May 2024 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1222468] New: VUL-0: CVE-2024-22189: caddy: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
by bugzilla_noreply＠suse.com 23 Aug '24

23 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1222468 Bug ID: 1222468 Summary: VUL-0: CVE-2024-22189: caddy: quic-go: memory exhaustion attack against QUIC's connection ID mechanism Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other URL: https://smash.suse.de/issue/400376/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: alexandre.vicenzi(a)suse.com Reporter: camila.matos(a)suse.com QA Contact: qa-bugs(a)suse.de CC: camila.matos(a)suse.com, jkowalczyk(a)suse.com, security-team(a)suse.de, smash_bz(a)suse.de Blocks: 1222461 Target Milestone: --- Found By: Security Response Team Blocker: --- +++ This bug was initially created as a clone of Bug #1222461 +++ quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22189 https://www.cve.org/CVERecord?id=CVE-2024-22189 https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c… https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478 https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-manageme… https://www.youtube.com/watch?v=JqXtYcZAtIA&t=3683s https://bugzilla.redhat.com/show_bug.cgi?id=2273513 -- You are receiving this mail because: You are on the CC list for the bug.

1 10

[Bug 1220403] New: VUL-0: CVE-2024-23837: libhtp: excessive processing time of HTTP headers can lead to denial of service
by bugzilla_noreply＠suse.com 23 Aug '24

23 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1220403 Bug ID: 1220403 Summary: VUL-0: CVE-2024-23837: libhtp: excessive processing time of HTTP headers can lead to denial of service Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/395171/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: otto.hollmann(a)suse.com Reporter: smash_bz(a)suse.de QA Contact: security-team(a)suse.de CC: carlos.lopez(a)suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-23837 https://www.cve.org/CVERecord?id=CVE-2024-23837 https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477… https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m https://redmine.openinfosecfoundation.org/issues/6444 -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1223398] New: VUL-0: CVE-2024-22373: gdcm: out-of-bounds write in the JPEG2000Codec:DecodeByStreamsCommon functionality
by bugzilla_noreply＠suse.com 23 Aug '24

23 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1223398 Bug ID: 1223398 Summary: VUL-0: CVE-2024-22373: gdcm: out-of-bounds write in the JPEG2000Codec:DecodeByStreamsCommon functionality Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/403162/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Other Assignee: axel.braun(a)gmx.de Reporter: smash_bz(a)suse.de QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22373 https://www.cve.org/CVERecord?id=CVE-2024-22373 https://talosintelligence.com/vulnerability_reports/TALOS-2024-1935 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1935 -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1223260] New: SELinux denies pcp
by bugzilla_noreply＠suse.com 22 Aug '24

22 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1223260 Bug ID: 1223260 Summary: SELinux denies pcp Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: felix.niederwanger(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 874416 --> https://bugzilla.suse.com/attachment.cgi?id=874416&action=edit ausearch -ts boot -m avc On MicroOS starting pmlogger with SELinux in enforcing mode fails with several SELinux related denials > Apr 22 13:14:01 microos systemd[1]: Starting Performance Metrics Archive Logger... > Apr 22 13:14:01 microos rc[2682]: /etc/pcp/pmlogger/rc: line 153: /var/lib/pcp/tmp/pmlogger_rc.d9N3i7aLW/tmp: Permission denied > Apr 22 13:14:01 microos rc[2750]: /etc/pcp/pmlogger/rc: line 92: /var/lib/pcp/tmp/pmlogger_rc_start.7vdZJLmGN/pmcheck.out: Permission denied > Apr 22 13:14:01 microos systemd[1]: pmlogger.service: Main process exited, code=exited, status=1/FAILURE > Apr 22 13:14:01 microos systemd[1]: pmlogger.service: Failed with result 'exit-code'. > Apr 22 13:14:01 microos systemd[1]: Failed to start Performance Metrics Archive Logger. > Apr 22 13:14:01 microos systemd[1]: pmlogger.service: Scheduled restart job, restart counter is at 1. > Apr 22 13:14:01 microos systemd[1]: Stopped Performance Metrics Archive Logger. > Apr 22 13:14:01 microos systemd[1]: Starting Performance Metrics Archive Logger... > Apr 22 13:14:01 microos rc[2958]: /etc/pcp/pmlogger/rc: line 153: /var/lib/pcp/tmp/pmlogger_rc.yWYJd9JBe/tmp: Permission denied > Apr 22 13:14:01 microos rc[2991]: /etc/pcp/pmlogger/rc: line 92: /var/lib/pcp/tmp/pmlogger_rc_start.OcmNVcLdA/pmcheck.out: Permission denied > Apr 22 13:14:01 microos systemd[1]: pmlogger.service: Main process exited, code=exited, status=1/FAILURE > Apr 22 13:14:01 microos systemd[1]: pmlogger.service: Failed with result 'exit-code'. > Apr 22 13:14:01 microos systemd[1]: Failed to start Performance Metrics Archive Logger. > ... I'm attaching the output of ausearch -ts boot -m avc, failures are coming from the rc program and related to tmp and pmcheck.out. -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1219527] New: abcde breaks on non-octal track numbers
by bugzilla_noreply＠suse.com 22 Aug '24

