May 2017 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1037061] VUL-0: CVE-2017-8394: binutils: libbfd: Segfault in objcopy (_bfd_elf_large_com_section)
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.suse.com/show_bug.cgi?id=1037061 Swamp Workflow Management <swamp(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1037057] VUL-0: CVE-2017-8393: binutils: libbfd: global-buffer-overflow in objcopy (SHT_REL/SHR_RELA sections)
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.suse.com/show_bug.cgi?id=1037057 Swamp Workflow Management <swamp(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1028027] kernel 4.4.49-16-default is triggering mce errors
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.suse.com/show_bug.cgi?id=1028027 http://bugzilla.suse.com/show_bug.cgi?id=1028027#c12 --- Comment #12 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2017:1140-1: An update that solves 10 vulnerabilities and has 49 fixes is now available. Category: security (important) Bug References: 1010032,1012452,1012829,1013887,1014136,1017461,1019614,1021424,1021762,1022340,1023287,1027153,1027512,1027616,1027974,1028027,1028217,1028415,1028883,1029514,1029634,1030070,1030118,1030213,1031003,1031052,1031147,1031200,1031206,1031208,1031440,1031512,1031555,1031579,1031662,1031717,1031831,1032006,1032141,1032345,1032400,1032581,1032673,1032681,1032803,1033117,1033281,1033336,1033340,1033885,1034048,1034419,1034671,1034902,970083,986362,986365,988065,993832 CVE References: CVE-2016-4997,CVE-2016-4998,CVE-2017-2671,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7374,CVE-2017-7616,CVE-2017-7618 Sources used: openSUSE Leap 42.2 (src): kernel-debug-4.4.62-18.6.1, kernel-default-4.4.62-18.6.1, kernel-docs-4.4.62-18.6.2, kernel-obs-build-4.4.62-18.6.1, kernel-obs-qa-4.4.62-18.6.1, kernel-source-4.4.62-18.6.1, kernel-syms-4.4.62-18.6.1, kernel-vanilla-4.4.62-18.6.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1017461] btrfs balance renders system unresponsive and eventually even kills WiFi when quota is enabled
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.suse.com/show_bug.cgi?id=1017461 http://bugzilla.suse.com/show_bug.cgi?id=1017461#c74 --- Comment #74 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2017:1140-1: An update that solves 10 vulnerabilities and has 49 fixes is now available. Category: security (important) Bug References: 1010032,1012452,1012829,1013887,1014136,1017461,1019614,1021424,1021762,1022340,1023287,1027153,1027512,1027616,1027974,1028027,1028217,1028415,1028883,1029514,1029634,1030070,1030118,1030213,1031003,1031052,1031147,1031200,1031206,1031208,1031440,1031512,1031555,1031579,1031662,1031717,1031831,1032006,1032141,1032345,1032400,1032581,1032673,1032681,1032803,1033117,1033281,1033336,1033340,1033885,1034048,1034419,1034671,1034902,970083,986362,986365,988065,993832 CVE References: CVE-2016-4997,CVE-2016-4998,CVE-2017-2671,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7374,CVE-2017-7616,CVE-2017-7618 Sources used: openSUSE Leap 42.2 (src): kernel-debug-4.4.62-18.6.1, kernel-default-4.4.62-18.6.1, kernel-docs-4.4.62-18.6.2, kernel-obs-build-4.4.62-18.6.1, kernel-obs-qa-4.4.62-18.6.1, kernel-source-4.4.62-18.6.1, kernel-syms-4.4.62-18.6.1, kernel-vanilla-4.4.62-18.6.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1037061] New: VUL-0: CVE-2017-8394: binutils: libbfd: Segfault in objcopy (_bfd_elf_large_com_section)
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1037061 Bug ID: 1037061 Summary: VUL-0: CVE-2017-8394: binutils: libbfd: Segfault in objcopy (_bfd_elf_large_com_section) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 723326 --> http://bugzilla.opensuse.org/attachment.cgi?id=723326&action=edit 21414_upstream_crash_info Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8394 ==================================================== Description The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. ==================================================== Hyperlink [1] https://sourceware.org/bugzilla/show_bug.cgi?id=21414 [2] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7eacd66b086cabb1… (see https://sourceware.org/bugzilla/show_bug.cgi?id=21414#c2) (open-)SUSE: https://software.opensuse.org/package/binutils 2.28 (TW, official repo) 2.26.1 (42.{1,2}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 955576] X11:Utilities/feh: Missing jpegexiforient
