June 2024 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1220403] VUL-0: CVE-2024-23837: libhtp: excessive processing time of HTTP headers can lead to denial of service
by bugzilla_noreply＠suse.com 02 Jun '24

02 Jun '24

https://bugzilla.suse.com/show_bug.cgi?id=1220403 https://bugzilla.suse.com/show_bug.cgi?id=1220403#c4 --- Comment #4 from Andreas Stieger <Andreas.Stieger(a)gmx.de> --- cl fix: https://build.opensuse.org/request/show/1178077 15.5: https://build.opensuse.org/request/show/1178079 15.6: https://build.opensuse.org/request/show/1178080 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1225789] New: systemaktualisierung bricht mit fehlermeldung ab
by bugzilla_noreply＠suse.com 02 Jun '24

02 Jun '24

https://bugzilla.suse.com/show_bug.cgi?id=1225789 Bug ID: 1225789 Summary: systemaktualisierung bricht mit fehlermeldung ab Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: mcwimpy(a)gmx.at QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 875257 --> https://bugzilla.suse.com/attachment.cgi?id=875257&action=edit tried to deselect tld i have installed this SuSE twd. system quite a while ago, damaged bootloader with paralell installation of other distributions, recently repaired the boot, but now there's over 1k updates. if i try to install with YaST the window stays empty, all attempts to update the repositories yield no result. as i didn't know how to install updates on CLI (last time i used SuSE was 1997 - 2002) I tried the KDE Discover Software which threw an error at me each time it wanted to upgrade and begged me to (make an account here and) file a bug report. so hello here i am. this is the text a copy paste button gives me: <html>Auflösung der Abhängigkeit fehlgeschlagen:<br/><br/>das zu installierende tlp-1.6.1-2.1.noarch steht im Konflikt mit 'tuned', das vom zu installierenden tuned-2.22.1.2+git.86ac977-3.1.noarch bereitgestellt wird</html> as i understood the problem was the package tuned so i deinstalled it. -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1225790] New: KDE Wayland cannot launch from SDDM while KDE X11 can
by bugzilla_noreply＠suse.com 02 Jun '24

02 Jun '24

https://bugzilla.suse.com/show_bug.cgi?id=1225790 Bug ID: 1225790 Summary: KDE Wayland cannot launch from SDDM while KDE X11 can Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Major Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs(a)opensuse.org Reporter: i(a)guoyunhe.me QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- After update to Tumbleweed 20240524 (I dup everyday, so I am sure it is this update), I cannot launch KDE Plasma Wayland from SDDM, but Wayland X11 can launch normally. I check journalctl and found all kde services core dumped: 6月 02 10:35:31 amd-desktop systemd-coredump[9555]: [🡕] Process 9537 (org_kde_powerde) of user 1000 dumped core. Stack trace of thread 9537: #0 0x00007f12fda949dc __pthread_kill_implementation (libc.so.6 + 0x949dc) #1 0x00007f12fda41176 raise (libc.so.6 + 0x41176) #2 0x00007f12fda28917 abort (libc.so.6 + 0x28917) #3 0x00007f12fe2e072d _Z6qAbortv (libQt6Core.so.6 + 0xe072d) #4 0x00007f12fe3309fe n/a (libQt6Core.so.6 + 0x1309fe) #5 0x00007f12fe2e1de3 _ZNK14QMessageLogger5fatalEPKcz (libQt6Core.so.6 + 0xe1de3) #6 0x00007f12feb584c9 n/a (libQt6Gui.so.6 + 0x1584c9) #7 0x00007f12febe8500 _ZN22QGuiApplicationPrivate21createEventDispatcherEv (libQt6Gui.so.6 + 0x1e8500) #8 0x00007f12fe392d3d _ZN23QCoreApplicationPrivate4initEv (libQt6Core.so.6 + 0x192d3d) #9 0x00007f12febe858c _ZN22QGuiApplicationPrivate4initEv (libQt6Gui.so.6 + 0x1e858c) #10 0x00007f12febe9800 _ZN15QGuiApplicationC1ERiPPci (libQt6Gui.so.6 + 0x1e9800) #11 0x000055ad20c01d82 n/a (org_kde_powerdevil + 0x9d82) #12 0x00007f12fda2a1f0 __libc_start_call_main (libc.so.6 + 0x2a1f0) #13 0x00007f12fda2a2b9 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2a2b9) #14 0x000055ad20c02ca5 n/a (org_kde_powerdevil + 0xaca5) Stack trace of thread 9551: #0 0x00007f12fdb0578f __poll (libc.so.6 + 0x10578f) #1 0x00007f12fc91432f n/a (libglib-2.0.so.0 + 0x5f32f) #2 0x00007f12fc914a3c g_main_context_iteration (libglib-2.0.so.0 + 0x5fa3c) #3 0x00007f12fe5c0a0c _ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE (libQt6Core.so.6 + 0x3c0a0c) #4 0x00007f12fe39979b _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt6Core.so.6 + 0x19979b) #5 0x00007f12fe474c84 _ZN7QThread4execEv (libQt6Core.so.6 + 0x274c84) #6 0x00007f12fe97b6fa n/a (libQt6DBus.so.6 + 0x386fa) #7 0x00007f12fe4ece59 n/a (libQt6Core.so.6 + 0x2ece59) #8 0x00007f12fda92ba2 start_thread (libc.so.6 + 0x92ba2) #9 0x00007f12fdb1400c __clone3 (libc.so.6 + 0x11400c) ELF object binary architecture: AMD x86-64 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1225689] Error message received from tik with mount system call failed.
by bugzilla_noreply＠suse.com 01 Jun '24

