October 2024 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1232595] New: VUL-0: CVE-2024-50602: wbxml2: libexpat: DoS via XML_ResumeParser
by bugzilla_noreply＠suse.com 30 Oct '24

30 Oct '24

https://bugzilla.suse.com/show_bug.cgi?id=1232595 Bug ID: 1232595 Summary: VUL-0: CVE-2024-50602: wbxml2: libexpat: DoS via XML_ResumeParser Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other URL: https://smash.suse.de/issue/425799/ OS: Other Status: NEW Whiteboard: CVSSv3.1:SUSE:CVE-2024-50602:5.5:(AV:L/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H) Severity: Normal Priority: P5 - None Component: Security Assignee: cstender(a)opensuse.org Reporter: andrea.mattiazzo(a)suse.com QA Contact: security-team(a)suse.de Blocks: 1232579 Target Milestone: --- Found By: --- Blocker: --- An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50602 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1232604] New: VUL-0: CVE-2024-50602: dasher: libexpat: DoS via XML_ResumeParser
by bugzilla_noreply＠suse.com 30 Oct '24

30 Oct '24

https://bugzilla.suse.com/show_bug.cgi?id=1232604 Bug ID: 1232604 Summary: VUL-0: CVE-2024-50602: dasher: libexpat: DoS via XML_ResumeParser Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other URL: https://smash.suse.de/issue/425799/ OS: Other Status: NEW Whiteboard: CVSSv3.1:SUSE:CVE-2024-50602:5.5:(AV:L/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H) Severity: Normal Priority: P5 - None Component: Security Assignee: os.gnome.maintainers(a)gmail.com Reporter: andrea.mattiazzo(a)suse.com QA Contact: security-team(a)suse.de Blocks: 1232579 Target Milestone: --- Found By: --- Blocker: --- An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50602 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1231323] core dump (Segmentation fault) when ending repository management
by bugzilla_noreply＠suse.com 30 Oct '24

30 Oct '24

https://bugzilla.suse.com/show_bug.cgi?id=1231323 https://bugzilla.suse.com/show_bug.cgi?id=1231323#c36 --- Comment #36 from Stefan Hundhammer <shundhammer(a)suse.com> --- About threads: There are a number of them: yast2───Zypp-main─┬─{Zypp-main} ├─{Zypp-main} ├─{Zypp-main} ├─{Zypp-main} └─{Zypp-main} I am confident that the Ruby interpreter and thus the YaST pkg-bindings are running in the main thread. What part of libzypp goes to which zypp thread I don't know. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1232560] New: VUL-0: CVE-2024-48921: kubearmor-client: kyverno: a kyverno ClusterPolicy can be overridden by the creation of a PolicyException in a random namespace, allowing users with privileges to non-kyverno namespaces to create exceptions
by bugzilla_noreply＠suse.com 30 Oct '24

30 Oct '24

https://bugzilla.suse.com/show_bug.cgi?id=1232560 Bug ID: 1232560 Summary: VUL-0: CVE-2024-48921: kubearmor-client: kyverno: a kyverno ClusterPolicy can be overridden by the creation of a PolicyException in a random namespace, allowing users with privileges to non-kyverno namespaces to create exceptions Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/426194/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: opensuse_buildservice(a)ojkastl.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, security-team(a)suse.de, smash_bz(a)suse.de Blocks: 1232557 Target Milestone: --- Found By: Security Response Team Blocker: --- +++ This bug was initially created as a clone of Bug #1232557 +++ Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. This vulnerability is fixed in 1.13.0. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-48921 https://www.cve.org/CVERecord?id=CVE-2024-48921 https://github.com/kyverno/kyverno/security/advisories/GHSA-qjvc-p88j-j9rm -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1227364] trackerbug: packages build differently without %check
by bugzilla_noreply＠suse.com 30 Oct '24

30 Oct '24

https://bugzilla.suse.com/show_bug.cgi?id=1227364 Bernhard Wiedemann <bwiedemann(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1232550 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1232550] superlu: build fails with --nocheck
by bugzilla_noreply＠suse.com 30 Oct '24

30 Oct '24

https://bugzilla.suse.com/show_bug.cgi?id=1232550 https://bugzilla.suse.com/show_bug.cgi?id=1232550#c4 Bernhard Wiedemann <bwiedemann(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1227364 --- Comment #4 from Bernhard Wiedemann <bwiedemann(a)suse.com> --- LGTM now in science/superlu -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1232567] With Firefox 132 cannot download files - firefox is from mozilla repo
by bugzilla_noreply＠suse.com 30 Oct '24

30 Oct '24

https://bugzilla.suse.com/show_bug.cgi?id=1232567 Wolfgang Rosenauer <wolfgang(a)rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P1 - Urgent -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1232567] With Firefox 132 cannot download files - firefox is from mozilla repo
by bugzilla_noreply＠suse.com 30 Oct '24

30 Oct '24

https://bugzilla.suse.com/show_bug.cgi?id=1232567 https://bugzilla.suse.com/show_bug.cgi?id=1232567#c2 --- Comment #2 from Wolfgang Rosenauer <wolfgang(a)rosenauer.org> --- Interestingly some download actions seem to work correctly. Not exactly sure what the differences are. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1232566] VUL-0: chromium: 130.0.6723.91 stable release
by bugzilla_noreply＠suse.com 30 Oct '24

30 Oct '24

https://bugzilla.suse.com/show_bug.cgi?id=1232566 Marcus Meissner <meissner(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1232489] YaST NTP Configuration generates improper Transmit Timestamp values in tcpdump
by bugzilla_noreply＠suse.com 30 Oct '24

30 Oct '24

https://bugzilla.suse.com/show_bug.cgi?id=1232489 https://bugzilla.suse.com/show_bug.cgi?id=1232489#c5 Stefan Hundhammer <shundhammer(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|yast2-maintainers(a)suse.de |max(a)suse.com QA Contact|jsrain(a)suse.com |qa-bugs(a)suse.de CC| |mpluskal(a)suse.com Component|YaST2 |Network --- Comment #5 from Stefan Hundhammer <shundhammer(a)suse.com> --- So this is very likely not a problem at all. But maybe the chrony maintainer are still interested. % osc maintainer -e chrony Defined in package: network:time/chrony bugowner of chrony : max(a)suse.com maintainer of chrony : max(a)suse.com, mpluskal(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0