February 2017 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1023012] VUL-1: tigervnc: vncserver vulnerable by remote attackers
by bugzilla_noreply＠novell.com 01 Feb '17

01 Feb '17

http://bugzilla.suse.com/show_bug.cgi?id=1023012 Marcus Meissner <meissner(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner(a)suse.com Summary|vncserver vulnerable by |VUL-1: tigervnc: vncserver |remote attackers |vulnerable by remote | |attackers -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1020823] Chromium 54 can't establish SSL connection
by bugzilla_noreply＠novell.com 01 Feb '17

01 Feb '17

http://bugzilla.novell.com/show_bug.cgi?id=1020823 http://bugzilla.novell.com/show_bug.cgi?id=1020823#c1 Tomáš Chvátal <tchvatal(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Tomáš Chvátal <tchvatal(a)suse.com> --- We updated to 56.x which does not observe this issue -> closing :) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1022432] New: vncserver does not allow connection from 2nd time on
by bugzilla_noreply＠novell.com 01 Feb '17

01 Feb '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1022432 Bug ID: 1022432 Summary: vncserver does not allow connection from 2nd time on Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: x86-64 OS: openSUSE 42.2 Status: NEW Severity: Major Priority: P5 - None Component: X.Org Assignee: xorg-maintainer-bugs(a)forge.provo.novell.com Reporter: hnch(a)gmx.net QA Contact: xorg-maintainer-bugs(a)forge.provo.novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36 Build Identifier: vncserver allows connection from vncviewer at the first time, but immediately terminates connection from second attempt on. Logging in on 42.2 system from my local machine and starting vncserver: henning@deepthought:~> ssh -L 6100:localhost:6100 host113 Password: Last login: Sat Jan 28 11:08:05 2017 from <redacted> Have a lot of fun... henning@host113:~> vncserver -geometry 1280x720 :200 New 'host113:200 (henning)' desktop is host113:200 Starting applications specified in /home/henning/.vnc/xstartup Log file is /home/henning/.vnc/host113:200.log First connection from local machine works: henning@deepthought:~> vncviewer localhost:6100 Connected to RFB server, using protocol version 3.8 Performing standard VNC authentication Password: Authentication successful Desktop name "host113:200 (henning)" VNC server default format: 32 bits per pixel. Least significant byte first in each pixel. True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0 Warning: Cannot convert string "-*-helvetica-bold-r-*-*-16-*-*-*-*-*-*-*" to type FontStruct Using default colormap which is TrueColor. Pixel format: 32 bits per pixel. Least significant byte first in each pixel. True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0 Same machine: preferring raw encoding Second connection attempt: henning@deepthought:~> vncviewer localhost:6100 Connected to RFB server, using protocol version 3.8 Performing standard VNC authentication Password: Authentication successful Desktop name "host113:200 (henning)" VNC server default format: 32 bits per pixel. Least significant byte first in each pixel. True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0 Warning: Cannot convert string "-*-helvetica-bold-r-*-*-16-*-*-*-*-*-*-*" to type FontStruct Using default colormap which is TrueColor. Pixel format: 32 bits per pixel. Least significant byte first in each pixel. True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0 Same machine: preferring raw encoding vncviewer: VNC server closed connection I will attach server log. Reproducible: Always Steps to Reproduce: 1. vncserver -geometry 1280x720 :200 2. vncviewer localhost:6100 3. vncviewer localhost:6100 Actual Results: Connected to RFB server, using protocol version 3.8 Performing standard VNC authentication Password: Authentication successful Desktop name "host113:200 (henning)" VNC server default format: 32 bits per pixel. Least significant byte first in each pixel. True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0 Warning: Cannot convert string "-*-helvetica-bold-r-*-*-16-*-*-*-*-*-*-*" to type FontStruct Using default colormap which is TrueColor. Pixel format: 32 bits per pixel. Least significant byte first in each pixel. True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0 Same machine: preferring raw encoding vncviewer: VNC server closed connection Expected Results: Connected to RFB server, using protocol version 3.8 Performing standard VNC authentication Password: Authentication successful Desktop name "host113:200 (henning)" VNC server default format: 32 bits per pixel. Least significant byte first in each pixel. True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0 Warning: Cannot convert string "-*-helvetica-bold-r-*-*-16-*-*-*-*-*-*-*" to type FontStruct Using default colormap which is TrueColor. Pixel format: 32 bits per pixel. Least significant byte first in each pixel. True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0 Same machine: preferring raw encoding -- You are receiving this mail because: You are on the CC list for the bug.