01 Jun '24

https://bugzilla.suse.com/show_bug.cgi?id=1225689 https://bugzilla.suse.com/show_bug.cgi?id=1225689#c6 Richard Brown <rbrown(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(tony.neely@gmail. | |com) --- Comment #6 from Richard Brown <rbrown(a)suse.com> --- Ok so, a few questions and I’ll do my best to address them all On the matter of your primary drive. No matter what you may have done in YaST, you have a /@/home subvolume. But given you mounted a separate /home partition on your second drive, it should be empty Now, I tested empty disks with /@/home subvolumes extensively and never hit this issue. So let’s just assume you have some weird other issue with your existing filesystem on your drive We could debug it.. but it sounds like there’s no data of interest on that primary drive So, I’d like to propose a workaround Your Aeon installer comes fully equipped with a terminal (with sudo privileges) and all the partioning tools you may need Before clicking ok on the installer welcome screen Id recommend firing up a terminal And establishing a new partition table on the disk you want to install Aeon to This error will vanish as a result Meanwhile Aeons installer won’t touch the second disk (with your /home) at all You have two options as how to make use of it after installing Aeon Option 1. Boot your new Aeon install, go through the first run wizard and then after first login edit /etc/fstab to mount your /home partition instead of the /@/home subvolume. As long as UIDs and the like all match up things should work ok. You may need to run /usr/bin/aeon-mig-firstboot just to fix up a few things on first login to the migrated /home partition but I expect that to be a minor hiccup if at Option 2. Aeon fully supports combustion. You could write a shell script to edit your new Aeon installs fstab, create user accounts, or any other customisation you like. That script needs to be called “script” and stored in a “combustion” directory on the “ignition” partition of your Aeon installer USB stick. Then it will be executed on first boot of your Aeon install. Potentially it’s a cleaner more reproducible approach that someone with your experience might appreciate Does this help at all? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1220403] VUL-0: CVE-2024-23837: libhtp: excessive processing time of HTTP headers can lead to denial of service
by bugzilla_noreply＠suse.com 01 Jun '24

01 Jun '24

https://bugzilla.suse.com/show_bug.cgi?id=1220403 https://bugzilla.suse.com/show_bug.cgi?id=1220403#c3 Andreas Stieger <Andreas.Stieger(a)gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1224165 CC| |Andreas.Stieger(a)gmx.de Assignee|security-team(a)suse.de |otto.hollmann(a)suse.com --- Comment #3 from Andreas Stieger <Andreas.Stieger(a)gmx.de> --- (In reply to Carlos López from comment #2) > What about openSUSE:Backports:SLE-15-SP{4,5,6}? openSUSE has a weak model and tracking and following up here. Otto did not read your message: He was neither the assignee, nor CC'd on the bug, nor would the maintainer ever be pinged again unless someone looked at this randomly. Re-assigning back to Maintainer to action. Here's a backport: https://build.opensuse.org/request/show/1178079 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1224165] AUDIT-0: openSUSE Leap 15.6 Gold Master security audit
by bugzilla_noreply＠suse.com 01 Jun '24

