Tag Archives: pnp

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/755076/rss

Security updates have been issued by Arch Linux (lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), CentOS (firefox), Debian (imagemagick), Fedora (exiv2, LibRaw, and love), Gentoo (chromium), Mageia (kernel, librelp, and miniupnpc), openSUSE (curl, enigmail, ghostscript, libvorbis, lilypond, and thunderbird), Red Hat (Red Hat OpenStack Platform director), and Ubuntu (firefox).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/746915/rss

Security updates have been issued by Debian (django-anymail, libtasn1-6, and postgresql-9.1), Fedora (w3m), Mageia (389-ds-base, gcc, libtasn1, and p7zip), openSUSE (flatpak, ImageMagick, libjpeg-turbo, libsndfile, mariadb, plasma5-workspace, pound, and spice-vdagent), Oracle (kernel), Red Hat (flash-plugin), SUSE (docker, docker-runc, containerd, golang-github-docker-libnetwork and kernel), and Ubuntu (libvirt, miniupnpc, and QEMU).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/743575/rss

Security updates have been issued by Arch Linux (linux-hardened, linux-lts, linux-zen, and mongodb), Debian (gdk-pixbuf, gifsicle, graphicsmagick, kernel, and poppler), Fedora (dracut, electron-cash, and firefox), Gentoo (backintime, binutils, chromium, emacs, libXcursor, miniupnpc, openssh, optipng, and webkit-gtk), Mageia (kernel, kernel-linus, kernel-tmb, openafs, and python-mistune), openSUSE (clamav-database, ImageMagick, kernel-firmware, nodejs4, and qemu), Red Hat (linux-firmware, ovirt-guest-agent-docker, qemu-kvm-rhev, redhat-virtualization-host, rhev-hypervisor7, rhvm-appliance, thunderbird, and vdsm), Scientific Linux (thunderbird), SUSE (kernel and qemu), and Ubuntu (firefox and poppler).

Delivering Graphics Apps with Amazon AppStream 2.0

Post Syndicated from Deepak Suryanarayanan original https://aws.amazon.com/blogs/compute/delivering-graphics-apps-with-amazon-appstream-2-0/

Sahil Bahri, Sr. Product Manager, Amazon AppStream 2.0

Do you need to provide a workstation class experience for users who run graphics apps? With Amazon AppStream 2.0, you can stream graphics apps from AWS to a web browser running on any supported device. AppStream 2.0 offers a choice of GPU instance types. The range includes the newly launched Graphics Design instance, which allows you to offer a fast, fluid user experience at a fraction of the cost of using a graphics workstation, without upfront investments or long-term commitments.

In this post, I discuss the Graphics Design instance type in detail, and how you can use it to deliver a graphics application such as Siemens NX―a popular CAD/CAM application that we have been testing on AppStream 2.0 with engineers from Siemens PLM.

Graphics Instance Types on AppStream 2.0

First, a quick recap on the GPU instance types available with AppStream 2.0. In July, 2017, we launched graphics support for AppStream 2.0 with two new instance types that Jeff Barr discussed on the AWS Blog:

  • Graphics Desktop
  • Graphics Pro

Many customers in industries such as engineering, media, entertainment, and oil and gas are using these instances to deliver high-performance graphics applications to their users. These instance types are based on dedicated NVIDIA GPUs and can run the most demanding graphics applications, including those that rely on CUDA graphics API libraries.

Last week, we added a new lower-cost instance type: Graphics Design. This instance type is a great fit for engineers, 3D modelers, and designers who use graphics applications that rely on the hardware acceleration of DirectX, OpenGL, or OpenCL APIs, such as Siemens NX, Autodesk AutoCAD, or Adobe Photoshop. The Graphics Design instance is based on AMD’s FirePro S7150x2 Server GPUs and equipped with AMD Multiuser GPU technology. The instance type uses virtualized GPUs to achieve lower costs, and is available in four instance sizes to scale and match the requirements of your applications.

Instance vCPUs Instance RAM (GiB) GPU Memory (GiB)
stream.graphics-design.large 2 7.5 GiB 1
stream.graphics-design.xlarge 4 15.3 GiB 2
stream.graphics-design.2xlarge 8 30.5 GiB 4
stream.graphics-design.4xlarge 16 61 GiB 8

The following table compares all three graphics instance types on AppStream 2.0, along with example applications you could use with each.

