December 2018 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1108631] VUL-0: CVE-2018-17097: soundtouch: remote denial of service (double free) in the WavFileBase class in WavFile.cpp
by bugzilla_noreply＠novell.com 03 Dec '18

03 Dec '18

1 0

[Bug 1108630] VUL-0: CVE-2018-17096: soundtouch: remote denial of service (assertion failure and application exit) in the BPMDetect class in BPMDetect.cpp
by bugzilla_noreply＠novell.com 03 Dec '18

03 Dec '18

1 0

[Bug 1107593] VUL-1: CVE-2018-16648: mupdf: fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault)
by bugzilla_noreply＠novell.com 03 Dec '18

03 Dec '18

1 0

[Bug 1106279] VUL-1: CVE-2018-1000656 python-flask: Improper Input Validation via crafted JSON file
by bugzilla_noreply＠novell.com 03 Dec '18

03 Dec '18

1 0

[Bug 1089731] VUL-1: CVE-2018-10113: gegl: The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service
by bugzilla_noreply＠novell.com 03 Dec '18

03 Dec '18

1 0

[Bug 1069904] VUL-0: CVE-2017-14804: build: Exploit extractbuild to write to files in the host system
by bugzilla_noreply＠novell.com 03 Dec '18

03 Dec '18

1 0

[Bug 1115444] logdigest: migrate from cron to systemd timers
by bugzilla_noreply＠novell.com 03 Dec '18

03 Dec '18

http://bugzilla.opensuse.org/show_bug.cgi?id=1115444 http://bugzilla.opensuse.org/show_bug.cgi?id=1115444#c2 Christian Boltz <suse-beta(a)cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse-beta(a)cboltz.de --- Comment #2 from Christian Boltz <suse-beta(a)cboltz.de> --- Please make sure logdigest runs shortly before logrotate. This was easy with cron.daily (the scripts run in alphabethical order, and logdigest < logrotate, so it was done by design). I have no idea how to handle this with systemd timers. As I just noticed, logrotate already switched to a systemd timer (in Tumbleweed and Leap 15) with AccuracySec=12h. That's problematic because logdigest currently might run at a completely different time than logrotate, and might miss half of the log content :-( (On the "positive" side, this explains why the logdigest on my laptop is sometimes very short...) Do you think a bugreport for logrotate is needed? If yes, I'll happily file one. Needless to say that a maintenance update for Leap 15 to get logrotate running shortly after logdigest would be a good idea. (I'll leave it to you how to fix it, and in which package.) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1116116] New: dex Version: was not built properly
by bugzilla_noreply＠novell.com 03 Dec '18

03 Dec '18

http://bugzilla.opensuse.org/show_bug.cgi?id=1116116 Bug ID: 1116116 Summary: dex Version: was not built properly Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kubic Assignee: kubic-bugs(a)opensuse.org Reporter: pgeorgiadis(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Reproducer: ~~~~~~~~~~~~ * In TW: > zypper -n in caasp-dex; caasp-dex version > dex Version: was not built properly > Go Version: go1.10.2 > Go OS/ARCH: linux amd64 * Everywhere, using our container > drpaneas@ASRock-Intel-Ethernet:~> docker run -it --rm registry.opensuse.org/devel/caasp/kubic-container/container/kubic/caasp-dex… > dex Version: was not built properly > Go Version: go1.10.2 > Go OS/ARCH: linux amd64 This happens also for the caasp-dex CaaSP container image within our SUSE Registry. PS: priority up to P3 (after talking with Flavio). -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1107253] New: yast2-rmt fails in the unit test
by bugzilla_noreply＠novell.com 02 Dec '18

