Red Hat Enterprise Linux: Updated glibc packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
RHBA-2017:0891-1: binutils bug fix update
Red Hat Enterprise Linux: Updated binutils packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
RHBA-2017:0889-1: samba bug fix update
Red Hat Enterprise Linux: Updated samba packages that fix one bug are now available for Red Hat Enterprise
Linux 6.
USN-3258-2: Dovecot regression
Ubuntu Security Notice USN-3258-2
11th April, 2017
dovecot regression
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary
USN-3258-1 introduced a regression in Dovecot.
Software description
- dovecot
– IMAP and POP3 email server
Details
USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation
revealed that only Dovecot versions 2.2.26 and newer were affected by the
vulnerability. Additionally, the change introduced a regression when Dovecot
was configured to use the “dict” authentication database. This update reverts
the change. We apologize for the inconvenience.
Original advisory details:
It was discovered that Dovecot incorrectly handled some usernames. An attacker
could possibly use this issue to cause Dovecot to hang or crash, resulting in a
denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
dovecot-core
1:2.2.24-1ubuntu1.3
- Ubuntu 16.04 LTS:
-
dovecot-core
1:2.2.22-1ubuntu2.4
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Microsoft Issues Patches for Actively Exploited Critical Vulnerabilities
Besides a previously undisclosed code-execution flaw in Microsoft Word, the tech giant patches two more zero-day vulnerabilities that attackers had been exploiting in the wild for months, as part of this month’s Patch Tuesday.
In total, Microsoft patches 45 unique vulnerabilities in its nine products, including three previously undisclosed vulnerabilities under active attack.
The first
Hackers Can Steal Your Passwords Just by Monitoring SmartPhone Sensors
Do you know how many kinds of sensors your smartphone has inbuilt? And what data they gather about your physical and digital activities?
An average smartphone these days is packed with a wide array of sensors such as GPS, Camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer, and NFC, to name a few.
Now, according to a team of scientists from Newcastle University
FreeBSD-SA-17:03.ntp
Here come the new office cyborgs: One of them could be you
A NFC chip the size of a rice could turn you into a cyborg.
The post Here come the new office cyborgs: One of them could be you appeared first on Avira Blog.
qt5-qtwebengine-5.8.0-8.fc25
This update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update.
The update fixes the following security issues in QtWebEngine 5.7.1: CVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199, CVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651.
Other immediately usable changes in QtWebEngine 5.8 include:
* Based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75. (5.7.1 was based on Chromium 49.0.2623.111 with security fixes from Chromium up to version 54.0.2840.87.)
* The `view-source:` scheme is now supported.
* User scripts now support metadata (`@include`, `@exclude`, `@match`) as in Greasemonkey.
* Some `chrome:` schemes now supported, for instance `chrome://gpu`.
* Several bugs were fixed, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0 for details.
The following changes in QtWebEngine 5.8 require compile-time application support and will only be available after applications are rebuilt (and patched to remove the checks for Qt 5.8, because Qt is still version 5.7.1, only QtWebEngine is being updated):
* Spellchecking with a forked version of Hunspell. This Fedora package automatically converts system Hunspell dictionaries (installed by system RPMs into the systemwide location) to the Chromium `bdic` format used by QtWebEngine (using an RPM file trigger). If you wish to use dictionaries installed manually, use the included `qwebengine_convert_dict` tool. Alternatively, you can also download dictionaries directly in the Chromium `bdic` format.
* Support for printing directly to a printer. (Note that QupZilla already supports printing to a printer, because it can use the printToPdf API that has existed since QtWebEngine 5.7 to print to a printer with the help of the `lpr` command-line tool. But other applications such as KMail require the new direct printing API.)
* Added a setting to enable printing of CSS backgrounds.
The following new QML APIs are available to developers:
* Tooltips (HTML5 global title attribute) are now also supported in the QML API.
* Qt WebEngine (QML) allows defining custom dialogs / context menus.
* Qt WebEngine (QML) on `eglfs` uses builtin dialogs based on Qt Quick Controls 2.
qt5-qtwebengine-5.8.0-8.fc26
This update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update.
The update fixes the following security issues in QtWebEngine 5.7.1: CVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199, CVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651.
Other immediately usable changes in QtWebEngine 5.8 include:
* Based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75. (5.7.1 was based on Chromium 49.0.2623.111 with security fixes from Chromium up to version 54.0.2840.87.)
* The `view-source:` scheme is now supported.
* User scripts now support metadata (`@include`, `@exclude`, `@match`) as in Greasemonkey.
* Some `chrome:` schemes now supported, for instance `chrome://gpu`.
* Several bugs were fixed, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0 for details.
The following changes in QtWebEngine 5.8 require compile-time application support and will only be available after applications are rebuilt (and patched to remove the checks for Qt 5.8, because Qt is still version 5.7.1, only QtWebEngine is being updated):
* Spellchecking with a forked version of Hunspell. This Fedora package automatically converts system Hunspell dictionaries (installed by system RPMs into the systemwide location) to the Chromium `bdic` format used by QtWebEngine (using an RPM file trigger). If you wish to use dictionaries installed manually, use the included `qwebengine_convert_dict` tool. Alternatively, you can also download dictionaries directly in the Chromium `bdic` format.
* Support for printing directly to a printer. (Note that QupZilla already supports printing to a printer, because it can use the printToPdf API that has existed since QtWebEngine 5.7 to print to a printer with the help of the `lpr` command-line tool. But other applications such as KMail require the new direct printing API.)
* Added a setting to enable printing of CSS backgrounds.
The following new QML APIs are available to developers:
* Tooltips (HTML5 global title attribute) are now also supported in the QML API.
* Qt WebEngine (QML) allows defining custom dialogs / context menus.
* Qt WebEngine (QML) on `eglfs` uses builtin dialogs based on Qt Quick Controls 2.