news

ASRock X370 Taichi Motherboard Review ------------------------------------------------------------ http://mailchi.mp/kitguru/asrock-x370-taichi-motherboard-review?e=872093acb5 http://www.kitguru.net ASRock X370 Taichi Motherboard Review Continuing our examination of high-end X370 motherboards for AMD’s new AM4 platform, ASRock’s £230 X370 Taichi is put under the microscope. Acting as the second-rung product in ASRock’s current X370 line-up, the Taichi uses a slightly different approach to supplied features in comparison to competing board vendors. Read the review here: http://www.kitguru.net/components/motherboard/luke-hill/asrock-x370-taichi-motherboard-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=5c1fa261d5&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.

AOC PDS241 24in Monitor Review – Porsche Design ------------------------------------------------------------ http://mailchi.mp/kitguru/aoc-pds241-24in-monitor-review-porsche-design?e=872093acb5 http://www.kitguru.net AOC PDS241 24in Monitor Review – Porsche Design The Porsche brand is synonymous with performance, but also with a certain flavour of functional, reliable, no-nonsense design. This ethos has been exported beyond the automotive industry via the Studio F. A. Porsche subsidiary to everything from watches, phones, pianos, and even handbags. Latest to benefit from the particular Studio F. A. Porsche treatment is AOC, with a new range of screens recently launched in Leipzig (http://www.kitguru.net/peripherals/monitors/andrzej/aoc-launches-range-of-porsche-screens/) . First to arrive on our test bench, in a world exclusive appearance, is the 24in PDS241. Read the review here: http://www.kitguru.net/peripherals/james-morris/aoc-pds241-24in-monitor-review-porsche-design/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=b600dd2544&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.

This is a follow-up to the End of Life warning sent last month to confirm that as of today (April 28, 2017), Ubuntu 12.04 is no longer generally supported. No more package updates will be accepted to the 12.04 primary archive, and it will be copied for archival to old-releases.ubuntu.com in the coming weeks. However, we will again remind you that for customers who can't upgrade immediately, Canonical is offering Extended Security Support for Ubuntu Advantage customers, more info about which can be found here: * https://ubuntu.com/esm The original End of Life warning follows, with upgrade instructions: Ubuntu announced its 12.04 (Precise Pangolin) release almost 5 years ago, on April 26, 2012. As with the earlier LTS releases, Ubuntu committed to ongoing security and critical fixes for a period of 5 years. The support period is now nearing its end and Ubuntu 12.04 will reach end of life on Friday, April 28th. At that time, Ubuntu Security Notices will no longer include information or updated packages for Ubuntu 12.04. The supported upgrade path from Ubuntu 12.04 is via Ubuntu 14.04. Users are encouraged to evaluate and upgrade to our latest 16.04 LTS release via 14.04. Instructions and caveats for the upgrades may be found at https://help.ubuntu.com/community/TrustyUpgrades and https://help.ubuntu.com/community/XenialUpgrades. Ubuntu 14.04 and 16.04 continue to be actively supported with security updates and select high-impact bug fixes. All announcements of official security updates for Ubuntu releases are sent to the ubuntu-security-announce

SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1138-1 Rating: important References: #1018128 #1030263 #1032114 #1032120 #1036453 Cross-References: CVE-2016-10220 CVE-2016-9601 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for ghostscript fixes the following security vulnerabilities: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-659=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-659=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-659=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-659=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-659=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-659=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-659=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-devel-9.15-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-devel-9.15-20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 References: https://www.suse.com/security/cve/CVE-2016-10220.html https://www.suse.com/security/cve/CVE-2016-9601.html https://www.suse.com/security/cve/CVE-2017-5951.html https://www.suse.com/security/cve/CVE-2017-7207.html https://www.suse.com/security/cve/CVE-2017-8291.html https://bugzilla.suse.com/1018128 https://bugzilla.suse.com/1030263 https://bugzilla.suse.com/1032114 https://bugzilla.suse.com/1032120 https://bugzilla.suse.com/1036453 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1135-1 Rating: important References: #1013285 #1014109 #1014111 #1014702 #1015048 #1015169 #1016779 #1021129 #1023004 #1023053 #1023907 #1024972 Cross-References: CVE-2016-10155 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5856 CVE-2017-5898 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for kvm fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) These non-security issues were fixed: - Fixed various inaccuracies in cirrus vga device emulation - Fixed virtio interface failure (bsc#1015048) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-13080=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-59.1 References: https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5898.html https://bugzilla.suse.com/1013285 https://bugzilla.suse.com/1014109 https://bugzilla.suse.com/1014111 https://bugzilla.suse.com/1014702 https://bugzilla.suse.com/1015048 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/1021129 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1023053 https://bugzilla.suse.com/1023907 https://bugzilla.suse.com/1024972 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1137-1 Rating: important References: #1020976 #1022428 #1029014 #1029396 #1034850 Cross-References: CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for mysql to version 5.5.55 fixes the following issues: These security issues were fixed: - CVE-2017-3308: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3329: Unspecified vulnerability in Server: Thread (bsc#1034850) - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump (bsc#1034850) - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3456: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3463: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3462: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3461: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3464: Unspecified vulnerability in Server: DDL (bsc#1034850) - CVE-2017-3305: MySQL client sent authentication request unencrypted even if SSL was required (aka Ridddle) (bsc#1029396). - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands (bsc#1029014) - '--ssl-mode=REQUIRED' can be specified to require a secure connection (it fails if a secure connection cannot be obtained) This non-security issue was fixed: - Set the default umask to 077 in rc.mysql-multi [bsc#1020976] For additional changes please see http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html Note: The issue tracked in bsc#1022428 and fixed in the last update was assigned CVE-2017-3302. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-13081=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-13081=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-13081=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.55-0.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.55-0.38.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.55-0.38.1 libmysql55client_r18-5.5.55-0.38.1 mysql-5.5.55-0.38.1 mysql-client-5.5.55-0.38.1 mysql-tools-5.5.55-0.38.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.55-0.38.1 libmysql55client_r18-32bit-5.5.55-0.38.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.55-0.38.1 libmysql55client_r18-x86-5.5.55-0.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.55-0.38.1 mysql-debugsource-5.5.55-0.38.1 References: https://www.suse.com/security/cve/CVE-2016-5483.html https://www.suse.com/security/cve/CVE-2017-3302.html https://www.suse.com/security/cve/CVE-2017-3305.html https://www.suse.com/security/cve/CVE-2017-3308.html https://www.suse.com/security/cve/CVE-2017-3309.html https://www.suse.com/security/cve/CVE-2017-3329.html https://www.suse.com/security/cve/CVE-2017-3453.html https://www.suse.com/security/cve/CVE-2017-3456.html https://www.suse.com/security/cve/CVE-2017-3461.html https://www.suse.com/security/cve/CVE-2017-3462.html https://www.suse.com/security/cve/CVE-2017-3463.html https://www.suse.com/security/cve/CVE-2017-3464.html https://www.suse.com/security/cve/CVE-2017-3600.html https://bugzilla.suse.com/1020976 https://bugzilla.suse.com/1022428 https://bugzilla.suse.com/1029014 https://bugzilla.suse.com/1029396 https://bugzilla.suse.com/1034850 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Hello LanOC Affiliates and newsletter subscribers, here is our newest posting. We would appreciate you spreading the word! LanOC Reviews has released a new article which you and your readers might enjoy. We would be grateful if you would please share it with them. *TITLE:* Primochill Praxis Wetbench ( -at -) LanOC Reviews <https://lanoc.org/review/cases/7517-primochill-praxis-wetbench> *DESCRIPTION:* Typically when it comes to open air cases you have crazy one-off builds that are really only useful for tradeshows and then you have testbenches. The testbenches are normally plain looking and lack much more than the ability to add a fan or the bare minimum components needed for a testbench. A few years ago Primochill introduced their Wetbench line and they have revised it to the current iteration with huge changes in the design. I’ve been following it for a while but its allure finally got me after seeing it all over the internet on tech YouTube channels and websites so I reached out and surprisingly they were happy to send over a nice orange and white Wetbench for us to check out. If you follow us on Facebook or Twitter or my personal Instagram you have most likely seen the Wetbench in action recently. Well, it's about time to sat down and spoke a little about the overall experience. *ARTICLE URL:* https://lanoc.org/review/cases/7517-primochill-praxis-wetbench *LARGE IMAGE URL:* https://lanoc.org/images/reviews/2017/primochill_praxis_wetbench/title.jpg *SMALL IMAGE URL:* https://lanoc.org/images/reviews/2017/primochill_praxis_wetbench/email.jpg Thank you for your help Our content is syndicated by *RSS* 2.0 at: http://lanoc.org/review?fo rmat=feed&type=atom Check out our *YouTube* Channel: http://www.youtube.com/user/LanocReviews Follow us on *Twitter*: http://www.twitter.com/LanOC_Reviews Join our group on *Facebook*: http://www.facebook.com/LanOCReviews Join our *Steam* Group: http://steamcommunity.com/groups/lanoc *If this message has been sent to an incorrect address, or you no longer wish to receive our news, please email us back and let us know at reviews ( -at -) lanoc.org* ---------------------------------------- Wes Compton Editor-in-Chief LanOC Reviews http://lanoc.org ( -at -) LanOC_Reviews <http://twitter.com/#!/LanOC_Reviews> Google Plus <https://plus.google.com/u/1/b/111054267662763089650/> Our Facebook Page <http://www.facebook.com/LanOCReviews>

