openSUSE Bugs August 2021

bugs@lists.opensuse.org

1 participants
2908 discussions

[Bug 1036968] New: VUL-1: libmad: heap-based buffer overflow in mad_layer_III (layer3.c)

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1036968 Bug ID: 1036968 Summary: VUL-1: libmad: heap-based buffer overflow in mad_layer_III (layer3.c) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 723245 --> http://bugzilla.opensuse.org/attachment.cgi?id=723245&action=edit 00213-libmad-heapoverflow-mad_layer_III_reproducer Ref: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-i… ====================================================== Description: libmad stays for “M”peg “A”udio “D”ecoder library. There is an heap overflow discovered through madplay. The complete ASan output: # madplay -v -i -o raw:out $FILE ==14773==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61e00000fa87 at pc 0x0000004bc8ec bp 0x7ffcda3263d0 sp 0x7ffcda325b80 WRITE of size 2060 at 0x61e00000fa87 thread T0 #0 0x4bc8eb in __asan_memcpy /tmp/portage/sys-devel/llvm-3.9.1-r1/work/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:413 #1 0x7f37ddfa397d in mad_layer_III /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/layer3.c:2635:2 #2 0x7f37ddf6784d in mad_frame_decode /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/frame.c:453:7 #3 0x7f37ddf8c4e4 in run_sync /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/decoder.c:404:11 #4 0x7f37ddf8ac59 in mad_decoder_run /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/decoder.c:557:12 #5 0x5277a1 in decode /tmp/portage/media-sound/madplay-0.15.2b-r1/work/madplay-0.15.2b/player.c:1862:12 #6 0x5277a1 in play_one /tmp/portage/media-sound/madplay-0.15.2b-r1/work/madplay-0.15.2b/player.c:1951 #7 0x5277a1 in play_all /tmp/portage/media-sound/madplay-0.15.2b-r1/work/madplay-0.15.2b/player.c:2041 #8 0x5215a2 in player_run /tmp/portage/media-sound/madplay-0.15.2b-r1/work/madplay-0.15.2b/player.c:2768:14 #9 0x50c46c in main /tmp/portage/media-sound/madplay-0.15.2b-r1/work/madplay-0.15.2b/madplay.c:816:7 #10 0x7f37dce4f78f in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289 #11 0x41aa78 in _init (/usr/bin/madplay+0x41aa78) Affected version: 0.15.1b Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00213-libmad-heapoverflow-mad_l… Timeline: 2017-01-01: bug discovered and reported to upstream 2017-04-30: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: libmad: heap-based buffer overflow in mad_layer_III (layer3.c) ====================================================== (open-)SUSE: https://software.opensuse.org/package/libmad 0.15.1b (TW, 42.{1,2}, multimedia:libs repo) -- You are receiving this mail because: You are on the CC list for the bug.

2 weeks, 1 day

[Bug 1036967] New: VUL-1: libmad: heap-based buffer overflow in mad_bit_skip (bit.c)