01 Jun '24

https://bugzilla.suse.com/show_bug.cgi?id=1224165 Andreas Stieger <Andreas.Stieger(a)gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1220403 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1225786] software.o.o not fully functional and/or reliable
by bugzilla_noreply＠suse.com 01 Jun '24

01 Jun '24

https://bugzilla.suse.com/show_bug.cgi?id=1225786 https://bugzilla.suse.com/show_bug.cgi?id=1225786#c2 --- Comment #2 from Gunner Gewiß <Gunner.Gewiss(a)posteo.de> --- Oh, OK. Sorry for posting the dup. But as you refer to the dup: it is quite old now. And the last comment there is also even quite old. Is there some work going on to fix this issue? Just asking. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1219983] amdgpu : "kernel NULL pointer dereference" kernel 6.7.4-1
by bugzilla_noreply＠suse.com 01 Jun '24

01 Jun '24

https://bugzilla.suse.com/show_bug.cgi?id=1219983 https://bugzilla.suse.com/show_bug.cgi?id=1219983#c13 --- Comment #13 from Alan Lima <alanemmanuel5(a)gmail.com> --- (In reply to Takashi Iwai from comment #12) > Ah, then it's maybe a different issue the upstream tracker hitting. Let's > close this entry. well i've installed the latest update and the bug reappeared, so i suppose this issue shall be re-opened ? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1222512] VUL-0: CVE-2024-28871: libhtp: excessive CPU usage when parsing malformed traffic
by bugzilla_noreply＠suse.com 01 Jun '24

01 Jun '24

https://bugzilla.suse.com/show_bug.cgi?id=1222512 https://bugzilla.suse.com/show_bug.cgi?id=1222512#c3 Andreas Stieger <Andreas.Stieger(a)gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Product|openSUSE Distribution |openSUSE Tumbleweed Component|Security |Security CC| |Andreas.Stieger(a)gmx.de Version|Leap 15.6 |Current Resolution|--- |FIXED --- Comment #3 from Andreas Stieger <Andreas.Stieger(a)gmx.de> --- fixed in Tumbleweed, moving/closing -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1225786] New: software.o.o not fully functional and/or reliable
by bugzilla_noreply＠suse.com 01 Jun '24

01 Jun '24

https://bugzilla.suse.com/show_bug.cgi?id=1225786 Bug ID: 1225786 Summary: software.o.o not fully functional and/or reliable Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: All OS: All Status: NEW Severity: Normal Priority: P5 - None Component: Documentation Assignee: fs(a)suse.com Reporter: Gunner.Gewiss(a)posteo.de QA Contact: adrian.schroeter(a)suse.com Target Milestone: --- Found By: --- Blocker: --- Hello! I sometimes use "software.o.o" <https://software.opensuse.org/>. I would like to note that it's not fully functional and/or reliable… Issue: when you search "firefox" and look up details for "Firefox Web Browser" <https://software.opensuse.org/package/MozillaFirefox> it shows only (and just this one) the official build for Tumbleweed, but no official build for Leap (whatever what version of Leap) and even no "experimental packages" (official OBS — not home OBS!) for Leap (whatever what version of Leap). But as <https://build.opensuse.org/project/show/mozilla> clearly shows, there is an official offer. This issues holds for several packages (I don't have collected all examples I have noticed so far, but they are a few, indeed). This is somehow annoying… I like to use Leap (not Tumbleweed or Slowroll), but often the package for Leap is not listed (official build (i.e. distribution) or (official) experimental build (i.e. official OBS — not home OBS). Workaround: what often helps me, is looking up the info for Tumbleweed and then adapt it to Leap. But well… -- You are receiving this mail because: You are on the CC list for the bug.

1 1