April 2023 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1205801] VUL-0: CVE-2022-39334: nextcloud-desktop: Client incorrectly trusts invalid TLS certificates
by bugzilla_noreply＠suse.com 01 Apr '23

01 Apr '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1205801 http://bugzilla.opensuse.org/show_bug.cgi?id=1205801#c2 --- Comment #2 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1205801) was mentioned in https://build.opensuse.org/request/show/1076605 Backports:SLE-15-SP4 / nextcloud-desktop -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1205800] VUL-0: CVE-2022-39333: nextcloud-desktop: Arbitrary HyperText Markup Language injection in desktop client application
by bugzilla_noreply＠suse.com 01 Apr '23

01 Apr '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1205800 http://bugzilla.opensuse.org/show_bug.cgi?id=1205800#c2 --- Comment #2 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1205800) was mentioned in https://build.opensuse.org/request/show/1076605 Backports:SLE-15-SP4 / nextcloud-desktop -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1205799] VUL-0: CVE-2022-39332: nextcloud-deskop: Arbitrary HyperText Markup Language injection in user status and information
by bugzilla_noreply＠suse.com 01 Apr '23

01 Apr '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1205799 http://bugzilla.opensuse.org/show_bug.cgi?id=1205799#c2 --- Comment #2 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1205799) was mentioned in https://build.opensuse.org/request/show/1076605 Backports:SLE-15-SP4 / nextcloud-desktop -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1205798] VUL-0: CVE-2022-39331: nextcloud-desktop: Arbitrary HyperText Markup Language injection in notifications
by bugzilla_noreply＠suse.com 01 Apr '23

01 Apr '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1205798 http://bugzilla.opensuse.org/show_bug.cgi?id=1205798#c2 --- Comment #2 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1205798) was mentioned in https://build.opensuse.org/request/show/1076605 Backports:SLE-15-SP4 / nextcloud-desktop -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1201070] New: Tumbleweed 20220629: can't install nextcloud-desktop
by bugzilla_noreply＠suse.com 01 Apr '23

01 Apr '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1201070 Bug ID: 1201070 Summary: Tumbleweed 20220629: can't install nextcloud-desktop Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: Mathias.Homann(a)opensuse.org QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- I'm trying to install the nextcloud desktop client on TW 20220629 but it fails with dependency issues: twvm:~ # zypper in nextcloud-desktop Loading repository data... Reading installed packages... Resolving package dependencies... Problem: nothing provides 'libQt5Gui.so.5(Qt_5.15.2_PRIVATE_API)(64bit)' needed by the to be installed nextcloud-desktop-3.5.1-1.1.x86_64 Solution 1: do not install nextcloud-desktop-3.5.1-1.1.x86_64 Solution 2: break nextcloud-desktop-3.5.1-1.1.x86_64 by ignoring some of its dependencies Choose from above solutions by number or cancel [1/2/c/d/?] (c): c twvm:~ # cat /etc/os-release NAME="openSUSE Tumbleweed" # VERSION="20220629" ID="opensuse-tumbleweed" ID_LIKE="opensuse suse" VERSION_ID="20220629" PRETTY_NAME="openSUSE Tumbleweed" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:tumbleweed:20220629" BUG_REPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org/" DOCUMENTATION_URL="https://en.opensuse.org/Portal:Tumbleweed" LOGO="distributor-logo-Tumbleweed" on TW 20220628 it installs ok. -- You are receiving this mail because: You are on the CC list for the bug.

1 10

[Bug 1207978] New: VUL-0: CVE-2023-23944: nextcloud: user's passwordsstored in cleartext in the database during the duration of OAuth2 setup procedure
by bugzilla_noreply＠suse.com 01 Apr '23

01 Apr '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1207978 Bug ID: 1207978 Summary: VUL-0: CVE-2023-23944: nextcloud: user's passwordsstored in cleartext in the database during the duration of OAuth2 setup procedure Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/356232/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: ecsos(a)schirra.net Reporter: thomas.leroy(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2023-23944 Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23944 https://github.com/nextcloud/mail/pull/7797 https://www.cve.org/CVERecord?id=CVE-2023-23944 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g… https://hackerone.com/reports/1806275 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1207977] New: VUL-0: CVE-2023-23943: nextcloud: IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network
by bugzilla_noreply＠suse.com 01 Apr '23

01 Apr '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1207977 Bug ID: 1207977 Summary: VUL-0: CVE-2023-23943: nextcloud: IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/356328/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: ecsos(a)schirra.net Reporter: thomas.leroy(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2023-23943 Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23943 https://www.cve.org/CVERecord?id=CVE-2023-23943 https://github.com/nextcloud/mail/pull/7796 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8… https://hackerone.com/reports/1741525 https://hackerone.com/reports/1736390 https://hackerone.com/reports/1746582 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1203617] In plasma5 midnight commander doesn't exit to current directory anymore
by bugzilla_noreply＠suse.com 01 Apr '23

01 Apr '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1203617 http://bugzilla.opensuse.org/show_bug.cgi?id=1203617#c25 --- Comment #25 from Dave Plater <davejplater(a)gmail.com> --- possibly a clue to the reason for this behavior. On 15.4's mc, if I use sudo mc then on exit I return to the original directory I started from. Can it be that mc in Tumbleweed is somehow changing the user when opened and changing back when closed -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1209436] I915 hangs on Kernel vmlinuz-5.14.21-150400.24.49
by bugzilla_noreply＠suse.com 01 Apr '23

01 Apr '23

https://bugzilla.suse.com/show_bug.cgi?id=1209436 https://bugzilla.suse.com/show_bug.cgi?id=1209436#c69 Marcus Meissner <meissner(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #69 from Marcus Meissner <meissner(a)suse.com> --- fixed finally -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1209436] I915 hangs on Kernel vmlinuz-5.14.21-150400.24.49
by bugzilla_noreply＠suse.com 01 Apr '23

01 Apr '23

https://bugzilla.suse.com/show_bug.cgi?id=1209436 https://bugzilla.suse.com/show_bug.cgi?id=1209436#c68 --- Comment #68 from ernst Riepenhausen <riepe(a)muenster.de> --- on my i5-2520 the .55 kernel is starting now correctly. Thank you all for your work! -- You are receiving this mail because: You are on the CC list for the bug.

1 0