February 2020 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1141777] VUL-1: CVE-2019-1010048: upx: 3.95 is affected by: Integer Overflow. The impact is: attacker can cause a denial of service. The component is: src/p_lx_elf.cpp PackLinuxElf32:PackLinuxElf32help1() Line 262.
by bugzilla_noreply＠novell.com 06 Feb '20

06 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1141777 http://bugzilla.suse.com/show_bug.cgi?id=1141777#c3 --- Comment #3 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2020:0180-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1094138,1141777,1143839,1159833,1159920 CVE References: CVE-2018-11243,CVE-2019-1010048,CVE-2019-14296,CVE-2019-20021,CVE-2019-20053 Sources used: openSUSE Backports SLE-15-SP1 (src): upx-3.96-bp151.4.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1094138] VUL-0: CVE-2018-11243: upx: PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service
by bugzilla_noreply＠novell.com 06 Feb '20

06 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1094138 http://bugzilla.suse.com/show_bug.cgi?id=1094138#c7 --- Comment #7 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2020:0180-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1094138,1141777,1143839,1159833,1159920 CVE References: CVE-2018-11243,CVE-2019-1010048,CVE-2019-14296,CVE-2019-20021,CVE-2019-20053 Sources used: openSUSE Backports SLE-15-SP1 (src): upx-3.96-bp151.4.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162784] VUL-1: CVE-2019-15621: nextcloud: Improper permissions preservation causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link
by bugzilla_noreply＠novell.com 06 Feb '20

06 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162784 http://bugzilla.suse.com/show_bug.cgi?id=1162784#c4 --- Comment #4 from Swamp Workflow Management <swamp(a)suse.de> --- This is an autogenerated message for OBS integration: This bug (1162784) was mentioned in https://build.opensuse.org/request/show/770689 15.1 / nextcloud https://build.opensuse.org/request/show/770691 Backports:SLE-15-SP1 / nextcloud -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162782] VUL-1: CVE-2020-8118: nextcloud: An authenticated server-side request forgery allowed to detect local and remote services when adding a new subscription in the calendar application
by bugzilla_noreply＠novell.com 06 Feb '20

06 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162782 http://bugzilla.suse.com/show_bug.cgi?id=1162782#c6 --- Comment #6 from Swamp Workflow Management <swamp(a)suse.de> --- This is an autogenerated message for OBS integration: This bug (1162782) was mentioned in https://build.opensuse.org/request/show/770689 15.1 / nextcloud https://build.opensuse.org/request/show/770691 Backports:SLE-15-SP1 / nextcloud -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162781] VUL-1: CVE-2020-8119: nextcloud: Improper authorization causes leaking of previews and files when a file-drop share link is opened via the gallery app
by bugzilla_noreply＠novell.com 06 Feb '20

06 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162781 http://bugzilla.suse.com/show_bug.cgi?id=1162781#c7 --- Comment #7 from Swamp Workflow Management <swamp(a)suse.de> --- This is an autogenerated message for OBS integration: This bug (1162781) was mentioned in https://build.opensuse.org/request/show/770689 15.1 / nextcloud https://build.opensuse.org/request/show/770691 Backports:SLE-15-SP1 / nextcloud -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162776] VUL-1: CVE-2019-15624: nextcloud: Improper Input Validation allows group admins to create users with IDs of system folders
by bugzilla_noreply＠novell.com 06 Feb '20

06 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162776 http://bugzilla.suse.com/show_bug.cgi?id=1162776#c2 --- Comment #2 from Swamp Workflow Management <swamp(a)suse.de> --- This is an autogenerated message for OBS integration: This bug (1162776) was mentioned in https://build.opensuse.org/request/show/770689 15.1 / nextcloud https://build.opensuse.org/request/show/770691 Backports:SLE-15-SP1 / nextcloud -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162775] VUL-1: CVE-2019-15623: nextcloud: Exposure of Private Information causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled
by bugzilla_noreply＠novell.com 06 Feb '20

06 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162775 http://bugzilla.suse.com/show_bug.cgi?id=1162775#c5 --- Comment #5 from Swamp Workflow Management <swamp(a)suse.de> --- This is an autogenerated message for OBS integration: This bug (1162775) was mentioned in https://build.opensuse.org/request/show/770689 15.1 / nextcloud https://build.opensuse.org/request/show/770691 Backports:SLE-15-SP1 / nextcloud -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162766] VUL-1: CVE-2019-15613: nextcloud: workflow rules to depend their behaviour on the file extension when checking file mimetypes
by bugzilla_noreply＠novell.com 06 Feb '20

06 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162766 http://bugzilla.suse.com/show_bug.cgi?id=1162766#c4 --- Comment #4 from Swamp Workflow Management <swamp(a)suse.de> --- This is an autogenerated message for OBS integration: This bug (1162766) was mentioned in https://build.opensuse.org/request/show/770689 15.1 / nextcloud https://build.opensuse.org/request/show/770691 Backports:SLE-15-SP1 / nextcloud -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1161832] kernel: scsi_dh_alua: module verification failed: signature and/or required key missing - tainting kernel
by bugzilla_noreply＠novell.com 06 Feb '20

06 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1161832 http://bugzilla.suse.com/show_bug.cgi?id=1161832#c11 --- Comment #11 from Suse User <suseino(a)riseup.net> --- Created attachment 829503 --> http://bugzilla.suse.com/attachment.cgi?id=829503&action=edit lscpu > This is 32bit. Yes, as reported initially. > Why does pesign fail completely for 32bit? I don't know. I am not an expert. > BTW do you have so old CPU, that -pae doesn't work on it? Attaching lscpu. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1161562] New: VUL-1: CVE-2019-19274: python-typed-ast: out-of-bounds read may crash Python interpreter
by bugzilla_noreply＠novell.com 06 Feb '20

06 Feb '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1161562 Bug ID: 1161562 Summary: VUL-1: CVE-2019-19274: python-typed-ast: out-of-bounds read may crash Python interpreter Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/248003/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: sebix+novell.com(a)sebix.at Reporter: atoptsoglou(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2019-19274 typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.) References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19274 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19274.html https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827… https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5c… https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0ac… https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb50049… http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19274 https://bugs.python.org/issue36495 -- You are receiving this mail because: You are on the CC list for the bug.

1 3