March 2020 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1122535] VUL-1: CVE-2009-4112: cacti: Privilege escalation under certain conditions
by bugzilla_noreply＠novell.com 01 Mar '20

01 Mar '20

http://bugzilla.suse.com/show_bug.cgi?id=1122535 http://bugzilla.suse.com/show_bug.cgi?id=1122535#c4 --- Comment #4 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2020:0272-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237 Sources used: openSUSE Leap 15.1 (src): cacti-1.2.9-lp151.3.3.1, cacti-spine-1.2.9-lp151.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1122245] VUL-1: CVE-2018-20723: cacti: cross-site scripting (XSS) vulnerability exists in color_templates.php due to lack of escaping of unintended characters in the Name field for a Color.
by bugzilla_noreply＠novell.com 01 Mar '20

01 Mar '20

http://bugzilla.suse.com/show_bug.cgi?id=1122245 http://bugzilla.suse.com/show_bug.cgi?id=1122245#c6 --- Comment #6 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2020:0272-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237 Sources used: openSUSE Leap 15.1 (src): cacti-1.2.9-lp151.3.3.1, cacti-spine-1.2.9-lp151.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1122244] VUL-1: CVE-2018-20724: cacti: cross-site scripting (XSS) vulnerability exists in pollers.php due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
by bugzilla_noreply＠novell.com 01 Mar '20

01 Mar '20

http://bugzilla.suse.com/show_bug.cgi?id=1122244 http://bugzilla.suse.com/show_bug.cgi?id=1122244#c5 --- Comment #5 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2020:0272-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237 Sources used: openSUSE Leap 15.1 (src): cacti-1.2.9-lp151.3.3.1, cacti-spine-1.2.9-lp151.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1122243] VUL-1: CVE-2018-20725: cacti: cross-site scripting (XSS) vulnerability exists in graph_templates.php due to lack of escaping of unintended characters in the Graph Vertical Label.
by bugzilla_noreply＠novell.com 01 Mar '20

01 Mar '20

http://bugzilla.suse.com/show_bug.cgi?id=1122243 http://bugzilla.suse.com/show_bug.cgi?id=1122243#c5 --- Comment #5 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2020:0272-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237 Sources used: openSUSE Leap 15.1 (src): cacti-1.2.9-lp151.3.3.1, cacti-spine-1.2.9-lp151.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1122242] VUL-1: CVE-2018-20726: cacti: cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti in the Website Hostname field for Devices.
by bugzilla_noreply＠novell.com 01 Mar '20

01 Mar '20

http://bugzilla.suse.com/show_bug.cgi?id=1122242 http://bugzilla.suse.com/show_bug.cgi?id=1122242#c5 --- Comment #5 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2020:0272-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237 Sources used: openSUSE Leap 15.1 (src): cacti-1.2.9-lp151.3.3.1, cacti-spine-1.2.9-lp151.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1101139] cacti.conf Apache Invalid command 'Order'
by bugzilla_noreply＠novell.com 01 Mar '20

01 Mar '20

http://bugzilla.suse.com/show_bug.cgi?id=1101139 http://bugzilla.suse.com/show_bug.cgi?id=1101139#c7 --- Comment #7 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2020:0272-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237 Sources used: openSUSE Leap 15.1 (src): cacti-1.2.9-lp151.3.3.1, cacti-spine-1.2.9-lp151.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1101024] missing php packages in cacti.spec
by bugzilla_noreply＠novell.com 01 Mar '20

01 Mar '20

http://bugzilla.suse.com/show_bug.cgi?id=1101024 http://bugzilla.suse.com/show_bug.cgi?id=1101024#c7 --- Comment #7 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2020:0272-1: An update that solves 10 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237 Sources used: openSUSE Leap 15.1 (src): cacti-1.2.9-lp151.3.3.1, cacti-spine-1.2.9-lp151.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1160911] New: Elitebook 840 G6 - Monitor brightness control on keys F3 and F4 does not work
by bugzilla_noreply＠novell.com 01 Mar '20

01 Mar '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1160911 Bug ID: 1160911 Summary: Elitebook 840 G6 - Monitor brightness control on keys F3 and F4 does not work Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Critical Priority: P5 - None Component: Kernel Assignee: kernel-maintainers(a)forge.provo.novell.com Reporter: huy.phung1292(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- [HP Elitebook 840G6] After update the kernel to version 5.4.7-1, the brightness decrease at F3 and increase at F4 does not work anymore. The keys work fine under kernel 5.3.12. Expected: when press F3 and F4 the screen brightness decreases and increases respectively. Actually: nothing happened. -- You are receiving this mail because: You are on the CC list for the bug.

1 9

[Bug 1145779] several perl Modules do not get installed with pcsc-tools (required by gscriptor)
by bugzilla_noreply＠novell.com 01 Mar '20

01 Mar '20

http://bugzilla.suse.com/show_bug.cgi?id=1145779 http://bugzilla.suse.com/show_bug.cgi?id=1145779#c16 --- Comment #16 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-RU-2020:0265-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1145779 CVE References: Sources used: openSUSE Leap 15.1 (src): pcsc-tools-1.5.4-lp151.2.6.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1165368] New: dracut has trouble with /etc/services and /etc/protocols
by bugzilla_noreply＠novell.com 01 Mar '20

01 Mar '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1165368 Bug ID: 1165368 Summary: dracut has trouble with /etc/services and /etc/protocols Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: yast2-maintainers(a)suse.de Reporter: per(a)computer.org QA Contact: jsrain(a)suse.com Found By: --- Blocker: --- I'm setting up some hardware for burn-in and wanted to install Tumbleweed on an NFS root. When trying to rebuild the initrd: https://files.jessen.ch/mm29-dracut-output.txt dracut-install: ERROR: installing '/etc/services' dracut-install: ERROR: installing '/etc/protocols' dracut: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.Lm1PZh/initramfs -a /etc/services /etc/nsswitch.conf /etc/rpc /etc/protocols /etc/idmapd.conf Command line is not complete. Try option "help" sed: can't read /etc/sysconfig/network/ifcfg-: No such file or directory I thought someone might want to know. -- You are receiving this mail because: You are on the CC list for the bug.

1 1