February 2020 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1162794] VUL-0: CVE-2019-10784: phpPgAdmin: improper source validation may lead to CSRF
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162794 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162042] New: LDB updated to 2.0.8 - Samba still linked against 2.0.7 - breaks
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1162042 Bug ID: 1162042 Summary: LDB updated to 2.0.8 - Samba still linked against 2.0.7 - breaks Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Factory Status: NEW Severity: Major Priority: P5 - None Component: Samba Assignee: samba-maintainers(a)SuSE.de Reporter: jjmsuse(a)vmnet.us QA Contact: samba-maintainers(a)SuSE.de Found By: --- Blocker: --- My post from the forums: I posted about this issue before on Sep. 10, 2019.. Any time the LDB library is updated, the Samba packages need to be rebuilt to link with the new version. The current TW samba packages are still linked with ldb 2.0.7 and this is causing failures: ldb: module version mismatch in ../../source4/dsdb/samdb/ldb_modules/acl.c : ldb_version=2.0.8 module_version=2.0.7 This seems to happen from time to time. It would be nice if some sort of dependency check was introduced that would force the samba packages to rebuild any time the ldb (or other required libs) are updated. Thanks. I always update with zypper dup --no-allow-vendor-change dc1[.../log/samba] # rpm -qa | grep samba yast2-samba-client-4.2.2-1.2.noarch libsamba-policy0-python3-4.11.3+git.102.3e2882ca77e-1.1.x86_64 libsamba-errors0-4.11.3+git.102.3e2882ca77e-1.1.x86_64 gvfs-backend-samba-1.42.2-3.1.x86_64 samba-libs-4.11.3+git.102.3e2882ca77e-1.1.x86_64 samba-ad-dc-4.11.3+git.102.3e2882ca77e-1.1.x86_64 samba-dsdb-modules-4.11.3+git.102.3e2882ca77e-1.1.x86_64 libsamba-hostconfig0-4.11.3+git.102.3e2882ca77e-1.1.x86_64 samba-libs-python3-4.11.3+git.102.3e2882ca77e-1.1.x86_64 samba-4.11.3+git.102.3e2882ca77e-1.1.x86_64 samba-python3-4.11.3+git.102.3e2882ca77e-1.1.x86_64 yast2-samba-server-4.2.2-1.1.noarch libsamba-credentials0-4.11.3+git.102.3e2882ca77e-1.1.x86_64 samba-client-4.11.3+git.102.3e2882ca77e-1.1.x86_64 libsamba-util0-4.11.3+git.102.3e2882ca77e-1.1.x86_64 libsamba-passdb0-4.11.3+git.102.3e2882ca77e-1.1.x86_64 samba-winbind-4.11.3+git.102.3e2882ca77e-1.1.x86_64 dc1[.../log/samba] # rpm -qa | grep ldb libldb2-2.0.8-1.1.x86_64 python3-ldb-2.0.8-1.1.x86_64 ldb-tools-2.0.8-1.1.x86_64 -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1162277] New: apparmor profiles: use.sbin.nscd profile breaks nscd queries over NIS
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162277 Bug ID: 1162277 Summary: apparmor profiles: use.sbin.nscd profile breaks nscd queries over NIS Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor Assignee: suse-beta(a)cboltz.de Reporter: martin.wilck(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 828723 --> http://bugzilla.suse.com/attachment.cgi?id=828723&action=edit PATCH: apparmor profiles: allow access to /etc/netconfig for nscd I'm using "files nis" for passwd, shadow, and group in nsswitch.conf. I just found that this works for non-local accounts only without nscd: apollon:~ # id hare id: ‘hare’: no such user apollon:~ # systemctl stop nscd apollon:~ # id hare uid=16045(hare) gid=50(suse) groups=50(suse),... apollon:~ # systemctl start nscd apollon:~ # id hare id: ‘hare’: no such user Analysis revealed that this was caused by the apparmor profile usr.sbin.nscd I had indeed seen these messages but didn't realize they meant that no RPC was possible at all. > type=AVC msg=audit(1580402312.471:882): apparmor="DENIED" operation="open" profile="nscd" name="/etc/netconfig" pid=29401 comm="nscd" requested_mask="r" denied_mask="r" fsuid=496 ouid=0 > type=AVC msg=audit(1580402312.471:883): apparmor="DENIED" operation="open" profile="nscd" name="/etc/netconfig" pid=29401 comm="nscd" requested_mask="r" denied_mask="r" fsuid=496 ouid=0 Adding "/etc/netconfig r," to the profile resolves the issue. See attached patch. -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1162790] /etc/services and other files "missing"
