==========================================================================
Ubuntu Security Notice USN-2956-1
April 29, 2016
ubuntu-core-launcher vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
ubuntu-core-launcher did not properly isolate snaps from one another.
Software Description:
- ubuntu-core-launcher: Snap application launcher
Details:
Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly
sanitize its input and contained a logic error when determining the
mountpoint of bind mounts when using snaps on Ubuntu classic systems (eg,
traditional desktop and server). If a user were tricked into installing a
malicious snap with a crafted snap name, an attacker could perform a
delayed attack to steal data or execute code within the security context of
another snap. This issue did not affect Ubuntu Core systems.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
ubuntu-core-launcher 1.0.27.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2956-1
CVE-2016-1580
Package Information:
https://launchpad.net/ubuntu/+source/ubuntu-core-launcher/1.0.27.1
Friday, April 29, 2016
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-16:16.ntp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-16:16.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: 2016-04-29
Credits: Network Time Foundation and various contributors listed below
Affects: All supported versions of FreeBSD.
Corrected: 2016-04-27 15:24:33 UTC (stable/10, 10.3-STABLE)
2016-04-29 08:02:31 UTC (releng/10.3, 10.3-RELEASE-p1)
2016-04-29 08:02:31 UTC (releng/10.2, 10.2-RELEASE-p15)
2016-04-29 08:02:31 UTC (releng/10.1, 10.1-RELEASE-p32)
2016-04-27 15:25:18 UTC (stable/9, 9.3-STABLE)
2016-04-29 08:02:31 UTC (releng/9.3, 9.3-RELEASE-p40)
CVE Name: CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550,
CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518,
CVE-2016-2519
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
used to synchronize the time of a computer system to a reference time
source.
II. Problem Description
Multiple vulnerabilities have been discovered in the NTP suite:
On OSes (FreeBSD not affected) that allows packets claiming to be from
127.0.0.0/8 that arrive over physical network, if ntpd is configured to use
a reference clock, an attacker can inject packets over the network that look
like they are coming from that reference clock. [CVE-2016-1551, Reported by
Matt Street and others of Cisco ASIG]
If a system is set up to use a trustedkey, and if one is not using the
feature introduced in ntp-4.2.8p6 allowing an optional 4th field in the
ntp.keys file to specify which IPs can serve time, a malicious
authenticated peer -- i.e. one where the attacker knows the private
symmetric key -- can create arbitrarily-many ephemeral associations in
order to win the clock selection of ntpd and modify a victim's clock.
[CVE-2016-1549, Reported by Matthew Van Gundy of Cisco ASIG]
If ntpd was expressly configured to allow for remote configuration (this is
not common), a malicious user who knows the controlkey for ntpq or the
requestkey for ntpdc (if mode7 is expressly enabled) can create a session
with ntpd and if an existing association is unconfigured using the same IP
twice on the unconfig directive line, ntpd will abort. [CVE-2016-2516,
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360]
If ntpd was expressly configured to allow for remote configuration (this is
not common), a malicious user who knows the controlkey for ntpq or the
requestkey for ntpdc (if mode7 is expressly enabled) can create a session
with ntpd and then send a crafted packet to ntpd that will change the value
of the trustedkey, controlkey, or requestkey to a value that will prevent
any subsequent authentication with ntpd until ntpd is restarted.
[CVE-2016-2517, Reported by Yihan Lian of the Cloud Security Team, Qihoo 360]
Using a crafted packet to create a peer association with hmode > 7 causes
the MATCH_ASSOC() lookup to make an out-of-bounds reference. [CVE-2016-2518,
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360]
ntpq and ntpdc can be used to store and retrieve information in ntpd. It is
possible to store a data value that is larger than the size of the buffer
that the ctl_getitem() function of ntpd uses to report the return value.
If the length of the requested data value returned by ctl_getitem() is too
large, the value NULL is returned instead. There are 2 cases where the return
value from ctl_getitem() was not directly checked to make sure it's not NULL,
but there are subsequent INSIST() checks that make sure the return value is
not NULL. There are no data values ordinarily stored in ntpd that would
exceed this buffer length. But if one has permission to store values and
one stores a value that is "too large", then ntpd will abort if an attempt
is made to read that oversized value. [CVE-2016-2519, Reported by
Yihan Lian of the Cloud Security Team, Qihoo 360]
For ntp-4 versions up to but not including ntp-4.2.8p7, an off-path attacker
can cause a preemptable client association to be demobilized by sending a
crypto NAK packet to a victim client with a spoofed source address of an
existing associated peer. This is true even if authentication is enabled.
Furthermore, if the attacker keeps sending crypto NAK packets, for example
one every second, the victim never has a chance to reestablish the
association and synchronize time with that legitimate server. For ntp-4.2.8
up to ntp-4.2.8p6 there is less risk because more stringent checks are
performed on incoming packets, but there are still ways to exploit this
vulnerability in versions before ntp-4.2.8p7. [CVE-2016-1547, Reported by
Stephen Gray and Matthew Van Gundy of Cisco ASIG]
It is possible to change the time of an ntpd client or deny service to an
ntpd client by forcing it to change from basic client/server mode to
interleaved symmetric mode. An attacker can spoof a packet from a legitimate
ntpd server with an origin timestamp that matches the peer->dst timestamp
recorded for that server. After making this switch, the client will reject
all future legitimate server responses. It is possible to force the victim
client to move time after the mode has been changed. ntpq gives no
indication that the mode has been switched. [CVE-2016-1548, Reported by
Miroslav Lichvar of RedHat and separately by Jonathan Gardner of
Cisco ASIG]
Packet authentication tests have been performed using memcmp() or possibly
bcmp(), and it is potentially possible for a local or perhaps LAN-based
attacker to send a packet with an authentication payload and indirectly
observe how much of the digest has matched. [CVE-2016-1550, Reported
independently by Loganaden Velvindron, and Matthew Van Gundy and
Stephen Gray of Cisco ASIG]
III. Impact
Malicious remote attackers may be able to break time synchornization,
or cause the ntpd(8) daemon to crash.
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not
affected. Network administrators are advised to implement BCP-38,
which helps to reduce risk associated with the attacks.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
The ntpd service has to be restarted after the update. A reboot is
recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
The ntpd service has to be restarted after the update. A reboot is
recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-16:16/ntp.patch
# fetch https://security.FreeBSD.org/patches/SA-16:16/ntp.patch.asc
# gpg --verify ntp.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r298700
releng/9.3/ r298770
stable/10/ r298699
releng/10.1/ r298770
releng/10.2/ r298770
releng/10.3/ r298770
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.11 (FreeBSD)
iQIcBAEBCgAGBQJXIxXiAAoJEO1n7NZdz2rnAXgP/0OzpMmgCt4H9ldywUWaFmtr
ppIrbIXEuruh08TqrBm+PgUKFT0rZptCtX5pvZ/CwPdqfaisbvWkphcMART47q/Y
NcysqVGddmQUvrYihirYloj8qiODPu6XNqSG6QS4fw26NP1/dPnUmAREsTukWJjk
rAE+YZloikmKHXPXmG0Dr2STlzLrPDpeEp0aEb+MybZLerzyS6OyzTrnDLHttkwb
PFdA54KH4kUzCKJu3O4xtXimMjRm8s7tyOSHQhCI3U6bgTB0Q3hU+9FDFsx3K/7+
LsIa3JVefdgcIRnKWqli31Nk3fyndYgjFXpcqdUnK7bA0RpliGPqW90gom6W+Jb7
uRE5BDWHH3z9KAAGtOpziN20aWXeHHuisDpyfLVNyE350qyKuoVR/FPEa6mc2Fc4
CN53AfTQYPnGrwH4BnIVg2AsOmwwrEWx/TvzQ2DZLrKsUCklWXiUOxHz+6jXlz5v
RGIYJtJX/B+QN5a3RgAcluMb/A08FzjyAx57mEkYesv4nQn+9i2lLCP/LFHxId49
3rTmk817Mx1SMIS8Xc1bnd94gOBK8kNuduiV0xVKoJIn4IK5puwy/CBtx2jfMfI7
FPN6Krm7cQDy7z1rAZc80gTuIcMqXFNDHVtGVq+AqDQyv6rXL2iM8N+3xgQEe8Ei
fKgeiTiC4OSqKYLy/Ut/
=nQp/
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-SA-16:16.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: 2016-04-29
Credits: Network Time Foundation and various contributors listed below
Affects: All supported versions of FreeBSD.
Corrected: 2016-04-27 15:24:33 UTC (stable/10, 10.3-STABLE)
2016-04-29 08:02:31 UTC (releng/10.3, 10.3-RELEASE-p1)
2016-04-29 08:02:31 UTC (releng/10.2, 10.2-RELEASE-p15)
2016-04-29 08:02:31 UTC (releng/10.1, 10.1-RELEASE-p32)
2016-04-27 15:25:18 UTC (stable/9, 9.3-STABLE)
2016-04-29 08:02:31 UTC (releng/9.3, 9.3-RELEASE-p40)
CVE Name: CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550,
CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518,
CVE-2016-2519
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
used to synchronize the time of a computer system to a reference time
source.
II. Problem Description
Multiple vulnerabilities have been discovered in the NTP suite:
On OSes (FreeBSD not affected) that allows packets claiming to be from
127.0.0.0/8 that arrive over physical network, if ntpd is configured to use
a reference clock, an attacker can inject packets over the network that look
like they are coming from that reference clock. [CVE-2016-1551, Reported by
Matt Street and others of Cisco ASIG]
If a system is set up to use a trustedkey, and if one is not using the
feature introduced in ntp-4.2.8p6 allowing an optional 4th field in the
ntp.keys file to specify which IPs can serve time, a malicious
authenticated peer -- i.e. one where the attacker knows the private
symmetric key -- can create arbitrarily-many ephemeral associations in
order to win the clock selection of ntpd and modify a victim's clock.
[CVE-2016-1549, Reported by Matthew Van Gundy of Cisco ASIG]
If ntpd was expressly configured to allow for remote configuration (this is
not common), a malicious user who knows the controlkey for ntpq or the
requestkey for ntpdc (if mode7 is expressly enabled) can create a session
with ntpd and if an existing association is unconfigured using the same IP
twice on the unconfig directive line, ntpd will abort. [CVE-2016-2516,
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360]
If ntpd was expressly configured to allow for remote configuration (this is
not common), a malicious user who knows the controlkey for ntpq or the
requestkey for ntpdc (if mode7 is expressly enabled) can create a session
with ntpd and then send a crafted packet to ntpd that will change the value
of the trustedkey, controlkey, or requestkey to a value that will prevent
any subsequent authentication with ntpd until ntpd is restarted.
[CVE-2016-2517, Reported by Yihan Lian of the Cloud Security Team, Qihoo 360]
Using a crafted packet to create a peer association with hmode > 7 causes
the MATCH_ASSOC() lookup to make an out-of-bounds reference. [CVE-2016-2518,
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360]
ntpq and ntpdc can be used to store and retrieve information in ntpd. It is
possible to store a data value that is larger than the size of the buffer
that the ctl_getitem() function of ntpd uses to report the return value.
If the length of the requested data value returned by ctl_getitem() is too
large, the value NULL is returned instead. There are 2 cases where the return
value from ctl_getitem() was not directly checked to make sure it's not NULL,
but there are subsequent INSIST() checks that make sure the return value is
not NULL. There are no data values ordinarily stored in ntpd that would
exceed this buffer length. But if one has permission to store values and
one stores a value that is "too large", then ntpd will abort if an attempt
is made to read that oversized value. [CVE-2016-2519, Reported by
Yihan Lian of the Cloud Security Team, Qihoo 360]
For ntp-4 versions up to but not including ntp-4.2.8p7, an off-path attacker
can cause a preemptable client association to be demobilized by sending a
crypto NAK packet to a victim client with a spoofed source address of an
existing associated peer. This is true even if authentication is enabled.
Furthermore, if the attacker keeps sending crypto NAK packets, for example
one every second, the victim never has a chance to reestablish the
association and synchronize time with that legitimate server. For ntp-4.2.8
up to ntp-4.2.8p6 there is less risk because more stringent checks are
performed on incoming packets, but there are still ways to exploit this
vulnerability in versions before ntp-4.2.8p7. [CVE-2016-1547, Reported by
Stephen Gray and Matthew Van Gundy of Cisco ASIG]
It is possible to change the time of an ntpd client or deny service to an
ntpd client by forcing it to change from basic client/server mode to
interleaved symmetric mode. An attacker can spoof a packet from a legitimate
ntpd server with an origin timestamp that matches the peer->dst timestamp
recorded for that server. After making this switch, the client will reject
all future legitimate server responses. It is possible to force the victim
client to move time after the mode has been changed. ntpq gives no
indication that the mode has been switched. [CVE-2016-1548, Reported by
Miroslav Lichvar of RedHat and separately by Jonathan Gardner of
Cisco ASIG]
Packet authentication tests have been performed using memcmp() or possibly
bcmp(), and it is potentially possible for a local or perhaps LAN-based
attacker to send a packet with an authentication payload and indirectly
observe how much of the digest has matched. [CVE-2016-1550, Reported
independently by Loganaden Velvindron, and Matthew Van Gundy and
Stephen Gray of Cisco ASIG]
III. Impact
Malicious remote attackers may be able to break time synchornization,
or cause the ntpd(8) daemon to crash.
