August 2021 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1189080] adcli fails with glibc 2.34
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1189080 Chenzi Cao <chcao(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs(a)suse.de |scabrero(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1188489] VUL-0: CVE-2020-36421: mbedtls: side channel in modular exponentiation
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1188489 https://bugzilla.suse.com/show_bug.cgi?id=1188489#c3 --- Comment #3 from Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> --- This was fixed in 2.16.7 and we have 2.16.9 in openSUSE:Leap:15.2:Update. Is the fix needed anywhere else? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189003] Yast is unable to handle encrypted disk
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1189003 https://bugzilla.suse.com/show_bug.cgi?id=1189003#c5 --- Comment #5 from Arvin Schnell <aschnell(a)suse.com> --- The shell expansion should not matter since libstorage-ng/YaST calls blkid without providing a device. So blkid is able to detect the IMSM. The still open question is whether 'blkid -c /dev/null' reports infos about the disks or the partitions of /dev/sda and /dev/sdb (on Leap 15.2). -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189081] bluez fails with glibc 2.34
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1189081 Chenzi Cao <chcao(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs(a)suse.de |acho(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1188490] VUL-0: CVE-2020-36422: mbedtls: side channel allows recovery of an ECC private key
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1188490 https://bugzilla.suse.com/show_bug.cgi?id=1188490#c1 Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pmonrealgonzalez(a)suse.com --- Comment #1 from Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> --- CVE-2020-36422: Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. Found and reported by Alejandro Cabrera Aldaya and Billy Brumley. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1188491] VUL-0: CVE-2020-36423: mbedtls: remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly work
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1188491 https://bugzilla.suse.com/show_bug.cgi?id=1188491#c1 --- Comment #1 from Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> --- CVE-2020-36423: Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). This would cause the original Lucky 13 attack to be possible in those configurations, allowing an active network attacker to recover plaintext after repeated timing measurements under some conditions. Reported and fix suggested by Luc Perneel in #3246. See also: https://github.com/ARMmbed/mbedtls/issues/3246 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1188489] VUL-0: CVE-2020-36421: mbedtls: side channel in modular exponentiation
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1188489 https://bugzilla.suse.com/show_bug.cgi?id=1188489#c2 Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pmonrealgonzalez(a)suse.com --- Comment #2 from Pedro Monreal Gonzalez <pmonrealgonzalez(a)suse.com> --- CVE-2020-36421: Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul Strackx (Fortanix) in #3394. See: https://github.com/ARMmbed/mbedtls/issues/3394 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189086] fuse fails with glibc 2.34
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1189086 Chenzi Cao <chcao(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs(a)suse.de |jengelh(a)inai.de -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189091] grep fails with glibc 2.34
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1189091 Chenzi Cao <chcao(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs(a)suse.de |schwab(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189092] guile fails with glibc 2.34
by bugzilla_noreply＠suse.com 05 Aug '21

05 Aug '21

https://bugzilla.suse.com/show_bug.cgi?id=1189092 Chenzi Cao <chcao(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs(a)suse.de |peter.simons(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0