** Game Max Sapphire RGB (Case Review) ------------------------------------------------------------ ------------------------------------------------------------ http://mailchi.mp/kitguru/game-max-sapphire-rgb-w-mirror-finish-tempered-glass-case-review?e=872093acb5 http://www.kitguru.net ** Game Max Sapphire RGB (w/ Mirror-Finish Tempered Glass) Case Review ------------------------------------------------------------ Recently we have reviewed a couple of cases from Game Max, and while they both scored very well, they were definitely aimed at users on a budget. Today, we are seeing what Game Max can offer those looking for a more luxurious case, as the Sapphire RGB is definitely luxurious – it features no less than 3 tempered glass side panels, and not ordinary tempered glass either. The Game Max Sapphire’s highlight feature (quite literally) is its use of mirror-finish tempered glass. Read the review here: http://www.kitguru.net/components/cases/dominic-moass/game-max-sapphire-rgb-w-mirror-finish-tempered-glass-case-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend2.com/forward?u=bfb2b902b5fb045ad6f841f98&id=2cb29748e5&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.

-------- AUDIOENGINE HD3 DESKTOP COMPUTER SPEAKERS REVIEW ( -at -) APH NETWORKS ----- Hello everyone! APH Networks has published a new review that your readers might enjoy. A post in your site's news section would be greatly appreciated! Don't forget to send your site news to us. As we promise to post your news articles on APH Networks periodically, we would certainly appreciate it if you do the same as well. Thank you for your support in advance! * Title: Audioengine HD3 Desktop Computer Speakers Review ( -at -) APH Networks * Description: The Audioengine HD3 are small speakers. But they are not small in performance. * Link: http://aphnetworks.com/reviews/audioengine-hd3 * Image: http://aphnetworks.com/review/audioengine-hd3/004.JPG Best Regards, Jonathan Kwan Editor-in-Chief APH Networks Inc. http://aphnetworks.com -- Unsubscribe from this newsletter: http://www.aphnetworks.com/newsletter/confirm/remove/c77c84bd425t5