22 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1219527 Bug ID: 1219527 Summary: abcde breaks on non-octal track numbers Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: x86-64 OS: openSUSE Leap 15.5 Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: geoff(a)cs.hmc.edu QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 872425 --> https://bugzilla.suse.com/attachment.cgi?id=872425&action=edit Patch to /usr/bin/abcde abcde pads track numbers with a leading zero but later does some bash arithmetic on the track number. That breaks for track numbers 8 and 9, because 09 isn't an octal number. Reproduce by inserting an 8+ track CD and running "abcde -T 1 8-8". The attached patch will correct the problem for any CD having 99 or fewer tracks. (As far as I know, 99 is the track limit for CDs, though I definitely could be wrong.) -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1216895] New: VUL-0: CVE-2023-47272: Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
by bugzilla_noreply＠suse.com 21 Aug '24

21 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1216895 Bug ID: 1216895 Summary: VUL-0: CVE-2023-47272: Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/384151/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: aj(a)ajaissle.de Reporter: smash_bz(a)suse.de QA Contact: security-team(a)suse.de CC: stoyan.manolov(a)suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47272 -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1221504] New: bluetooth errors on every kernel starting
by bugzilla_noreply＠suse.com 20 Aug '24

20 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1221504 Bug ID: 1221504 Summary: bluetooth errors on every kernel starting Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-bugs(a)opensuse.org Reporter: opendreas(a)gmail.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- I have a Dell Precision 7530 with Intel Wireless-AC 9260 Bluetooth Adapter and kernel 6.4.0-150600.9.2. Errors constantly appear when booting the system, but bluetooth works with my headphones, although there are some audio artifacts at the beginning when playing sound. Mär 16 17:49:38 precision bluetoothd[1073]: Bluetooth daemon 5.71 Mär 16 17:49:38 precision bluetoothd[1073]: Starting SDP server Mär 16 17:49:38 precision bluetoothd[1073]: src/plugin.c:plugin_init() System does not support csip plugin Mär 16 17:49:38 precision bluetoothd[1073]: profiles/audio/micp.c:micp_init() D-Bus experimental not enabled Mär 16 17:49:38 precision bluetoothd[1073]: src/plugin.c:plugin_init() System does not support micp plugin Mär 16 17:49:38 precision bluetoothd[1073]: src/plugin.c:plugin_init() System does not support vcp plugin Mär 16 17:49:38 precision bluetoothd[1073]: src/plugin.c:plugin_init() System does not support mcp plugin Mär 16 17:49:38 precision bluetoothd[1073]: src/plugin.c:plugin_init() System does not support bass plugin Mär 16 17:49:38 precision bluetoothd[1073]: src/plugin.c:plugin_init() System does not support bap plugin Mär 16 17:49:38 precision bluetoothd[1073]: src/plugin.c:plugin_init() System does not support admin plugin Mär 16 17:49:38 precision bluetoothd[1073]: Bluetooth management interface 1.22 initialized Mär 16 17:49:38 precision dbus-daemon[1074]: [system] Activating systemd to hand-off: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.1' (uid=0 pid=1073 comm="/usr/lib/bluetooth/bluetoothd ") Mär 16 17:49:38 precision bluetoothd[1073]: src/adapter.c:reset_adv_monitors_complete() Failed to reset Adv Monitors: Failed (0x03) Mär 16 17:49:38 precision bluetoothd[1073]: Battery Provider Manager created Mär 16 17:49:38 precision bluetoothd[1073]: src/device.c:device_set_wake_support() Unable to set wake_support without RPA resolution Mär 16 17:49:38 precision bluetoothd[1073]: Failed to clear UUIDs: Failed (0x03) Mär 16 17:49:38 precision bluetoothd[1073]: Failed to add UUID: Failed (0x03) Mär 16 17:49:38 precision bluetoothd[1073]: Failed to add UUID: Failed (0x03) Mär 16 17:49:38 precision bluetoothd[1073]: Failed to add UUID: Failed (0x03) Mär 16 17:49:38 precision bluetoothd[1073]: Failed to add UUID: Failed (0x03) Mär 16 17:49:38 precision bluetoothd[1073]: Failed to add UUID: Failed (0x03) Mär 16 17:49:38 precision bluetoothd[1073]: Too small Add Device complete event Mär 16 17:49:38 precision bluetoothd[1073]: Failed to add UUID: Failed (0x03) Mär 16 17:49:38 precision (smartd)[1105]: smartd.service: Referenced but unset environment variable evaluates to an empty string: smartd_opts Looks like this is the error https://bugzilla.kernel.org/show_bug.cgi?id=217651 Here's a fix https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.gi… -- You are receiving this mail because: You are on the CC list for the bug.