  Graphics Design Graphics Desktop Graphics Pro
Number of instance sizes 4 1 3
GPU memory range
1–8 GiB 4 GiB 8–32 GiB
vCPU range 2–16 8 16–32
Memory range 7.5–61 GiB 15 GiB 122–488 GiB
Graphics libraries supported AMD FirePro S7150x2 NVIDIA GRID K520 NVIDIA Tesla M60
Price range (N. Virginia AWS Region) $0.25 – $2.00/hour $0.5/hour $2.05 – $8.20/hour
Example applications Adobe Premiere Pro, AutoDesk Revit, Siemens NX AVEVA E3D, SOLIDWORKS AutoDesk Maya, Landmark DecisionSpace, Schlumberger Petrel

Example graphics instance set up with Siemens NX

In the section, I walk through setting up Siemens NX with Graphics Design instances on AppStream 2.0. After set up is complete, users can able to access NX from within their browser and also access their design files from a file share. You can also use these steps to set up and test your own graphics applications on AppStream 2.0. Here’s the workflow:

  1. Create a file share to load and save design files.
  2. Create an AppStream 2.0 image with Siemens NX installed.
  3. Create an AppStream 2.0 fleet and stack.
  4. Invite users to access Siemens NX through a browser.
  5. Validate the setup.

To learn more about AppStream 2.0 concepts and set up, see the previous post Scaling Your Desktop Application Streams with Amazon AppStream 2.0. For a deeper review of all the setup and maintenance steps, see Amazon AppStream 2.0 Developer Guide.

Step 1: Create a file share to load and save design files

To launch and configure the file server

  1. Open the EC2 console and choose Launch Instance.
  2. Scroll to the Microsoft Windows Server 2016 Base Image and choose Select.
  3. Choose an instance type and size for your file server (I chose the general purpose m4.large instance). Choose Next: Configure Instance Details.
  4. Select a VPC and subnet. You launch AppStream 2.0 resources in the same VPC. Choose Next: Add Storage.
  5. If necessary, adjust the size of your EBS volume. Choose Review and Launch, Launch.
  6. On the Instances page, give your file server a name, such as My File Server.
  7. Ensure that the security group associated with the file server instance allows for incoming traffic from the security group that you select for your AppStream 2.0 fleets or image builders. You can use the default security group and select the same group while creating the image builder and fleet in later steps.

Log in to the file server using a remote access client such as Microsoft Remote Desktop. For more information about connecting to an EC2 Windows instance, see Connect to Your Windows Instance.

To enable file sharing

  1. Create a new folder (such as C:\My Graphics Files) and upload the shared files to make available to your users.
  2. From the Windows control panel, enable network discovery.
  3. Choose Server Manager, File and Storage Services, Volumes.
  4. Scroll to Shares and choose Start the Add Roles and Features Wizard. Go through the wizard to install the File Server and Share role.
  5. From the left navigation menu, choose Shares.
  6. Choose Start the New Share Wizard to set up your folder as a file share.
  7. Open the context (right-click) menu on the share and choose Properties, Permissions, Customize Permissions.
  8. Choose Permissions, Add. Add Read and Execute permissions for everyone on the network.

Step 2:  Create an AppStream 2.0 image with Siemens NX installed

To connect to the image builder and install applications

  1. Open the AppStream 2.0 management console and choose Images, Image Builder, Launch Image Builder.
  2. Create a graphics design image builder in the same VPC as your file server.
  3. From the Image builder tab, select your image builder and choose Connect. This opens a new browser tab and display a desktop to log in to.
  4. Log in to your image builder as ImageBuilderAdmin.
  5. Launch the Image Assistant.
  6. Download and install Siemens NX and other applications on the image builder. I added Blender and Firefox, but you could replace these with your own applications.
  7. To verify the user experience, you can test the application performance on the instance.

Before you finish creating the image, you must mount the file share by enabling a few Microsoft Windows services.

