http://bugzilla.opensuse.org/show_bug.cgi?id=1173619
Bug ID: 1173619
Summary: VUL-0: unbound: LPE from unbound to root
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 15.1
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: darin(a)darins.net
Reporter: wolfgang.frisch(a)suse.com
QA Contact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
via security(a)suse.de:
I believe to have found a configuration issue in the Unbound package.
Or, depending on how you look at it, in the Unbound server itself.
1. Before starting the Unbound server, systemd routinely runs unbound-anchor.
From 'systemctl cat unbound':
ExecStartPre=/usr/bin/sudo -u unbound /usr/sbin/unbound-anchor -a
/var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem
As you can see this process is run as user unbound.
2. The Unbound server writes a pid file before dropping privileges, i.e. as
root. It then chown's the file in a second step.
'grep username /etc/unbound/unbound.conf':
username: "unbound"
And from the Unbound source:
https://github.com/NLnetLabs/unbound/blob/2a90e8fa1e22aa75d1cf67a1f71ebbf3f…
As you can see in the source, Unbound doesn't check if there is already a
symbolic link in place of the
pid file.
3. openSUSE configures Unbound to create the pid file in a directory owned by
the unbound user.
'grep pidfile /etc/unbound/unbound.conf':
pidfile: "/var/run/unbound/unbound.pid"
'cat /usr/lib/tmpfiles.d/unbound.conf':
D /run/unbound 0755 unbound unbound -
4. unbound-anchor is a nice little "do-one-thing-and-do-it-right" tool.
But if it is compromised, and as it has write permission in the pid file
directory and reliably runs before the server,
an attacker could easily gain full root privileges by just creating a
symbolic link /run/unbound/unbound.pid.
5. IMHO this would be best fixed in openSUSE by creating a root owned
/run/unbound directory,
or changing the pid file path to /run/unbound.pid or something like that.
I think this would have the added advantage that openSUSE could ship and
maybe enforce the Unbound AppArmor profile used in Debian and Ubuntu:
https://gitlab.com/apparmor/apparmor-profiles/-/blob/master/ubuntu/20.04/us…
With the current openSUSE setup there is the problem that if AppArmor
filters CAP_DAC_OVERRIDE, Unbound has no permission
to create a pid file in /run/unbound anymore.
If you have questions please don't hesitate to contact me.
Thanks for taking a look.
Kind regards,
Detlef
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1174051
Bug ID: 1174051
Summary: opensuse-community.org links not working
Classification: openSUSE
Product: openSUSE.org
Version: unspecified
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Wiki
Assignee: suse-beta(a)cboltz.de
Reporter: e-dimas(a)yandex.ru
QA Contact: adrian.schroeter(a)suse.com
Found By: ---
Blocker: ---
I am trying to install codecs using "opensuse-community.org"
But links to "KDE Codecs", "GNOME Codecs", "NVIDIA Graphics Card Driver" do not
work.
I use the browser Firefox.
If you enter "https://opensuse-community.org/codecs-kde.ymp" in the address
bar, the installation of codecs starts.
Please fix the links "1 Click Install".
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1174184
Bug ID: 1174184
Summary: mozilla/firefox78: Bug
Classification: openSUSE
Product: openSUSE.org
Version: unspecified
Hardware: x86-64
OS: Other
Status: NEW
Severity: Critical
Priority: P5 - None
Component: 3rd party software
Assignee: wolfgang(a)rosenauer.org
Reporter: bauglir(a)fsfe.org
QA Contact: bnc-team-screening(a)forge.provo.novell.com
Found By: ---
Blocker: ---
Created attachment 839753
--> http://bugzilla.opensuse.org/attachment.cgi?id=839753&action=edit
Error message
openSuSE Leap 15.2: After upgrading to latest Firefox 78.0.2 version, current
profile opens once and then it starts showing an error window with attatched
message. There's no problem opening new profiles, just opening old profiles.
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1165830
Bug ID: 1165830
Summary: [TRACKER] grand distro cleanup
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
Assignee: lnussel(a)suse.com
Reporter: lnussel(a)suse.com
QA Contact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
track efforts to clean up the distro like
/usr move
/etc cleanup
dependency cleanup
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1167519
Bug ID: 1167519
Summary: VUL-1: CVE-2020-10870: zim: creates temporary
directories with predictable names, enabling malicious
users to prevent other users from being able to start
Zim
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.3
Hardware: Other
URL: https://smash.suse.de/issue/255622/
OS: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: Security
Assignee: luke(a)ljones.dev
Reporter: wolfgang.frisch(a)suse.com
QA Contact: security-team(a)suse.de
Found By: Security Response Team
Blocker: ---
CVE-2020-10870
Zim through 0.72.1 creates temporary directories with predictable names. A
malicious user could predict and create Zim's temporary directories and prevent
other users from being able to start Zim, resulting in a denial of service.
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10870https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10870
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1131707
Bug ID: 1131707
Summary: VUL-1: CVE-2019-10868: In
trytond/model/modelstorage.py in Tryton 4.2 before
4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8
before 4.8.10, and 5.0 before 5.0.6, an authenticated
user can order records based on a field for which he
has no
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.3
Hardware: Other
URL: https://smash.suse.de/issue/228999/
OS: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: Security
Assignee: axel.braun(a)gmx.de
Reporter: atoptsoglou(a)suse.com
QA Contact: security-team(a)suse.de
Found By: Security Response Team
Blocker: ---
CVE-2019-10868
In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before
4.4.19,
4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated
user can order records based on a field for which he has no access right. This
may allow the user to guess values.
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10868http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10868https://hg.tryton.org/trytond/rev/f58bbfe0aefbhttps://discuss.tryton.org/t/security-release-for-issue8189/1262
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1094961
Bug ID: 1094961
Summary: Plymouth delays boot process or hangs
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 15.0
Hardware: x86-64
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Bootloader
Assignee: jsrain(a)suse.com
Reporter: cookie170(a)web.de
QA Contact: jsrain(a)suse.com
Found By: ---
Blocker: ---
Leap 15, fresh install on Lenovo Thinkpad T450s.
Booting took at least a minute, Plymouth showing that moving symbol and
eventually login screen appears.
I added `plymouth.enable=0` to the boot parameters and now boot process only
takes some seconds.
/home is encrypted with LUKS, so I have to provide the PW. Plymouth seems to
hang after this step.
--
You are receiving this mail because:
You are on the CC list for the bug.