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not
affected. Network administrators are advised to implement BCP-38,
which helps to reduce risk associated with the attacks.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
The ntpd service has to be restarted after the update. A reboot is
recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
The ntpd service has to be restarted after the update. A reboot is
recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-16:16/ntp.patch
# fetch https://security.FreeBSD.org/patches/SA-16:16/ntp.patch.asc
# gpg --verify ntp.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r298700
releng/9.3/ r298770
stable/10/ r298699
releng/10.1/ r298770
releng/10.2/ r298770
releng/10.3/ r298770
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.11 (FreeBSD)
iQIcBAEBCgAGBQJXIxXiAAoJEO1n7NZdz2rnAXgP/0OzpMmgCt4H9ldywUWaFmtr
ppIrbIXEuruh08TqrBm+PgUKFT0rZptCtX5pvZ/CwPdqfaisbvWkphcMART47q/Y
NcysqVGddmQUvrYihirYloj8qiODPu6XNqSG6QS4fw26NP1/dPnUmAREsTukWJjk
rAE+YZloikmKHXPXmG0Dr2STlzLrPDpeEp0aEb+MybZLerzyS6OyzTrnDLHttkwb
PFdA54KH4kUzCKJu3O4xtXimMjRm8s7tyOSHQhCI3U6bgTB0Q3hU+9FDFsx3K/7+
LsIa3JVefdgcIRnKWqli31Nk3fyndYgjFXpcqdUnK7bA0RpliGPqW90gom6W+Jb7
uRE5BDWHH3z9KAAGtOpziN20aWXeHHuisDpyfLVNyE350qyKuoVR/FPEa6mc2Fc4
CN53AfTQYPnGrwH4BnIVg2AsOmwwrEWx/TvzQ2DZLrKsUCklWXiUOxHz+6jXlz5v
RGIYJtJX/B+QN5a3RgAcluMb/A08FzjyAx57mEkYesv4nQn+9i2lLCP/LFHxId49
3rTmk817Mx1SMIS8Xc1bnd94gOBK8kNuduiV0xVKoJIn4IK5puwy/CBtx2jfMfI7
FPN6Krm7cQDy7z1rAZc80gTuIcMqXFNDHVtGVq+AqDQyv6rXL2iM8N+3xgQEe8Ei
fKgeiTiC4OSqKYLy/Ut/
=nQp/
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Thursday, April 28, 2016
reallost1.fbsd2233449:大客户销售项目运作与管理 j2uoo
reallost1.fbsd2233449:您好
附件中的内容希望能帮助到您的工作
给您解决工作中的烦恼!
gk9vn
2016/4/29 星期五12:42:42
Fedora 24 Beta status is NO-GO
The decision of the Fedora 24 Beta Go/No-Go Meeting is NO-GO.
Due to an invalid F24 Beta RC compose [1] has been agreed on the
Go/No-Go meeting to slip the Beta release for one week as well as to
slip the Final GA of Fedora 24.
The next Go/No-Go meeting is planned on the next Thursday 2016-May-05
at 5:30PM UTC.
More information can be found in the meeting minutes [2][3].
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1331504
[2] https://meetbot.fedoraproject.org/fedora-meeting/2016-04-28/f24-beta-go_no_go-meeting.2016-04-28-17.00.html
[3] https://meetbot.fedoraproject.org/fedora-meeting/2016-04-28/f24-beta-go_no_go-meeting.2016-04-28-17.00.log.html
Regards,
Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel-announce@lists.fedoraproject.org
Headsup: qhull upgrade on rawhide
Hi,
I intent to upgrade qhull to version 2015.2 on rawhide throughout the
next couple of days/near future.
This is a major upgrade, which will introduce API/ABI/SONAME changes and
likely packaging changes, as well. This update will require rebuilds of
several packages and will trigger FTBFSs, which will require package
modifications and will cause (hopefully temporary - exception [1])
broken dependencies.
Packages known to be affected:
- 3Depict
- blender
- FreeSOLID
- meshlab
- octave
- pcl
- plplot
- PyMca
- python-matplotlib
- saga
I have preliminary local rebuilds of theses packages (exception [1]) and
will try to take care about rebuilds (using my provenpackager powers),
if possible.
Ralf
[1] blender fails to build due to other, unrelated issues (opencv).
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel-announce@lists.fedoraproject.org
Wednesday, April 27, 2016
reallost1.fbsd2233449:如何成为一名职业助理
reallost1.fbsd2233449:您好
在竞争日益激烈的今天,唯有提升自我的能力,才能不被别人所取代!
附件中的内容希望能帮助到您的工作,给您解决工作中的烦恼!
ssba0
2016-4-2812:56:33
reallost1.fbsd2233449:企业是否面临以下困惑
reallost1.fbsd2233449:您好
当下您所管理的企业是否面临以下困惑:
---依赖个人英雄而不是组织能力,业绩人为影响大而没有持续性?
---客户需求响应速度很慢、交付能力很低,客户满意度不断下降?
---关注结果而忽视做事过程和团队能力培育,导致企业扩张乏力?
---竞争环境越来越严峻,运营成本越来越高,盈利能力越来越差?
附件中的内容希望能帮助到您的工作
给您解决工作中的烦恼!
darv8
2016/4/28 星期四12:19:07
[USN-2934-1] Thunderbird vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXIUCgAAoJEGEfvezVlG4P4vAH/0fbioHcr0TUMZrElmwgiZNa
/xCeQAVckaSMgZaGcQlnQJQonbytxJ43mcc9Q44td4qbXoJX0UdIaAoSOa2dzxIy
5hQAGNG6AdmMP5jKYgrGJ9vXI3HUldMcW+m7s7cIZKF5Abggd4RRQwpR61ZMrP5I
0xQKd2CH3i7/j9AWouMSaHPkLe2ceJMOTpa/Tac3hLG/tS61xu2B7G2HiJkIbift
GTTjRXTmwUdYs9vLAYmewlMaruRBUrLHDeTQvr0Hts7CHjxi41lbmwA2UTscA+/1
oMCJ80POYuWg9qsXaujYGoPUWyTFdXHm//H/6lE4Rrr43h6JxrmlxMcHwEYFpPI=
=R3jH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2934-1
April 27, 2016
thunderbird vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory
safety issues in Thunderbird. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Thunderbird. (CVE-2016-1952)
Nicolas Golubovic discovered that CSP violation reports can be used to
overwrite local files. If a user were tricked in to opening a specially
crafted website in a browsing context with addon signing disabled and
unpacked addons installed, an attacker could potentially exploit this to
gain additional privileges. (CVE-2016-1954)
Jose Martinez and Romina Santillan discovered a memory leak in
libstagefright during MPEG4 video file processing in some circumstances.
If a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause a
denial of service via memory exhaustion. (CVE-2016-1957)
A use-after-free was discovered in the HTML5 string parser. If a user were
tricked in to opening a specially crafted website in a browsing context, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2016-1960)
A use-after-free was discovered in the SetBody function of HTMLDocument.
If a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2016-1961)
Nicolas Grégoire discovered a use-after-free during XML transformations.
If a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2016-1964)
A memory corruption issues was discovered in the NPAPI subsystem. If
a user were tricked in to opening a specially crafted website in a
browsing context with a malicious plugin installed, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2016-1966)
Ronald Crane discovered an out-of-bounds read following a failed
allocation in the HTML parser in some circumstances. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit this to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Thunderbird. (CVE-2016-1974)
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
A remote attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2016-1950)
Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple
memory safety issues in the Graphite 2 library. If a user were tricked in
to opening a specially crafted message, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,
CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,
CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
thunderbird 1:38.7.2+build1-0ubuntu0.16.04.1
Ubuntu 15.10:
thunderbird 1:38.7.2+build1-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:
thunderbird 1:38.7.2+build1-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
thunderbird 1:38.7.2+build1-0ubuntu0.12.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2934-1
CVE-2016-1950, CVE-2016-1952, CVE-2016-1954, CVE-2016-1957,
CVE-2016-1960, CVE-2016-1961, CVE-2016-1964, CVE-2016-1966,
CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,
CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,
CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799,
CVE-2016-2800, CVE-2016-2801, CVE-2016-2802
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.12.04.1
Version: GnuPG v2
iQEcBAEBCAAGBQJXIUCgAAoJEGEfvezVlG4P4vAH/0fbioHcr0TUMZrElmwgiZNa
/xCeQAVckaSMgZaGcQlnQJQonbytxJ43mcc9Q44td4qbXoJX0UdIaAoSOa2dzxIy
5hQAGNG6AdmMP5jKYgrGJ9vXI3HUldMcW+m7s7cIZKF5Abggd4RRQwpR61ZMrP5I
0xQKd2CH3i7/j9AWouMSaHPkLe2ceJMOTpa/Tac3hLG/tS61xu2B7G2HiJkIbift
GTTjRXTmwUdYs9vLAYmewlMaruRBUrLHDeTQvr0Hts7CHjxi41lbmwA2UTscA+/1
oMCJ80POYuWg9qsXaujYGoPUWyTFdXHm//H/6lE4Rrr43h6JxrmlxMcHwEYFpPI=
=R3jH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2934-1
April 27, 2016
thunderbird vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory
safety issues in Thunderbird. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Thunderbird. (CVE-2016-1952)
Nicolas Golubovic discovered that CSP violation reports can be used to
overwrite local files. If a user were tricked in to opening a specially
crafted website in a browsing context with addon signing disabled and
unpacked addons installed, an attacker could potentially exploit this to
gain additional privileges. (CVE-2016-1954)
Jose Martinez and Romina Santillan discovered a memory leak in
libstagefright during MPEG4 video file processing in some circumstances.
If a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause a
denial of service via memory exhaustion. (CVE-2016-1957)
A use-after-free was discovered in the HTML5 string parser. If a user were
tricked in to opening a specially crafted website in a browsing context, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2016-1960)
A use-after-free was discovered in the SetBody function of HTMLDocument.
If a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2016-1961)
Nicolas Grégoire discovered a use-after-free during XML transformations.
If a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2016-1964)
A memory corruption issues was discovered in the NPAPI subsystem. If
a user were tricked in to opening a specially crafted website in a
browsing context with a malicious plugin installed, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2016-1966)
Ronald Crane discovered an out-of-bounds read following a failed
allocation in the HTML parser in some circumstances. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit this to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Thunderbird. (CVE-2016-1974)
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
A remote attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2016-1950)
Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple
memory safety issues in the Graphite 2 library. If a user were tricked in
to opening a specially crafted message, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,
CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,
CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
thunderbird 1:38.7.2+build1-0ubuntu0.16.04.1
Ubuntu 15.10:
thunderbird 1:38.7.2+build1-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:
thunderbird 1:38.7.2+build1-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
thunderbird 1:38.7.2+build1-0ubuntu0.12.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2934-1
CVE-2016-1950, CVE-2016-1952, CVE-2016-1954, CVE-2016-1957,
CVE-2016-1960, CVE-2016-1961, CVE-2016-1964, CVE-2016-1966,
CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,
CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,
CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799,
CVE-2016-2800, CVE-2016-2801, CVE-2016-2802
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.12.04.1
[USN-2955-1] Oxide vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXIS1RAAoJEGEfvezVlG4PLA4H/jHxlqDjAKtY5WVH+RHwZpUK
Mg4pP3t7yNRzfOQVSAwW8YocAV5u5bwpe+SUg3Zo0nhYg2XxK8vjis6pLQINWzKR
BqaktzTSzJyTfGCqpQ6wK9w8OYIsCCH4GNPGg7Aa6aKDHcSU58NuSu35w8pw74lu
vCtTXstMbHwLkpyRmG4t3CzLiYDo5lkRLGTkSZx2CQiwxXohal5tqA3HoIIc6trG
MP3hdg+9xRA6wxZu0+A973arysL6eiX3FnXT8N9ptNDTiJuVekW37IXQLy0oVZV0
UptymnJuCCZsTVn4y6Z3xvtGL62QliVGc4dSwAfaPt0Wz3ycceZyZXOusLepn2I=
=zNAW
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2955-1
April 27, 2016
oxide-qt vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Oxide.
Software Description:
- oxide-qt: Web browser engine for Qt (QML plugin)
Details:
A use-after-free was discovered when responding synchronously to
permission requests. An attacker could potentially exploit this to cause
a denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking the program. (CVE-2016-1578)
An out-of-bounds read was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash. (CVE-2016-1646)
A use-after-free was discovered in the navigation implementation in
Chromium in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking the program. (CVE-2016-1647)
A buffer overflow was discovered in ANGLE. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2016-1649)
An out-of-bounds write was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed renderer process.
(CVE-2016-1653)
An invalid read was discovered in the media subsystem in Chromium. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash. (CVE-2016-1654)
It was discovered that frame removal during callback execution could
trigger a use-after-free in Blink. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed renderer process.
(CVE-2016-1655)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2016-1659)
Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2016-3679)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
liboxideqtcore0 1.14.7-0ubuntu1
Ubuntu 15.10:
liboxideqtcore0 1.14.7-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.14.7-0ubuntu0.14.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2955-1
CVE-2016-1578, CVE-2016-1646, CVE-2016-1647, CVE-2016-1649,
CVE-2016-1653, CVE-2016-1654, CVE-2016-1655, CVE-2016-1659,
CVE-2016-3679, https://launchpad.net/bugs/1561450
Package Information:
https://launchpad.net/ubuntu/+source/oxide-qt/1.14.7-0ubuntu1
https://launchpad.net/ubuntu/+source/oxide-qt/1.14.7-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/oxide-qt/1.14.7-0ubuntu0.14.04.1
Version: GnuPG v2
iQEcBAEBCAAGBQJXIS1RAAoJEGEfvezVlG4PLA4H/jHxlqDjAKtY5WVH+RHwZpUK
Mg4pP3t7yNRzfOQVSAwW8YocAV5u5bwpe+SUg3Zo0nhYg2XxK8vjis6pLQINWzKR
BqaktzTSzJyTfGCqpQ6wK9w8OYIsCCH4GNPGg7Aa6aKDHcSU58NuSu35w8pw74lu
vCtTXstMbHwLkpyRmG4t3CzLiYDo5lkRLGTkSZx2CQiwxXohal5tqA3HoIIc6trG
MP3hdg+9xRA6wxZu0+A973arysL6eiX3FnXT8N9ptNDTiJuVekW37IXQLy0oVZV0
UptymnJuCCZsTVn4y6Z3xvtGL62QliVGc4dSwAfaPt0Wz3ycceZyZXOusLepn2I=
=zNAW
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2955-1
April 27, 2016
oxide-qt vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Oxide.
Software Description:
- oxide-qt: Web browser engine for Qt (QML plugin)
Details:
A use-after-free was discovered when responding synchronously to
permission requests. An attacker could potentially exploit this to cause
a denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking the program. (CVE-2016-1578)
An out-of-bounds read was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash. (CVE-2016-1646)
A use-after-free was discovered in the navigation implementation in
Chromium in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking the program. (CVE-2016-1647)
A buffer overflow was discovered in ANGLE. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2016-1649)
An out-of-bounds write was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed renderer process.
(CVE-2016-1653)
An invalid read was discovered in the media subsystem in Chromium. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash. (CVE-2016-1654)
It was discovered that frame removal during callback execution could
trigger a use-after-free in Blink. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed renderer process.