To mount the file share

  1. Open services.msc and check the following services:
  • DNS Client
  • Function Discovery Resource Publication
  • SSDP Discovery
  • UPnP Device H
  1. If any of the preceding services have Startup Type set to Manual, open the context (right-click) menu on the service and choose Start. Otherwise, open the context (right-click) menu on the service and choose Properties. For Startup Type, choose Manual, Apply. To start the service, choose Start.
  2. From the Windows control panel, enable network discovery.
  3. Create a batch script that mounts a file share from the storage server set up earlier. The file share is mounted automatically when a user connects to the AppStream 2.0 environment.

Logon Script Location: C:\Users\Public\logon.bat

Script Contents:


net use H: \\path\to\network\share 

PING localhost -n 30 >NUL


  1. Open gpedit.msc and choose User Configuration, Windows Settings, Scripts. Set logon.bat as the user logon script.
  2. Next, create a batch script that makes the mounted drive visible to the user.

Logon Script Location: C:\Users\Public\startup.bat

Script Contents:
REG DELETE “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer” /v “NoDrives” /f

  1. Open Task Scheduler and choose Create Task.
  2. Choose General, provide a task name, and then choose Change User or Group.
  3. For Enter the object name to select, enter SYSTEM and choose Check Names, OK.
  4. Choose Triggers, New. For Begin the task, choose At startup. Under Advanced Settings, change Delay task for to 5 minutes. Choose OK.
  5. Choose Actions, New. Under Settings, for Program/script, enter C:\Users\Public\startup.bat. Choose OK.
  6. Choose Conditions. Under Power, clear the Start the task only if the computer is on AC power Choose OK.
  7. To view your scheduled task, choose Task Scheduler Library. Close Task Scheduler when you are done.

Step 3:  Create an AppStream 2.0 fleet and stack

To create a fleet and stack

  1. In the AppStream 2.0 management console, choose Fleets, Create Fleet.
  2. Give the fleet a name, such as Graphics-Demo-Fleet, that uses the newly created image and the same VPC as your file server.
  3. Choose Stacks, Create Stack. Give the stack a name, such as Graphics-Demo-Stack.
  4. After the stack is created, select it and choose Actions, Associate Fleet. Associate the stack with the fleet you created in step 1.

Step 4:  Invite users to access Siemens NX through a browser

To invite users

  1. Choose User Pools, Create User to create users.
  2. Enter a name and email address for each user.
  3. Select the users just created, and choose Actions, Assign Stack to provide access to the stack created in step 2. You can also provide access using SAML 2.0 and connect to your Active Directory if necessary. For more information, see the Enabling Identity Federation with AD FS 3.0 and Amazon AppStream 2.0 post.

Your user receives an email invitation to set up an account and use a web portal to access the applications that you have included in your stack.

Step 5:  Validate the setup

Time for a test drive with Siemens NX on AppStream 2.0!

  1. Open the link for the AppStream 2.0 web portal shared through the email invitation. The web portal opens in your default browser. You must sign in with the temporary password and set a new password. After that, you get taken to your app catalog.
  2. Launch Siemens NX and interact with it using the demo files available in the shared storage folder – My Graphics Files. 

After I launched NX, I captured the screenshot below. The Siemens PLM team also recorded a video with NX running on AppStream 2.0.


In this post, I discussed the GPU instances available for delivering rich graphics applications to users in a web browser. While I demonstrated a simple setup, you can scale this out to launch a production environment with users signing in using Active Directory credentials,  accessing persistent storage with Amazon S3, and using other commonly requested features reviewed in the Amazon AppStream 2.0 Launch Recap – Domain Join, Simple Network Setup, and Lots More post.

To learn more about AppStream 2.0 and capabilities added this year, see Amazon AppStream 2.0 Resources.