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.suse.com/show_bug.cgi?id=955576 http://bugzilla.suse.com/show_bug.cgi?id=955576#c3 --- Comment #3 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2017:1139-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1034567,955576 CVE References: CVE-2017-7875 Sources used: openSUSE Leap 42.2 (src): feh-2.18.3-6.3.1 openSUSE Leap 42.1 (src): feh-2.13.1-6.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1037057] New: VUL-0: CVE-2017-8393: binutils: libbfd: global-buffer-overflow in objcopy (SHT_REL/SHR_RELA sections)
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1037057 Bug ID: 1037057 Summary: VUL-0: CVE-2017-8393: binutils: libbfd: global-buffer-overflow in objcopy (SHT_REL/SHR_RELA sections) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 723325 --> http://bugzilla.opensuse.org/attachment.cgi?id=723325&action=edit 21412_upstream_crash_info Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8393 =================================================== Description The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. =================================================== Hyperlink [1] https://sourceware.org/bugzilla/show_bug.cgi?id=21412 [2] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bce964aa6c777d23… (see https://sourceware.org/bugzilla/show_bug.cgi?id=21412#c3) (open-)SUSE: https://software.opensuse.org/package/binutils 2.28 (TW, official repo) 2.26.1 (42.{1,2}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1027925] Incomplete German translation in Plasma 5
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.suse.com/show_bug.cgi?id=1027925 http://bugzilla.suse.com/show_bug.cgi?id=1027925#c8 --- Comment #8 from Bernhard Wiedemann <bwiedemann(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1027925) was mentioned in https://build.opensuse.org/request/show/492375 Factory / rpm -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1037052] New: VUL-0: CVE-2017-8392: binutils: libbfd: objdump segfault - null pointer dereferencing (_bfd_dwarf2_find_nearest_line function)
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1037052 Bug ID: 1037052 Summary: VUL-0: CVE-2017-8392: binutils: libbfd: objdump segfault - null pointer dereferencing (_bfd_dwarf2_find_nearest_line function) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8392 ==================================================== Description The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. Source: MITRE Last Modified: 05/01/2017 ==================================================== Hyperlink [1] https://sourceware.org/bugzilla/show_bug.cgi?id=21409 [2] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=97e83a100aa8250b… (see https://sourceware.org/bugzilla/show_bug.cgi?id=21409#c2) (open-)SUSE: https://software.opensuse.org/package/binutils 2.28 (TW, official repo) 2.26.1 (42.{1,2}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1037051] New: VUL-0: CVE-2017-8401: swftools: out-of-bound read of heap data issue can occur in function png_load()(lib/png.c:724)
by bugzilla_noreply＠novell.com 01 May '17

01 May '17

http://bugzilla.opensuse.org/show_bug.cgi?id=1037051 Bug ID: 1037051 Summary: VUL-0: CVE-2017-8401: swftools: out-of-bound read of heap data issue can occur in function png_load()(lib/png.c:724) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 723321 --> http://bugzilla.opensuse.org/attachment.cgi?id=723321&action=edit CVE-2017-8401_PoC_and_analysis Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8401 ============================================= Description In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. Source: MITRE Last Modified: 05/01/2017 ============================================= Hyperlink [1] https://github.com/matthiaskramm/swftools/issues/14 [2] https://github.com/matthiaskramm/swftools/commit/392fb1f3cd9a5b167787c55161… (open-)SUSE: https://software.opensuse.org/package/swftools 0.9.2 (TW, 42.{1,2}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.

1 1