(CVE-2016-1655)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2016-1659)
Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2016-3679)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
liboxideqtcore0 1.14.7-0ubuntu1
Ubuntu 15.10:
liboxideqtcore0 1.14.7-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.14.7-0ubuntu0.14.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2955-1
CVE-2016-1578, CVE-2016-1646, CVE-2016-1647, CVE-2016-1649,
CVE-2016-1653, CVE-2016-1654, CVE-2016-1655, CVE-2016-1659,
CVE-2016-3679, https://launchpad.net/bugs/1561450
Package Information:
https://launchpad.net/ubuntu/+source/oxide-qt/1.14.7-0ubuntu1
https://launchpad.net/ubuntu/+source/oxide-qt/1.14.7-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/oxide-qt/1.14.7-0ubuntu0.14.04.1
[USN-2950-2] libsoup update
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJXIP1PAAoJEGVp2FWnRL6Tt6wQAJcI1XiuQ+bhQI261q/2xkGO
faVrjEEIEQHlGS2gyW62eo3F9Ppmg9q98DwgwRcNdQrgcJEY/4t8NVDeED+UIlHJ
Z4aw1QWLGgVKNiHXQ9xLAZ+jrUXUD3xO1sYFAS3Wgqj5TLUpLcFoesZz7oe2kR9B
1qD1yoM2ZVir54mlF++Pr2h8I/MKQuR3vbzqUaQib29GhxmvCduh67ugS9vw2ah5
xvZG8xihVVmBky6kOb7OkAXsg6lW/jh+Aygzf7Z98ASWSHzLwiMPgZ/iFWT1pBn8
W+Q6UScf75Xj2INx5mn1hEiCgqouvbF9p56kzwwUoyDck5rmDU0rlRXdLKPLnhuV
jOxC8oLCsWtMNZO3YA/dW8Qoc0Go4ONa65Kr0q9T+cEebHydHINfQ8stO+4nQAqo
ZJw5MWR84fWtRDF6jAsxh9Zz631hRrK0yKXmtRhlRWOUznjAXbSElFWfgDQUBkmq
C+KZNSR9+KkYZjEqrYCCdBxIm7CElY2mRvqbdsZYOzfcz4SC8fn4J9AFRceB1hIu
TX9hiFPw4n6AkQQdyTkOxmWkTeyc5iZD9Jkgp4yev9jMbMmU5lKjemOdEmvjgbIw
D664mxk2nO849bl60dQ/05/zpkI4cjnF6gbRf1DHm8cIFaveLpIK/d9gds3V7yCH
TMBREeYt8omVx1nqKBWK
=cgs3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2950-2
April 27, 2016
libsoup2.4 update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
This update fixes libsoup NTLM authentication.
Software Description:
- libsoup2.4: HTTP client/server library for GNOME
Details:
USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages
introduced a compatibility issue with NTLM authentication in libsoup. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a man in
the middle attack, or possibly execute arbitrary code. (CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a man in the
middle attack. (CVE-2016-2110)
Alberto Solino discovered that a Samba domain controller would establish a
secure connection to a server with a spoofed computer name. A remote
attacker could use this issue to obtain sensitive information.
(CVE-2016-2111)
Stefan Metzmacher discovered that the Samba LDAP implementation did not
enforce integrity protection. A remote attacker could use this issue to
hijack LDAP connections by performing a man in the middle attack.
(CVE-2016-2112)
Stefan Metzmacher discovered that Samba did not validate TLS certificates.
A remote attacker could use this issue to spoof a Samba server.
(CVE-2016-2113)
Stefan Metzmacher discovered that Samba did not enforce SMB signing even if
configured to. A remote attacker could use this issue to perform a man in
the middle attack. (CVE-2016-2114)
Stefan Metzmacher discovered that Samba did not enable integrity protection
for IPC traffic. A remote attacker could use this issue to perform a man in
the middle attack. (CVE-2016-2115)
Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and
MS-LSAD protocols. A remote attacker could use this flaw with a man in the
middle attack to impersonate users and obtain sensitive information from
the Security Account Manager database. This flaw is known as Badlock.
(CVE-2016-2118)
Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10.
Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes. Configuration changes may
be required in certain environments.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libsoup2.4-1 2.52.2-1ubuntu0.1
Ubuntu 15.10:
libsoup2.4-1 2.50.0-2ubuntu0.1
Ubuntu 14.04 LTS:
libsoup2.4-1 2.44.2-1ubuntu2.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2950-2
http://www.ubuntu.com/usn/usn-2950-1
https://launchpad.net/bugs/1573494
Package Information:
https://launchpad.net/ubuntu/+source/libsoup2.4/2.52.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.50.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.44.2-1ubuntu2.1
Version: GnuPG v2
iQIcBAEBCgAGBQJXIP1PAAoJEGVp2FWnRL6Tt6wQAJcI1XiuQ+bhQI261q/2xkGO
faVrjEEIEQHlGS2gyW62eo3F9Ppmg9q98DwgwRcNdQrgcJEY/4t8NVDeED+UIlHJ
Z4aw1QWLGgVKNiHXQ9xLAZ+jrUXUD3xO1sYFAS3Wgqj5TLUpLcFoesZz7oe2kR9B
1qD1yoM2ZVir54mlF++Pr2h8I/MKQuR3vbzqUaQib29GhxmvCduh67ugS9vw2ah5
xvZG8xihVVmBky6kOb7OkAXsg6lW/jh+Aygzf7Z98ASWSHzLwiMPgZ/iFWT1pBn8
W+Q6UScf75Xj2INx5mn1hEiCgqouvbF9p56kzwwUoyDck5rmDU0rlRXdLKPLnhuV
jOxC8oLCsWtMNZO3YA/dW8Qoc0Go4ONa65Kr0q9T+cEebHydHINfQ8stO+4nQAqo
ZJw5MWR84fWtRDF6jAsxh9Zz631hRrK0yKXmtRhlRWOUznjAXbSElFWfgDQUBkmq
C+KZNSR9+KkYZjEqrYCCdBxIm7CElY2mRvqbdsZYOzfcz4SC8fn4J9AFRceB1hIu
TX9hiFPw4n6AkQQdyTkOxmWkTeyc5iZD9Jkgp4yev9jMbMmU5lKjemOdEmvjgbIw
D664mxk2nO849bl60dQ/05/zpkI4cjnF6gbRf1DHm8cIFaveLpIK/d9gds3V7yCH
TMBREeYt8omVx1nqKBWK
=cgs3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2950-2
April 27, 2016
libsoup2.4 update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
This update fixes libsoup NTLM authentication.
Software Description:
- libsoup2.4: HTTP client/server library for GNOME
Details:
USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages
introduced a compatibility issue with NTLM authentication in libsoup. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to perform
a denial of service, downgrade secure connections by performing a man in
the middle attack, or possibly execute arbitrary code. (CVE-2015-5370)
Stefan Metzmacher discovered that Samba contained multiple flaws in the
NTLMSSP authentication implementation. A remote attacker could use this
issue to downgrade connections to plain text by performing a man in the
middle attack. (CVE-2016-2110)
Alberto Solino discovered that a Samba domain controller would establish a
secure connection to a server with a spoofed computer name. A remote
attacker could use this issue to obtain sensitive information.
(CVE-2016-2111)
Stefan Metzmacher discovered that the Samba LDAP implementation did not
enforce integrity protection. A remote attacker could use this issue to
hijack LDAP connections by performing a man in the middle attack.
(CVE-2016-2112)
Stefan Metzmacher discovered that Samba did not validate TLS certificates.
A remote attacker could use this issue to spoof a Samba server.
(CVE-2016-2113)
Stefan Metzmacher discovered that Samba did not enforce SMB signing even if
configured to. A remote attacker could use this issue to perform a man in
the middle attack. (CVE-2016-2114)
Stefan Metzmacher discovered that Samba did not enable integrity protection
for IPC traffic. A remote attacker could use this issue to perform a man in
the middle attack. (CVE-2016-2115)
Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and
MS-LSAD protocols. A remote attacker could use this flaw with a man in the
middle attack to impersonate users and obtain sensitive information from
the Security Account Manager database. This flaw is known as Badlock.
(CVE-2016-2118)
Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10.
Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes. Configuration changes may
be required in certain environments.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libsoup2.4-1 2.52.2-1ubuntu0.1
Ubuntu 15.10:
libsoup2.4-1 2.50.0-2ubuntu0.1
Ubuntu 14.04 LTS:
libsoup2.4-1 2.44.2-1ubuntu2.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2950-2
http://www.ubuntu.com/usn/usn-2950-1
https://launchpad.net/bugs/1573494
Package Information:
https://launchpad.net/ubuntu/+source/libsoup2.4/2.52.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.50.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.44.2-1ubuntu2.1
[USN-2952-2] PHP regression
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJXIP0wAAoJEGVp2FWnRL6TNY0P/0Kd3FdWnll7lP0SIqghXyjt
sQOqESws1dC1xzAJbGXXHI6jKJnpUQNRhnrTSC89/rCVRHu+MwuoraVR/0rHZmSR
UpEgrVzS98k4ZvjiwLh9vyUniMledB7piJ/qjXhxCjQypamf+6Hx2c4T2Z99bZbL
MWsSyeXbMjOP/Q5qnr4nt4DiRurXUuYMaSpViaqX25BdUjfTqgF6JDsTLfT2u30E
gfdfrNLuiJH9AX0vCLleiEmRfbqTF2xrsA78ctstG5ryTPhIXunRZDFnkevKhMs+
KF3B7ALga7Mukq5GBw/Iq2HYaASo7l4tKRtlftCD+zoc5RCmuk4XqxsCsBLJqaIx
UCUUlVfhuf40Gn97ApTj5MfzfjyyG7BC9nR3RTurh3egXUdCMqrV1QCI7CSZmi6O
kAKHIpzzokkACcSuSHjKxzRoYvugWih8ymdiFwKQhSD9P7TywfcoPRJm+egfOvEU
7O5bvqWvHZis3HjdoC2WqbAImmOnGSotZLjdTin+yF7IC4YSjZa952zol4JlOPjU
/lMHSN1SC6pdIJ6pA7HmMkcw9pc3CWBEpPC8fk1sPwWb/JldFHnPuXM+3Fld9lZN
GGYA5Valos+7aH/bnpWwE/WyVHxDVAigikqpEs649W3a75pqquMvT6+z7umE2GJ8
K095oufg7K+yBKu9q6q3
=dued
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2952-2
April 27, 2016
php5 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
USN-2952-1 caused a regression in PHP.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches
caused a regression in the PHP Soap client. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the PHP Zip extension incorrectly handled
directories when processing certain zip files. A remote attacker could
possibly use this issue to create arbitrary directories. (CVE-2014-9767)
It was discovered that the PHP Soap client incorrectly validated data
types. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-8835, CVE-2016-3185)
It was discovered that the PHP MySQL native driver incorrectly handled TLS
connections to MySQL databases. A man in the middle attacker could possibly
use this issue to downgrade and snoop on TLS connections. This
vulnerability is known as BACKRONYM. (CVE-2015-8838)
It was discovered that PHP incorrectly handled the imagerotate function. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly obtain sensitive information. This issue
only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-1903)
Hans Jerry Illikainen discovered that the PHP phar extension incorrectly
handled certain tar archives. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-2554)
It was discovered that the PHP WDDX extension incorrectly handled certain
malformed XML data. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-3141)
It was discovered that the PHP phar extension incorrectly handled certain
zip files. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2016-3142)
It was discovered that the PHP libxml_disable_entity_loader() setting was
shared between threads. When running under PHP-FPM, this could result in
XML external entity injection and entity expansion issues. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (No CVE number)
It was discovered that the PHP openssl_random_pseudo_bytes() function did
not return cryptographically strong pseudo-random bytes. (No CVE number)
It was discovered that the PHP Fileinfo component incorrectly handled
certain magic files. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE number pending)
It was discovered that the PHP php_snmp_error() function incorrectly
handled string formatting. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu
15.10. (CVE number pending)
It was discovered that the PHP rawurlencode() function incorrectly handled
large strings. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service. (CVE number pending)
It was discovered that the PHP phar extension incorrectly handled certain
filenames in archives. A remote attacker could use this issue to cause PHP
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE number pending)
It was discovered that the PHP mb_strcut() function incorrectly handled
string formatting. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE number pending)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.3
php5-cgi 5.6.11+dfsg-1ubuntu3.3
php5-cli 5.6.11+dfsg-1ubuntu3.3
php5-fpm 5.6.11+dfsg-1ubuntu3.3
php5-gd 5.6.11+dfsg-1ubuntu3.3
php5-mysqlnd 5.6.11+dfsg-1ubuntu3.3
php5-snmp 5.6.11+dfsg-1ubuntu3.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2952-2
http://www.ubuntu.com/usn/usn-2952-1
https://launchpad.net/bugs/1575298
Package Information:
https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.3
Version: GnuPG v2
iQIcBAEBCgAGBQJXIP0wAAoJEGVp2FWnRL6TNY0P/0Kd3FdWnll7lP0SIqghXyjt
sQOqESws1dC1xzAJbGXXHI6jKJnpUQNRhnrTSC89/rCVRHu+MwuoraVR/0rHZmSR
UpEgrVzS98k4ZvjiwLh9vyUniMledB7piJ/qjXhxCjQypamf+6Hx2c4T2Z99bZbL
MWsSyeXbMjOP/Q5qnr4nt4DiRurXUuYMaSpViaqX25BdUjfTqgF6JDsTLfT2u30E
gfdfrNLuiJH9AX0vCLleiEmRfbqTF2xrsA78ctstG5ryTPhIXunRZDFnkevKhMs+
KF3B7ALga7Mukq5GBw/Iq2HYaASo7l4tKRtlftCD+zoc5RCmuk4XqxsCsBLJqaIx
UCUUlVfhuf40Gn97ApTj5MfzfjyyG7BC9nR3RTurh3egXUdCMqrV1QCI7CSZmi6O
kAKHIpzzokkACcSuSHjKxzRoYvugWih8ymdiFwKQhSD9P7TywfcoPRJm+egfOvEU
7O5bvqWvHZis3HjdoC2WqbAImmOnGSotZLjdTin+yF7IC4YSjZa952zol4JlOPjU
/lMHSN1SC6pdIJ6pA7HmMkcw9pc3CWBEpPC8fk1sPwWb/JldFHnPuXM+3Fld9lZN
GGYA5Valos+7aH/bnpWwE/WyVHxDVAigikqpEs649W3a75pqquMvT6+z7umE2GJ8
K095oufg7K+yBKu9q6q3
=dued
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2952-2
April 27, 2016
php5 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
Summary:
USN-2952-1 caused a regression in PHP.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches
caused a regression in the PHP Soap client. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the PHP Zip extension incorrectly handled