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1036967 Bug ID: 1036967 Summary: VUL-1: libmad: heap-based buffer overflow in mad_bit_skip (bit.c) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: mikhail.kasimov(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 723244 --> http://bugzilla.opensuse.org/attachment.cgi?id=723244&action=edit 00211-libmad-heapoverflow-mad_bit_skip_reproducer Ref: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-i… =========================================================== Description: libmad stays for “M”peg “A”udio “D”ecoder library. There is an heap overflow discovered through madplay. The complete ASan output: # madplay -v -i -o raw:out $FILE ==12603==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61200000c09f at pc 0x7f72d6aa05c0 bp 0x7fff03e32040 sp 0x7fff03e32038 READ of size 1 at 0x61200000c09f thread T0 #0 0x7f72d6aa05bf in mad_bit_skip /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/bit.c:130:21 #1 0x7f72d6b032ad in III_huffdecode /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/layer3.c:953:3 #2 0x7f72d6b032ad in III_decode /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/layer3.c:2403 #3 0x7f72d6af1a8e in mad_layer_III /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/layer3.c:2648:13 #4 0x7f72d6ab584d in mad_frame_decode /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/frame.c:453:7 #5 0x7f72d6ada4e4 in run_sync /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/decoder.c:404:11 #6 0x7f72d6ad8c59 in mad_decoder_run /tmp/portage/media-libs/libmad-0.15.1b-r8/work/libmad-0.15.1b/decoder.c:557:12 #7 0x5277a1 in decode /tmp/portage/media-sound/madplay-0.15.2b-r1/work/madplay-0.15.2b/player.c:1862:12 #8 0x5277a1 in play_one /tmp/portage/media-sound/madplay-0.15.2b-r1/work/madplay-0.15.2b/player.c:1951 #9 0x5277a1 in play_all /tmp/portage/media-sound/madplay-0.15.2b-r1/work/madplay-0.15.2b/player.c:2041 #10 0x5215a2 in player_run /tmp/portage/media-sound/madplay-0.15.2b-r1/work/madplay-0.15.2b/player.c:2768:14 #11 0x50c46c in main /tmp/portage/media-sound/madplay-0.15.2b-r1/work/madplay-0.15.2b/madplay.c:816:7 #12 0x7f72d599d78f in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289 #13 0x41aa78 in _init (/usr/bin/madplay+0x41aa78) Affected version: 0.15.1b Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00211-libmad-heapoverflow-mad_b… Timeline: 2017-01-01: bug discovered and reported to upstream 2017-04-30: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: libmad: heap-based buffer overflow in mad_bit_skip (bit.c) =========================================================== (open-)SUSE: https://software.opensuse.org/package/libmad 0.15.1b (TW, 42.{1,2}, multimedia:libs repo) -- You are receiving this mail because: You are on the CC list for the bug.

2 weeks, 1 day

[Bug 1189356] New: Add mpdecimal package

by bugzilla_noreply＠suse.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1189356 Bug ID: 1189356 Summary: Add mpdecimal package Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: skrah(a)bytereef.org QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- This issue coordinates the addition of the mpdecimal package (libmpdec) and the use of --with-system-libmpdec in the Python build. New package =========== https://build.opensuse.org/request/show/911436 Python --with-system-libmpdec build issues ========================================== Since the mpdecimal.h cleanup in mpdecimal-2.5.1, Python 3.9 and 3.8 need these trivial patches (removal of uchar, link against so.3): Python 3.9: https://www.bytereef.org/contrib/decimal.diff Python 3.8: https://www.bytereef.org/contrib/decimal-3.8.diff Python 3.10 should compile without patches. -- You are receiving this mail because: You are on the CC list for the bug.

2 weeks, 1 day

[Bug 1120170] New: [tmux] split-window/new-window behaviour changed when PWD differs from caller current directory

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1120170 Bug ID: 1120170 Summary: [tmux] split-window/new-window behaviour changed when PWD differs from caller current directory Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Other Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: sledz(a)zone42.org QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- tmux 2.8 contains a change in behaviour compared to previous versions when the current directory differs from the contents of the PWD environment variable: Consider running the following at a shell prompt in a tmux session: cd / PWD=/etc tmux split-window With tmux 2.7 (Leap 15.0) the shell in the new split ends up with its current directory set to /, whereas with tmux 2.8 the shell in the new split ends up with its current directory set to /etc. Unfortunately, this breaks processes (such as openembedded's terminal.py) which change the current directory but don't change PWD. The problem was reported upstream at https://github.com/tmux/tmux/issues/1549 and it has been fixed. -- You are receiving this mail because: You are on the CC list for the bug.

2 weeks, 2 days

[Bug 1116887] New: VUL-1: CVE-2018-19387: tmux: format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1116887 Bug ID: 1116887 Summary: VUL-1: CVE-2018-19387: tmux: format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/219484/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: nemysis(a)openSUSE.org Reporter: kbabioch(a)suse.com QA Contact: security-team(a)suse.de CC: mimi.vx(a)gmail.com Found By: Security Response Team Blocker: --- CVE-2018-19387 format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19387 http://www.cvedetails.com/cve/CVE-2018-19387/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19387 https://github.com/tmux/tmux/issues/1547 https://github.com/openbsd/src/commit/b32e1d34e10a0da806823f57f02a4ae6e93d7… -- You are receiving this mail because: You are on the CC list for the bug.