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/732179/rss

Security updates have been issued by Debian (augeas, connman, fontforge, freeradius, git, mariadb-10.1, openjdk-7, php5, qemu, qemu-kvm, and tenshi), Fedora (augeas, libsndfile, thunderbird, and xen), Gentoo (AutoTrace and jbig2dec), Mageia (dbus, flash-player-plugin, groovy, groovy18, heimdal, kernel-linus, kmail(kdepimlibs4), libice, libmodplug, miniupnpc, and postgresql9.3/4/6), openSUSE (freeradius-server, gnome-shell, ImageMagick, and openvswitch), and SUSE (java-1_8_0-ibm, libzypp, and postgresql94).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/724293/rss

Security updates have been issued by Arch Linux (postgresql, postgresql-libs, samba, and sudo), Debian (gajim, libpodofo, openldap, pngquant, qemu-kvm, sudo, and tiff), Fedora (lxterminal, menu-cache, and pcmanfm), Gentoo (sudo), openSUSE (libraw, miniupnpc, and sudo), Oracle (kernel, nss, and sudo), Red Hat (kernel and sudo), Scientific Linux (kernel and sudo), Slackware (sudo), SUSE (java-1_6_0-ibm, java-1_8_0-openjdk, openstack-components, and sudo), and Ubuntu (sudo).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/723690/rss

Security updates have been issued by CentOS (libtirpc and rpcbind), Debian (libtasn1-3, libtasn1-6, and samba), Fedora (FlightGear, openvpn, and python-fedora), openSUSE (libtirpc and libxslt), Oracle (libtirpc and rpcbind), Red Hat (samba, samba3x, and samba4), Scientific Linux (samba and samba4), SUSE (java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm, samba, and tomcat), and Ubuntu (jbig2dec, miniupnpc, rtmpdump, and samba).

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/723552/rss

Security updates have been issued by Arch Linux (lynis), CentOS (kdelibs, libtirpc, rpcbind, and samba), Debian (miniupnpc), Fedora (chromium, chromium-native_client, and kernel), Oracle (kdelibs and samba), Red Hat (libtirpc and rpcbind), and Scientific Linux (kdelibs, libtirpc, rpcbind, and samba).

Weekend security updates

Post Syndicated from corbet original https://lwn.net/Articles/718732/rss

Security updates have been issued by Debian (ejabberd, jhead, and samba), Fedora (chromium, drupal8, empathy, erlang, firefox, icoutils, kernel, knot-resolver, libICE, libupnp, libXdmcp, links, mbedtls, moodle, mupdf, ntp, openslp, R, rkward, rpy, sane-backends, sscg, tcpreplay, thunderbird, and webkitgtk4), Mageia (kernel, kernel-linus, and kernel-tmb), openSUSE (apache2, Chromium, kernel, and virglrenderer), Oracle (kernel), and Slackware (samba).

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/717104/rss

Security updates have been issued by Arch Linux (linux-grsec and linux-lts), Debian (icoutils, imagemagick, and roundcube), Fedora (freetype, libupnp, libwmf, thunderbird, tor, and w3m), Red Hat (chromium-browser and thunderbird), Scientific Linux (thunderbird), and Ubuntu (icoutils, icu, libevent, pidgin, pillow, and python-imaging).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/716959/rss

Security updates have been issued by Arch Linux (chromium, firefox, libxslt, and thunderbird), Debian (firefox-esr, icoutils, and pidgin), Fedora (firefox, freetype, GraphicsMagick, kdelibs, kdelibs3, kernel, libupnp, munin, php-pear-PHP-CodeSniffer, thunderbird, and wireshark), Mageia (flac, flash-player-plugin, potrace, and wireshark), openSUSE (bitlbee, cacti, kdelibs4, kio, lynx, openssh, pax-utils, perl-Image-Info, Wireshark, and xen), and SUSE (qemu).

Security advisories for Monday

Post Syndicated from ris original http://lwn.net/Articles/712296/rss

CentOS has updated java-1.8.0-openjdk (C7; C6: multiple vulnerabilities).

Debian has updated libphp-swiftmailer (code execution), mariadb-10.0 (multiple mostly unspecified vulnerabilities), and openjpeg2 (multiple vulnerabilities).

Debian-LTS has updated groovy (code execution) and opus (code execution).

Fedora has updated docker-latest
(F24: privilege escalation), ed (F25:
denial of service), groovy (F25: code
execution), libnl3 (F25; F24: privilege escalation), opus (F25; F24: code
execution), qemu (F25: multiple
vulnerabilities), squid (F25: two
vulnerabilities), and webkitgtk4 (F25; F24:
multiple vulnerabilities).