The Wine development release 2.7 is now available. What's new in this release (see below for details): - TCP and UDP connection support in WebServices. - Various shader improvements for Direct3D 11. - Improved support for high DPI settings. - Partial reimplementation of the GLU library. - Support for recent versions of OSMesa. - Window management improvements on macOS. - Various bug fixes. The source is available from the following locations: http://dl.winehq.org/wine/source/2.x/wine-2.7.tar.xz http://mirrors.ibiblio.org/wine/source/2.x/wine-2.7.tar.xz Binary packages for various distributions will be available from: http://www.winehq.org/download You will find documentation on http://www.winehq.org/documentation You can also get the current source directly from the git repository. Check http://www.winehq.org/git for details. Wine is available thanks to the work of many people. See the file AUTHORS in the distribution for the complete list. ---------------------------------------------------------------- Bugs fixed in 2.7 (total 31): 12311 Corman Lisp requires implementations for richedit stubs 14606 TreeView + right click doesn't work the way it does in native windows 25857 Multiple games (Stronghold 2, Need for Speed: Carbon demo, Purge) fail to draw correctly because of ID3DXEffectImpl_*Pass calls 30764 regedit: a key created from right-click context menu is in incorrect position 32319 Direct3D output in SNES9x is blank 32426 TreeView of QvodSetupPlus5 unexpectedly draw a piece of blank area when clicking on a checkbox 35563 Custom game development library expects non-zero value for ProcessVmCounters info class member 'WorkingSetSize' 37404 A right click on a registry key does not select it 40007 Dirt 3 requires d3d11_immediate_context_CSSetShaderResources 40219 Multiple applications need msvcr120.dll.?_Id ( -at -) _CurrentScheduler ( -at -) details ( -at -) Concurrency ( -at -) ( -at -) SAIXZ (Kontakt 5 Player, Serato DJ 1.9.2, Cisco Jabber 11.6, Darkest Dungeon, Sonic Pi 2) 40689 Photoshop CS6: some dialogs have black background 41029 DeSmuME 0.9.8 crashes whenever "control config" is clicked 42144 Mass Lag when buying in store in rabi-ribi game 42339 Horrible speed of Quantum of solace demo starting animations 42347 The Witcher 3 starting menu is distorted [radeonsi] 42462 Memory leak in several places in FFXIV 42651 ViStart: fails to install, needs ntoskrnl.exe.IoReportResourceForDetection 42733 Unable to find an entry point named 'RegSaveKeyEx' in DLL 'advapi32.dll' (SQL Server) 42798 MsiGetPatchInfoEx returns incorrect values for UNINSTALLABLE, PATCHSTATE properties 42808 msi: parent feature level is not propagated recursively on a whole subfeatures hierarchy 42824 Nox (GOG) has constant menu flickering 42825 Propellerhead Reason 5 drawn mostly in black and white 42829 Transcendence (& many other D3D games) only show black screen (shaders) 42834 Steuer-Spar-Erklärung 2017 crashes with critical error 42840 Unbox Game black screen in-game 42841 Tree of Savior: Missing function concrt140.dll.?_GetNumberOfVirtualProcessors ( -at -) _CurrentScheduler ( -at -) details ( -at -) Concurrency ( -at -) ( -at -) SAIXZ 42849 The Technomancer: Fails to create valid glsl 42850 The Technomancer: Requires MFCreateAttributes implementation 42871 Propellerhead Reason 5 garbled GUI elements 42876 iTunes needs function msvcp140.dll._Lock_shared_ptr_spin_lock 42884 Star Wars: Knights of the Old Republic 1 & 2 crash after the intro movie ---------------------------------------------------------------- Changes since 2.6: Akihiro Sagawa (6): include: Add CALG_ECDH_EPHEM family. secur32: Return correct key exchange algorithm value. secur32: 3DES has a different ALG_ID. secur32/tests: Add tests with SECPKG_ATTR_KEY_INFO. secur32: Add support for SECPKG_ATTR_KEY_INFO. secur32: Return PRF algorithm value when using GCM. Alexandre Julliard (14): glu32: Import projection functions from Mesa. glu32: Import quadric functions from Mesa. glu32: Import mipmap functions from Mesa. glu32: Import tessellation functions from Mesa. libwine: Set a non-null entry for the GDT selector to make sure it's properly reserved. libwine: Clear the %fs register we got from Android to force allocating a new one. glu32: Remove ARB_texture_cube_map extension ifdef since it's not defined in wgl.h. ntdll: Also store dynamic loader information in the PEB on Linux. dbghelp: Use the main module load address from the PEB. preloader: Add a debug option to dump memory maps. preloader: Use the SYS_mmap2 system call instead of the old SYS_mmap one. preloader: Fix symbol lookup for dynamic libraries. configure: Re-enable the preloader on Android. configure: Add a separate variable for wineloader-specific flags. Alistair Leslie-Hughes (4): oleaut32: Remove redundant call to VariantClear(). include/mfreadwrite.idl: Add MF_SOURCE_READER_* enum values. mfplat: Implement MFCreateAttributes. odbccp32: Handle ODBC_CONFIG_DRIVER request in SQLConfigDriver/W. Andrew Eikum (1): xaudio2: Try to increase OpenAL source limit. Andrey Gusev (1): po: Update Ukrainian translation. Aurimas Fišeras (1): po: Update Lithuanian translation. Austin English (2): ntoskrnl.exe: Add IoReportResourceForDetection stub. user32: Add GetAutoRotationState/GetDisplayAutoRotationPreferences stubs. Christopher Berner (1): wined3d: Add Nvidia TitanX (Pascal). Daniel Lehman (5): msvcp90: Update exception RTTI data to reflect it's part of std namespace. msvcrt: Add __ExceptionPtrAssign. msvcrt: Handle synchronous flag for x64 C++ exceptions. msvcrt: Stop at trylevel for ControlPc on target frame for non-consolidate unwinds. server: Fix copy & paste for number of subkeys. Gerald Pfeifer (1): wineps.drv: Add missing #include . Hans Leidekker (24): msi: Apply feature selection to the whole feature subtree. msi: Properly handle DWORD registry values in MsiGetPatchInfoEx. msi: Set patch property Uninstallable. webservices: Reuse the message read buffer. webservices: Implement WsOpenListener and WsCloseListener. webservices: Implement WsCreateChannelForListener. webservices: Implement WsResetListener. webservices: Add support for outgoing TCP connections. webservices: Add support for outgoing UDP connections. webservices: Add support for incoming TCP connections. webservices: Add support for incoming UDP connections. webservices: Read message headers in read_envelope_start. webservices/tests: Add tests. webservices: Implement WsReadMessageStart. webservices: Implement WsReadMessageEnd. webservices: Implement WsWriteMessageStart. webservices: Implement WsWriteMessageEnd. webservices/tests: Add tests. webservices: Support appending text with multiple WsWriteText calls. webservices: Implement WsWriteQualifiedName. webservices: Implement WsReadQualifiedName. webservices: Implement WsWriteBytes. webservices: Implement WsWriteChars. webservices: Implement WsWriteCharsUtf8. Henri Verbeet (35): usp10: Validate positioning record sequence indices in GPOS_apply_ChainContextPos(). usp10: Validate substition record sequence indices in GSUB_apply_ChainContextSubst(). usp10: Range check glyph counts in GPOS_apply_ContextPos(). usp10: Simplify the "pr_2" assignment in GPOS_apply_ContextPos(). usp10: Validate positioning record sequence indices in GPOS_apply_ContextPos(). wined3d: Use the CPU blitter for clearing textures that are current in the map binding. wined3d: Avoid unmapping the module while the CS thread is still running. wined3d: Use wined3d_texture_get_memory() in surface_cpu_blt(). wined3d: Use wined3d_texture_get_memory() in surface_cpu_blt_colour_fill(). wined3d: Introduce a context function to bind a buffer object. wined3d: Introduce context functions to map/unmap a wined3d_bo_address. wined3d: Use context_map_bo_address() in wined3d_buffer_copy(). usp10: Range check glyph counts in GSUB_apply_ContextSubst(). usp10: Simplify the "sr_2" assignments in GSUB_apply_ContextSubst(). usp10: Validate substition record sequence indices in GSUB_apply_ContextSubst(). wined3d: Use vector types in wined3d_format_convert_from_float(). wined3d: Use doubles to convert 24 and 32 bpc formats in wined3d_format_convert_from_float(). wined3d: Get rid of the "Multisampling" setting. wined3d: Avoid touching the output value on failure in get_config_key_dword();. ddraw/tests: Introduce a helper function to create windows. ddraw/tests: Add a test for the alpha and z-buffer blit flags. ddraw: Ignore unsupported blit flags. wined3d: Make blits asynchronous by default. d3dx9/tests: Cleanup expect_mat. d3dx9/tests: Cleanup expect_color. d3dx9/tests: Cleanup expect_plane. d3dx9/tests: Avoid using expect_vec4 for comparing quaternions. d3dx9/tests: Cleanup expect_vec. d3dx9/tests: Cleanup expect_vec3. d3dx9/tests: Cleanup expect_vec4. d3dx9/tests: Get rid of compare_rotation. d3dx9/tests: Get rid of compare_scale. d3dx9/tests: Get rid of compare_translation. d3dx9/tests: Cleanup compare_vectors. d3dx9/tests: Get rid of compare_planes. Hugh McMaster (8): regedit: Call TrackPopupMenu() from WM_CONTEXTMENU. regedit: Select the targeted treeview item on right mouse click. regedit: Only show the context menu if the mouse is over a treeitem. reg/tests: Add some more import tests. regedit/tests: Add some more import tests. regedit: Simplify parseKeyName. regedit: Validate REG_SZ import data before processing it any further. regedit: Re-implement processSetValue(). Huw D. M. Davies (21): oleaut32: Use VariantInit() rather than open coding it. shell32: Avoid leaking icon handles. shell32: Use the imagelist to determine the icon size. shell32: Use a MENUEX resource for the context menu. shell32/tests: Add a test for the size of the icon returned by ExtractIcons(). shell32: Don't copy the imagelist in SHGetImageList(). shell32: Take a reference on the imagelist returned with SHGFI_SYSICONINDEX. shell32/tests: Add tests for the size of the icon returned by SHGetFileInfo(). riched20: Only write out non-default pattern colours. user32: Fix a potential buffer overflow. explorer: Don't alter the shell imagelist. shell32: Remove an extraneous ' ( -at -) '. comdlg32: Don't ask for icon information since it's unused. explorerframe: Release the returned imagelist. shell32: Release the returned imagelist. regedit: Use the system metrics to retrieve the treeview icon sizes. winex11: Try to read the dpi from the user key first. winemac: Try to read the dpi from the user key first. gdi32: Try to read the dpi from the user key first. winecfg: Try to read the dpi from the user key first. user32/tests: Try to read the dpi from the user key first. Jacek Caban (31): mshtml.idl: Added HTMLLabelElement coclass declaration. mshtml.idl: Added HTMLSelectElement coclass declaration. mshtml.idl: Added HTMLInputElement coclass declaration. mshtml.idl: Added HTMLTextAreaElement coclass declaration. mshtml.idl: Added HTMLButtonElement coclass declaration. mshtml.idl: Added HTMLHtmlElement coclass declaration. mshtml.idl: Added HTMLHeadElement coclass declaration. mshtml.idl: Added HTMLTitleElement coclass declaration. mshtml.idl: Added HTMLMetaElement coclass declaration. mshtml.idl: Added HTMLWindow2 coclass declaration. mshtml.idl: Added HTMLEmbed coclass declaration. mshtml.idl: Added HTMLTableRow coclass declaration. mshtml.idl: Added HTMLTableCell coclass declaration. mshtml.idl: Added HTMLScriptElement coclass declaration. mshtml.idl: Added HTMLObjectElement coclass declaration. mshtml.idl: Added HTMLFrameElement coclass declaration. mshtml.idl: Added HTMLIFrame coclass declaration. mshtml.idl: Added HTMLStyleElement coclass declaration. mshtml: Replace get_htmldoc_classinfo with more generic helper. mshtml: Added IProvideMultipleTypeInfo stub implementation for HTMLDocument object. mshtml: Added IProvideMultipleTypeInfo implementation for HTMLWindow object. mshtml: Added IProvideMultipleTypeInfo implementation for HTMLElement object. mshtml.idl: Added HTMLAreaElement coclass declaration. mshtml/tests: Added area element tests. mshtml: Added GetClassInfo implementation for HTMLElement objects. mshtml: Added IProvideClassInfo2 