2 weeks, 2 days

[Bug 1131264] New: Backport x86/retpolines: Disable switch jump tables when retpolines are enabled (a9d57ef15cbe327fe54416dd194ee0ea66ae53a4)

by bugzilla_noreply＠novell.com

http://bugzilla.suse.com/show_bug.cgi?id=1131264 Bug ID: 1131264 Summary: Backport x86/retpolines: Disable switch jump tables when retpolines are enabled (a9d57ef15cbe327fe54416dd194ee0ea66ae53a4) Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-maintainers(a)forge.provo.novell.com Reporter: martin.liska(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Please backport the revision into all Linux code streams where we have retpolines enabled. Some micro-benchmark numbers can be seen here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86952#c21 -- You are receiving this mail because: You are on the CC list for the bug.

2 weeks, 2 days

[Bug 1133091] New: LTO: libapparmor build fails

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1133091 Bug ID: 1133091 Summary: LTO: libapparmor build fails Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: martin.liska(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Fails due to: [ 23s] libtool: link: gcc -Wall -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -flto=8 -g -o .libs/test_multi.multi test_multi_multi-test_multi.o -L../src/.libs /home/abuild/rpmbuild/BUILD/apparmor-2.13.2/libraries/libapparmor/src/.libs/libapparmor.so -pthread -Wl,-rpath -Wl,/usr/lib64 [ 23s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: /home/abuild/rpmbuild/BUILD/apparmor-2.13.2/libraries/libapparmor/src/.libs/libapparmor.so: undefined reference to `aa_query_label' libraries/libapparmor/src/kernel.c:symbol_version(__aa_query_label, aa_query_label, APPARMOR_1.1); The package uses symbol versioning: https://en.opensuse.org/openSUSE:LTO#Symbol_versioning -- You are receiving this mail because: You are on the CC list for the bug.

2 weeks, 3 days

[Bug 1133084] New: [META] GCC + LTO package failures

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1133084 Bug ID: 1133084 Summary: [META] GCC + LTO package failures Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: martin.liska(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Meta issue that will track all packages that fail with enabled Link Time Optimization (LTO). For more detail description, please see: https://en.opensuse.org/openSUSE:LTO -- You are receiving this mail because: You are on the CC list for the bug.

2 weeks, 3 days

[Bug 1134234] New: Missing networkmanager applet icon when VPN activated on openSUSEdark

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1134234 Bug ID: 1134234 Summary: Missing networkmanager applet icon when VPN activated on openSUSEdark Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs(a)opensuse.org Reporter: noga.dany(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 804281 --> http://bugzilla.opensuse.org/attachment.cgi?id=804281&action=edit Dark theme, openVPN, missing icon openSUSE Leap 15.0 with all updates on KDE 1) Use openSUSEdark KDE theme 2) Connect with NetworkManager applet to openVPN network 3) I don't see NetworkManager applet icon -- You are receiving this mail because: You are on the CC list for the bug.

2 weeks, 3 days

[Bug 1088564] New: "ssh-agent" is not started on login to Plasma5-Wayland

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1088564 Bug ID: 1088564 Summary: "ssh-agent" is not started on login to Plasma5-Wayland Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs(a)opensuse.org Reporter: nwr10cst-oslnx(a)yahoo.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Build Identifier: This happens in both Leap 15.0 and Tumbleweed. When I login to a Plasma5-Wayland session, "ssh-agent" is not running for the desktop session. This happens whether I use SDDM or GDM for the login manager. I'm aware that Plasma5-Wayland isn't really ready for prime time. Still, it would be nice to have this fixed by the time Leap 15.0 is officially released. My current workaround -- I'm starting "ssh-agent" in the shell startup file (with cross checks so that it isn't started if already running). Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug.

2 weeks, 3 days

← Newer
1
2
3
4
5
6
7
8
...
291
Older →

Jump to page:

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openSUSE Bugs August 2021