September 2024 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1224241] VUL-0: CVE-2024-34340: cacti: Authentication Bypass when using using older password hashes
by bugzilla_noreply＠suse.com 02 Sep '24

02 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1224241 https://bugzilla.suse.com/show_bug.cgi?id=1224241#c5 --- Comment #5 from Marcus Meissner <meissner(a)suse.com> --- openSUSE-SU-2024:0274-1: An update that fixes 10 vulnerabilities is now available. Category: security (important) Bug References: 1224229,1224230,1224231,1224235,1224236,1224237,1224238,1224239,1224240,1224241 CVE References: CVE-2024-25641,CVE-2024-27082,CVE-2024-29894,CVE-2024-31443,CVE-2024-31444,CVE-2024-31445,CVE-2024-31458,CVE-2024-31459,CVE-2024-31460,CVE-2024-34340 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): cacti-1.2.27-bp155.2.9.1, cacti-spine-1.2.27-bp155.2.9.1 SUSE Package Hub for SUSE Linux Enterprise 12 (src): cacti-1.2.27-41.1, cacti-spine-1.2.27-35.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1224240] VUL-0: CVE-2024-31458: cacti: SQL Injection vulnerability when using form templates
by bugzilla_noreply＠suse.com 02 Sep '24

02 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1224240 https://bugzilla.suse.com/show_bug.cgi?id=1224240#c5 --- Comment #5 from Marcus Meissner <meissner(a)suse.com> --- openSUSE-SU-2024:0274-1: An update that fixes 10 vulnerabilities is now available. Category: security (important) Bug References: 1224229,1224230,1224231,1224235,1224236,1224237,1224238,1224239,1224240,1224241 CVE References: CVE-2024-25641,CVE-2024-27082,CVE-2024-29894,CVE-2024-31443,CVE-2024-31444,CVE-2024-31445,CVE-2024-31458,CVE-2024-31459,CVE-2024-31460,CVE-2024-34340 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): cacti-1.2.27-bp155.2.9.1, cacti-spine-1.2.27-bp155.2.9.1 SUSE Package Hub for SUSE Linux Enterprise 12 (src): cacti-1.2.27-41.1, cacti-spine-1.2.27-35.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1224241] VUL-0: CVE-2024-34340: cacti: Authentication Bypass when using using older password hashes
by bugzilla_noreply＠suse.com 02 Sep '24

02 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1224241 https://bugzilla.suse.com/show_bug.cgi?id=1224241#c4 --- Comment #4 from Marcus Meissner <meissner(a)suse.com> --- openSUSE-SU-2024:0274-1: An update that fixes 10 vulnerabilities is now available. Category: security (important) Bug References: 1224229,1224230,1224231,1224235,1224236,1224237,1224238,1224239,1224240,1224241 CVE References: CVE-2024-25641,CVE-2024-27082,CVE-2024-29894,CVE-2024-31443,CVE-2024-31444,CVE-2024-31445,CVE-2024-31458,CVE-2024-31459,CVE-2024-31460,CVE-2024-34340 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): cacti-1.2.27-bp155.2.9.1, cacti-spine-1.2.27-bp155.2.9.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1224240] VUL-0: CVE-2024-31458: cacti: SQL Injection vulnerability when using form templates
by bugzilla_noreply＠suse.com 02 Sep '24

02 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1224240 https://bugzilla.suse.com/show_bug.cgi?id=1224240#c4 --- Comment #4 from Marcus Meissner <meissner(a)suse.com> --- openSUSE-SU-2024:0274-1: An update that fixes 10 vulnerabilities is now available. Category: security (important) Bug References: 1224229,1224230,1224231,1224235,1224236,1224237,1224238,1224239,1224240,1224241 CVE References: CVE-2024-25641,CVE-2024-27082,CVE-2024-29894,CVE-2024-31443,CVE-2024-31444,CVE-2024-31445,CVE-2024-31458,CVE-2024-31459,CVE-2024-31460,CVE-2024-34340 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): cacti-1.2.27-bp155.2.9.1, cacti-spine-1.2.27-bp155.2.9.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1220724] Packages pulling gcc14 (like emacs-x11 and emacs-nox) break clang
by bugzilla_noreply＠suse.com 02 Sep '24

02 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1220724 Richard Biener <rguenther(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marvin.friedrich(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1229376] VUL-0: CVE-2024-43806: TRACKERBUG: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion
by bugzilla_noreply＠suse.com 02 Sep '24

02 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1229376 Bug 1229376 depends on bug 1229952, which changed state. Bug 1229952 Summary: VUL-0: CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion https://bugzilla.suse.com/show_bug.cgi?id=1229952 What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1226615] New: python3-pyside2 stuck with ancient llvm build requirement
by bugzilla_noreply＠suse.com 02 Sep '24

02 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1226615 Bug ID: 1226615 Summary: python3-pyside2 stuck with ancient llvm build requirement Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE Applications Assignee: opensuse-kde-bugs(a)opensuse.org Reporter: rguenther(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- python3-pyside2 requires llvm15 (or llvm14 on SLE) as one of the very few packages still hanging onto this old and unsupported version of LLVM. There is a new upstream version (5.15.14), but I don't know whether this changes the situation. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1221183] Upgrade problems with clang-cpp
by bugzilla_noreply＠suse.com 02 Sep '24

02 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1221183 Richard Biener <rguenther(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marvin.friedrich(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1229375] VUL-0: TRACKERBUG: rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27)
by bugzilla_noreply＠suse.com 02 Sep '24

02 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1229375 Bug 1229375 depends on bug 1230029, which changed state. Bug 1230029 Summary: VUL-0: rust-keylime: rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27) https://bugzilla.suse.com/show_bug.cgi?id=1230029 What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1218424] go1.22 release tracking
by bugzilla_noreply＠suse.com 02 Sep '24

02 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1218424 https://bugzilla.suse.com/show_bug.cgi?id=1218424#c31 --- Comment #31 from Maintenance Automation <maint-coord+maintenance-robot(a)suse.de> --- SUSE-RU-2024:3065-1: An update that has one fix can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-ru-20243065-1 Category: recommended (moderate) Bug References: 1218424 Maintenance Incident: [SUSE:Maintenance:35410](https://smelt.suse.de/incident/35410/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): go-1.22-34.49.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

1 0