CES 2018: Lenovo unveils Always Connected Miix 630 detachable, ThinkPad X1 Series, Lenovo Tablet 10 and more

2018-01-11 KENNETH 0

CES 2018: Lenovo unveils Always Connected Miix 630 detachable, ThinkPad X1 Series, Lenovo Tablet 10 and more Meet the new Always Connected Lenovo Miix 630 2-in-1 Detachable Meet the new Miix 630, Lenovo’s latest Windows 10 S 2-in-1 detachable that gives you the power and productivity of a laptop with the always on, always connected mobility of a smartphone.1 With integrated 4G LTE, you don’t have to just rely on slow, public Wi-Fi hotspots. The Miix 630 is built with Qualcomm’s innovative Snapdragon 835 Mobile PC Platform and Windows 10 S, so you can get work done on the go. Its full-sized backlit keyboard with precision touchpad gives you a comfortable and convenient typing experience to compile reports, design presentations or crunch numbers. It’s also equipped with a Lenovo digital pen with 1,024 levels of sensitivity so you can draw, [ more… ]

No Image

USN-3528-1: Ruby vulnerabilities

2018-01-11 KENNETH 0

USN-3528-1: Ruby vulnerabilities Ubuntu Security Notice USN-3528-1 10th January, 2018 ruby1.9.1, ruby2.3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Ruby. Software description ruby1.9.1 – Interpreter of object-oriented scripting language Ruby ruby2.3 – Interpreter of object-oriented scripting language Ruby Details It was discovered that Ruby incorrectly handled certain terminal emulatorescape sequences. An attacker could use this to execute arbitrary code viaa crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.(CVE-2017-10784) It was discovered that Ruby incorrectly handled certain strings.An attacker could use this to cause a denial of service. This issueonly affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14033) It was discovered that Ruby incorrectly handled some generating JSON.An attacker could use this to possible expose sensitive [ more… ]

No Image

USN-3522-3: Linux kernel regression

2018-01-11 KENNETH 0

USN-3522-3: Linux kernel regression Ubuntu Security Notice USN-3522-3 10th January, 2018 linux regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary USN-3522-1 introduced a regression in the Linux kernel. Software description linux – Linux kernel Details USN-3522-1 fixed a vulnerability in the Linux kernel to addressMeltdown (CVE-2017-5754). Unfortunately, that update introduceda regression where a few systems failed to boot successfully. Thisupdate fixes the problem. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: linux-image-generic 4.4.0.109.114 linux-image-4.4.0-109-lowlatency [ more… ]

No Image

USN-3522-4: Linux kernel (Xenial HWE) regression

2018-01-11 KENNETH 0

USN-3522-4: Linux kernel (Xenial HWE) regression Ubuntu Security Notice USN-3522-4 10th January, 2018 linux-lts-xenial regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary USN-3522-2 introduced a regression in the Linux Hardware Enablement kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3522-2 fixed a vulnerability in the Linux Hardware Enablementkernel for Ubuntu 14.04 LTS to address Meltdown (CVE-2017-5754).Unfortunately, that update introduced a regression where a few systemsfailed to boot successfully. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Update instructions The problem can be [ more… ]

No Image

USN-3526-1: SSSD vulnerability

2018-01-10 KENNETH 0

USN-3526-1: SSSD vulnerability Ubuntu Security Notice USN-3526-1 10th January, 2018 sssd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Summary SSSD could be made to expose sensitive information. Software description sssd – System Security Services Daemon — metapackage Details It was discovered that SSSD incorrectly handled certain inputs when queryingits local cache. An attacker could use this to inject arbitrary code and exposesensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: sssd 1.15.2-1ubuntu1.1 sssd-common 1.15.2-1ubuntu1.1 sssd-tools 1.15.2-1ubuntu1.1 Ubuntu 16.04 LTS: sssd 1.13.4-1ubuntu1.10 sssd-common 1.13.4-1ubuntu1.10 sssd-tools 1.13.4-1ubuntu1.10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-12173 Source: USN-3526-1: SSSD vulnerability