.†Title: Sins of a Solar Empire: Rebellion - Producer Interview Link: http://www.overclockersclub.com/guides/sins_producer_interview/ Img: http://www.overclockersclub.com/siteimages/articles/sins_producer_interview/008_thumb.jpg
  18. news
    View this email in your browser (http://mailchi.mp/36da3dda89b7/phanteks-enthoo-evolv-matx-tempered-glass-review?e=8138df6da5) ** Benchmark Reviews Presents: ------------------------------------------------------------ TITLE: Phanteks Enthoo EVOLV mATX Tempered Glass Review (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=e4ec9323d0&e=8138df6da5) QUOTE: In this article for Benchmark Reviews, I will be going over the differences between the TG Edition and the mATX version of the case currently on the market. Let’s see how the Enthoo EVOLV mATX TG Edition holds up to scrutiny. The Enthoo EVOLV mATX TG Edition includes RGB compatibility with Asus Aura Sync and MSI Mystic Light Sync motherboards. The TG Edition carries over it’s great water cooling capabilities from the mATX version and comes in 3 colors: Satin Black, Anthracite Grey, and Galaxy Silver. LINK: http://benchmarkreviews.us10.list-manage1.com/track/click?u=9a2f239b17114c9008e3dfda9&id=f27e6cdfaa&e=8138df6da5 IMAGE: http://benchmarkreviews.us10.list-manage1.com/track/click?u=9a2f239b17114c9008e3dfda9&id=58f2fc869a&e=8138df6da5 ============================================================ ** (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=7ca4ef0c59&e=8138df6da5) ** (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=f56b6e1c14&e=8138df6da5) ** (http://benchmarkreviews.us10.list-manage.com/track/click?u=9a2f239b17114c9008e3dfda9&id=15461a3f2a&e=8138df6da5)
  19. news
    Fnatic Rush Pro Silent Keyboard Review ------------------------------------------------------------ http://mailchi.mp/kitguru/fnatic-rush-pro-silent-keyboard-review?e=872093acb5 http://www.kitguru.net Fnatic Rush Pro Silent Keyboard Review Fnatic Gear has quickly earned a good reputation for producing quality gaming peripherals. Today we are looking at a new keyboard from the company, the Rush Pro Silent. Very similar to the original Rush Pro, this new version differentiates itself by using Cherry MX Silent switches. Coming in at £89.99, is Read the review here: http://www.kitguru.net/peripherals/keyboards/dominic-moass/fnatic-rush-pro-silent-keyboard-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend1.com/forward?u=bfb2b902b5fb045ad6f841f98&id=56308c1c87&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.
  20. news
    SUSE Security Update: Security update for graphite2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1149-1 Rating: important References: #1035204 Cross-References: CVE-2017-5436 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphite2 fixes one issue. This security issues was fixed: - CVE-2017-5436: An out-of-bounds write triggered with a maliciously crafted Graphite font could lead to a crash or potentially code execution (bsc#1035204). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-668=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-668=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-668=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-668=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-668=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-668=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-668=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 graphite2-devel-1.3.1-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 graphite2-devel-1.3.1-9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 References: https://www.suse.com/security/cve/CVE-2017-5436.html https://bugzilla.suse.com/1035204 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  21. news
    SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1143-1 Rating: important References: #1022703 #1028655 #1029827 #1030144 #1034843 #1034844 #1034994 #1036146 Cross-References: CVE-2016-9603 CVE-2017-7718 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) These non-security issues were fixed: - bsc#1029827: Additional xenstore patch - bsc#1036146: Xen VM dumped core to wrong path - bsc#1022703: Prevent Xen HVM guest with OVMF to hang with unattached CDRom Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-663=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-663=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-663=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): xen-debugsource-4.7.2_04-39.1 xen-devel-4.7.2_04-39.