1 9

[Bug 1005386] fdupes does not deterministically switch between files and links
by bugzilla_noreply＠novell.com 01 Feb '17

01 Feb '17

http://bugzilla.suse.com/show_bug.cgi?id=1005386 http://bugzilla.suse.com/show_bug.cgi?id=1005386#c18 --- Comment #18 from Peter Simons <psimons(a)suse.com> --- (In reply to Leonardo Chiquitto from comment #17) > Did you submit "1.61" to Factory in the end? I couldn't find the package > anywhere. It's in Factory already: https://build.opensuse.org/request/show/446771 Progress in Leap depends on https://fate.suse.com/322104, however. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 821612] bad release number in update candidate openSUSE:Maintenance:1686:176387
by bugzilla_noreply＠novell.com 01 Feb '17

01 Feb '17

http://bugzilla.suse.com/show_bug.cgi?id=821612 Swamp Workflow Management <swamp(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:4070:important |ibs:running:4070:important | |ibs:running:4098:important -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 824171] prepared kernel update openSUSE_Maintenance_1695 is not installable
by bugzilla_noreply＠novell.com 01 Feb '17

01 Feb '17

http://bugzilla.suse.com/show_bug.cgi?id=824171 Swamp Workflow Management <swamp(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:4070:important |ibs:running:4070:important | |ibs:running:4098:important -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1022053] mozilla/mozilla-nss: libfreebl3 3.28.1 and libsoftokn3 3.28.1 cause the JVM to crash when using sun.security.ec.ECKeyPairGenerator
by bugzilla_noreply＠novell.com 01 Feb '17

01 Feb '17

http://bugzilla.suse.com/show_bug.cgi?id=1022053 Swamp Workflow Management <swamp(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |obs:running:6339:important -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1022999] New: VUL-0: CVE-2017-0358: ntfs-3g: modprobe influence vulnerability via environment variables
by bugzilla_noreply＠novell.com 01 Feb '17

01 Feb '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1022999 Bug ID: 1022999 Summary: VUL-0: CVE-2017-0358: ntfs-3g: modprobe influence vulnerability via environment variables Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Ref: http://seclists.org/oss-sec/2017/q1/259 ============================================== Hi, Jann Horn, Project Zero (Google) discovered that ntfs-3g, a read-write NTFS driver for FUSE does not not scrub the environment before executing modprobe to load the fuse module. This influence the behavior of modprobe (MODPROBE_OPTIONS environment variable, --config and --dirname options) potentially allowing for local root privilege escalation if ntfs-3g is installed setuid. This is the case for Debian, Ubuntu and probably Gentoo. This problem is in the source since 2008, maybe before. The fix is easy, use execle instead of execl and pass NULL as environment variables. -- cut -- --- ntfs-3g/src/lowntfs-3g.c.ref 2016-12-31 08:56:59.011749600 +0100 +++ ntfs-3g/src/lowntfs-3g.c 2017-01-05 14:41:52.041473700 +0100 @@ -4291,13 +4291,14 @@ struct stat st; pid_t pid; const char *cmd = "/sbin/modprobe"; + char *env = (char*)NULL; struct timespec req = { 0, 100000000 }; /* 100 msec */ fuse_fstype fstype; if (!stat(cmd, &st) && !geteuid()) { pid = fork(); if (!pid) { - execl(cmd, cmd, "fuse", NULL); + execle(cmd, cmd, "fuse", NULL, &env); _exit(1); } else if (pid != -1) waitpid(pid, NULL, 0); --- ntfs-3g/src/ntfs-3g.c.ref 2016-12-31 08:56:59.022518700 +0100 +++ ntfs-3g/src/ntfs-3g.c 2017-01-05 15:45:45.912499400 +0100 @@ -3885,13 +3885,14 @@ struct stat st; pid_t pid; const char *cmd = "/sbin/modprobe"; + char *env = (char*)NULL; struct timespec req = { 0, 100000000 }; /* 100 msec */ fuse_fstype fstype; if (!stat(cmd, &st) && !geteuid()) { pid = fork(); if (!pid) { - execl(cmd, cmd, "fuse", NULL); + execle(cmd, cmd, "fuse", NULL, &env); _exit(1); } else if (pid != -1) waitpid(pid, NULL, 0); -- cut -- CVE-2017-0358 is assigned to this issue by Salvatore Bonaccorso, Debian Security Team. Regards, Laszlo/GCS ============================================== https://software.opensuse.org/package/ntfs-3g TW: 2016.2.22 official repo 42.(1|2): 2013.1.13 official repo -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1023004] VUL-0: CVE-2017-2615: kvm: qemu: display: cirrus: oob access while doing bitblt copy backward mode
by bugzilla_noreply＠novell.com 01 Feb '17

01 Feb '17

http://bugzilla.novell.com/show_bug.cgi?id=1023004 SMASH SMASH <smash_bz(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| | | |CVSSv2:RedHat:CVE-2017-2615 | |:4.9:(AV:A/AC:M/Au:S/C:P/I: | |P/A:P) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1022550] New: Live media shouldn't check for updates
by bugzilla_noreply＠novell.com 01 Feb '17

01 Feb '17

http://bugzilla.suse.com/show_bug.cgi?id=1022550 Bug ID: 1022550 Summary: Live media shouldn't check for updates Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Live Medium Assignee: coolo(a)suse.com Reporter: adrien.plazas(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- When booting a Tumbleweed GNOME live medium, trying to install the system right after booting fails because PackageKit is taken by the update mechanism; you have to wait for the update manager to finish its job before being able to install the system. The problem is that looking for updates on live media makes no sense so we should disable it. -- You are receiving this mail because: You are on the CC list for the bug.

1 3