implementation for HTMLXMLHttpRequest object. mshtml/tests: Added more IProvideClassInfo tests. server: Use common get_fd_type implementation for both pipe end implementations. mshtml: Added edge compatibility mode support. mshtml: Don't emulate legacy style filters in compatibility mode >= IE10. secur32: Fixed compilation with prediluvian gnutls. Jactry Zeng (1): po: Update Simplified Chinese translation. Józef Kucia (71): wined3d: Prefer GLSL 1.50 for all shaders. wined3d: Load all layers for render target views. wined3d: Prepare all layers for render target views. wined3d: Validate all layers locations for render target views. wined3d: Invalidate all layers locations for render target views. wined3d: Formalize requirements for layout qualifiers. wined3d: Avoid multiple layout qualifiers for uniform blocks. wined3d: Use layout binding qualifiers with legacy contexts. wined3d: Introduce wined3d_device_set_hull_shader(). d3d11: Implement d3d11_immediate_context_HSSetShader(). wined3d: Introduce wined3d_device_set_domain_shader(). d3d11: Implement d3d11_immediate_context_DSSetShader(). wined3d: Introduce wined3d_device_get_hull_shader(). d3d11: Implement d3d11_immediate_context_HSGetShader(). wined3d: Introduce wined3d_device_get_domain_shader(). d3d11: Implement d3d11_immediate_context_DSGetShader(). wined3d: Use correct layer count for 3D textures. wined3d: Recognize SM5 vGSInstanceID register. wined3d: Recognize SM5 dcl_gsinstances opcode. wined3d: Implement geometry shader instancing. wined3d: Prefer core geometry shaders. wined3d: Drop support for ARB_geometry_shader4. d3d11/tests: Add test for layered rendering. d3d10core/tests: Add test for layered rendering. d3d10core/tests: Allow passing any interface to get_refcount(). d3d11/tests: Allow passing any interface to get_refcount(). d3d10core/tests: Check device refcount after CreateInputLayout(). d3d11/tests: Check device refcount after CreateInputLayout(). d3d11: Implement d3d{10, 11}_input_layout_GetDevice(). wined3d: Always use core profile GLSL versions. wined3d: Introduce wined3d_device_get_cs_uav(). d3d11: Implement d3d11_immediate_context_CSGetUnorderedAccessViews(). wined3d: Introduce wined3d_device_get_unordered_access_view(). wined3d: Add ARB_tessellation_shader extension. wined3d: Introduce wined3d_device_set_hs_cb(). wined3d: Introduce wined3d_device_set_ds_cb(). d3d11: Implement d3d11_immediate_context_HSSetConstantBuffers(). d3d11: Implement d3d11_immediate_context_DSSetConstantBuffers(). wined3d: Introduce wined3d_device_set_hs_resource_view(). d3d11: Implement d3d11_immediate_context_HSSetShaderResources(). wined3d: Introduce wined3d_device_set_ds_resource_view(). d3d11: Implement d3d11_immediate_context_DSSetShaderResources(). d3d11/tests: Add test for ID3DDeviceContextState. wined3d: Initialize geometry shader limits when OpenGL 3.2 is supported. wined3d: Introduce wined3d_device_set_hs_sampler(). d3d11: Implement d3d11_immediate_context_HSSetSamplers(). wined3d: Introduce wined3d_device_set_ds_sampler(). d3d11: Implement d3d11_immediate_context_DSSetSamplers(). wined3d: Add parent ops for sampler objects. d3d11: Delay destroying sampler state until it is no longer referenced. d3d11/tests: Add test for state refcounting. d3d11: Fix refcounting for shaders. d3d11/tests: Introduce check_interface() helper. d3d11/tests: Extend test for ID3DDeviceContextState. wined3d: Add parent for rasterizer state objects. d3d11: Delay destroying rasterizer state until it is no longer referenced. d3d11: Get rid of "rasterizer_state" from struct d3d_device. d3d11: Delay destroying depth stencil view until it is no longer referenced. d3d11: Delay destroying render target view until it is no longer referenced. d3d11: Delay destroying shader resource view until it is no longer referenced. d3d11: Delay destroying unordered access view until it is no longer referenced. d3d11/tests: Add more tests for state refcounting. d3d11: Avoid potential double free in d3d11_device_CreateRasterizerState(). d3d11: Avoid potential double free in d3d_texture2d_create(). d3d11: Avoid potential double free in d3d11_device_CreateSamplerState(). dxgi: Fix HMODULE leak in register_d3d10core_layers(). dxgi: Return iface instead of object pointer. wined3d: Introduce wined3d_device_get_hs_cb(). d3d11: Implement d3d11_immediate_context_HSGetConstantBuffers(). wined3d: Introduce wined3d_device_get_ds_cb(). d3d11: Implement d3d11_immediate_context_DSGetConstantBuffers(). Ken Thomases (15): secur32: Return CALG_ECDH_EPHEM as the key exchange algorithm ID for the internal schan_kx_ECDHE_* values. secur32: Add support for the cipher suites using pre-shared keys (PSK) added by the 10.9 SDK. winemac: Invalidate cached hasGLDescendant value unconditionally when the view is hidden or unhidden. winemac: Sync the frame of the Cocoa view for a window's client area while handling a frame-changed event. winemac: Move the window to the front of the z-order in SetFocus if it's the foreground window and not already in the front. winemac: Add a category on NSEvent to simplify checking if the Command key (and only that modifier) is pressed for an event. winemac: Move a window to the front when its Mac title bar is clicked. winemac: When realizing latent child windows, maintain their relative z-order. winemac: Better handle z-ordering windows that are in Cocoa parent-child window relationships. winemac: Defer ordering a window out if it's in the process of entering or exiting Cocoa full-screen mode. winemac: Use the -close method rather than -orderOut: for full-screen windows. winemac: Don't let child (owned) windows be Cocoa primary full-screen windows. winemac: Opt out of macOS 10.12's automatic window tabbing feature. gdiplus: Avoid infinite recursion in flatten_bezier(). secur32: Implement schan_imp_get_key_signature_algorithm() for macOS. Kim Malmo (2): po: Update Norwegian translation. po: Update Norwegian translation. Lauri Kenttä (1): po: Update Finnish translation. Louis Lenders (1): advapi32: Add stubs for RegSaveKeyEx{A,W}. Michael Müller (5): ntdll: Mark LDR data as initialized. ntdll: Add stub for JobObjectBasicAccountingInformation and JobObjectBasicProcessIdList. kernel32: Add stub for GetPackageFullName. include: Fix an invalid UUID in dxva2api.idl. include/mfidl.idl: Add IMFMediaSession interface and dependencies. Michael Stefaniuc (14): credui: Use SetRectEmpty() instead of memset(). amstream/tests: Use SetRectEmpty() instead of memset(). user32: Use SetRectEmpty() instead of memset(). avifil32: Use SetRectEmpty() instead of memset(). wineps.drv: Use SetRect/SetRectEmpty instead of open coding them. comctl32/tests: Check the correct last error code. dplayx/tests: Use a void* instead of void** outer IUnknown argument. dmscript/tests: Just use proper IUnknown implementations for aggregation. dsound/tests: Use a void* instead of void** outer IUnknown argument. dswave/tests: Use a void* instead of void** outer IUnknown argument. dmloader: Avoid a crash on a NULL string pointer. dmloader: Cleanup IDirectMusicLoaderImpl_SetSearchDirectory(). dmloader: Return an error for an invalid directory. dmloader/tests: Add some IDirectMusicLoader directory tests. Nikolay Sivov (32): dwrite: Consistently use common point and rect types. dwrite/tests: Test to show that canWrapLineAfter is not fixed up by disabled wrapping. dwrite/tests: Initial tests for IDWriteInMemoryFontFileLoader. dwrite: Trace QueryInterface fontface calls on failure (Coverity). dwrite/tests: Initial tests for GetGlyphImageFormats(). dwrite: Make CreateFontFaceFromHdc() properly fail on unsupported font format. uxtheme: Create compatible bitmap using target hdc. dwrite: Handle allocation failure when duplicating reference key. dwrite: Added a helper to avoid extra traces from one method calling another. include: Added DB_MODE_* constants. oledb32: Support textual representation of Mode property values. user32: Partially protect WM_SETTEXT handlers from invalid input. scrrun: Added DateLastModified property for IFile. comctl32/tests: Fully initialize message tests data (Coverity). comctl32/pager: Prevent excessive PGN_CALCSIZE notifications during PGM_SETCHILD. comctl32/tests: Trace test name only of failure. dwrite: Partially implement GetGlyphImageFormats(). po: Update Russian translation. uxtheme: Fix buffer bitmap leak. shell32: Fix string leak. dwrite: Look for 'SVG ' table too when checking supported formats. include: Fix IShellFolderView method macros. shell32/ebrowser: Respond to IOleWindow from IExplorerBrowser. dmusic/tests: Use void* instead of void** type value for outer argument. uxtheme: Fix buffer dc origin and clipping. dwrite: Extract supported image formats from 'sbix' table. dwrite: Update overhangs rectangle on alignment changes. po: Update Russian translation. uxtheme/tests: Remove some trace messages. gdiplus/tests: Fix copy/paste error in format tests. gdiplus: Fix generic string formats behavior. gdiplus: Use better naming for line alignment format field. Olivier F. R. Dierick (1): api-ms-win-core-processthreads-l1-1-0: Add some functions. Owen Rudge (4): wsdapi: Implement RegisterNotificationSink and UnRegisterNotificationSink. wsdapi/tests: Add tests for Register/UnRegisterNotificationSink. include: Remove typedefs from wsdapi.h, reorder includes. include: Avoid redefining WSDXML typedefs. Paul Gofman (17): d3dx9/tests: Add tests for cross effect handles usage. d3dx9: Use magic number instead of parameter tables for parameter handles. d3dx9: Compare parameter definition instead of parameter handle in IsParameterUsed(). d3dx9/tests: Add test for shared effect parameters. d3dx9/tests: Add more tests for IsParameterUsed() function. d3dx9: Reference top level parameter instead of dirty flag. d3dx9: Fix IsParameterUsed() for the case when state references child parameter. d3dx9: Factor out free_parameter_data() function. d3dx9: Reference effect pool implementation in d3dx9_base_effect structure. d3dx9/tests: Add test for releasing pool before effects referencing it. d3dx9: Support parameters sharing in effect. d3dx9: Fix register index for the scalar op case in parse_preshader(). d3dx9/tests: Fix test blob data corruption in test_preshader_op(). d3dx9: Return an error for out of bounds input register in parse_preshader(). d3dx9: Set reg_component_count to 4 for immediate constants. d3dx9: Remove unused parameter 'effect' from d3dx9_get_param_value_ptr(). d3dx9: Downgrade unknown DWORD FIXMEs() to WARN() messages. Piotr Caban (9): msvcr120: Add wctype implementation. server: Update all children upon SetLayeredWindowAttributes. user32: Switch to normal window drawing on SetLayeredWindowAttributes call. user32/tests: Add layered window child painting test when WS_CLIPCHILDREN flag is specified. gdi32: Allocate smaller buffer in delete_external_font_keys helper. gdi32: Only delete unmodified font keys in delete_external_font_keys. dwrite: Don't crash on uninitialized cached and factory fields in dwritefontface_Release. dwrite: Don't fail in opentype_get_font_strings_from_id if any of font strings got decoded. dwrite: Fix EUDC font collection use after free issue. Sebastian Lackner (5): wined3d: Release resources on error in wined3d_cs_exec_blt_sub_resource. wined3d: Fix double free in geometry_shader_init. ntoskrnl.exe: Do not use P* types in IoReportResourceUsage. vcomp: Handle begin == NULL in _vcomp_for_static_init. configure: Support for recent versions of OSMesa. Stefan Dösinger (7): d3d9/tests: Accept another stale value in test_vshader_input. d3d9/tests: Accept WARP uninitialized texcoord alpha result on real cards. ddraw/tests: Don't use DDBLT_COLORFILL in test_flip. ddraw/tests: Prefer 16 bit depth buffers in ddraw1 and 2. d3d9/tests: Accept alpha channel differences in shadow_test. d3d8/tests: Accept alpha channel differences in shadow_test. d3d9/tests: WARP returns a random color in uninitialized color attributes. Zebediah Figura (1): user32: Move internal message from EnableWindow to WIN_SetStyle(). -- Alexandre Julliard julliard ( -at -) winehq.org

