August 2021 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1188490] VUL-0: CVE-2020-36422: mbedtls: side channel allows recovery of an ECC private key
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1188490 https://bugzilla.suse.com/show_bug.cgi?id=1188490#c2 --- Comment #2 from Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> --- We have fixed versions in: * Version 2.16.9 in openSUSE:Leap:15.2:Update * Version 2.8.0 in openSUSE:Leap:15.1:Update Updated to 2.27.0 in Factory: https://build.opensuse.org/request/show/907287 I think nothing else to be done. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189082] Box2D fails with glibc 2.34
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1189082 https://bugzilla.suse.com/show_bug.cgi?id=1189082#c1 Chenzi Cao <chcao(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs(a)suse.de |dap.darkness(a)gmail.com --- Comment #1 from Chenzi Cao <chcao(a)suse.com> --- Hi There, I'm really not sure whether it is right to assign it to you, please feel free to reassign whenever necessary, thanks. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1188491] VUL-0: CVE-2020-36423: mbedtls: remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly work
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1188491 https://bugzilla.suse.com/show_bug.cgi?id=1188491#c2 Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pmonrealgonzalez(a)suse.com --- Comment #2 from Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> --- We have a fixed version 2.16.9 in openSUSE:Leap:15.2:Update Updated to 2.27.0 in Factory: https://build.opensuse.org/request/show/907287 I think nothing else to be done. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189002] New: Yast auto-update does not work when booting from installation medium
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

http://bugzilla.opensuse.org/show_bug.cgi?id=1189002 Bug ID: 1189002 Summary: Yast auto-update does not work when booting from installation medium Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: x86-64 OS: Other Status: NEW Severity: Major Priority: P5 - None Component: YaST2 Assignee: yast2-maintainers(a)suse.de Reporter: Ulrich.Windl(a)rz.uni-regensburg.de QA Contact: jsrain(a)suse.com Found By: --- Blocker: --- It seems Yast does not update itself as intended, even when there is a network connection available. I don't know whether these messages are related to the failure: 2021-08-02 18:53:36 <1> install(4123) [Ruby] modules/ProductControl.rb(block in AddWizardSteps):833 Adding wizard steps for $["mode":"update", "stage":"initial"] 2021-08-02 18:53:36 <1> install(4123) [Ruby] modules/ProductControl.rb(block in AddWizardSteps):833 Adding wizard steps for $["mode":"update", "stage":"continue"] 2021-08-02 18:53:36 <1> install(4123) [Ruby] modules/ProductControl.rb(FindMatchingWorkflow):499 Index 0 is out of array size 2021-08-02 18:53:36 <1> install(4123) [Ruby] modules/ProductControl.rb(FindMatchingWorkflow):501 Index 0 is out of array size 2021-08-02 18:53:36 <1> install(4123) [Ruby] modules/ProductControl.rb(FindMatchingWorkflow):499 Index 0 is out of array size 2021-08-02 18:53:36 <1> install(4123) [Ruby] modules/ProductControl.rb(FindMatchingWorkflow):501 Index 0 is out of array size 2021-08-02 18:53:36 <1> install(4123) [Ruby] modules/ProductControl.rb(block in AddWizardSteps):850 There are no (more) steps for $["mode":"update", "stage":"continue"], section will be disabled 2021-08-02 18:53:36 <1> install(4123) [Ruby] modules/Installation.rb(Initialize):235 skipping unknown option initial -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1188492] VUL-0: CVE-2020-36424: mbedtls: side-channel attack against generation of base blinding/unblinding values
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1188492 https://bugzilla.suse.com/show_bug.cgi?id=1188492#c1 Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pmonrealgonzalez(a)suse.com --- Comment #1 from Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> --- Resolution: Affected users will want to upgrade to Mbed TLS 2.24.0, 2.16.8 or 2.7.17 depending on the branch they're currently using. We have fixed versions in: * Version 2.16.9 in openSUSE:Leap:15.2:Update * Version 2.8.0 in openSUSE:Leap:15.1:Update -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1188494] VUL-0: CVE-2020-36426: mbedtls: mbedtls_x509_crl_parse_der has a buffer over-read (of one byte)
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1188494 https://bugzilla.suse.com/show_bug.cgi?id=1188494#c1 Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pmonrealgonzalez(a)suse.com --- Comment #1 from Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> --- Resolution: Affected users will want to upgrade to Mbed TLS 2.24.0, 2.16.8 or 2.7.17 depending on the branch they're currently using. We have fixed versions in: * Version 2.16.9 in openSUSE:Leap:15.2:Update * Version 2.8.0 in openSUSE:Leap:15.1:Update -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1188493] VUL-0: CVE-2020-36425: mbedtls: incorrectly uses of revocationDate check when deciding whether to honor certificate revocation via a CRL
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1188493 https://bugzilla.suse.com/show_bug.cgi?id=1188493#c1 Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pmonrealgonzalez(a)suse.com --- Comment #1 from Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> --- Resolution: Affected users will want to upgrade to Mbed TLS 2.24.0, 2.16.8 or 2.7.17 depending on the branch they're currently using. We have fixed versions in: * Version 2.16.9 in openSUSE:Leap:15.2:Update * Version 2.8.0 in openSUSE:Leap:15.1:Update -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1184804] move kernel out of /boot
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1184804 https://bugzilla.suse.com/show_bug.cgi?id=1184804#c69 Michael Chang <mchang(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mchang(a)suse.com --- Comment #69 from Michael Chang <mchang(a)suse.com> --- Hi, Sorry to disturb you. I came to this place from: https://build.opensuse.org/request/show/910116 To verify the fix I have to setup UsrMerge kernel, but was not successful with installing kernel-default from Kernel:stable. FYI using these commands from tumbleweed. > zypper addrepo https://download.opensuse.org/repositories/Kernel:stable/standard/Kernel:st… > zypper refresh > zypper install kernel-default-5.13.8-1.1.g14162fe.x86_64 Please kindly advice me what I could have missed. Thanks in advanced. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189083] elfutils fails with glibc 2.34
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1189083 Chenzi Cao <chcao(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chcao(a)suse.com Assignee|screening-team-bugs(a)suse.de |martin.liska(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189089] gpgme fails with glibc 2.34
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1189089 Chenzi Cao <chcao(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs(a)suse.de |pmonrealgonzalez(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0