February 2020 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1162775] VUL-1: CVE-2019-15623: nextcloud: Exposure of Private Information causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162775 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162776] VUL-1: CVE-2019-15624: nextcloud: Improper Input Validation allows group admins to create users with IDs of system folders
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162776 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162766] VUL-1: CVE-2019-15613: nextcloud: workflow rules to depend their behaviour on the file extension when checking file mimetypes
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162766 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162765] VUL-1: CVE-2019-15617: nextcloud: missing check allowed an attacker to set up a new second factor when trying to login
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162765 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162764] VUL-1: CVE-2019-15616: nextcloud: Dangling remote share attempts allow a DNS pollution when running long
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1162764 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162790] New: /etc/services and other files "missing"
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1162790 Bug ID: 1162790 Summary: /etc/services and other files "missing" Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: openSUSE Factory Status: NEW Severity: Major Priority: P5 - None Component: Network Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: nt1277(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Upon upgrading from netcfg-11.6-4.3.noarch to netcfg-11.6-5.1.noarch the following files were moved from /etc to /usr/etc: /etc/ethers /etc/networks /etc/protocols /etc/services Because of this, these files are virtually nonexistent to some program: netadmin:/etc # ls -la /etc/services ls: cannot access '/etc/services': No such file or directory This makes - for example - telnet command unable to connect to switches, etc. managed by me, but I'm afraid there are other negative consequences. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162786] New: Qt documentation for the WebEngine module is missing
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1162786 Bug ID: 1162786 Summary: Qt documentation for the WebEngine module is missing Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE Factory Status: NEW Severity: Normal Priority: P5 - None Component: Development Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: kollix(a)aon.at QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0 Build Identifier: The Qt5 libraries provide also the WebEngine module, e.g. https://doc.qt.io/qt-5/qtwebenginewidgets-module.html However there is no rpm package which provides the documentation for it like it is there for e.g. the Qt Widgets module via the libqt5-qtdoc-qch package. Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1161843] Screen flickering on latest Dell XPS 7390 with kernel: [drm:intel_cpu_fifo_underrun_irq_handler [i915]] *ERROR* CPU pipe A FIFO underrun
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.suse.com/show_bug.cgi?id=1161843 http://bugzilla.suse.com/show_bug.cgi?id=1161843#c12 --- Comment #12 from Takashi Iwai <tiwai(a)suse.com> --- The DRM people are now using gitlab.freedesktop.org for bug tracking. Could you report rather to https://gitlab.freedesktop.org/drm/intel/issues ? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1162780] New: VUL-1: CVE-2020-8117: nextcloud: Improper preservation of permissions causes the event details to be leaked when sharing a non-public event
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1162780 Bug ID: 1162780 Summary: VUL-1: CVE-2020-8117: nextcloud: Improper preservation of permissions causes the event details to be leaked when sharing a non-public event Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/252431/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: ecsos(a)schirra.net Reporter: rfrohl(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2020-8117 Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8117 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8117 https://hackerone.com/reports/439828 https://nextcloud.com/security/advisory/?id=NC-SA-2020-013 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1162779] New: VUL-1: CVE-2019-15618: nextcloud: Missing escaping of HTML in the Updater allowed a reflected XSS when starting the updater from a malicious location.
by bugzilla_noreply＠novell.com 05 Feb '20

05 Feb '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1162779 Bug ID: 1162779 Summary: VUL-1: CVE-2019-15618: nextcloud: Missing escaping of HTML in the Updater allowed a reflected XSS when starting the updater from a malicious location. Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/252409/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: ecsos(a)schirra.net Reporter: rfrohl(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2019-15618 Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15618 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15618 https://nextcloud.com/security/advisory/?id=NC-SA-2020-007 https://hackerone.com/reports/515484 -- You are receiving this mail because: You are on the CC list for the bug.

1 1