August 2020 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1174797] [Build 20200801] openQA test fails in yast2_rmt
by bugzilla_noreply＠suse.com 03 Aug '20

03 Aug '20

https://bugzilla.suse.com/show_bug.cgi?id=1174797 https://bugzilla.suse.com/show_bug.cgi?id=1174797#c2 Dominique Leuenberger <dleuenberger(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(dleuenberger@suse | |.com) | --- Comment #2 from Dominique Leuenberger <dleuenberger(a)suse.com> --- (In reply to Steffen Winterfeldt from comment #1) > Fair enough, but with 'Incorrect name in certificate' I would at least expect > a statement about what was expected and what was found. Else I might > as well assume the test to be wrong. > > At least I didn't see anything obvious about this in the logs. The test does: > script_run("openssl x509 -noout -subject -in 'rmt.crt' | grep 'rmt1.susetest.org'") && die "Incorrect name in certificate ?"; So well possible this is an incorrect test assumption that changed with the most recent changes in yast2-rmt (the test passed until a few days ago) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1174797] [Build 20200801] openQA test fails in yast2_rmt
by bugzilla_noreply＠suse.com 03 Aug '20

03 Aug '20

https://bugzilla.suse.com/show_bug.cgi?id=1174797 https://bugzilla.suse.com/show_bug.cgi?id=1174797#c1 Steffen Winterfeldt <snwint(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dleuenberger(a)suse.com Flags| |needinfo?(dleuenberger@suse | |.com) --- Comment #1 from Steffen Winterfeldt <snwint(a)suse.com> --- Fair enough, but with 'Incorrect name in certificate' I would at least expect a statement about what was expected and what was found. Else I might as well assume the test to be wrong. At least I didn't see anything obvious about this in the logs. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1174830] VUL-1: CVE-2020-1776: otrs: Invalidating or changing user does not invalidate session
by bugzilla_noreply＠suse.com 03 Aug '20

03 Aug '20

https://bugzilla.suse.com/show_bug.cgi?id=1174830 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1174830] New: VUL-1: CVE-2020-1776: otrs: Invalidating or changing user does not invalidate session
by bugzilla_noreply＠suse.com 03 Aug '20

03 Aug '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1174830 Bug ID: 1174830 Summary: VUL-1: CVE-2020-1776: otrs: Invalidating or changing user does not invalidate session Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/264018/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: chris(a)computersalat.de Reporter: atoptsoglou(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2020-1776 When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1776 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1776.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1776 https://otrs.com/release-notes/otrs-security-advisory-2020-13/ -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1171003] use common-auth/common-account for pam configuration
by bugzilla_noreply＠suse.com 03 Aug '20

03 Aug '20

https://bugzilla.suse.com/show_bug.cgi?id=1171003 https://bugzilla.suse.com/show_bug.cgi?id=1171003#c18 Kirk Allan <kallan(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #18 from Kirk Allan <kallan(a)suse.com> --- The pam update should now be available in TW and SLES maintenance channels. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1171764] New: update open-vm-tools to 11.1.0
by bugzilla_noreply＠suse.com 03 Aug '20

03 Aug '20

http://bugzilla.suse.com/show_bug.cgi?id=1171764 Bug ID: 1171764 Summary: update open-vm-tools to 11.1.0 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Virtualization:Tools Assignee: virt-bugs(a)suse.de Reporter: okurth(a)vmware.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- We have released version 11.1.0 of open-vm-tools, see https://github.com/vmware/open-vm-tools/releases/tag/stable-11.1.0 This should be part of SLES 12 and 15 too. This release includes the new sdmp plugin. I will file another bug to put this into a different package. -- You are receiving this mail because: You are on the CC list for the bug.

1 8

[Bug 1171765] New: package open-vm-tools-sdmp
by bugzilla_noreply＠suse.com 03 Aug '20

03 Aug '20

http://bugzilla.suse.com/show_bug.cgi?id=1171765 Bug ID: 1171765 Summary: package open-vm-tools-sdmp Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Virtualization:Tools Assignee: virt-bugs(a)suse.de Reporter: okurth(a)vmware.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 837856 --> http://bugzilla.suse.com/attachment.cgi?id=837856&action=edit patch for spec file With version 11.1.0 of open-vm-tools we added the sdmp plugin, see also bug #1171764 . This should be shipped in a separate, optional package. Note that it has a run time dependency on netstat. Attached is a patch for the spec file that we used in our internal testing. It will need slight adjustments. There is an email thread with Kirk Allan. Thanks! -- You are receiving this mail because: You are on the CC list for the bug.

1 13

[Bug 1173185] Latest Mesa Update breaks Kaffeine output on Radeon (regression in r600 VAAPI driver?)
by bugzilla_noreply＠suse.com 03 Aug '20

03 Aug '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1173185 http://bugzilla.opensuse.org/show_bug.cgi?id=1173185#c40 Stakanov Schufter <stakanov(a)freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(wbauer(a)tmo.at) --- Comment #40 from Stakanov Schufter <stakanov(a)freenet.de> --- tells me that a full switch is not possible because "nothing provides Mesa-dri. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1160663] VUL-0: CVE-2020-1765,CVE-2020-1766, CVE-2020-1767: otrs: update to 6.0. 25 (Security advisories 2020-03, 2020-02 and 2020-01)
by bugzilla_noreply＠suse.com 03 Aug '20

03 Aug '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1160663 http://bugzilla.opensuse.org/show_bug.cgi?id=1160663#c7 Alexandros Toptsoglou <atoptsoglou(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED Flags|needinfo?(atoptsoglou@suse. | |com) | --- Comment #7 from Alexandros Toptsoglou <atoptsoglou(a)suse.com> --- Done -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1174773] VUL-0: CVE-2020-16116: Ark: maliciously crafted archive can install files outside the extraction directory
by bugzilla_noreply＠suse.com 03 Aug '20

03 Aug '20

https://bugzilla.suse.com/show_bug.cgi?id=1174773 https://bugzilla.suse.com/show_bug.cgi?id=1174773#c2 --- Comment #2 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1174773) was mentioned in https://build.opensuse.org/request/show/824154 Factory / ark -- You are receiving this mail because: You are on the CC list for the bug.

1 0