openSUSE Security Update: Security update for libosip2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1127-1 Rating: important References: #1034570 #1034571 #1034572 #1034574 Cross-References: CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libosip2 fixes the following issues: Changes in libosip2: - CVE-2017-7853: In libosip2 in GNU 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. (boo#1034570) - CVE-2016-10326: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. (boo#1034571) - CVE-2016-10325: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. (boo#1034572) - CVE-2016-10324: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. (boo#1034574) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-526=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-526=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): libosip2-4.1.0-5.3.1 libosip2-debuginfo-4.1.0-5.3.1 libosip2-debugsource-4.1.0-5.3.1 libosip2-devel-4.1.0-5.3.1 - openSUSE Leap 42.1 (i586 x86_64): libosip2-4.1.0-5.1 libosip2-debuginfo-4.1.0-5.1 libosip2-debugsource-4.1.0-5.1 libosip2-devel-4.1.0-5.1 References: https://www.suse.com/security/cve/CVE-2016-10324.html https://www.suse.com/security/cve/CVE-2016-10325.html https://www.suse.com/security/cve/CVE-2016-10326.html https://www.suse.com/security/cve/CVE-2017-7853.html https://bugzilla.suse.com/1034570 https://bugzilla.suse.com/1034571 https://bugzilla.suse.com/1034572 https://bugzilla.suse.com/1034574 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