directories when processing certain zip files. A remote attacker could
possibly use this issue to create arbitrary directories. (CVE-2014-9767)
It was discovered that the PHP Soap client incorrectly validated data
types. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-8835, CVE-2016-3185)
It was discovered that the PHP MySQL native driver incorrectly handled TLS
connections to MySQL databases. A man in the middle attacker could possibly
use this issue to downgrade and snoop on TLS connections. This
vulnerability is known as BACKRONYM. (CVE-2015-8838)
It was discovered that PHP incorrectly handled the imagerotate function. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly obtain sensitive information. This issue
only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-1903)
Hans Jerry Illikainen discovered that the PHP phar extension incorrectly
handled certain tar archives. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-2554)
It was discovered that the PHP WDDX extension incorrectly handled certain
malformed XML data. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-3141)
It was discovered that the PHP phar extension incorrectly handled certain
zip files. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2016-3142)
It was discovered that the PHP libxml_disable_entity_loader() setting was
shared between threads. When running under PHP-FPM, this could result in
XML external entity injection and entity expansion issues. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (No CVE number)
It was discovered that the PHP openssl_random_pseudo_bytes() function did
not return cryptographically strong pseudo-random bytes. (No CVE number)
It was discovered that the PHP Fileinfo component incorrectly handled
certain magic files. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE number pending)
It was discovered that the PHP php_snmp_error() function incorrectly
handled string formatting. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu
15.10. (CVE number pending)
It was discovered that the PHP rawurlencode() function incorrectly handled
large strings. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service. (CVE number pending)
It was discovered that the PHP phar extension incorrectly handled certain
filenames in archives. A remote attacker could use this issue to cause PHP
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE number pending)
It was discovered that the PHP mb_strcut() function incorrectly handled
string formatting. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE number pending)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.3
php5-cgi 5.6.11+dfsg-1ubuntu3.3
php5-cli 5.6.11+dfsg-1ubuntu3.3
php5-fpm 5.6.11+dfsg-1ubuntu3.3
php5-gd 5.6.11+dfsg-1ubuntu3.3
php5-mysqlnd 5.6.11+dfsg-1ubuntu3.3
php5-snmp 5.6.11+dfsg-1ubuntu3.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2952-2
http://www.ubuntu.com/usn/usn-2952-1
https://launchpad.net/bugs/1575298
Package Information:
https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.3
[CentOS-announce] CESA-2016:0695 Critical CentOS 6 firefox Security Update
CentOS Errata and Security Advisory 2016:0695 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0695.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
1b99b117160ab472b6f7b02e7daa067de60820352c24b30f9b0d6da90a21a148 firefox-45.1.0-1.el6.centos.i686.rpm
x86_64:
1b99b117160ab472b6f7b02e7daa067de60820352c24b30f9b0d6da90a21a148 firefox-45.1.0-1.el6.centos.i686.rpm
ef5c69545d39336f0e84ea7588841f770dbffde26cfdde9192fd009e2a614a11 firefox-45.1.0-1.el6.centos.x86_64.rpm
Source:
5d2602205b09daa7e5f1fbde0c84131ceabfcb34a11f5fb3ed43844f652adf71 firefox-45.1.0-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0695.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
1b99b117160ab472b6f7b02e7daa067de60820352c24b30f9b0d6da90a21a148 firefox-45.1.0-1.el6.centos.i686.rpm
x86_64:
1b99b117160ab472b6f7b02e7daa067de60820352c24b30f9b0d6da90a21a148 firefox-45.1.0-1.el6.centos.i686.rpm
ef5c69545d39336f0e84ea7588841f770dbffde26cfdde9192fd009e2a614a11 firefox-45.1.0-1.el6.centos.x86_64.rpm
Source:
5d2602205b09daa7e5f1fbde0c84131ceabfcb34a11f5fb3ed43844f652adf71 firefox-45.1.0-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0695 Critical CentOS 5 firefox Security Update
CentOS Errata and Security Advisory 2016:0695 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0695.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
72c6e8cc275f769961ec0e7349e27cd04a850cf2b446c87be3199f30bebf83e6 firefox-45.1.0-1.el5.centos.i386.rpm
x86_64:
72c6e8cc275f769961ec0e7349e27cd04a850cf2b446c87be3199f30bebf83e6 firefox-45.1.0-1.el5.centos.i386.rpm
6c47031dd9e2de144e681e433f01aee9c58913b829ac00f8189d933a010b8088 firefox-45.1.0-1.el5.centos.x86_64.rpm
Source:
1cf7031e1734831a5cfcdcb95c11af0447e427cced104533bf6f5ac07d4e2b7f firefox-45.1.0-1.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0695.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
72c6e8cc275f769961ec0e7349e27cd04a850cf2b446c87be3199f30bebf83e6 firefox-45.1.0-1.el5.centos.i386.rpm
x86_64:
72c6e8cc275f769961ec0e7349e27cd04a850cf2b446c87be3199f30bebf83e6 firefox-45.1.0-1.el5.centos.i386.rpm
6c47031dd9e2de144e681e433f01aee9c58913b829ac00f8189d933a010b8088 firefox-45.1.0-1.el5.centos.x86_64.rpm
Source:
1cf7031e1734831a5cfcdcb95c11af0447e427cced104533bf6f5ac07d4e2b7f firefox-45.1.0-1.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[USN-2936-1] Firefox vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXILO2AAoJEGEfvezVlG4PMtsIAKMdOGMNVj1sKYRq9RgGWH4Q
1mYDMz6MOJ4r4e/dA05Q3Shuxt1CsGZeFpU43ADPgfkrIdXHbc9WYZcUTBRKBVHB
oCY40IHdlyJDiCq8+ES7D6SkN/UwFu0Dn7AUav/Cj0Zf66PS52w1CcFTcsWfWh4D
8T4StXjLHTCqMhvtNdZzEBj29AxjIRvG9YGbjTxy4icKKWjrjI3lfaVmrPTPgTkh
yaEvOb2F7sOxGTiSUGbG06n7qhv932xoC0dcXN1GqHycH4R5h0CrNXWRKCfgTUS9
3HvgA2knnOJVzfX5TxKRVPJ/WDDuhZuBJaky0QFAoxJEyQMTzRSZva1UFTdvAAY=
=6hm5
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2936-1
April 27, 2016
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806,
CVE-2016-2807)
An invalid write was discovered when using the JavaScript .watch() method in
some circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2808)
Looben Yang discovered a use-after-free and buffer overflow in service
workers. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2016-2811, CVE-2016-2812)
Sascha Just discovered a buffer overflow in libstagefright in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2814)
Muneaki Nishimura discovered that CSP is not applied correctly to web
content sent with the multipart/x-mixed-replace MIME type. An attacker
could potentially exploit this to conduct cross-site scripting (XSS)
attacks when they would otherwise be prevented. (CVE-2016-2816)
Muneaki Nishimura discovered that the chrome.tabs.update API for web
extensions allows for navigation to javascript: URLs. A malicious
extension could potentially exploit this to conduct cross-site scripting
(XSS) attacks. (CVE-2016-2817)
Mark Goodwin discovered that about:healthreport accepts certain events
from any content present in the remote-report iframe. If another
vulnerability allowed the injection of web content in the remote-report
iframe, an attacker could potentially exploit this to change the user's
sharing preferences. (CVE-2016-2820)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
firefox 46.0+build5-0ubuntu0.16.04.2
Ubuntu 15.10:
firefox 46.0+build5-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
firefox 46.0+build5-0ubuntu0.14.04.2
Ubuntu 12.04 LTS:
firefox 46.0+build5-0ubuntu0.12.04.2
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2936-1
CVE-2016-2804, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808,
CVE-2016-2811, CVE-2016-2812, CVE-2016-2814, CVE-2016-2816,
CVE-2016-2820, CVE-2018-2817
Package Information:
https://launchpad.net/ubuntu/+source/firefox/46.0+build5-0ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/firefox/46.0+build5-0ubuntu0.15.10.2
https://launchpad.net/ubuntu/+source/firefox/46.0+build5-0ubuntu0.14.04.2
https://launchpad.net/ubuntu/+source/firefox/46.0+build5-0ubuntu0.12.04.2
Version: GnuPG v2
iQEcBAEBCAAGBQJXILO2AAoJEGEfvezVlG4PMtsIAKMdOGMNVj1sKYRq9RgGWH4Q
1mYDMz6MOJ4r4e/dA05Q3Shuxt1CsGZeFpU43ADPgfkrIdXHbc9WYZcUTBRKBVHB
oCY40IHdlyJDiCq8+ES7D6SkN/UwFu0Dn7AUav/Cj0Zf66PS52w1CcFTcsWfWh4D
8T4StXjLHTCqMhvtNdZzEBj29AxjIRvG9YGbjTxy4icKKWjrjI3lfaVmrPTPgTkh
yaEvOb2F7sOxGTiSUGbG06n7qhv932xoC0dcXN1GqHycH4R5h0CrNXWRKCfgTUS9
3HvgA2knnOJVzfX5TxKRVPJ/WDDuhZuBJaky0QFAoxJEyQMTzRSZva1UFTdvAAY=
=6hm5
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2936-1
April 27, 2016
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806,
CVE-2016-2807)
An invalid write was discovered when using the JavaScript .watch() method in
some circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2808)
Looben Yang discovered a use-after-free and buffer overflow in service
workers. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2016-2811, CVE-2016-2812)
Sascha Just discovered a buffer overflow in libstagefright in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2814)
Muneaki Nishimura discovered that CSP is not applied correctly to web
content sent with the multipart/x-mixed-replace MIME type. An attacker
could potentially exploit this to conduct cross-site scripting (XSS)
attacks when they would otherwise be prevented. (CVE-2016-2816)
Muneaki Nishimura discovered that the chrome.tabs.update API for web
extensions allows for navigation to javascript: URLs. A malicious
extension could potentially exploit this to conduct cross-site scripting
(XSS) attacks. (CVE-2016-2817)
Mark Goodwin discovered that about:healthreport accepts certain events
from any content present in the remote-report iframe. If another
vulnerability allowed the injection of web content in the remote-report
iframe, an attacker could potentially exploit this to change the user's
sharing preferences. (CVE-2016-2820)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
firefox 46.0+build5-0ubuntu0.16.04.2
Ubuntu 15.10:
firefox 46.0+build5-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
firefox 46.0+build5-0ubuntu0.14.04.2
Ubuntu 12.04 LTS:
firefox 46.0+build5-0ubuntu0.12.04.2
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2936-1
CVE-2016-2804, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808,
CVE-2016-2811, CVE-2016-2812, CVE-2016-2814, CVE-2016-2816,
CVE-2016-2820, CVE-2018-2817
Package Information:
https://launchpad.net/ubuntu/+source/firefox/46.0+build5-0ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/firefox/46.0+build5-0ubuntu0.15.10.2
https://launchpad.net/ubuntu/+source/firefox/46.0+build5-0ubuntu0.14.04.2
https://launchpad.net/ubuntu/+source/firefox/46.0+build5-0ubuntu0.12.04.2
Tuesday, April 26, 2016
[CentOS-announce] CESA-2016:0695 Critical CentOS 7 firefox Security Update
CentOS Errata and Security Advisory 2016:0695 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0695.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
7ad87030365ab1016abb60f1e290685ad331c5a5f1562bde57106a7ccacaf69b firefox-45.1.0-1.el7.centos.i686.rpm
9d5a9f3245ea81a0750082d056031816b6d1d05fe278641a0aad4fd44f367c05 firefox-45.1.0-1.el7.centos.x86_64.rpm
Source:
ea6c6ab0a63372cae9b1c76d642de69e23866e790dc41d5a91f56b99d352ec34 firefox-45.1.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0695.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
7ad87030365ab1016abb60f1e290685ad331c5a5f1562bde57106a7ccacaf69b firefox-45.1.0-1.el7.centos.i686.rpm
9d5a9f3245ea81a0750082d056031816b6d1d05fe278641a0aad4fd44f367c05 firefox-45.1.0-1.el7.centos.x86_64.rpm
Source:
ea6c6ab0a63372cae9b1c76d642de69e23866e790dc41d5a91f56b99d352ec34 firefox-45.1.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
reallost1.fbsd2233449:如何处理员工违纪问题,及有效调岗,调薪
reallost1.fbsd2233449: 您好 cgl3n
1.如何预防劳动者的"应聘欺诈",如何证明劳动者的"欺诈"?
2.招收应届毕业生,应注意哪些细节问题?
3.招用达到法定退休年龄的人员,应注意哪些细节问题?
4.招用待岗、内退、停薪留职的人员,应注意哪些细节问题?
5.入职体检需注意哪些细节问题?
6.入职前后用人单位应告知劳动者哪些情况,如何保留证据?
7.《入职登记表》如何设计,才能起到预防法律风险的作用?
8.劳动者无法提交《离职证明》,该怎么办?
9.企业如何书写《录用通知书》,其法律风险有哪些?
附件中的内容希望能帮助到您的工作。。。
水驿春回,望寄我、江南梅萼。
2016-4-2616:32:31
英惜夏
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Monday, April 25, 2016
reallost1.fbsd2233449:部门经理全面管理技能提升训练
新任经理、部门经理全面管理技能提升训练
【时间地点】 2016年5月12-13北京、5月14-15上海
【参加对象】 新上任主管、经理,储备人员,部门经理/主管,职能经理,技术经理,企业中高层...
【学习费用】 3200 /人, (含课程讲义、午餐、茶点等)
垂·询·热·线:北京:010-5129-9910,上海:021-3100-6787
QQ/微信:320588808 189-1787-0808 许先生
注:如不需此类信件信息,请转发送"删除"至tuiding02@163.com,我们会及时处理,谢谢您的理解。
课程背景:
企业的发展壮大,需要管理干部的快速成长;面对越来越激烈的市场竞争,需要管理干部的管理水平快上台阶。许多企业的中层管理干部,尤其是新任的主管经理,从专业岗位转换为主管经理后,对管理工作及管理角色的认识不到位,管理工作片面而被动,没有真正把管理的责任担当起来。有些中层管理干部虽然具有管理意识,但缺思路,缺方法,缺动作,管事带人效果不佳,事情没做好,人员没留住,团队不成型,积极性不高,凝聚力不够,归属感不强,干部自身忙而累,累而烦,久而久之麻木倦怠!
新任经理全面管理技能提升训练培训帮助新任经理、主管等企业管理干部,系统理解管理的逻辑性,站在整体角度,把握管理角色,理解人事管理的相辅相成,分析问题,梳理思路,探讨方法,演练工具,帮助缩短中层干部的成长周期,减少管理失误,提高管理效率,以适应市场竞争形势和企业的快速发展!
培训收益:
1、建立对管理的整体和系统思维,理解从问题,思路,系统,方法,到动作的管理线索
2、理解中层管理者在企业里应承担的责任,角色身份,应表现出的态度和意识
3、掌握把工作管好的方法和技巧 – 计划,组织,控制,创新
4、掌握带人带团队的方法 – 培养训练,沟通互动,团队氛围营造,激励设计
5、促进自我提升 – 有效管理时间,职业认识,个人修炼
讲师介绍:【曹礼明】
强调落地的动作化训练导师!
