December 2018 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1105181] New: [Build 20180815] font in xterm is way bigger than before due to https://build.opensuse.org/package/rdiff/openSUSE:Factory/xterm?linkrev=base&rev=110
by bugzilla_noreply＠novell.com 04 Dec '18

04 Dec '18

http://bugzilla.opensuse.org/show_bug.cgi?id=1105181 Bug ID: 1105181 Summary: [Build 20180815] font in xterm is way bigger than before due to https://build.opensuse.org/package/rdiff/openSUSE:Fact ory/xterm?linkrev=base&rev=110 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other URL: https://openqa.opensuse.org/tests/734371/modules/gnuhe alth_install/steps/9 OS: Other Status: NEW Severity: Major Priority: P5 - None Component: X.Org Assignee: meissner(a)suse.com Reporter: okurz(a)suse.com QA Contact: xorg-maintainer-bugs(a)forge.provo.novell.com CC: dimstar(a)opensuse.org, rbrown(a)suse.com Found By: --- Blocker: Yes ## Observation openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-gnuhealth@64bit fails in [gnuhealth_install](https://openqa.opensuse.org/tests/734371/modules/gnuheal… as well as in many others due to the font changed. Reading the original bug report https://bugzilla.opensuse.org/show_bug.cgi?id=1089049 and according submit requests which state "Adjust the defaults fonts a bit" but I see a big change which maybe was not intended in that way. ## Reproducible Fails since (at least) Build [20180813](https://openqa.opensuse.org/tests/731143) ## Expected result Last good: [20180812](https://openqa.opensuse.org/tests/724590), e.g. in step https://openqa.opensuse.org/tests/724590#step/gnuhealth_setup/11 The change seems to be bigger than expected ## Further details Always latest result in this scenario: [latest](https://openqa.opensuse.org/tests/latest?machine=64bit&version=Tumb… -- You are receiving this mail because: You are on the CC list for the bug.

1 8

[Bug 1094963] Opensuse 15.0 installation or upgrade fails if disk contains encrypted partition LUKS
by bugzilla_noreply＠novell.com 04 Dec '18

04 Dec '18

http://bugzilla.suse.com/show_bug.cgi?id=1094963 http://bugzilla.suse.com/show_bug.cgi?id=1094963#c74 --- Comment #74 from Sebastian Parschauer <sebastian.parschauer(a)suse.com> --- I see, the preferred workaround is in the release notes: > https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/15.0/#sec.upgra… -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1118351] New: VUL-1: CVE-2018-19839: libsass: the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file
by bugzilla_noreply＠novell.com 04 Dec '18

04 Dec '18

http://bugzilla.opensuse.org/show_bug.cgi?id=1118351 Bug ID: 1118351 Summary: VUL-1: CVE-2018-19839: libsass: the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/220101/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: cbosdonnat(a)suse.com Reporter: rfrohl(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2018-19839 In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1118349] New: VUL-1: CVE-2018-19838: libsass: functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file
by bugzilla_noreply＠novell.com 04 Dec '18

04 Dec '18

http://bugzilla.opensuse.org/show_bug.cgi?id=1118349 Bug ID: 1118349 Summary: VUL-1: CVE-2018-19838: libsass: functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/220100/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: cbosdonnat(a)suse.com Reporter: rfrohl(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2018-19838 In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19838 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1118348] New: VUL-1: CVE-2018-19837: libsass: Sass:Eval:operator()(Sass:Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file
by bugzilla_noreply＠novell.com 04 Dec '18

04 Dec '18

http://bugzilla.opensuse.org/show_bug.cgi?id=1118348 Bug ID: 1118348 Summary: VUL-1: CVE-2018-19837: libsass: Sass:Eval:operator()(Sass:Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/220099/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: cbosdonnat(a)suse.com Reporter: rfrohl(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2018-19837 In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19837 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1118346] New: VUL-1: CVE-2018-19827: libsass: a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service or possibly have unspecified other impact
by bugzilla_noreply＠novell.com 04 Dec '18

04 Dec '18

http://bugzilla.opensuse.org/show_bug.cgi?id=1118346 Bug ID: 1118346 Summary: VUL-1: CVE-2018-19827: libsass: a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service or possibly have unspecified other impact Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/220096/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: cbosdonnat(a)suse.com Reporter: rfrohl(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2018-19827 In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19827 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1113191] WDFS not longer mounting Webdav folders
by bugzilla_noreply＠novell.com 04 Dec '18

04 Dec '18

http://bugzilla.suse.com/show_bug.cgi?id=1113191 http://bugzilla.suse.com/show_bug.cgi?id=1113191#c3 Reinhard Max <max(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #3 from Reinhard Max <max(a)suse.com> --- I filed a drop request. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1109310] Install yast icons with module, instead of yast-theme
by bugzilla_noreply＠novell.com 04 Dec '18

04 Dec '18

http://bugzilla.suse.com/show_bug.cgi?id=1109310 http://bugzilla.suse.com/show_bug.cgi?id=1109310#c7 --- Comment #7 from Swamp Workflow Management <swamp(a)suse.de> --- This is an autogenerated message for OBS integration: This bug (1109310) was mentioned in https://build.opensuse.org/request/show/653861 Factory / patterns-kde -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1118324] New: VUL-1: CVE-2018-19842: radare2: getToken in libr/asm/p/asm_x86_nz.c allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data
by bugzilla_noreply＠novell.com 04 Dec '18

04 Dec '18

http://bugzilla.opensuse.org/show_bug.cgi?id=1118324 Bug ID: 1118324 Summary: VUL-1: CVE-2018-19842: radare2: getToken in libr/asm/p/asm_x86_nz.c allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/220104/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: daniel.molkentin(a)suse.com Reporter: rfrohl(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2018-19842 getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19842 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1118323] New: VUL-1: CVE-2018-19843: radare2: opmov in libr/asm/p/asm_x86_nz.c allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data
by bugzilla_noreply＠novell.com 04 Dec '18

04 Dec '18

http://bugzilla.opensuse.org/show_bug.cgi?id=1118323 Bug ID: 1118323 Summary: VUL-1: CVE-2018-19843: radare2: opmov in libr/asm/p/asm_x86_nz.c allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/220105/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: daniel.molkentin(a)suse.com Reporter: rfrohl(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2018-19843 opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19843 -- You are receiving this mail because: You are on the CC list for the bug.

1 1