1 25

[Bug 1220569] New: No mouse pointer in noVNC when installing latest Tumbleweed using BVCP
by bugzilla_noreply＠suse.com 20 Aug '24

20 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1220569 Bug ID: 1220569 Summary: No mouse pointer in noVNC when installing latest Tumbleweed using BVCP Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: yast2-maintainers(a)suse.de Reporter: roger.whittaker(a)suse.com QA Contact: jsrain(a)suse.com Target Milestone: --- Found By: --- Blocker: --- I have been using an unusual but rather nice virtualisation setup BVCP (https://bhyve.npulse.net/) which runs on FreeBSD and displays VMs using noVNC ( https://novnc.com/info.html) When installing the latest Tumbleweed the mouse pointer in the noVNC window does not move, nor does it move in a completed install. This problem does not exist with for example Leap 15.5. I do not see this with virt-install / virt-viewer on Linux, so this seems to a specific problem with Tumbleweed when using noVNC. I understand that this is an unusual use case, but maybe something has changed that might be a problem in other circumstances as well. -- You are receiving this mail because: You are on the CC list for the bug.

1 99

[Bug 1222972] New: Update nvidia driver to version 550.76
by bugzilla_noreply＠suse.com 19 Aug '24

19 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1222972 Bug ID: 1222972 Summary: Update nvidia driver to version 550.76 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: X11 3rd Party Driver Assignee: gfx-bugs(a)suse.de Reporter: sndirsch(a)suse.com QA Contact: sndirsch(a)suse.com Target Milestone: --- Found By: --- Blocker: --- Update nvidia driver to version 550.76 ... -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1220970] New: GCC 14: python package fails
by bugzilla_noreply＠suse.com 19 Aug '24

19 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1220970 Bug ID: 1220970 Summary: GCC 14: python package fails Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Python Assignee: python-maintainers(a)suse.com Reporter: michal.jires(a)suse.com QA Contact: qa-bugs(a)suse.de CC: mcepl(a)suse.com Blocks: 1220571 Target Milestone: --- Found By: --- Blocker: --- Building python with GCC 14 fails here: https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:… Due to (exhaustive list of errors): Python-2.7.18/Modules/_tkinter.c: In function ‘AsObj’: Python-2.7.18/Modules/_tkinter.c:1178:38: error: passing argument 1 of ‘Tcl_NewUnicodeObj’ from incompatible pointer type [-Wincompatible-pointer-types] 1178 | return Tcl_NewUnicodeObj(inbuf, size); | ^~~~~ | | | Py_UNICODE * {aka int *} In file included from /usr/include/tcl.h:2418, from /home/abuild/rpmbuild/BUILD/Python-2.7.18/Modules/_tkinter.c:70: /usr/include/tclDecls.h:1102:62: note: expected ‘const Tcl_UniChar *’ {aka ‘const short unsigned int *’} but argument is of type ‘Py_UNICODE *’ {aka ‘int *’} 1102 | EXTERN Tcl_Obj * Tcl_NewUnicodeObj(const Tcl_UniChar *unicode, | ~~~~~~~~~~~~~~~~~~~^~~~~~~ See the meta bug#1220571 for more info. -- You are receiving this mail because: You are on the CC list for the bug.

1 6