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162790 http://bugzilla.suse.com/show_bug.cgi?id=1162790#c1 Thorsten Kukuk <kukuk(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |DUPLICATE --- Comment #1 from Thorsten Kukuk <kukuk(a)suse.com> --- Don't ignore /etc/nsswitch.conf.rpmnew for month ... *** This bug has been marked as a duplicate of bug 1162666 *** -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162666] /etc/services moved
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162666 http://bugzilla.suse.com/show_bug.cgi?id=1162666#c8 Thorsten Kukuk <kukuk(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nt1277(a)gmail.com --- Comment #8 from Thorsten Kukuk <kukuk(a)suse.com> --- *** Bug 1162790 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162795] New: rabbitmq Pacemaker agent reports warnings about non-UTF-8 locale
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1162795 Bug ID: 1162795 Summary: rabbitmq Pacemaker agent reports warnings about non-UTF-8 locale Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: x86-64 OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: OpenStack Assignee: cloud-bugs(a)suse.de Reporter: jmozdzen(a)nde.ag QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- openSUSE Leap 15.1, rabbitmq-server-3.7.23-lp151.150.1.x86_64 from software.opensuse.org / Distribution: Cloud:OpenStack:Master When running RabbitMQ on clustered control nodes, the according resource agent will report the following during each monitoring cycle (i.e. every 30 seconds): Feb 4 17:15:31 controller01 pacemaker-execd[2291]: message repeated 3 times: [ notice: rabbitmq_monitor_27000:14534:stderr [ warning: the VM is running with native name encoding of latin1 which may cause Elixir to malfunction as it expects utf8. Please ensure your locale is set to UTF-8 (which can be verified by running "locale" in your shell) ]] Pacemaker runs the agent with "LC_ALL=C", so the warning about non-UTF-8 is correct. Changing the agent, to set "C.utf-8", corrects the situation: --- cut here --- controller01:/usr/lib/ocf/resource.d/rabbitmq # diff -C 5 rabbitmq-server-ha.dist rabbitmq-server-ha *** rabbitmq-server-ha.dist 2020-02-05 11:01:13.146055039 +0100 --- rabbitmq-server-ha 2020-02-04 17:15:43.559636418 +0100 *************** *** 20,29 **** --- 20,31 ---- # Initialization: : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs + LC_ALL="C.utf-8" + ####################################################################### # Fill in some defaults if no values are specified PATH=/sbin:/usr/sbin:/bin:/usr/bin controller01:/usr/lib/ocf/resource.d/rabbitmq # --- cut here --- Running the modified agent has not shown any negative side effects. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162782] VUL-1: CVE-2020-8118: nextcloud: An authenticated server-side request forgery allowed to detect local and remote services when adding a new subscription in the calendar application
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162782 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162784] VUL-1: CVE-2019-15621: nextcloud: Improper permissions preservation causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162784 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162781] VUL-1: CVE-2020-8119: nextcloud: Improper authorization causes leaking of previews and files when a file-drop share link is opened via the gallery app
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162781 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162778] VUL-1: CVE-2019-15619: nextcloud: Improper neutralization of file names, conversation names and board names causes an XSS when linking them with each others in a project
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162778 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0