Gentoo has updated DBD-mysql
(multiple vulnerabilities), dcraw (denial
of service from 2015), DirectFB (two
vulnerabilities from 2014), libupnp (two
vulnerabilities), lua (code execution from
2014), ppp (denial of service from 2015),
qemu (multiple vulnerabilities), quagga (two vulnerabilities), and zlib (multiple vulnerabilities).

Mageia has updated libpng, libpng12 (NULL dereference bug).

openSUSE has updated perl-DBD-mysql (42.2, 42.1: three vulnerabilities) and xtrabackup (42.2; 42.1: information disclosure).

Oracle has updated java-1.8.0-openjdk (OL7; OL6: multiple vulnerabilities).

SUSE has updated gstreamer-0_10-plugins-good (SLE12-SP1; SLE11-SP4: multiple vulnerabilities).

Security advisories for Tuesday

Post Syndicated from ris original http://lwn.net/Articles/711855/rss

Arch Linux has updated python-crypto (code execution) and python2-crypto (code execution).

CentOS has updated bind (C7; C6; C5: denial of service) and bind97 (C5: denial of service).

Debian-LTS has updated pdns-recursor (code execution).

Fedora has updated bind (F24:
three denial of service flaws), bind99
(F24: three denial of service flaws), and SimGear (F25: file overwrites).

Gentoo has updated file (multiple vulnerabilities), libxml2 (multiple vulnerabilities), miniupnpc (denial of service), pidgin (multiple vulnerabilities), vlc (code execution), and xdelta (code execution).

openSUSE has updated ark (42.2, 42.1; SPH for SLE12: code execution), encfs (42.2, 42.1, 13.2: code execution from
2014), gstreamer-0_10-plugins-bad (13.2:
code execution), gstreamer-0_10-plugins-base (13.2: code
execution), gstreamer-0_10-plugins-good
(13.2: multiple vulnerabilities), gstreamer-plugins-bad (42.1; 13.2:
three vulnerabilities), gstreamer-plugins-base (42.1; 13.2:
code execution), gstreamer-plugins-good (42.1; 13.2:
multiple vulnerabilities), icinga (14.2,
14.1: two vulnerabilities), icoutils (42.2; 42.1; 13.2: multiple vulnerabilities), openjpeg2 (42.2: multiple vulnerabilities), pcsc-lite (42.2, 42.1, 13.2: privilege
escalation), and python-pycrypto (14.2,
14.1, 13.2: denial of service).

Oracle has updated bind (OL7; OL6; OL5: denial of service), bind97 (OL5: denial of service), and docker-engine docker-engine-selinux (OL7; OL6: two vulnerabilities).

Red Hat has updated kernel
(RHEL6.5: code execution).

Scientific Linux has updated bind (SL7; SL5,6:
denial of service) and bind97 (SL5: denial of service).

Security updates for Wednesday

Post Syndicated from ris original http://lwn.net/Articles/710625/rss

Arch Linux has updated lib32-curl
(two vulnerabilities), lib32-libcurl-compat (two vulnerabilities), lib32-libcurl-gnutls (two vulnerabilities), libcurl-compat (two vulnerabilities), libcurl-gnutls (two vulnerabilities), and pcsclite (privilege escalation).

CentOS has updated ghostscript (C7; C6: multiple vulnerabilities).

Debian has updated libphp-phpmailer (regression in previous update).

Debian-LTS has updated libphp-phpmailer (code execution) and libvncserver (two vulnerabilities).

Fedora has updated borgbackup (F25; F24: two
vulnerabilities) and freeipa (F24: two vulnerabilities).

Gentoo has updated firefox (multiple vulnerabilities).

Mageia has updated kernel-linus (multiple vulnerabilities), kernel-tmb (multiple vulnerabilities), libupnp (code execution), and python-html5lib (cross-site scripting).

openSUSE has updated dnsmasq
(42.2, 42.1: denial of service), samba (42.2; 42.1:
three vulnerabilities), and wget (42.2,
42.1: race condition).