openSUSE Security Update: Security update for ruby2.1 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1128-1 Rating: important References: #1014863 #1018808 #887877 #909695 #926974 #936032 #959495 #986630 Cross-References: CVE-2014-4975 CVE-2015-1855 CVE-2015-3900 CVE-2015-7551 CVE-2016-2339 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032) - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974) - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877) Bugfixes: - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863) - Segmentation fault after pack & ioctl & unpack (bsc#909695) - Ruby:HTTP Header injection in 'net/http' (bsc#986630) ChangeLog: - http://svn.muby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-527=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-527=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): libruby2_1-2_1-2.1.9-8.3.2 libruby2_1-2_1-debuginfo-2.1.9-8.3.2 ruby2.1-2.1.9-8.3.2 ruby2.1-debuginfo-2.1.9-8.3.2 ruby2.1-debugsource-2.1.9-8.3.2 ruby2.1-devel-2.1.9-8.3.2 ruby2.1-devel-extra-2.1.9-8.3.2 ruby2.1-doc-2.1.9-8.3.2 ruby2.1-stdlib-2.1.9-8.3.2 ruby2.1-stdlib-debuginfo-2.1.9-8.3.2 - openSUSE Leap 42.2 (noarch): ruby2.1-doc-ri-2.1.9-8.3.2 - openSUSE Leap 42.1 (i586 x86_64): libruby2_1-2_1-2.1.9-10.2 libruby2_1-2_1-debuginfo-2.1.9-10.2 ruby2.1-2.1.9-10.2 ruby2.1-debuginfo-2.1.9-10.2 ruby2.1-debugsource-2.1.9-10.2 ruby2.1-devel-2.1.9-10.2 ruby2.1-devel-extra-2.1.9-10.2 ruby2.1-doc-2.1.9-10.2 ruby2.1-stdlib-2.1.9-10.2 ruby2.1-stdlib-debuginfo-2.1.9-10.2 - openSUSE Leap 42.1 (noarch): ruby2.1-doc-ri-2.1.9-10.2 References: https://www.suse.com/security/cve/CVE-2014-4975.html https://www.suse.com/security/cve/CVE-2015-1855.html https://www.suse.com/security/cve/CVE-2015-3900.html https://www.suse.com/security/cve/CVE-2015-7551.html https://www.suse.com/security/cve/CVE-2016-2339.html https://bugzilla.suse.com/1014863 https://bugzilla.suse.com/1018808 https://bugzilla.suse.com/887877 https://bugzilla.suse.com/909695 https://bugzilla.suse.com/926974 https://bugzilla.suse.com/936032 https://bugzilla.suse.com/959495 https://bugzilla.suse.com/986630 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: MSI Z270 GAMING PRO CARBON Link: https://www.techpowerup.com/reviews/MSI/Z270_GAMING_PRO_CARBON Brief: When you want your PC to be fast, ultra fast, you are going to look at very specific products only. One you might not look at is MSI's Z270 GAMING PRO CARBON, a board truly designed to be one of the fastest boards on the market, ready to help you reach the finish line first.

Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: Roccat Cross Gaming Headset Link: https://www.techpowerup.com/reviews/ROCCAT/Cross Brief: The Roccat Cross is a comfortable and lovely sounding gaming headset with an interesting twist. You can remove its boom microphone and attach a secondary cable equipped with an in-line microphone, plug it into your smartphone, and use it as a mobile headset. It holds its own in both of those scenarios, which fully justifies its $70 price and then some.

Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: Roccat Cross Gaming Headset Link: https://www.techpowerup.com/reviews/ROCCAT/Cross Brief: The Roccat Cross is a comfortable and lovely sounding gaming headset with an interesting twist. You can remove its boom microphone and attach a secondary cable equipped with an in-line microphone, plug it into your smartphone, and use it as a mobile headset. It holds its own in both of those scenarios, which fully justifies its $70 price and then some.

At Phoronix we have posted a new article. A link to this from your site's news section would be greatly appreciated. Title: NVIDIA GeForce GTX 1080 Ti: Windows 10 Creators Update vs. Ubuntu Linux Gaming ( -at -) Phoronix Direct Link: http://www.phoronix.com/vr.php?view=24586 Summary: "Earlier this week I posted some fresh AMD Radeon Windows vs. Linux gaming benchmarks using the newly-released Windows 10 Creator Update and Ubuntu 17.04. For your viewing pleasure today are some fresh NVIDIA Windows vs. Linux benchmarks using a high-end GeForce GTX 1080 Ti graphics card." Please feel free to contact us with any questions or comments you may

** Cryorig C7 Low-Profile Cooler Review ------------------------------------------------------------ ------------------------------------------------------------ http://mailchi.mp/kitguru/cryorig-c7-low-profile-cooler-review?e=872093acb5 http://www.kitguru.net ** Cryorig C7 Low-Profile Cooler Review ------------------------------------------------------------ Following on from the success of the Cryorig H7 and R1 Ultimate coolers, today we are looking at a different beast entirely – the low-profile C7. Designed to fit in the tightest of spaces, the C7 has a total height of just 47mm, and this makes it ideal for use in SFF cases. Read the review here: http://www.kitguru.net/components/cooling/dominic-moass/cryorig-c7-low-profile-cooler-review/ ============================================================ ** follow on Twitter (http://twitter.com/#!/kitgurupress) | ** friend on Facebook (http://www.facebook.com/pages/KitGuru/162236020510911) | ** forward to a friend (http://us2.forward-to-friend.com/forward?u=bfb2b902b5fb045ad6f841f98&id=8aa77acfb2&e=872093acb5) Copyright © 2017 KitGuru, All rights reserved. You are receiving this because you are a news partner or have signed up to receive our news.

*EVGA GeForce GTX 1080 FTW2 review* We check out the EVGA GeForce GTX 1080 FTW2 iCX 8G, and heck yeah this is not your regular one. Meet the all custom, cooled and tweaked EVGA "For-The-Win2" Edition. This SKU is a more premium version that comes with some new features, e.g. read sensors everywhere. We'll heck out the 8 GB product fitted with a nice and impressive two slot cooler, some extra LED functionality and a product that comes with some [censored]y out of the box clock frequencies. Read the full review here <http://www.guru3d.com/articles-pages/evga-geforce-gtx-1080-ftw2-review,1.html>'>http://www.guru3d.com/articles-pages/evga-geforce-gtx-1080-ftw2-review,1.html> . URL: http://www.guru3d.com/articles-pages/evga-geforce-gtx-1080-ftw2-review,1.html <http://www.guru3d.com/articles-pages/evga-geforce-gtx-1080-ftw2-review,1.html> --

OCC has published a review on the XFX Radeon RX 580 8GB GTS Black Edition Here is a quote from the review: Quote: â€ÂWhat surprised me most about this card when I was overclocking was that I was not able to get it above a 1440MHz clock speed no matter what I tried. This is 88MHz less than I was able to push out of the PowercColor card I just looked at last week. Kind of a downer after those lofty results, but not every GPU or CPU is going to deliver stunning OC results. That does not mean another card will overclock better or worse. It just means this card was not the best overclocker. Temperatures were not a limiting factor while overclocking this card, with a maximum temperature of 57 °C while overclocked, putting it just three degrees warmer than the RX 480 GTR. The four massive copper composite heat pipes that carry the thermal load to the large fin array in XFX's Quad Com heat sink package coupled with the 100mm Supercell fans really do work to keep the silicon, memory, and digital VRM cool. If anything should go wrong with the card, XFX has you covered for three years with its limited warranty. Just in case.†Title: XFX Radeon RX 580 8GB GTS Black Edition Review Link: http://www.overclockersclub.com/reviews/xfx_radeon_rx580_8gb_black_edition/ Img: http://www.overclockersclub.com/siteimages/articles/xfx_radeon_rx580_8gb_black_edition/4_thumb.jpg

Hey folks, It's been a while since I gave an update on what's been going on with the official images we're publishing in Debian. Now that we're getting close to the Stretch release, this seems like a good time! Since we released Jessie, there have been quite a number of changes in the images that we're making... Installer images - CDs almost gone ================================== We used to make large sets of CDs, containing as much of the Debian archive as would fit. These sets were *huge*, and evidence over the years suggested they were rarely (if ever) used. Just about all current computers will use DVDs just as well as CDs, and they are much more convenient. Accordingly, we have now stopped making CD sets. Full disc sets are still produced in DVD-sized images (for all architectures), and in Blu-Ray (BD) and dual-layer Blu-Ray (DLBD) images for amd64 and i386. We also used to make single CD images targeting specific desktop environments (KDE, XFCE, LXDE, etc.) For a number of releases, these have been becoming less and less useful: the single CD was just too small to include a sensible set of packages for the common desktop environments. There was another reason for these images - the lack of a choice of desktop environment directly inside the installer itself. That was fixed some time ago, thankfully. So, we've dropped (almost) all of these image types too. The only CD-sized installer images that are still made and published are the "netinst" images and a single CD image configured to install XFCE, chosen as the most popular of the lighter desktops that would fit. See http://get.debian.org/cdimage/weekly-builds/ for a current set of testing images; the same sets of images will be released with Stretch. Live images - now including UEFI support ======================================== After a hiatus, weekly builds of live images for testing are now happening again. These cover amd64 and i386, and there is a separate image for each of the common desktop environments. Thanks to great work by Neil Williams, Iain Learmonth and Ana Custura on new tools (vmdebootstrap and live-wraper), these also include support for UEFI booting as a new feature. Please help test the images and give feedback: http://get.debian.org/cdimage/weekly-live-builds/ Cloud images - now with openstack on arm64 ========================================== Jessie was the first Debian release with official cloud images for Openstack. We've continued to work on the tools to build those images. Alongside the existing amd64 version, we've now also added arm64 too. Check them out at: http://get.debian.org/cdimage/openstack/ We're still working on building additional official Debian Cloud images for other cloud platforms - watch this space for more announcements on that front soon... UNOFFICIAL images including non-free firmware ============================================= Although we really don't like having to do so, we also build variants of some our images that include non-free firmware. These images are designed to help support our users stuck with awkward hardware that won't work without such firmware - see https://wiki.debian.org/Firmware for more details in case you're in this unfortunate situation. We're building: * live images including non-free firmware * netinst installer images including non-free firmware * (new) single DVD-sized installer images including non-free firmware These images can be found under: http://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/ Finally - website work on image download pages ============================================== I've been working on solving https://bugs.debian.org/819664 for a while - I want to provide a much cleaner, clearer set of pages telling users how to obtain and use the various images we're making. It's been slow work, but I'm making progress and I'm hoping to have this ready for Stretch too. More updates soon! -- Steve McIntyre, Cambridge, UK. steve ( -at -) einval.com "I can't ever sleep on planes ... call it irrational if you like, but I'm afraid I'll miss my stop" -- Vivek Das Mohapatra