02 Dec '18

http://bugzilla.suse.com/show_bug.cgi?id=1107253 Bug ID: 1107253 Summary: yast2-rmt fails in the unit test Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: mlin(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- yast2-rmt fails to build in Leap 15.1 [ 40s] + rake test:unit [ 40s] rspec [ 41s] ....................................................................FF......................F................. [ 41s] [ 41s] Failures: [ 41s] [ 41s] 1) RMT::WizardMariaDBPage#start_database raises an error when mysql can't be started [ 41s] Failure/Error: expect(Yast::SystemdService).to receive(:find!).with('mysql').and_return(service_double) [ 41s] [ 41s] NameError: [ 41s] uninitialized constant Yast::SystemdService [ 41s] Did you mean? SystemExit [ 41s] # ./spec/rmt/wizard_maria_db_page_spec.rb:174:in `block (3 levels) in <top (required)>' [ 41s] [ 41s] 2) RMT::WizardMariaDBPage#start_database returns true when mysql is started [ 41s] Failure/Error: expect(Yast::SystemdService).to receive(:find!).with('mysql').and_return(service_double) [ 41s] [ 41s] NameError: [ 41s] uninitialized constant Yast::SystemdService [ 41s] Did you mean? SystemExit [ 41s] # ./spec/rmt/wizard_maria_db_page_spec.rb:174:in `block (3 levels) in <top (required)>' [ 41s] [ 41s] 3) RMT::Wizard runs and goes through the sequence [ 41s] Failure/Error: subject(:wizard) { described_class.new } [ 41s] [ 41s] NameError: [ 41s] component cannot import namespace 'SystemdService' [ 41s] # ./src/lib/rmt/wizard.rb:38:in `initialize' [ 41s] # ./spec/rmt/wizard_spec.rb:26:in `new' [ 41s] # ./spec/rmt/wizard_spec.rb:26:in `block (2 levels) in <top (required)>' [ 41s] # ./spec/rmt/wizard_spec.rb:58:in `block (2 levels) in <top (required)>' [ 41s] [ 41s] Finished in 0.14208 seconds (files took 0.4578 seconds to load) [ 41s] 110 examples, 3 failures [ 41s] [ 41s] Failed examples: [ 41s] [ 41s] rspec ./spec/rmt/wizard_maria_db_page_spec.rb:178 # RMT::WizardMariaDBPage#start_database raises an error when mysql can't be started [ 41s] rspec ./spec/rmt/wizard_maria_db_page_spec.rb:184 # RMT::WizardMariaDBPage#start_database returns true when mysql is started [ 41s] rspec ./spec/rmt/wizard_spec.rb:35 # RMT::Wizard runs and goes through the sequence [ 41s] [ 41s] rake aborted! [ 41s] Command failed with status (1): [rspec...] [ 41s] /home/abuild/rpmbuild/BUILD/yast2-rmt-1.0.0/Rakefile:32:in `block in <top (required)>' [ 41s] Tasks: TOP => test:unit [ 41s] (See full trace by running task with --trace) [ 41s] error: Bad exit status from /var/tmp/rpm-tmp.CtEswu (%check) -- You are receiving this mail because: You are on the CC list for the bug.

1 16

[Bug 1118065] New: WordPress 4.9.8 packages have a vulnerability in ownership of files
by bugzilla_noreply＠novell.com 02 Dec '18

02 Dec '18

http://bugzilla.opensuse.org/show_bug.cgi?id=1118065 Bug ID: 1118065 Summary: WordPress 4.9.8 packages have a vulnerability in ownership of files Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Apache Assignee: bnc-team-apache(a)forge.provo.novell.com Reporter: david(a)kronlid.net QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- My web server recently got hacked a couple of days ago: Running WordPress 4.9.8 from "server repo" on OpenSUSE 42.3 with apache 2.4 and php 7.2. These specific files were installed on my system from this location: http://download.opensuse.org/repositories/server:/php:/applications/openSUS… wordpress-4.9.8-1.1.noarch.rpm wordpress-apache-4.9.8-1.1.noarch.rpm wordpress-plugins-4.9.8-1.1.noarch.rpm wordpress-themes-4.9.8-1.1.noarch.rpm wordpress-themes-collections-4.9.8-1.1.noarch.rpm The hack modified: wp-config.php to point to another external database loading the content of the web page from that database instead akismet.php had a part of code added a file called wp-upd.php was uploaded containing the same code that was added to akismet.php I have installed no other plugins from the internet. I'm wondering if there is something the people doing the wordpress packaging from OpenSUSE side to prevent this type of attack from being done? The protection of wp-config is inefficient as /etc/wordpress/wp-config is owned by wwwrun and this hack used this ownership to be able to overwrite the file with it's own database settings (and while accessing the file it could also read my old settings). My manual prevention for this attack is to make wp-config readable by wwwrun but only writable by root. Maybe almost all wordpress files should be read only by wwwrun as wordpress is a very common target for hackers? I haven't read through all the logs yet, so at time of writing I don't know if the vulnerability used to modify the files was in apache or wordpress or php. But anyhow it can be solved the same way by protecting the files from being overwritten by an attacker by changing the files ownership and rights if the attack was done through apache or wordpress who use wwwrun. -- You are receiving this mail because: You are on the CC list for the bug.

1 0