中山大学MBA,中国首批PMP认证资格人员,知名企业管理培训导师。
20多年的企业工作与管理实践经验,先后在国企、合资、外资、民企担任研发经理、部门经理、人力资源总监、生产及运营总监、常务副总等职。
从事企业管理咨询顾问5年,帮助企业进行管 理变革和管理干部队伍训练。曹老师融合中西方管理理念和方法,擅长将西方管理理论与中国企业实际相结合,以结果和管理有效性为导向,注重方法、策略、措施与实际情况相结合,追求对企业产生实际效果。
曹礼明老师认为企业管理干部管理知识和思维固然重要,如果不能落地,不能应用在工作中解决问题,那么价值有限,事倍功半!
企业要解决管理上的"最后一公里"问题,必须在如何落地,如何做管理动作上下工夫!曹老师的训练强调找问题,做动作,追求学用结合!
曹礼明老师在企业执行力提升,中高层领导力,团队打造,团队文化建设,干部管理技能训练等方面有丰富经验。他曾主持了多家企业的管理咨询辅导,使企业从管理混乱失控、业绩停滞不前、人员自由涣散的状态,逐步改变成制度规范、流程控制有效、企业业绩显著提升、企业凝聚力增强的崭新企业。
曹礼明老师自从事企业管理培训以来,内外训课程数百场,受训人数上万人,其中《新任经理全面管理技能提升训练》公开课二百余期,《MTP中层管理训练》内 训上百期,内训结合企业实际情况和解决学员问题而深受好评。
主要课程:
《新任经理全面管理技能提升训练》、《中层管 理MTP训练》、《中高层领导力》、《中层执行力》、《中层选用育留》、《中层带团队》、《管理沟通与协调》、《中层核心工作能力提升》、《团队管理与人员激励》、《生产经理、主管实战管理技能提升训练》等课程。
课程大纲:
第一部分 自我管理
一、管理与角色认知
从专业走向管理后,如何实现角色转换?
管理的目的是什么?
中基层管理者,要承担哪些管理责任?
中基层管理者如何确立自己对上,对下,对中的身份定位?
中层管理者如何避免角色行为误区?
【讨论互动】: 你是如何理解管理及角色的?
二、管理者工作方法
时间管理与工作统筹
时间分析:我的时间用的有效吗?
时间管理的四个象限
四个象限的策略和目标
管理者如何识别轻重缓急?
好钢用在刀刃上 – 如何抓住工作的重中之重?
管理者如何做好工作统筹?
其他常用工作方法
结构分解法
项目管理法
目标管理法
PDCA
5W3H
SMART
第二部分 工作管理
一、工作管理 – 工作计划
计划为何重要?
制定计划的步骤
如何做工作分解?
工作评估与安排
【工具演练】:用WBS工具做工作策划与分解
【工具模板】:WBS参考模板
二、工作管理 – 工作组织
什么是工作组织?组织的目的是什么?
企业组织设计
企业工作组织
企业工作组织中的问题
工作组织原则
三、工作管理 – 执行控制
企业执行力差的管理因素
【讨论互动】:执行不力的管理因素
工作执行控制的策略
工作控制方法与工具
分段控制法
三要素控制法
稽核控制法
【工具演练】:控制卡设计练习
【参考工具】:三要素控制卡
【案例分析】: 三要素控制卡工具的应用
【案例分析】: 分段控制法应用
【案例分析】:稽核控制法应用
目标管理与绩效考核法
什么是目标管理?
目标来自哪里?
结果可衡量性?
考核规则?
目标共识性?
绩效考核的关键问题
数据的真实准确性?
考核与面谈注意事项
奖惩合理性
四、工作管理 – 工作改善
改进,变革与创新意识
建立创新机制
第三部分 人员与团队管理
一、沟通技能
对上沟通
了解上司
接受命令,请示建议,汇报工作
如何配合上司?
平行沟通协调
案例分析:工作协作协调中的首要问题是什么?
平级关系沟通中应切记的三条原则
如何应对办公室政治?
沟通方法技巧
沟通如何准备?
倾听的技巧
表达的技巧
赞美的技巧
二、团队管理 – 领导力发挥
什么是领导力?
领导与管理的区别
领导力来源于什么?
管理者如何提升领导力素质,发挥领导作用?
什么样的品质更受下属敬重?
什么样的行为要以身作则?
哪些能力必须修炼?
心智修炼
三、团队管理 – 员工管理
员工管理策略
打破盲人摸象式的员工管理思维!
管不住事能管好人吗?
如何应用原则性与灵活性结合?
推拉帮管组合拳
什么是德主刑辅的管理思维?
员工管理案例分析讨论:
新任主管的挑战?
个性专家员工?
老油条,有后台?
如何处理法不责众?
在下属面前没有威信怎么办?
四、团队管理 – 员工培育
1、抓思想
如何使员工认同企业?
工作中的意识问题?
引导员工的职业观,企业观,人生价值观?
调整员工心态与情绪?
2、带作风
如何带出一支雷厉风行,敢打硬仗的队伍?
如何训练良好的行为习惯?
3、提升能力
如何帮助员工建立职业理想?
管不住事能管好人吗?
如何让员工在工作中成长?
【案例分析】:华为,海尔的晋升通道与任职资格体系
【模板参考】:岗位能力分析
五、团队管理 -- 团队环境建设
1、团队环境建设与团队文化建设
2、环境对人的影响
3、优秀团队的环境特征
4、如何塑造团队环境?
价值观宣传
领导骨干的作用
制度与平台
环境建设的管理策略
六、员工管理 – 员工激励
马斯洛需求层次理论在员工需求中的体现?
如何把握员工需求?
激励员工的方法措施
物质激励是基础 – 公正评价,合理报酬,帮助员工增加收入!
让员工成长 – 个性化的培养
放大感受价值 – 关注感受与感情!
【案例分析】:企业员工激励方案和措施若干
如何激发员工 – 激励员工的12剧场
【模板工具】:12剧场激励设计方法
Security support for Wheezy handed over to the LTS team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJXHm09AAoJEOXsSsm9YnsFRaAQAI9LyZ7AQ6sTWby+pIaF5o3l
2qJP2tMKokuhNnfFHMUlfTWXQxTM4fbDhsL72VgktcWLaOEtkcjmW83RFadFvkY4
odGUienTY4UioVm3AQkWJ9VYegd52IkpfnYYrrbWTqUJvMfweRIPTre3x+cq3uvF
aTTAWp83jhqaCFSTc1EioeVBKXjdAR/QgNNAL1PP0AtWWiab+GPSTanhZB4TYL3k
7huF8ZyvepoobReYsWlY8Cv9Ke5+yzUpE5VB3mWMy1NneqxI3JcAM52/Wn2xw859
ZXaZ3rgkwv6FT16fNiGw3GFjZkNrtMrzLLij8i/B5FIoDIP8MR6LcizgwJ8HLP76
/5JvXKl9x/wpty1ToVM99ev+IGi2iLU/1YqHWwq/AXI49HJwJdz1L2VJt0aDaQtR
MIchxogUaaW+JtRGnqOeMI/7Zk6TgxgU6tqJmld2GXdfYtfVmLwQ5nxEVb6mmLcI
FfrvqSMT5jtkobKgsbqFI7lNuKGhlEFSzyLOx3uVWHn0V2miX/vXER95Kv5wkcHN
9Nz072nzwkmfWnK7z/74sloBqXblwH+qHhUpRehPAAM0KXz/2A7q8suPZnvuVf4R
gY5yONmPOz0YnAwxyHoQXuc7POLnU7ISMJR8pN+KwY7Fg/TAKtGd+kbTYqloLgZn
DKg3062qR8kX6eXePtZ/
=9NvY
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Security support for Wheezy handed over to the LTS team press@debian.org
April 25th, 2016 https://www.debian.org/News/2016/20160425
------------------------------------------------------------------------
As of 25 April, one year after the release of Debian 8, alias "Jessie",
and nearly three years after the release of Debian 7, alias "Wheezy",
regular security support for Wheezy comes to an end. The Debian Long
Term Support (LTS) [1] Team will take over security support.
1: https://wiki.debian.org/LTS/
Information for users
---------------------
Wheezy LTS will be supported from 26 April 2016 to 31 May 2018.
For Debian 7 Wheezy LTS there will be no requirement to add a separate
wheezy-lts suite to your sources.list any more and your current setup
will continue to work without further changes.
For how to use Debian Long Term Support please read LTS/Using [2].
2: https://wiki.debian.org/LTS/Using
Important information and changes regarding Wheezy LTS can be found at
LTS/Wheezy [3].
3: https://wiki.debian.org/LTS/Wheezy
Most notably OpenJDK 7 will be made the new Java default JRE/JDK on 26
June 2016 to ensure full security support until Wheezy LTS reaches its
end-of-life.
You should also subscribe to the announcement mailing list [4] for
security updates for Wheezy LTS.
4: https://lists.debian.org/debian-lts-announce/
A few packages are not covered by the Wheezy LTS support. These can be
detected by installing the debian-security-support [5] package. If
debian-security-support detects an unsupported package which is critical
to you, please get in touch with <debian-lts@lists.debian.org>.
5: https://tracker.debian.org/pkg/debian-security-support
Mailing lists
-------------
The whole coordination of the Debian LTS effort is handled through the
debian-lts mailing list [6]
6: https://lists.debian.org/debian-lts/
Please subscribe or follow us via GMANE (gmane.linux.debian.devel.lts)
Aside from the debian-lts-announce list, there is also a list for
following all uploads in Wheezy LTS [7].
7: https://lists.debian.org/debian-lts-changes/
Security Tracker
----------------
All information on the status of vulnerabilities (e.g. if the version in
Wheezy LTS happens to be unaffected while Jessie is affected) will be
tracked in the Debian Security Tracker [8].
8: https://security-tracker.debian.org
If you happen to spot an error in the data, please see
https://security-tracker.debian.org/tracker/data/report.
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly free
community project. Since then the project has grown to be one of the
largest and most influential open source projects. Thousands of
volunteers from all over the world work together to create and maintain
Debian software. Available in 70 languages, and supporting a huge range
of computer types, Debian calls itself the "universal operating system".
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/ or send mail to <press@debian.org>.
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJXHm09AAoJEOXsSsm9YnsFRaAQAI9LyZ7AQ6sTWby+pIaF5o3l
2qJP2tMKokuhNnfFHMUlfTWXQxTM4fbDhsL72VgktcWLaOEtkcjmW83RFadFvkY4
odGUienTY4UioVm3AQkWJ9VYegd52IkpfnYYrrbWTqUJvMfweRIPTre3x+cq3uvF
aTTAWp83jhqaCFSTc1EioeVBKXjdAR/QgNNAL1PP0AtWWiab+GPSTanhZB4TYL3k
7huF8ZyvepoobReYsWlY8Cv9Ke5+yzUpE5VB3mWMy1NneqxI3JcAM52/Wn2xw859
ZXaZ3rgkwv6FT16fNiGw3GFjZkNrtMrzLLij8i/B5FIoDIP8MR6LcizgwJ8HLP76
/5JvXKl9x/wpty1ToVM99ev+IGi2iLU/1YqHWwq/AXI49HJwJdz1L2VJt0aDaQtR
MIchxogUaaW+JtRGnqOeMI/7Zk6TgxgU6tqJmld2GXdfYtfVmLwQ5nxEVb6mmLcI
FfrvqSMT5jtkobKgsbqFI7lNuKGhlEFSzyLOx3uVWHn0V2miX/vXER95Kv5wkcHN
9Nz072nzwkmfWnK7z/74sloBqXblwH+qHhUpRehPAAM0KXz/2A7q8suPZnvuVf4R
gY5yONmPOz0YnAwxyHoQXuc7POLnU7ISMJR8pN+KwY7Fg/TAKtGd+kbTYqloLgZn
DKg3062qR8kX6eXePtZ/
=9NvY
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
The Debian Project https://www.debian.org/
Security support for Wheezy handed over to the LTS team press@debian.org
April 25th, 2016 https://www.debian.org/News/2016/20160425
------------------------------------------------------------------------
As of 25 April, one year after the release of Debian 8, alias "Jessie",
and nearly three years after the release of Debian 7, alias "Wheezy",
regular security support for Wheezy comes to an end. The Debian Long
Term Support (LTS) [1] Team will take over security support.
1: https://wiki.debian.org/LTS/
Information for users
---------------------
Wheezy LTS will be supported from 26 April 2016 to 31 May 2018.
For Debian 7 Wheezy LTS there will be no requirement to add a separate
wheezy-lts suite to your sources.list any more and your current setup
will continue to work without further changes.
For how to use Debian Long Term Support please read LTS/Using [2].
2: https://wiki.debian.org/LTS/Using
Important information and changes regarding Wheezy LTS can be found at
LTS/Wheezy [3].
3: https://wiki.debian.org/LTS/Wheezy
Most notably OpenJDK 7 will be made the new Java default JRE/JDK on 26
June 2016 to ensure full security support until Wheezy LTS reaches its
end-of-life.
You should also subscribe to the announcement mailing list [4] for
security updates for Wheezy LTS.
4: https://lists.debian.org/debian-lts-announce/
A few packages are not covered by the Wheezy LTS support. These can be
detected by installing the debian-security-support [5] package. If
debian-security-support detects an unsupported package which is critical
to you, please get in touch with <debian-lts@lists.debian.org>.
5: https://tracker.debian.org/pkg/debian-security-support
Mailing lists
-------------
The whole coordination of the Debian LTS effort is handled through the
debian-lts mailing list [6]
6: https://lists.debian.org/debian-lts/
Please subscribe or follow us via GMANE (gmane.linux.debian.devel.lts)
Aside from the debian-lts-announce list, there is also a list for
following all uploads in Wheezy LTS [7].
7: https://lists.debian.org/debian-lts-changes/
Security Tracker
----------------
All information on the status of vulnerabilities (e.g. if the version in
Wheezy LTS happens to be unaffected while Jessie is affected) will be
tracked in the Debian Security Tracker [8].
8: https://security-tracker.debian.org
If you happen to spot an error in the data, please see
https://security-tracker.debian.org/tracker/data/report.
About Debian
------------
The Debian Project was founded in 1993 by Ian Murdock to be a truly free
community project. Since then the project has grown to be one of the
largest and most influential open source projects. Thousands of
volunteers from all over the world work together to create and maintain
Debian software. Available in 70 languages, and supporting a huge range
of computer types, Debian calls itself the "universal operating system".
Contact Information
-------------------
For further information, please visit the Debian web pages at
https://www.debian.org/ or send mail to <press@debian.org>.