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): xen-4.7.2_04-39.1 xen-debugsource-4.7.2_04-39.1 xen-doc-html-4.7.2_04-39.1 xen-libs-32bit-4.7.2_04-39.1 xen-libs-4.7.2_04-39.1 xen-libs-debuginfo-32bit-4.7.2_04-39.1 xen-libs-debuginfo-4.7.2_04-39.1 xen-tools-4.7.2_04-39.1 xen-tools-debuginfo-4.7.2_04-39.1 xen-tools-domU-4.7.2_04-39.1 xen-tools-domU-debuginfo-4.7.2_04-39.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xen-4.7.2_04-39.1 xen-debugsource-4.7.2_04-39.1 xen-libs-32bit-4.7.2_04-39.1 xen-libs-4.7.2_04-39.1 xen-libs-debuginfo-32bit-4.7.2_04-39.1 xen-libs-debuginfo-4.7.2_04-39.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-7718.html https://bugzilla.suse.com/1022703 https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1034843 https://bugzilla.suse.com/1034844 https://bugzilla.suse.com/1034994 https://bugzilla.suse.com/1036146 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  22. news
    SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1145-1 Rating: important References: #1028655 #1029827 #1030144 #1034843 #1034844 #1034845 #1034994 #1035483 Cross-References: CVE-2016-9603 CVE-2017-7718 CVE-2017-7980 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) These non-security issues were fixed: - bsc#1029827: Additional xenstore patch Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-13084=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-13084=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-13084=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_18-57.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_18_3.0.101_97-57.1 xen-libs-4.4.4_18-57.1 xen-tools-domU-4.4.4_18-57.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_18-57.1 xen-doc-html-4.4.4_18-57.1 xen-libs-32bit-4.4.4_18-57.1 xen-tools-4.4.4_18-57.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_18_3.0.101_97-57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_18-57.1 xen-debugsource-4.4.4_18-57.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1034843 https://bugzilla.suse.com/1034844 https://bugzilla.suse.com/1034845 https://bugzilla.suse.com/1034994 https://bugzilla.suse.com/1035483 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  23. news
    SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1146-1 Rating: important References: #1028655 #1033948 #1034843 #1034844 #1034845 #1034994 #1035483 Cross-References: CVE-2016-9603 CVE-2017-7718 CVE-2017-7980 CVE-2017-7995 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for xen fixes several security issues: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-xen-13085=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-xen-13085=1 - SUSE Manager 2.1: zypper in -t patch sleman21-xen-13085=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-13085=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-13085=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): xen-4.2.5_21-41.1 xen-doc-html-4.2.5_21-41.1 xen-doc-pdf-4.2.5_21-41.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1 xen-libs-32bit-4.2.5_21-41.1 xen-libs-4.2.5_21-41.1 xen-tools-4.2.5_21-41.1 xen-tools-domU-4.2.5_21-41.1 - SUSE Manager Proxy 2.1 (x86_64): xen-4.2.5_21-41.1 xen-doc-html-4.2.5_21-41.1 xen-doc-pdf-4.2.5_21-41.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1 xen-libs-32bit-4.2.5_21-41.1 xen-libs-4.2.5_21-41.1 xen-tools-4.2.5_21-41.1 xen-tools-domU-4.2.5_21-41.1 - SUSE Manager 2.1 (x86_64): xen-4.2.5_21-41.1 xen-doc-html-4.2.5_21-41.1 xen-doc-pdf-4.2.5_21-41.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1 xen-libs-32bit-4.2.5_21-41.1 xen-libs-4.2.5_21-41.1 xen-tools-4.2.5_21-41.1 xen-tools-domU-4.2.5_21-41.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1 xen-libs-4.2.5_21-41.1 xen-tools-domU-4.2.5_21-41.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-41.1 xen-doc-html-4.2.5_21-41.1 xen-doc-pdf-4.2.5_21-41.1 xen-libs-32bit-4.2.5_21-41.1 xen-tools-4.2.5_21-41.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-41.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-41.1 xen-libs-4.2.5_21-41.1 xen-tools-domU-4.2.5_21-41.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://www.suse.com/security/cve/CVE-2017-7995.html https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1033948 https://bugzilla.suse.com/1034843 https://bugzilla.suse.com/1034844 https://bugzilla.suse.com/1034845 https://bugzilla.suse.com/1034994 https://bugzilla.suse.com/1035483 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  24. news
    SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1147-1 Rating: important References: #1015348 #1022555 #1026636 #1027519 #1027570 #1028235 #1028655 #1029827 #1030144 #1030442 #1034843 #1034844 #1034845 #1034994 #1035483 Cross-References: CVE-2016-9603 CVE-2017-2633 CVE-2017-6414 CVE-2017-6505 CVE-2017-7718 CVE-2017-7980 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 9 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) These non-security issues were fixed: - bsc#1027519: Missing upstream bug fixes - bsc#1015348: libvirtd does not start during boot - bsc#1022555: Timeout in "execution of /etc/xen/scripts/block add Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-661=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-661=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-661=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): xen-debugsource-4.5.5_10-22.14.1 xen-devel-4.5.5_10-22.14.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): xen-4.5.5_10-22.14.1 xen-debugsource-4.5.5_10-22.14.1 xen-doc-html-4.5.5_10-22.14.1 xen-kmp-default-4.5.5_10_k3.12.69_60.64.35-22.14.1 xen-kmp-default-debuginfo-4.5.5_10_k3.12.69_60.64.35-22.14.1 xen-libs-32bit-4.5.5_10-22.14.1 xen-libs-4.5.5_10-22.14.1 xen-libs-debuginfo-32bit-4.5.5_10-22.14.1 xen-libs-debuginfo-4.5.5_10-22.14.1 xen-tools-4.5.5_10-22.14.1 xen-tools-debuginfo-4.5.5_10-22.14.1 xen-tools-domU-4.5.5_10-22.14.1 xen-tools-domU-debuginfo-4.5.5_10-22.14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xen-4.5.5_10-22.14.1 xen-debugsource-4.5.5_10-22.14.1 xen-kmp-default-4.5.5_10_k3.12.69_60.64.35-22.14.1 xen-kmp-default-debuginfo-4.5.5_10_k3.12.69_60.64.35-22.14.1 xen-libs-32bit-4.5.5_10-22.14.1 xen-libs-4.5.5_10-22.14.1 xen-libs-debuginfo-32bit-4.5.5_10-22.14.1 xen-libs-debuginfo-4.5.5_10-22.14.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-2633.html https://www.suse.com/security/cve/CVE-2017-6414.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://bugzilla.suse.com/1015348 https://bugzilla.suse.com/1022555 https://bugzilla.suse.com/1026636 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1027570 https://bugzilla.suse.com/1028235 https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1030442 https://bugzilla.suse.com/1034843 https://bugzilla.suse.com/1034844 https://bugzilla.suse.com/1034845 https://bugzilla.suse.com/1034994 https://bugzilla.suse.com/1035483 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  25. news
    SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1148-1 Rating: important References: #1029827 #1034843 #1034844 #1034845 #1034994 #1035483 Cross-References: CVE-2017-7718 CVE-2017-7980 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035483). - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - Incorrect checks when handling exceptions allowed a malicious or buggy 64-bit PV guest to modify part of a physical memory page not belonging to it, potentially allowing for all of privilege escalation, host or other guest crashes, and information leaks (XSA-215, bsc#1034845) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). This non-security issue was fixed: - bsc#1029827: Additional xenstore fixes Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-665=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-665=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): xen-4.4.4_18-22.39.1 xen-debugsource-4.4.4_18-22.39.1 xen-doc-html-4.4.4_18-22.39.1 xen-kmp-default-4.4.4_18_k3.12.61_52.69-22.39.1 xen-kmp-default-debuginfo-4.4.4_18_k3.12.61_52.69-22.39.1 xen-libs-32bit-4.4.4_18-22.39.1 xen-libs-4.4.4_18-22.39.1 xen-libs-debuginfo-32bit-4.4.4_18-22.39.1 xen-libs-debuginfo-4.4.4_18-22.39.1 xen-tools-4.4.4_18-22.39.1 xen-tools-debuginfo-4.4.4_18-22.39.1 xen-tools-domU-4.4.4_18-22.39.1 xen-tools-domU-debuginfo-4.4.4_18-22.39.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_18-22.39.1 xen-debugsource-4.4.4_18-22.39.1 xen-doc-html-4.4.4_18-22.39.1 xen-kmp-default-4.4.4_18_k3.12.61_52.69-22.39.1 xen-kmp-default-debuginfo-4.4.4_18_k3.12.61_52.69-22.39.1 xen-libs-32bit-4.4.4_18-22.39.1 xen-libs-4.4.4_18-22.39.1 xen-libs-debuginfo-32bit-4.4.4_18-22.39.1 xen-libs-debuginfo-4.4.4_18-22.39.1 xen-tools-4.4.4_18-22.39.1 xen-tools-debuginfo-4.4.4_18-22.39.1 xen-tools-domU-4.4.4_18-22.39.1 xen-tools-domU-debuginfo-4.4.4_18-22.39.1 References: https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1034843 https://bugzilla.suse.com/1034844 https://bugzilla.suse.com/1034845 https://bugzilla.suse.com/1034994 https://bugzilla.suse.com/1035483 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
×