Red Hat has updated ghostscript (RHEL7; RHEL6:
multiple vulnerabilities), kernel (RHEL7.1:
denial of service), and systemd (RHEL7.1: denial of service).

Scientific Linux has updated ghostscript (SL7; SL6:
multiple vulnerabilities) and ipa (SL7: two vulnerabilities).

Monday’s security updates

Post Syndicated from ris original http://lwn.net/Articles/709660/rss

Arch Linux has updated qt5-webengine (multiple vulnerabilities).

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).

Debian has updated php5 (unknown), samba (multiple vulnerabilities), tomcat7 (multiple vulnerabilities), and tomcat8 (multiple vulnerabilities).

Debian-LTS has updated game-music-emu (multiple vulnerabilities), icedove (multiple vulnerabilities), libupnp (code execution), libupnp4 (code execution), most (command execution), nagios3 (two vulnerabilities), php5 (multiple vulnerabilities), tomcat6 (privilege escalation), tomcat6 (regression in previous update), and tomcat7 (privilege escalation).

Fedora has updated firefox (F23:
denial of service), gd (F24: three
vulnerabilities), golang (F23: denial of
service), kernel (F25; F24: out of bounds stack read), perl-DBD-MySQL (F23: two vulnerabilities),
unzip (F25; F24: buffer overflows), and xen (F23: multiple vulnerabilities).

openSUSE has updated firefox
(42.2, 42.1, 13.2: multiple vulnerabilities), gc (13.2: code execution), and lxc (42.2, 42.1, 13.2: directory traversal).

SUSE has updated kernel
(SLE12-SP1: two vulnerabilities) and xen
(SLE11-SP4: multiple vulnerabilities).

Ubuntu has updated apt (16.10:
regression in previous update).

Security advisories for Friday

Post Syndicated from jake original http://lwn.net/Articles/709455/rss

Arch Linux has updated flashplugin (multiple vulnerabilities) and lib32-flashplugin (multiple vulnerabilities).

Debian has updated libupnp (two vulnerabilities).

Debian-LTS has updated firefox-esr (multiple vulnerabilities) and icu (two vulnerabilities, one from 2014).

Fedora has updated chromium (F25; F24: multiple vulnerabilities),
firefox (F25; F24: denial of service), gstreamer-plugins-bad-free (F24: code
execution), gstreamer-plugins-good (F24:
multiple vulnerabilities), and libgsf (F24: denial of service).

Mageia has updated chromium-browser-stable (multiple vulnerabilities) and firefox (multiple vulnerabilities).

Thursday’s security advisories

Post Syndicated from jake original http://lwn.net/Articles/697563/rss

Arch Linux has updated chromium
(multiple vulnerabilities) and linux-zen (connection hijacking).

Debian has updated gnupg (flawed
random number generation) and libgcrypt20
(flawed random number generation).

Debian-LTS has updated libupnp
(arbitrary file overwrite).

Fedora has updated bind (F23:
denial of service), fontconfig (F23:
privilege escalation), and python3 (F23:
proxy injection).

SUSE has updated xen (SLE12: multiple vulnerabilities,
one from 2014) and yast2-ntp-client (SLE10:
multiple vulnerabilities, most from 2015).

Ubuntu has updated fontconfig
(16.04, 14.04, 12.04: privilege escalation).

Security updates for Monday

Post Syndicated from ris original http://lwn.net/Articles/696693/rss

Arch Linux has updated glibc (two
denial of service vulnerabilities), lib32-glibc (two denial of service
vulnerabilities), and libupnp
(unauthenticated access).

Debian has updated kde4libs (command execution) and lighttpd (man-in-the-middle attacks).

Debian-LTS has updated mongodb (two vulnerabilities), mupdf (denial of service), and openjdk-7 (multiple vulnerabilities).

Fedora has updated curl (F24:
three vulnerabilities), firefox (F23:
multiple vulnerabilities), libgcrypt (F23:
key leak), and xen (F24: multiple vulnerabilities).