[CentOS-announce] CESA-2016:0685 Moderate CentOS 7 nss Security Update
CentOS Errata and Security Advisory 2016:0685 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0685.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
acc0e05d8f247791db76ab9b21359abc7908c1ab9ead506964b52955287fe25b nss-3.21.0-9.el7_2.i686.rpm
33e2a1aa657f809c53449627200616b683de444300a5b2c2a79510e3e5912b00 nss-3.21.0-9.el7_2.x86_64.rpm
bce90a8604496832d35d0cfefa05a552f9f3e1d866d5f6dfb0c1763d5ad34009 nss-devel-3.21.0-9.el7_2.i686.rpm
ab4370a426efcdbf15bc1730f3a077150a597edb103ebbabaceb39d84f0fb96c nss-devel-3.21.0-9.el7_2.x86_64.rpm
87f7e4956ae9aeff3821b2b28b9f3500b94b0037d9280b10149833b3e4a65902 nss-pkcs11-devel-3.21.0-9.el7_2.i686.rpm
e1ac83844836b6605c439bb5fa70be50163b9154d27ffcb45fc01c183fdc9c29 nss-pkcs11-devel-3.21.0-9.el7_2.x86_64.rpm
2a0881f7703e23a95aa8db53858285793eb30ceb198a7a20fa816c60e472a15d nss-sysinit-3.21.0-9.el7_2.x86_64.rpm
abb98d8a2a2737ab4031c145c1503cf31bb3b2b54983547e2675b0b08805eaf6 nss-tools-3.21.0-9.el7_2.x86_64.rpm
Source:
7b8295c752cbd420b5ae52a8b4aa8fa9b6979c57f9caa8279c14e3865ce62883 nss-3.21.0-9.el7_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0685.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
acc0e05d8f247791db76ab9b21359abc7908c1ab9ead506964b52955287fe25b nss-3.21.0-9.el7_2.i686.rpm
33e2a1aa657f809c53449627200616b683de444300a5b2c2a79510e3e5912b00 nss-3.21.0-9.el7_2.x86_64.rpm
bce90a8604496832d35d0cfefa05a552f9f3e1d866d5f6dfb0c1763d5ad34009 nss-devel-3.21.0-9.el7_2.i686.rpm
ab4370a426efcdbf15bc1730f3a077150a597edb103ebbabaceb39d84f0fb96c nss-devel-3.21.0-9.el7_2.x86_64.rpm
87f7e4956ae9aeff3821b2b28b9f3500b94b0037d9280b10149833b3e4a65902 nss-pkcs11-devel-3.21.0-9.el7_2.i686.rpm
e1ac83844836b6605c439bb5fa70be50163b9154d27ffcb45fc01c183fdc9c29 nss-pkcs11-devel-3.21.0-9.el7_2.x86_64.rpm
2a0881f7703e23a95aa8db53858285793eb30ceb198a7a20fa816c60e472a15d nss-sysinit-3.21.0-9.el7_2.x86_64.rpm
abb98d8a2a2737ab4031c145c1503cf31bb3b2b54983547e2675b0b08805eaf6 nss-tools-3.21.0-9.el7_2.x86_64.rpm
Source:
7b8295c752cbd420b5ae52a8b4aa8fa9b6979c57f9caa8279c14e3865ce62883 nss-3.21.0-9.el7_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0685 Moderate CentOS 7 nss-softokn Security Update
CentOS Errata and Security Advisory 2016:0685 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0685.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
3119ce33b30bd2aee2e386f0a3f2f01c90c9869ae2cb39a685f913e7a4d0e14a nss-softokn-3.16.2.3-14.2.el7_2.i686.rpm
d207816db9a598d15c0856a925b28221f4166968fba76d09aa01aa9ea6c44170 nss-softokn-3.16.2.3-14.2.el7_2.x86_64.rpm
e544515243939f744d849b645cfb308bf0d4f73e57c29d52d4023fb264b61298 nss-softokn-devel-3.16.2.3-14.2.el7_2.i686.rpm
5e8c6639e808aaa869b50e9c1c5b827ab6960c5dcc371c1ba42b4dddbae6888e nss-softokn-devel-3.16.2.3-14.2.el7_2.x86_64.rpm
c579edfa53c72797701474fbbbc1c19d90ed7c407046d7718e25234b0887acb7 nss-softokn-freebl-3.16.2.3-14.2.el7_2.i686.rpm
9253b359efea3686548eeb043ed0e0bf5e859a677c98452e1bec39d500756e94 nss-softokn-freebl-3.16.2.3-14.2.el7_2.x86_64.rpm
871ddd52d4894f9a515683607b009e206dd7c181158f5a7bb1f88349236fbbc8 nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.i686.rpm
bccc6cb31656273c92f1288717bcc7f8578b3c42670433812f68e9164dd326f2 nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.x86_64.rpm
Source:
698e112d5ce13a9e9703bac655fe9d2a75fa85bc828af64a965bbc0e880c62d2 nss-softokn-3.16.2.3-14.2.el7_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0685.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
3119ce33b30bd2aee2e386f0a3f2f01c90c9869ae2cb39a685f913e7a4d0e14a nss-softokn-3.16.2.3-14.2.el7_2.i686.rpm
d207816db9a598d15c0856a925b28221f4166968fba76d09aa01aa9ea6c44170 nss-softokn-3.16.2.3-14.2.el7_2.x86_64.rpm
e544515243939f744d849b645cfb308bf0d4f73e57c29d52d4023fb264b61298 nss-softokn-devel-3.16.2.3-14.2.el7_2.i686.rpm
5e8c6639e808aaa869b50e9c1c5b827ab6960c5dcc371c1ba42b4dddbae6888e nss-softokn-devel-3.16.2.3-14.2.el7_2.x86_64.rpm
c579edfa53c72797701474fbbbc1c19d90ed7c407046d7718e25234b0887acb7 nss-softokn-freebl-3.16.2.3-14.2.el7_2.i686.rpm
9253b359efea3686548eeb043ed0e0bf5e859a677c98452e1bec39d500756e94 nss-softokn-freebl-3.16.2.3-14.2.el7_2.x86_64.rpm
871ddd52d4894f9a515683607b009e206dd7c181158f5a7bb1f88349236fbbc8 nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.i686.rpm
bccc6cb31656273c92f1288717bcc7f8578b3c42670433812f68e9164dd326f2 nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2.x86_64.rpm
Source:
698e112d5ce13a9e9703bac655fe9d2a75fa85bc828af64a965bbc0e880c62d2 nss-softokn-3.16.2.3-14.2.el7_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0685 Moderate CentOS 7 nss-util Security Update
CentOS Errata and Security Advisory 2016:0685 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0685.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
73472239f7a39dfce534c7a7d354a0c47c56d4164bd751e9709285dc52526a52 nss-util-3.21.0-2.2.el7_2.i686.rpm
ebe0bba24d7b4477830fe4dbb025e91ca30a619e5806241a84c7e4c420bab53c nss-util-3.21.0-2.2.el7_2.x86_64.rpm
e512d5a51c14dca89b2207be8a6aa792cf3e5e549f4f525f5d26800b705b8a72 nss-util-devel-3.21.0-2.2.el7_2.i686.rpm
2013f4efb5ccdee9431259c717c2f473dff61f0b26f39a2e46012764f7a127c5 nss-util-devel-3.21.0-2.2.el7_2.x86_64.rpm
Source:
e90e5e5834289fae968dd2d04f9d563d7a67e3c733ebc2291b7ab131f93c5e14 nss-util-3.21.0-2.2.el7_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0685.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
73472239f7a39dfce534c7a7d354a0c47c56d4164bd751e9709285dc52526a52 nss-util-3.21.0-2.2.el7_2.i686.rpm
ebe0bba24d7b4477830fe4dbb025e91ca30a619e5806241a84c7e4c420bab53c nss-util-3.21.0-2.2.el7_2.x86_64.rpm
e512d5a51c14dca89b2207be8a6aa792cf3e5e549f4f525f5d26800b705b8a72 nss-util-devel-3.21.0-2.2.el7_2.i686.rpm
2013f4efb5ccdee9431259c717c2f473dff61f0b26f39a2e46012764f7a127c5 nss-util-devel-3.21.0-2.2.el7_2.x86_64.rpm
Source:
e90e5e5834289fae968dd2d04f9d563d7a67e3c733ebc2291b7ab131f93c5e14 nss-util-3.21.0-2.2.el7_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0685 Moderate CentOS 7 nspr Security Update
CentOS Errata and Security Advisory 2016:0685 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0685.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
daf7526f2f1ccc56ec97e57940cde39049a4a111951b01197b2c18b4bc7ec1cb nspr-4.11.0-1.el7_2.i686.rpm
d784f223e384f756a5c594925512c5fd6d46aaad66f85936b51453a0dc2dbd8a nspr-4.11.0-1.el7_2.x86_64.rpm
56037499e8d01dd812e5ff3a2752c9aa108dd45fd816269abae28fd6eaa751b1 nspr-devel-4.11.0-1.el7_2.i686.rpm
5b3fbd8326f1249e287423a753d2b249e4d7281c669943c367a62d6f839dfde5 nspr-devel-4.11.0-1.el7_2.x86_64.rpm
Source:
6520f99cd5afa95d605bcc653f47c828e2fb491a548e057d0c99e91a57a1dac3 nspr-4.11.0-1.el7_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0685.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
daf7526f2f1ccc56ec97e57940cde39049a4a111951b01197b2c18b4bc7ec1cb nspr-4.11.0-1.el7_2.i686.rpm
d784f223e384f756a5c594925512c5fd6d46aaad66f85936b51453a0dc2dbd8a nspr-4.11.0-1.el7_2.x86_64.rpm
56037499e8d01dd812e5ff3a2752c9aa108dd45fd816269abae28fd6eaa751b1 nspr-devel-4.11.0-1.el7_2.i686.rpm
5b3fbd8326f1249e287423a753d2b249e4d7281c669943c367a62d6f839dfde5 nspr-devel-4.11.0-1.el7_2.x86_64.rpm
Source:
6520f99cd5afa95d605bcc653f47c828e2fb491a548e057d0c99e91a57a1dac3 nspr-4.11.0-1.el7_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[USN-2954-1] MySQL vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJXHh8HAAoJEGVp2FWnRL6T8dsP/316i5t06qW3YCvUxuxXmIS2
9bTm8NPW7t43B58HFJrzufyjMQrV52aNerR4eA9IPyFNthBYsRSeYBgP2JhLVbn3
LKiLTfMlQJ/7jvi1VyWjrOCP9WLV8D6cgVPcHuQJBIzIMzQFpL/rMGc2Q1LHNfl6
8p59V+/q8qugL8wuk95g01eDrnnFr8GpiS4Wbc+n8PEBKEAKcw6HNYhBu6tsdACi
U+eHmumUiBxdseQmbAF1XRi0tvpCvCvK4r75QG2SF+pqa0jNyCf2L15MfDaaKudc
lmQBtYRmf/JOxlQJ1FXplM3U+fi2uDy8MlcVdIyZehxtpIeQ5KCfUqa/5DHr2/uj
ji80Lric7M9plbclfRUypqcMeoVo+/+MH9euBc6xJwVvEZwn5qnRr5bSedTgmKak
H9piasfRPSmbyS+HiIACG9PsEJUD0p1R9VFOUHXnXhQTThKeN6yk9r86RsgQ//yK
zOiicJQKmIcMFXI7d6t+LL0jjtPbu5jrPFb6bjvCtHdTjqXSJ7OCu4jPvOBa65XZ
VBLHXMlUMPXAboFoSGojXTVYQGAq4bp2rG2v5Y7TQSS6jyDJNMDLk+UFRr2Hge8f
8ACp7H5c/M0sMF6KOT4e6DrNpbxrsof+Y0d618J/y18CxPlG9X1nASg3usNOWvyn
0NaWJg7UXuXDfXZekICj
=4/q/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2954-1
April 25, 2016
mysql-5.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-5.7: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.7.12 in Ubuntu 16.04 LTS.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-12.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.12-0ubuntu1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2954-1
CVE-2016-0639, CVE-2016-0642, CVE-2016-0643, CVE-2016-0647,
CVE-2016-0648, CVE-2016-0655, CVE-2016-0657, CVE-2016-0659,
CVE-2016-0662, CVE-2016-0666, CVE-2016-0667, CVE-2016-2047
Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.12-0ubuntu1
Version: GnuPG v2
iQIcBAEBCgAGBQJXHh8HAAoJEGVp2FWnRL6T8dsP/316i5t06qW3YCvUxuxXmIS2
9bTm8NPW7t43B58HFJrzufyjMQrV52aNerR4eA9IPyFNthBYsRSeYBgP2JhLVbn3
LKiLTfMlQJ/7jvi1VyWjrOCP9WLV8D6cgVPcHuQJBIzIMzQFpL/rMGc2Q1LHNfl6
8p59V+/q8qugL8wuk95g01eDrnnFr8GpiS4Wbc+n8PEBKEAKcw6HNYhBu6tsdACi
U+eHmumUiBxdseQmbAF1XRi0tvpCvCvK4r75QG2SF+pqa0jNyCf2L15MfDaaKudc
lmQBtYRmf/JOxlQJ1FXplM3U+fi2uDy8MlcVdIyZehxtpIeQ5KCfUqa/5DHr2/uj
ji80Lric7M9plbclfRUypqcMeoVo+/+MH9euBc6xJwVvEZwn5qnRr5bSedTgmKak
H9piasfRPSmbyS+HiIACG9PsEJUD0p1R9VFOUHXnXhQTThKeN6yk9r86RsgQ//yK
zOiicJQKmIcMFXI7d6t+LL0jjtPbu5jrPFb6bjvCtHdTjqXSJ7OCu4jPvOBa65XZ
VBLHXMlUMPXAboFoSGojXTVYQGAq4bp2rG2v5Y7TQSS6jyDJNMDLk+UFRr2Hge8f
8ACp7H5c/M0sMF6KOT4e6DrNpbxrsof+Y0d618J/y18CxPlG9X1nASg3usNOWvyn
0NaWJg7UXuXDfXZekICj
=4/q/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2954-1
April 25, 2016
mysql-5.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-5.7: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.7.12 in Ubuntu 16.04 LTS.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-12.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.12-0ubuntu1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2954-1
CVE-2016-0639, CVE-2016-0642, CVE-2016-0643, CVE-2016-0647,
CVE-2016-0648, CVE-2016-0655, CVE-2016-0657, CVE-2016-0659,
CVE-2016-0662, CVE-2016-0666, CVE-2016-0667, CVE-2016-2047
Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.12-0ubuntu1
[CentOS-announce] CESA-2016:0684 Moderate CentOS 5 nss Security Update
CentOS Errata and Security Advisory 2016:0684 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0684.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
22a25171db9d8a514be909e7a8eef944e73b3194d6dc51c1e4e351adfb62035e nss-3.21.0-6.el5_11.i386.rpm
28ae63c316cc4f13f29e8cb0dfcf13b004dd591386eeed974b5721adf1b62f5d nss-devel-3.21.0-6.el5_11.i386.rpm
bd69e9a3c779a8fc3a9c5f1d2db5cecc2c30b92fbb7a3d1f65cdc86f4cf04339 nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm
d70335c291e0b4b34b7e7e4294a284b59d26617edb92d601b2e281c3e48995aa nss-tools-3.21.0-6.el5_11.i386.rpm
x86_64:
22a25171db9d8a514be909e7a8eef944e73b3194d6dc51c1e4e351adfb62035e nss-3.21.0-6.el5_11.i386.rpm
891293a24f0e8664504d9bf777844c333efb8f77d7bed69163857dea240e0425 nss-3.21.0-6.el5_11.x86_64.rpm
28ae63c316cc4f13f29e8cb0dfcf13b004dd591386eeed974b5721adf1b62f5d nss-devel-3.21.0-6.el5_11.i386.rpm
