June 2022 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1200116] New: VUL-0: CVE-2022-31001: out of bounds read can lead to remote DoS
by bugzilla_noreply＠suse.com 01 Jun '22

01 Jun '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1200116 Bug ID: 1200116 Summary: VUL-0: CVE-2022-31001: out of bounds read can lead to remote DoS Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other URL: https://smash.suse.de/issue/333271/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: os.gnome.maintainers(a)gmail.com Reporter: carlos.lopez(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2022-31001 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31001 https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d561… https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-… -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1196682] python-h5py packages built against out-of-date version of HDF5
by bugzilla_noreply＠suse.com 01 Jun '22

01 Jun '22

https://bugzilla.suse.com/show_bug.cgi?id=1196682 https://bugzilla.suse.com/show_bug.cgi?id=1196682#c13 --- Comment #13 from Swamp Workflow Management <swamp(a)suse.de> --- SUSE-SU-2022:1903-1: An update that solves 27 vulnerabilities, contains four features and has 5 fixes is now available. Category: security (important) Bug References: 1072087,1072090,1072108,1072111,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1134298,1167401,1167404,1167405,1169793,1174439,1179521,1196682 CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811 JIRA References: SLE-7766,SLE-7773,SLE-8501,SLE-8604 Sources used: SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1179521] netcdf-cxx4 packages built against out-of-date version of HDF5
by bugzilla_noreply＠suse.com 01 Jun '22

01 Jun '22

https://bugzilla.suse.com/show_bug.cgi?id=1179521 https://bugzilla.suse.com/show_bug.cgi?id=1179521#c21 --- Comment #21 from Swamp Workflow Management <swamp(a)suse.de> --- SUSE-SU-2022:1903-1: An update that solves 27 vulnerabilities, contains four features and has 5 fixes is now available. Category: security (important) Bug References: 1072087,1072090,1072108,1072111,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1134298,1167401,1167404,1167405,1169793,1174439,1179521,1196682 CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811 JIRA References: SLE-7766,SLE-7773,SLE-8501,SLE-8604 Sources used: SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1169793] hdf5: baselibs .so for hdf5_fortran Libraries is incorrect
by bugzilla_noreply＠suse.com 01 Jun '22

01 Jun '22

https://bugzilla.suse.com/show_bug.cgi?id=1169793 https://bugzilla.suse.com/show_bug.cgi?id=1169793#c7 --- Comment #7 from Swamp Workflow Management <swamp(a)suse.de> --- SUSE-SU-2022:1903-1: An update that solves 27 vulnerabilities, contains four features and has 5 fixes is now available. Category: security (important) Bug References: 1072087,1072090,1072108,1072111,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1134298,1167401,1167404,1167405,1169793,1174439,1179521,1196682 CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811 JIRA References: SLE-7766,SLE-7773,SLE-8501,SLE-8604 Sources used: SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1134298] science/hdf5: wrong libname in hpc pkgconfig file
by bugzilla_noreply＠suse.com 01 Jun '22

01 Jun '22

https://bugzilla.suse.com/show_bug.cgi?id=1134298 https://bugzilla.suse.com/show_bug.cgi?id=1134298#c8 --- Comment #8 from Swamp Workflow Management <swamp(a)suse.de> --- SUSE-SU-2022:1903-1: An update that solves 27 vulnerabilities, contains four features and has 5 fixes is now available. Category: security (important) Bug References: 1072087,1072090,1072108,1072111,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1134298,1167401,1167404,1167405,1169793,1174439,1179521,1196682 CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811 JIRA References: SLE-7766,SLE-7773,SLE-8501,SLE-8604 Sources used: SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1200103] secureboot, grub, error message
by bugzilla_noreply＠suse.com 01 Jun '22

01 Jun '22

https://bugzilla.suse.com/show_bug.cgi?id=1200103 Marcus Meissner <meissner(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner(a)suse.com Assignee|screening-team-bugs(a)suse.de |jlee(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1190007] openSUSE Kernel version is old, can't install on my laptop.
by bugzilla_noreply＠suse.com 01 Jun '22

01 Jun '22

https://bugzilla.suse.com/show_bug.cgi?id=1190007 https://bugzilla.suse.com/show_bug.cgi?id=1190007#c17 --- Comment #17 from Daniel Wagner <daniel.wagner(a)suse.com> --- Very late response sorry, got lost. No not really. Still an issue? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1193278] OS doesn't detect properly two identical NVMe with the same UUID.
by bugzilla_noreply＠suse.com 01 Jun '22

01 Jun '22

https://bugzilla.suse.com/show_bug.cgi?id=1193278 https://bugzilla.suse.com/show_bug.cgi?id=1193278#c12 Daniel Wagner <daniel.wagner(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #12 from Daniel Wagner <daniel.wagner(a)suse.com> --- Not much we can do here. Closing bug. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1199801] News-page about 15.4 RC: Download links doesn't work
by bugzilla_noreply＠suse.com 01 Jun '22

01 Jun '22

https://bugzilla.suse.com/show_bug.cgi?id=1199801 https://bugzilla.suse.com/show_bug.cgi?id=1199801#c2 Brian Wengel <m40636067(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WORKSFORME |--- --- Comment #2 from Brian Wengel <m40636067(a)gmail.com> --- Here you are: https://drive.google.com/file/d/16MyB6tIbbkhCgpeMO27w0OT6AEeez_nq/view?usp=… "Download" it all over the place :-P -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1199801] News-page about 15.4 RC: Download links doesn't work
by bugzilla_noreply＠suse.com 01 Jun '22

01 Jun '22

https://bugzilla.suse.com/show_bug.cgi?id=1199801 https://bugzilla.suse.com/show_bug.cgi?id=1199801#c1 Tom�� Ba��ant <tbazant(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |tbazant(a)suse.com Resolution|--- |WORKSFORME --- Comment #1 from Tom�� Ba��ant <tbazant(a)suse.com> --- i cant find these button anymore, reopen if needed -- You are receiving this mail because: You are on the CC list for the bug.

1 0