A recent trip to the local Micro Center location in St. Louis, Missouri showed that all the AMD Ryzen 5 6-core processors were sold out and rightly so as the Ryzen 5 1600X and Ryzen 5 1600 are both exceptional values. The AMD Ryzen 5 1600X is the flagship processor of the Ryzen 5 series and boasts 6-cores and 12-threads of processing goodness at over 4GHz clock speeds for just $249.99. AMD released the first quad-core processor (Phenom II X4) in January 2009, so many enthusiasts are ready to add more cores to their system here in 2017. No wonder they are sold out locally! Article Title: AMD Ryzen 5 1600X Overclocked Benchmark Results At 4.1GHz Legit Reviews Article URL: http://www.legitreviews.com/amd-ryzen-5-1600x-overclocked-benchmark-results-4-1ghz_194024 Unsubscribe: http://adserv.legitreviews.com/cgi-bin/dada/mail.cgi/u/legitpr/news// =

Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: be quiet! Pure Base 600 Link: https://www.techpowerup.com/reviews/beQuiet/Pure_Base_600 Brief: The be quiet! Pure Base 600 is aimed at the purists out there. There are no colored elements or a front door, just a clean and understated design. However, do not let that fool you as the chassis offers excellent liquid-cooling capability and a great amount of storage flexibility, all while being quiet, especially thanks to the built-in fan controller.

Audiophile Headset for Gamers – MSRP 59.90 Euros Sharkoon B1 Stereo Headset | Circumaural | 40 mm Driver | Detachable Microphone with Pop Filter | Modular Cable | TRRS and 3.5 mm Stereo Jack | Compatible to PC, Notebook, Tablet, Smartphone, MP3 Players, PlayStation 4 and XBox One | Gold-Plated Connectors | Inline Controller with Volume Control and Microphone Mute | Hardcase Included | MSRP 59.90 Euros** Sharkoon expands their range of gaming peripherals and introduces a solid stereo headset for demanding gamers. High quality 40 mm drivers win over not just computer gamers with its precise and powerfully specific audiophile sound. Optimum voice transmission is promised thanks to the pop filter microphone, which is also detachable. The Sharkoon B1 Stereo Headset is all-black and leaves a solid, purist impression with its materials and workmanship. The reinforced headband, with synthetic leather and stylish stitching, is comfortably padded for optimum wear comfort. The massive height adjustors of the ear cups are made from brushed aluminium and promises corresponding longevity. Mesh metal covers decorate the outside of the matte finished ear cups. But it is the sound quality of the B1 which leaves a lasting impression. High quality, powerful 40 mm drivers are used, offering brilliant highs and sonorous bass with an audiophile sound. Thick pads from soft synthetic leather completely surrounds the ear and efficiently contributes to suppress ambient noise. The detachable microphone is equipped with a pop filter, providing optimum voice transmission. The position of the microphone can always be individually customized, thanks to its flexible microphone arm. Without the microphone, the headset is also suitable as a headphone. Thanks to its TRRS stereo jack, the B1 is not only compatible with smartphones, but also with PlayStation 4 and Xbox One controllers as well as notebooks and Ultrabooks with modern TRRS ports. The headset cable is deliberately kept short at 110 cm and is practical for mobile usage or for connecting to a controller. The headset can also connect to computers by use of its included extension cable with TRRS port and two 3.5 mm stereo jacks. An inline controller is integrated into the extension cable for convenient access to both the volume control and microphone mute. When using the extension, the total cable length is 255 cm. All connectors on B1 are gold-plated; all cables are textile braided. Transport the headset and its accessories safely and securely within the included hardcase, with recesses and mounts provided. The Sharkoon B1 Stereo Headset is now available for the suggested retail price of 59.90 euros from authorized retailers. HD Photos: http://sharkoon.com/ImgSrv/960/670/B1/gallery/Gaming/HeadSter/B1/B1_01.jpg http://sharkoon.com/ImgSrv/960/670/B1/gallery/Gaming/HeadSter/B1/B1_02.jpg http://sharkoon.com/ImgSrv/960/670/B1/gallery/Gaming/HeadSter/B1/B1_03.jpg http://sharkoon.com/ImgSrv/960/670/B1/gallery/Gaming/HeadSter/B1/B1_04.jpg http://sharkoon.com/ImgSrv/960/670/B1/gallery/Gaming/HeadSter/B1/B1_05.jpg http://sharkoon.com/ImgSrv/960/670/B1/gallery/Gaming/HeadSter/B1/B1_06.jpg http://sharkoon.com/ImgSrv/960/670/B1/gallery/Gaming/HeadSter/B1/B1_07.jpg http://sharkoon.com/ImgSrv/960/670/B1/gallery/Gaming/HeadSter/B1/B1_08.jpg Zip-File to Download HD Photos: http://sharkoon.com/Download/Gaming/HeadSter/B1/gallery_B1.zip Data Sheet: http://sharkoon.com/Download/Gaming/HeadSter/B1/ds_B1_en_01.pdf Video: For further questions, to request samples and/or photos, or other information please contact us or go to: http://sharkoon.com/product//18314#desc -- Contact for Editors / Press office Sharkoon International: Philip Paul - International PR & Marketing - mailto:pp ( -at -) sharkoon.com Phone: +49 (0) 6403 / 968 14 51 Fax: +49 (0) 6403 / 968 14 99 Facebook: facebook.com/SharkoonNews Instagram: instagram.com/SharkoonNews Twitter: twitter.com/SharkoonNews Youtube: youtube.com/user/SharkoonTW ___________________ SHARKOON Technologies GmbH Siemensstrasse 38 35440 Linden Germany CEO: Frank Engert Registered Court Gießen HRB 3483

Title: Linksys WRT3200ACM AC3200 MU-MIMO Gigabit Wi-Fi Router Review ( -at -) NikKTech Description: If you're after both unmatched wired and wireless throughput and USB performance then the WRT3200ACM AC3200 MU-MIMO Gigabit Wi-Fi Router by Linksys should currently be your number 1 destination. Article Link: http://www.nikktech.com/main/articles/peripherals/network/modem-routers/7712 -linksys-wrt3200acm-ac3200-mu-mimo-gigabit-wi-fi-router-review Image Link: http://www.nikktech.com/main/images/pics/reviews/linksys/wrt3200acm/linksys_ wrt3200acma.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas

Title: Linksys WRT3200ACM AC3200 MU-MIMO Gigabit Wi-Fi Router Review ( -at -) NikKTech Description: If you're after both unmatched wired and wireless throughput and USB performance then the WRT3200ACM AC3200 MU-MIMO Gigabit Wi-Fi Router by Linksys should currently be your number 1 destination. Article Link: http://www.nikktech.com/main/articles/peripherals/network/modem-routers/7712 -linksys-wrt3200acm-ac3200-mu-mimo-gigabit-wi-fi-router-review Image Link: http://www.nikktech.com/main/images/pics/reviews/linksys/wrt3200acm/linksys_ wrt3200acma.jpg A News Post Would Be Appreciated. Thanks In Advance. Sincerely Nik Kastrantas