c442280aab2f2064a0ef4b0794ac1f926422eb44a1e8c0759a54f6f0f71e9cce nss-devel-3.21.0-6.el5_11.x86_64.rpm
bd69e9a3c779a8fc3a9c5f1d2db5cecc2c30b92fbb7a3d1f65cdc86f4cf04339 nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm
f412a80e0611d89981d883653a2bb309afbd20dd825770d45ef0d267e6ee18e7 nss-pkcs11-devel-3.21.0-6.el5_11.x86_64.rpm
ae5698473b4847dc48f6e13ed0747c092487843889f88df8741692076fd6ff25 nss-tools-3.21.0-6.el5_11.x86_64.rpm
Source:
4813046342f6562e761c0d1f6c782de5cebaa62fa06523482498dcd1b2c2e8ea nss-3.21.0-6.el5_11.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0684.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
22a25171db9d8a514be909e7a8eef944e73b3194d6dc51c1e4e351adfb62035e nss-3.21.0-6.el5_11.i386.rpm
28ae63c316cc4f13f29e8cb0dfcf13b004dd591386eeed974b5721adf1b62f5d nss-devel-3.21.0-6.el5_11.i386.rpm
bd69e9a3c779a8fc3a9c5f1d2db5cecc2c30b92fbb7a3d1f65cdc86f4cf04339 nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm
d70335c291e0b4b34b7e7e4294a284b59d26617edb92d601b2e281c3e48995aa nss-tools-3.21.0-6.el5_11.i386.rpm
x86_64:
22a25171db9d8a514be909e7a8eef944e73b3194d6dc51c1e4e351adfb62035e nss-3.21.0-6.el5_11.i386.rpm
891293a24f0e8664504d9bf777844c333efb8f77d7bed69163857dea240e0425 nss-3.21.0-6.el5_11.x86_64.rpm
28ae63c316cc4f13f29e8cb0dfcf13b004dd591386eeed974b5721adf1b62f5d nss-devel-3.21.0-6.el5_11.i386.rpm
c442280aab2f2064a0ef4b0794ac1f926422eb44a1e8c0759a54f6f0f71e9cce nss-devel-3.21.0-6.el5_11.x86_64.rpm
bd69e9a3c779a8fc3a9c5f1d2db5cecc2c30b92fbb7a3d1f65cdc86f4cf04339 nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm
f412a80e0611d89981d883653a2bb309afbd20dd825770d45ef0d267e6ee18e7 nss-pkcs11-devel-3.21.0-6.el5_11.x86_64.rpm
ae5698473b4847dc48f6e13ed0747c092487843889f88df8741692076fd6ff25 nss-tools-3.21.0-6.el5_11.x86_64.rpm
Source:
4813046342f6562e761c0d1f6c782de5cebaa62fa06523482498dcd1b2c2e8ea nss-3.21.0-6.el5_11.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2016:0684 Moderate CentOS 5 nspr Security Update
CentOS Errata and Security Advisory 2016:0684 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0684.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2542e599e93d78a8b51ee1e9ad58b24edf8d70029defc49f8b032e4b5782c6bf nspr-4.11.0-1.el5_11.i386.rpm
5dedec41a954bc0562095cd6d5c43165056c256a66cf1389df0d8414e7c96105 nspr-devel-4.11.0-1.el5_11.i386.rpm
x86_64:
2542e599e93d78a8b51ee1e9ad58b24edf8d70029defc49f8b032e4b5782c6bf nspr-4.11.0-1.el5_11.i386.rpm
f54f893419cc8223d491056a96e33c327a1a6b3e6585c9d91edcaf227a546dc3 nspr-4.11.0-1.el5_11.x86_64.rpm
5dedec41a954bc0562095cd6d5c43165056c256a66cf1389df0d8414e7c96105 nspr-devel-4.11.0-1.el5_11.i386.rpm
d0bc78381c24c31a38ea4297e6ec8f6b2dceb676fa83be84d07d8213f9b1c441 nspr-devel-4.11.0-1.el5_11.x86_64.rpm
Source:
27c20b9b8a0d828b87cf67ca091669580d1506904edac211c643a8ab5f2fcaa6 nspr-4.11.0-1.el5_11.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0684.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2542e599e93d78a8b51ee1e9ad58b24edf8d70029defc49f8b032e4b5782c6bf nspr-4.11.0-1.el5_11.i386.rpm
5dedec41a954bc0562095cd6d5c43165056c256a66cf1389df0d8414e7c96105 nspr-devel-4.11.0-1.el5_11.i386.rpm
x86_64:
2542e599e93d78a8b51ee1e9ad58b24edf8d70029defc49f8b032e4b5782c6bf nspr-4.11.0-1.el5_11.i386.rpm
f54f893419cc8223d491056a96e33c327a1a6b3e6585c9d91edcaf227a546dc3 nspr-4.11.0-1.el5_11.x86_64.rpm
5dedec41a954bc0562095cd6d5c43165056c256a66cf1389df0d8414e7c96105 nspr-devel-4.11.0-1.el5_11.i386.rpm
d0bc78381c24c31a38ea4297e6ec8f6b2dceb676fa83be84d07d8213f9b1c441 nspr-devel-4.11.0-1.el5_11.x86_64.rpm
Source:
27c20b9b8a0d828b87cf67ca091669580d1506904edac211c643a8ab5f2fcaa6 nspr-4.11.0-1.el5_11.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Fedora 24 Beta Release Readiness Meeting, Thursday, April 28 19:00 UTC
Join us on irc.freenode.net in #fedora-meeting for the Fedora 24 Beta
Release Readiness Meeting meeting.
Release Readiness Meeting meeting.
The meeting is going to be held on Thursday, April 28, 2016 19:00 UTC.
Please check the [FedoCal] link for your time zone.
We will meet to make sure we are coordinated and ready for the Beta
release of Fedora 24 on Tuesday, May 3rd, 2016. Please note that this
meeting is going to be held even if the release is delayed at the
Go/No-Go meeting on the same day two hours earlier.
You may received this message several times, but this meeting is open
to all teams and I'll also hope this will raise awareness and more
team representatives will come to this meeting. This meeting works
best when we have representatives from all of the teams.
More information available at [RRM] link.
[FedoCal] https://apps.fedoraproject.org/calendar/meeting/3878/
[RRM] https://fedoraproject.org/wiki/Release_Readiness_Meetings
Thank you for your support and Regards, Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel-announce@lists.fedoraproject.org
Fedora 24 Beta Go/No-Go Meeting - Thursday, April 28, 2016 17:00 UTC
Join us on irc.freenode.net in #fedora-meeting for this important
meeting, wherein we shall determine the readiness of the Fedora 24
Beta.
meeting, wherein we shall determine the readiness of the Fedora 24
Beta.
The meeting is going to be held on Thursday, April 28, 2016 17:00 UTC.
Please check the [Fedocal] link for your time zone.
Before each public release Development, QA and Release Engineering
meet to determine if the release criteria are met for a particular
release. This meeting is called the Go/No-Go Meeting. Verifying that
the Release criteria are met is the responsibility of the QA Team.
Release Candidate (RC) availability and good QA coverage are
prerequisites for the Go/No-Go meeting. If you have any bug on the
list, please help us with Beta release. If we won't be ready by
Thursday, we will use this meeting to review blockers and decide what
to do.
For more details about this meeting please follow the [GoNoGoMeeting] link.
In the meantime, please keep also an eye on the Fedora 24 Beta Blocker
list [Blockers].
[FedoCal] https://apps.fedoraproject.org/calendar/meeting/3877/
[Blockers] http://qa.fedoraproject.org/blockerbugs/milestone/24/beta/buglist
[GoNoGoMeeting] https://fedoraproject.org/wiki/Go_No_Go_Meeting
Thanks you in advance for your support. Regards, Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel-announce@lists.fedoraproject.org
Friday, April 22, 2016
[CentOS-announce] CEEA-2016:0683 CentOS 7 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2016:0683
Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0683.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
57d7e4c3f03b35ab0b95808de779bede15909718a3a3c09637ec82e9eb9ad53d tzdata-2016d-1.el7.noarch.rpm
43bf52c3c30e55eb107bbde5235c12d9afd1009ae6f12c5310c76fd4145a00da tzdata-java-2016d-1.el7.noarch.rpm
Source:
daa340cc9b6340c361d5feb3b1dc93e7ef0c19719738aa29d4d4a6e3b74bf528 tzdata-2016d-1.el7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0683.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
57d7e4c3f03b35ab0b95808de779bede15909718a3a3c09637ec82e9eb9ad53d tzdata-2016d-1.el7.noarch.rpm
43bf52c3c30e55eb107bbde5235c12d9afd1009ae6f12c5310c76fd4145a00da tzdata-java-2016d-1.el7.noarch.rpm
Source:
daa340cc9b6340c361d5feb3b1dc93e7ef0c19719738aa29d4d4a6e3b74bf528 tzdata-2016d-1.el7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2016:0683 CentOS 6 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2016:0683
Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0683.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
648b5c1c0dc0890ee3194aad413b0d952e28cc0325247548f24092d2cfef222a tzdata-2016d-1.el6.noarch.rpm
a3aa69f440c5d5ff03192f8b14bd80903232c52bf61533d5d54423fac7b382be tzdata-java-2016d-1.el6.noarch.rpm
x86_64:
648b5c1c0dc0890ee3194aad413b0d952e28cc0325247548f24092d2cfef222a tzdata-2016d-1.el6.noarch.rpm
a3aa69f440c5d5ff03192f8b14bd80903232c52bf61533d5d54423fac7b382be tzdata-java-2016d-1.el6.noarch.rpm
Source:
69641ac33c2b4de7bf4ad934fd885e90d13efbf377f0a12e2b9001666c67dd82 tzdata-2016d-1.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0683.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
648b5c1c0dc0890ee3194aad413b0d952e28cc0325247548f24092d2cfef222a tzdata-2016d-1.el6.noarch.rpm
a3aa69f440c5d5ff03192f8b14bd80903232c52bf61533d5d54423fac7b382be tzdata-java-2016d-1.el6.noarch.rpm
x86_64:
648b5c1c0dc0890ee3194aad413b0d952e28cc0325247548f24092d2cfef222a tzdata-2016d-1.el6.noarch.rpm
a3aa69f440c5d5ff03192f8b14bd80903232c52bf61533d5d54423fac7b382be tzdata-java-2016d-1.el6.noarch.rpm
Source:
69641ac33c2b4de7bf4ad934fd885e90d13efbf377f0a12e2b9001666c67dd82 tzdata-2016d-1.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2016:0683 CentOS 5 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2016:0683
Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0683.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
54d05bf911d8ee5756581ca4a6f680a17331a8ad81a78a4c2fab444eef4ae4a4 tzdata-2016d-1.el5.i386.rpm
3ba460b1fc6d3e5087a34f29d94b02d80b0cfb96291e4325d5dade203120279c tzdata-java-2016d-1.el5.i386.rpm
x86_64:
a3f76a48da798cf6074da566312ef38d3453f1bc4f47e57650bd4d8287ac2147 tzdata-2016d-1.el5.x86_64.rpm
b85b0e326c82dc3ed6cc03ea4d555662977fd3ff169a31f3c6113320a9b445dd tzdata-java-2016d-1.el5.x86_64.rpm
Source:
f50acf35e30f529551db9e8d38ffa214a3b5f518e52195e5ffc96d04ec8fb796 tzdata-2016d-1.el5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0683.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
54d05bf911d8ee5756581ca4a6f680a17331a8ad81a78a4c2fab444eef4ae4a4 tzdata-2016d-1.el5.i386.rpm
3ba460b1fc6d3e5087a34f29d94b02d80b0cfb96291e4325d5dade203120279c tzdata-java-2016d-1.el5.i386.rpm
x86_64:
a3f76a48da798cf6074da566312ef38d3453f1bc4f47e57650bd4d8287ac2147 tzdata-2016d-1.el5.x86_64.rpm
b85b0e326c82dc3ed6cc03ea4d555662977fd3ff169a31f3c6113320a9b445dd tzdata-java-2016d-1.el5.x86_64.rpm
Source:
f50acf35e30f529551db9e8d38ffa214a3b5f518e52195e5ffc96d04ec8fb796 tzdata-2016d-1.el5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2016:0682 CentOS 6 qla2xxx Enhancement Update
CentOS Errata and Enhancement Advisory 2016:0682
Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0682.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
beb8bae27284f3d614fc06a783956a67bdf4954962014a9e79e6dca337a4d65f kmod-qla2xxx-8.07.00.26.06.8_k-1.el6_7.i686.rpm
x86_64:
913727d84d304f885ac611a8205e8e4783400d0769146cb63794bf9148645e10 kmod-qla2xxx-8.07.00.26.06.8_k-1.el6_7.x86_64.rpm
Source:
5bf20afc610114f1aacc3163db44e1c9789775f29edc191e30055ba505028fc6 qla2xxx-8.07.00.26.06.8_k-1.el6_7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0682.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
beb8bae27284f3d614fc06a783956a67bdf4954962014a9e79e6dca337a4d65f kmod-qla2xxx-8.07.00.26.06.8_k-1.el6_7.i686.rpm
x86_64:
913727d84d304f885ac611a8205e8e4783400d0769146cb63794bf9148645e10 kmod-qla2xxx-8.07.00.26.06.8_k-1.el6_7.x86_64.rpm
Source:
5bf20afc610114f1aacc3163db44e1c9789775f29edc191e30055ba505028fc6 qla2xxx-8.07.00.26.06.8_k-1.el6_7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
reallost1.fbsd2233449:企业如何做到高效的招聘面试
reallost1.fbsd2233449:您好
在当今世界,一个不争的事实是:哪家企业拥有一流的人才,它就会有一流的产品,也就能在竞争激励的市场中立于不败之地。是"没有人"还是"没有合适的人",我们该如何具有"慧眼"?招聘与面试作为企业人力资源竞争的第一步,对企业的长远发展有着举足轻重的作用。系统掌握招聘与面试技巧,为企业选拔优秀的人才是现代经理人及HR必备的基本素质。
附件中的内容希望能帮助到您的工作
给您解决工作中的烦恼!