Mageia has updated ruby-eventmachine (denial of service).

openSUSE has updated bsdiff
(Leap42.1, 13.2: denial of service), Chromium (Leap42.1, 13.2; SPH for SLE12: multiple
vulnerabilities), java-1_8_0-openjdk (13.2:
multiple vulnerabilities), libvirt
(Leap42.1: authentication bypass), redis (Leap42.1, 13.2; SPH for SLE12: information leak),
and wireshark (Leap42.1, 13.2: multiple vulnerabilities).

Slackware has updated curl (three
vulnerabilities), firefox (multiple
vulnerabilities), openssh (two vulnerabilities), and stunnel (two vulnerabilities).

Oh Nine Sixteen

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/oh-nine-sixteen.html

#nocomments y

As a followup to Oh Nine
here’s a little overview of the changes coming with PulseAudio 0.9.16 which will be part of
Fedora 12 (already in Rawhide; I think Ubuntu Karmic (?) will have it

A New Mixer Logic

We now try to control more than just a single ALSA mixer element for volume
control. This increases the hardware volume range and granularity exposed and
should also help minimizing problems by incomplete or incorrect default mixer
initialization on the lower levels.

This also adds support for allowing selection of input/output ports for
sound cards. This is used to expose changing between Mic vs. Line-In for input
source selection and Headphones vs. Speaker for output selection (of course the
list of available port is strictly dependant on what you hardware supports).
The list of available ports is deliberately kept minimal.

Thanks to Bastien the newest GNOME Volume Control now exposes profile/port
switching quite nicely, which he
blogged about.
screenshot shows how the port (here called ‘Connector’) can be selected
in the new dialog.

The mixer rework also allows us to handle semi-pro/pro sound cards a bit
more flexibly. For example, which profiles/ports are exposed in PulseAudio or
how specific mixer elements are handled can now be controlled by editing .ini
file like configuration files in /usr/share/pulseaudio/alsa-mixer/.
this mail for more information about this.

UPnP MediaServer Support

PulseAudio now integrates with Zeeshan’s fabulous Rygel UPnP/DLNA MediaServer. If enabled
Rygel will automatically expose all local audio devices which are managed by
PulseAudio as UPnP/DLNA MediaServer items which your UPnP/DLNA MediaRenderers
can now tune into. (Meaning: you can now stream audio from your PC directly to
your UPnP DMP (Digital Media Player) device, such as the PS3.) Communication
between Rygel and PulseAudio follows our little Media Server Spec on the
. This nicely complements the RAOP (Apple Airport) support we
introduced in PulseAudio 0.9.15. In one of the next versions of
PulseAudio/Rygel we hope to add support for PulseAudio becoming a MediaRenderer
as well. This will then not only allow you to stream from your PC to your
DMP device, but also allows PulseAudio to act as
“networked speaker”, which can be used by any UPnP/AV/DLNA control point, such
as Windows’ Media Player.

Hotplug Support Improved

If you select a particular device as the default for a specific application
or class of streams, then when unplugging the device PulseAudio moves the stream
automatically to another audio device if one exists. New in PulseAudio 0.9.16
is that if you replug the audio device the stream will instantly be moved back,
requiring no further user intervention.

Also, PulseAudio now includes some implicit rules for doing the ‘right
thing’ when finding an audio device for an application. For example, unless
configured otherwise it will now route telephony applications automatically to
Bluetooth headsets if one is connected, in favour of the internal sound card of
the computer.

Surround Sound Support for Event Sounds

This is more a new feature of libcanberra than
of PulseAudio, but nonetheless: we now support surround for events sounds.
This allows us to play full 5.1 login sounds for example, in best THX cinema
fashion. We’d love to ship a 5.1 sound for login by default in sound-theme-freedesktop.
We’d be very thankful if you would be willing to contribute a sound
here, or two! A sound a bit less bombastic than the famous cinema THX effect
would probably be a good idea though.

And then there’s of course the usual batch of fixes and small improvements.
A substantial number of non-user visible changes have been made as well. For
example, as HAL is now obsolete PulseAudio now moved to udev for its device
discovery needs. We replaced our gdbm support by support for tdb. Also,
we stripped all security senstive code from PulseAudio, and ported it to use
RealtimeKit instead.
For the upcoming distributions that means that PulseAudio will run as real-time
process by default, improving drop-out safety.

And for some extra PA eye-candy, have a look on Impulse!