July 2024 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1179720] VUL-1: CVE-2017-2910: libxls: Out-of-bounds Write vulnerability in the xls_addCell function of libxls 1.4 can cause a memory corruption resulting in remote code execution
by bugzilla_noreply＠suse.com 04 Jul '24

04 Jul '24

https://bugzilla.suse.com/show_bug.cgi?id=1179720 https://bugzilla.suse.com/show_bug.cgi?id=1179720#c1 Wolfgang Frisch <wolfgang.frisch(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Summary|VUL-1: CVE-2017-2910: |VUL-1: CVE-2017-2910: |libxls: Out-of-bounds Write |libxls: Out-of-bounds Write |vulnerability in the |vulnerability in the |xls_addCell function of |xls_addCell function of |libxls 2.0 can cause a |libxls 1.4 can cause a |memory corruption resulting |memory corruption resulting |in remote code execution |in remote code execution Status|NEW |RESOLVED --- Comment #1 from Wolfgang Frisch <wolfgang.frisch(a)suse.com> --- All maintained packages have long been updated: openSUSE:Factory/libxls openSUSE:Backports:SLE-15-SP5:Update/libxls openSUSE:Backports:SLE-15-SP6:Update/libxls -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1225784] clang: Please subpackage compiler-rt libraries
by bugzilla_noreply＠suse.com 04 Jul '24

04 Jul '24

https://bugzilla.suse.com/show_bug.cgi?id=1225784 https://bugzilla.suse.com/show_bug.cgi?id=1225784#c2 --- Comment #2 from Daan De Meyer <daan.j.demeyer(a)gmail.com> --- I would follow what the other distros do here. Both Fedora and Arch Linux do include the static libraries (https://fedora.pkgs.org/40/fedora-x86_64/compiler-rt-18.1.1-1.fc40.x86_64.r…) so I would do the same in OpenSUSE. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1225982] mtools: Add missing dependency on glibc-gconv-modules-extra
by bugzilla_noreply＠suse.com 04 Jul '24

04 Jul '24

https://bugzilla.suse.com/show_bug.cgi?id=1225982 Andreas Schwab <schwab(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|schwab(a)suse.com |pgajdos(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1227375] New: VUL-0: TRACKERBUG: CVE-2024-6284: google/nftables: incorrect IP address encoded bytes may lead to unwanted behavior
by bugzilla_noreply＠suse.com 04 Jul '24

04 Jul '24

https://bugzilla.suse.com/show_bug.cgi?id=1227375 Bug ID: 1227375 Summary: VUL-0: TRACKERBUG: CVE-2024-6284: google/nftables: incorrect IP address encoded bytes may lead to unwanted behavior Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/412835/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: smash_bz(a)suse.de QA Contact: security-team(a)suse.de CC: thomas.leroy(a)suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0 The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-6284 https://www.cve.org/CVERecord?id=CVE-2024-6284 https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/20… https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368 https://github.com/google/nftables/issues/225 https://bugzilla.redhat.com/show_bug.cgi?id=2295699 -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1156649] VUL-1: CVE-2019-18848: rubygem-json-jwt: parser lacks an element count during the splitting of a JWE string
by bugzilla_noreply＠suse.com 04 Jul '24

04 Jul '24

https://bugzilla.suse.com/show_bug.cgi?id=1156649 https://bugzilla.suse.com/show_bug.cgi?id=1156649#c3 Wolfgang Frisch <wolfgang.frisch(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED --- Comment #3 from Wolfgang Frisch <wolfgang.frisch(a)suse.com> --- Submitted a minor version update: openSUSE:Backports:SLE-15-SP5:Update openSUSE:Backports:SLE-15-SP6:Update https://build.opensuse.org/request/show/1185337 https://build.opensuse.org/request/show/1185338 Note that this package is scheduled for deletion in Factory: https://build.opensuse.org/request/show/1184526 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1227317] Can't turn off tap to click on trackpad
by bugzilla_noreply＠suse.com 04 Jul '24

04 Jul '24

https://bugzilla.suse.com/show_bug.cgi?id=1227317 https://bugzilla.suse.com/show_bug.cgi?id=1227317#c3 --- Comment #3 from Rick Spencer <rick.spencer(a)suse.com> --- Thank you for your kind attention to my issue. Please excuse me if I have a misunderstanding here. I believe that the track pad has 3 "virtual" buttons along the bottom of the track pad that responds to "tap to click." There are also 3 real buttons along the top. The middle buttons (both "virtual" and real) paste whatever is on the the system's paste buffer. I hope that explains, and thank you again. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1227367] vlc: libqt_plugin.so embeds current date
by bugzilla_noreply＠suse.com 04 Jul '24

04 Jul '24

https://bugzilla.suse.com/show_bug.cgi?id=1227367 https://bugzilla.suse.com/show_bug.cgi?id=1227367#c1 Bernhard Wiedemann <bwiedemann(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |brunopitrus(a)hotmail.com Flags| |needinfo?(brunopitrus@hotma | |il.com) --- Comment #1 from Bernhard Wiedemann <bwiedemann(a)suse.com> --- Testing this is a bit tricky. With my https://github.com/bmwiedemann/reproducibleopensuse/ tools I used osc co openSUSE:Factory vlc && cd $_ arch=i586 arch2=i586 oscbuildparams=--nodebugpackages \ project=openSUSE:Slowroll repo=standard CLEAN=1 rbkt 1 The Factory vlc package cannot be built for i586 for lack of BuildRequires. Anyway, my tests say, it builds reproducibly here. I would appreciate a proper reproducer, otherwise this is a WORKSFORME. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1225636] Facetimehd firmware/driver fails to load
by bugzilla_noreply＠suse.com 04 Jul '24

04 Jul '24

https://bugzilla.suse.com/show_bug.cgi?id=1225636 https://bugzilla.suse.com/show_bug.cgi?id=1225636#c13 --- Comment #13 from Patrik Jakobsson <patrik.jakobsson(a)suse.com> --- How did you update to the new version? Just zypper dup? Perhaps you need to remove both packages first. $ zypper remove facetimehd-kmp-default facetimehd-firmware and then reinstall just the kmp with $ zypper in facetimehd-kmp-default This installs both the kmp and firmware for me on my tumbleweed system. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1220276] New: Multiboot installation using Agama (?) does not boot TW by default
by bugzilla_noreply＠suse.com 04 Jul '24

04 Jul '24

https://bugzilla.suse.com/show_bug.cgi?id=1220276 Bug ID: 1220276 Summary: Multiboot installation using Agama (?) does not boot TW by default Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: yast2-maintainers(a)suse.de Reporter: locilka(a)suse.com QA Contact: jsrain(a)suse.com Target Milestone: --- Found By: --- Blocker: --- Created attachment 872963 --> https://bugzilla.suse.com/attachment.cgi?id=872963&action=edit Booting menu I've used a real bare-metal HW Beelink Mini Pro 12S in its default configuration. I've removed everything with fdisk and installed Fedora. Then I used Agama to install TW next to Fedora. Installation was successful, but when the system boots, it goes directly to Fedora. I can press F7 when booting and choose between Fedora/openSUSE, but it's not the default behavior. I'm not sure if this is the Agama (Storage) problem or TW problem in general or the HW is the problem. -- You are receiving this mail because: You are on the CC list for the bug.

1 21

[Bug 1212476] patch shebang line match the python version required in the package
by bugzilla_noreply＠suse.com 04 Jul '24

04 Jul '24

1 0