vvlmg
2016-4-2213:22:10
Thursday, April 21, 2016
reallost1.fbsd2233449
从技术走向管理——研发经理的领导力与执行力
【时间地点】 2016年4月25-26深圳 ,5月26-27 上海,5月30-31 北京
【参加对象】 企业CEO/总经理、研发总经理/副总、公司总工/技术总监、研发项目经理/产品经理、中试部经理、研发质量部经理、PMO(项目管理办公室)主任、走上管理岗位的技术人员等
【学习费用】 3200/人(含课程讲义、午餐、茶点等)
垂询热线:021--3100 6787、010-5129--9910、0755-61280006
在·线·QQ:320588808 18917870808 许先生
课程背景:
根据我们多年从事研发管理咨询的经验发现中国企业95%以上的研发中基层主管都是从技术 能力比较强的工程师中提拔起来的,很多刚刚走上管理岗位的研发人员在从技术走向管理的过程中存在如下问题:
1.角色不能转换,过度关注技术细节;
2.认真帮助下属可是他们并不买账;
3.凡事亲力亲为,忙得焦头烂额,可是上司却嫌效率太低;
4.希望下属多提意见,可是他们却什么都不说,不愿意承担责任;
5.上司让制定工作计划,可却无从下手;
6.不知道如何分派工作,如何领导团队,更不知道如何确保你的团队不出差错;
7.……
这些问题致使走上管理工作岗位的技术人员疲惫不堪却还不能有效达到整体目标。
从一名只对技术负责的技术人员转变为对全流程负责的项目经理和对某一专业领域负责的部门经理,在这个转变的过程中,技术人员要实现哪些蜕变、要掌握哪些管理技能、如何培养自己的领导力等是本课程重点探
讨的内容。
培训收益:
1.分享讲师500多场研发管理培训的专业经验,通过现场的互动帮助学员理清走向管理的困惑
2.总结和分析技术人员从技术走向管理过程中常见的问题
3.掌握实现从技术走向管理的过程中要实现的几个转变
4.了解从技术走向管理的五个好习惯(成果导向、综观全局、聚焦重点、发挥优势、集思广益)
5.掌握与领导沟通的方法技巧
6.掌握走上管理工作岗位后需要掌握的四个核心管理技能(目标与计划、组织与分派工作、控制与纠偏、领导与激励)
7.了解成功实现从技术走向管理转变的几个关键要素
8.分享讲师30多个咨询项目的研发管理的案例资料(模板、表格、样例……),帮助 学员制定Action Plan,使得学员参训后回到自己的公司能够很好实践
讲师介绍:【Giles】
研发管理领域品牌资深顾问
PDMA美国产品开发管理协会会员
《PDMA新产品开发手册》中文版主译
清华大学研发管理特聘教授
课程大纲:
一、案例分析
1.讨论:技术走向管理的烦恼
二、从技术走向管理的角色定位和角色转换
1.为什么要从技术走向管理(背景、原因)
2.管理人员的角色定位和素质模型
3.有哪些技术管理职位
4.技术型管理者的角色与核心工作(技术管理者的不是说不要技术,而是层次越高的技术管理者,越需要技
术广度、技术敏锐度与市场敏锐度,而且更需要沟通、管理与领导技能)
5.技术人员与管理人员的特质
6.研发人员的特点
7.研发人员与销售人员、工人的不同
8.角色转换过程中常见的问题分析
1)自己解决问题到推动他人解决问题
2)刚性和弹性的掌握
3)从管事到管人与事的转变;
4)从发现问题到推动解决问题的转变;
5)从发现问题到推动解决问题的转变;
9.角色转换的成长之路(角色、态度、知识、技能)
10.演练与问题讨论
三、从技术走向管理必备的好习惯
1.习惯的价值与培养
2.习惯与原则
3.习惯之一:成果导向
1)过程和结果的关系
2)不同研发职位应完成的结果
3)追求过程的快乐还是成果的快乐
4)成果导向对研发管理者的要求
5)研讨:研发管理者在具体工作中怎么做才算是成果导向?
6)点评:研发整体资源管理方法论(保证研发资源整体投入产出比)
4.习惯之二:综观全局
1)对研发各级管理者来说全局在哪里?
2)综观全局的要求(理解自己在研发价值链中的位置和贡献)
3)建立研发技术团队的创造性与规范性相结合的文化
4)研发工作的特殊性决定了创造性和规范性的冲突
5)解决这个冲突的思路
6)团队游戏规则的建立
7)案例研讨:管理者在何种情况下可以破例?
8)案例研讨:研发团队提倡什么,反对什么?
9)案例研讨:游戏规则建立中的赏罚基本原则是什么?
10)研发型团队创造性文化的建立(鼓励创新,鼓励犯错误,鼓励创造性)
11)研发型团队规范性文化的建立(规范性、纪律性、过程标准性、可制造性、可服务性、保密性等)
5.习惯之三:聚焦重点
1)研发管理人员忙碌却无成效的原因剖析
2)研发管理人员的工作分类(四个象限)和时间管理
3)问题解答:谁都知道应当按四个象限安排工作顺序可为什么我们总安排不好?
4)讨论:对研发管理者来说到底什么是重要的工作?领导交代的工作到底属于哪个象限?
5)案例:张经理的工作如何聚焦重点
6.习惯之四:发挥优势
1)不同的研发人员有什么优势
2)是发挥优势还是克服弱点
3)发挥优势要求我们做到什么
4)采用什么方法才能发挥不同研发人员的优势
7.习惯之五:集思广益
1)怎样才能使研发团队绩效最大化
2)研发团队合作的5种方式
3)因为差异(四个层次)所以要集思广益
4)差异会导致冲突吗?差异与冲突的关系
5)研发冲突的原因
6)为什么研发人员与测试人员、QA会有冲突
7)冲突的破坏性和建设性
8)冲突的状况与组织绩效
9)看录像中的冲突进行讨论(项目经理、QA、下属的关系)
10)集思广益经常使用的方法论(脑力激荡法、德尔菲)
四、研发管理者如何与领导沟通
1.研发管理者自己沟通能力不强而领导又不懂技术怎么办?
2.为什么研发工作自己觉得开展的很好却得不到老板或领导的认可?
3.与领导沟通的重要性
4.无数"革命先烈"的教训分享
5.领导的沟通类型
6.领导的沟通类型对沟通的影响
7.与领导沟通的难题(尤其是没有技术背景的领导)
8.与领导沟通的要点
9.高层领导喜欢的沟通方式
10.与领导沟通的方式、方法与技巧
11.与领导沟通谨慎换位思考
12.向领导汇报方式和工具
13.汇报会上领导常问的问题分类
14.为什么领导在会上总是不断追着问?
15.高层管理者对研发的沟通信息需求(开发状况、资源状况、管理优化状况)详细介绍和模板演示。
16.分辨领导的真正需求
17.要想成功从技术走向管理首先做个成功的下属
18.如何做个成功的下属
19.研讨:学习本单元的体会列出以后改进的三个要点
五、从技术走向管理的四个核心管理技能之一:目标与计划
1.目标对我们的影响
2.个人目标和团队目标的关系
3.如何根据公司的战略要求制定研发部门和研发项目的目标
4.研发部门和项目的目标如何分解到个人
5.如何帮助下属制定工作目标
6.目标的制定与下达(SMART化、愿景化、共享化、承诺化(PBC))
7.研发项目的目标为什么不容易SMART
8.为什么培训了很多次SMART研发项目目标还是做不到SMART
9.开发管理中为什么要用模板,模板使用的3个艺术、为什么模板推行中总有困难
10.研发工作计划的PDCA循环
11.研发流程与计划的关系
12.研发项目计划制定的流程
13.PERT、关键路径和GANNT
14.为什么研发项目计划不用PERT图
15.产品开发计划如何分成四级(这四级计划的责任主体和制定时间点)
16.演练:每个小组制定一个半年计划,发表!
六、从技术走向管理的四个核心管理技能之二:组织与分派工作
1.活动演练 30 分钟:扑克游戏——上中下 三层互动(体验:管理对人与对事,三层角色 定位,目标下达
,控制与跟踪,愿景与目标共享,结果反馈等)
2.研发执行力缺失的原因分析
3.常见研发组织形式及优缺点
4.如何对研发工作进行分解
5.给研发人员分派工作的原则
6.给研发人员分派工作的步骤
7.给研发人员分派工作中容易出现的问题
8.研发沟通管理的内容
9.沟通的目的与功能
10.沟通的种类与方式
11.有效沟通的障碍/约哈里窗
12.面对面沟通避免的小动作
13.如何给其它部门分派研发工作
14.研发管理人员在分派工作中容易存在的问题、原因和克服
15.给研发技术人员创造愿景、描绘愿景,尤其是关于项目与团队前途
16.案例研讨:研发技术型团队的成员常被迫承担紧急的项目周期,该如何处理?
17.案例研讨:给予研发技术人员的空间到底多大,犯什么样的错误可以接受?
18.案例研讨:任务下达后完成得不好但因为是碰到困难又怎么处理?
19.案例研讨:一个人承担多个项目遇到资源冲突怎么办
20.案例研讨:两个领导意见不一致,怎么办?
七、从技术走向管理的四个核心管理技能之三:控制与纠偏
1.研发工作为什么难以控制
2.研发工作的问题管理与风险管理
3.研发工作追踪的步骤
4.研发工作控制方法之一:会议(具体操作与模板)
5.研发工作控制方法之二:报告机制(具体操作与模板)
6.研发工作控制方法之三:审计(具体操作与模板)
7.研发工作控制方法之四:合同书与任务书(具体操作与模板)
8.研发工作控制方法之五:预警系统(具体操作与模板)
9.研发工作控制方法之六:经验教训总结(具体操作与模板)
10.研发工作控制方法之七:测评(具体操作与模板)
11.研发工作控制方法之八:非正规控制(具体操作与模板)
12.研发工作如何度量、量化管理(有哪些量化指标、PCB)
13.关于控制的误区(用人不疑、甩手掌柜、与创新的矛盾)
14.关于研发执行力
八、从技术走向管理的四个核心管理技能之四:领导与激励
1.研发领导权威力的来源
2.研发领导如何发展个人魅力
3.如何针对不同环境和不同的研发人员进行情景领导
4.讨论:如何增进研发团队的凝聚力和士气
5.研发领导如何授权
6.研发领导如何辅导下属和培养接班人
7.研发部门中的"因人而异"的管理方法
1)白金法则
2)如何管理你团队性格特征不同的下属
3)案例分析:如何考察与识别有管理潜力的技术型部属?
4)尊重研发技术人员个性的沟通模式与方法
5)案例研讨:如何管理技术型团队中的悍将、润滑油、老黄牛型的部属?
8.研发人员的考核与激励(专题讲解)
1)建立功能型团队与项目型团队面向结果的绩效考核办法
2)定性与定量考核法;
3)有效理解结果、过程、投入的考核之间的关系;
4)关键绩效指标考核法(KPI法):模板、业界案例、练习
5)平衡计分卡考核法(BSC法):模板、业界案例
6)个人业务承诺法(PBC法):模板、业界案例、练习
7)考核流程与360度考核法:业界案例比较分析
8)末位淘汰法
9)各层次技术人员考核要求及关键内容
9.研发技术型人才的培育与任职资格管理
1)研发技术型人才的素质模型与特点
2)培育部属(辅导的7步结构、研发技术人员积极意愿度的 培育、能力度的培育、如何培养研发技术型新手、如何培养研发技术型骨干与高端人才)
3)任职资格管理(双阶梯职业通道模型、任职资格的目的与作用、任职资格的体系与标准、认证与成长、职涯发展)
4)基于任职资格的研发技术型人员的培训实习体系
5)专业技术人才和专业技术管理人才(系统工程师、QA、项目经理等)的正式培养机制——资源池
10.研发技术型人才的非物质激励与物质激励方法
1)研发技术型人才的需要
2)案例研讨:研发技术型人才受什么因素激励?
3)案例研讨:技术型团队的士气受哪些因素影响?
4)案例研讨:技术型团队的凝聚力受哪些因素影响?
5)管理者的红黑脸方法(勋章、鲜花、鼓励、期望、赞美;警告、批评、敲打、揉搓、杀鸡骇猴、痛骂等。
6)案例研讨:如何对技术型部属使用红脸?
7)案例研讨:如何对技术型部属使用黑脸?
8)案例研讨:能干的技术型部属犯了错误如何处理?
9)案例研讨:如何在能力比你强的技术型部属中树立你的威信?
10)研发技术型人员的物质型激励:薪酬包组合、组合结构、薪酬分配、薪酬梯级、工资奖金比例。
11)资力能力及报酬的关系、业界案例
12)技术人员离职的征兆管理以及如何留住有价值的知识型员工
11.演练与讨论
九、成功实现从技术走向管理转变的关键
1.成功的实现角色换位
2.管理技能的培养
3.个人修炼(习惯、领导力、沟通能力)
4.组织的融合和团队的打造
5.给刚走上管理岗位的技术人员推荐的书籍和电影
专业背景:
十多年高科技企业研发管理实践,典型的在企业实践中从技术走向管理的管理专家。在某著名通信公司工作期间,作为硬件工程师、软件工程师和系统工程师(系统总体设计总工)参与过多个小型、大型项目开发,有五年具体产品开发经验,承担过多个项目的管理工作,担任过研发项目管理部经理、研发管理办经理、技术管理部副总经理、研发IT中心主任,经历并参与主持了此公司研发管理(包括研发流程管理、研发项目管理、研发人力资源管理、研发IT管理等模块)混乱到规范化建设的全过程。1998年开始长期与国际顶尖咨询顾问一起工作,并作为第一批核心小组成员与国际著名的咨询公司合作主导了研发管理变革项目及其母项目公司级IT规划项目,同时兼任该公司高级讲师,负责企业文化建设在研发的推进和落地工作。
研发管理咨询经验:
曾作为项目总监、项目经理主导了10多个研发管理咨询项目,帮助这些企业全面建立研发管理体系(包括流程、组织、绩效、IT),有效地提升了这些公司的研发管理和创新能力。
Subscribe to:
Posts (Atom)