January 2025 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1234865] emacs-wayland startup failure
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234865 https://bugzilla.suse.com/show_bug.cgi?id=1234865#c53 --- Comment #53 from Björn Bidar <bjorn.bidar(a)thaodan.de> --- Do I understand now correctly. Because rpath was set to /usr/lib64 the nvidia library could not load correctly as the (blob) library was referring the symlink /lib64 instead of /usr/lib64 when loading any other libraries? What I don't get exactly is why treesitter_grammar(tree-sitter-ruby) is required? Should there be a bug about Emacs requiring zlib compat? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235689] ghostty files in the terminfo package break ghostty 1.0.1
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235689 https://bugzilla.suse.com/show_bug.cgi?id=1235689#c20 --- Comment #20 from Thomas Dickey <dickey(a)his.com> --- I see that OpenSUSE now has a package for ghostty. I took a quick look at it, and can see that it has the same problems as those that I found in review a few weeks ago, validating my impression on reading its source code that its problems were not going to be readily solved. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235871] Update nvidia driver to latest 550.144.03 release
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235871 https://bugzilla.suse.com/show_bug.cgi?id=1235871#c1 --- Comment #1 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1235871) was mentioned in https://build.opensuse.org/request/show/1238332 Factory / nvidia-open-driver-G06-signed -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235240] New: "openSUSE-SLE-15.6-2025-31(1)" fails to install
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235240 Bug ID: 1235240 Summary: "openSUSE-SLE-15.6-2025-31(1)" fails to install Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Maintenance Assignee: maintenance(a)opensuse.org Reporter: thomas-formella(a)web.de QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- "the installed gtk3-branding-openSUSE-15.0-lp156.3.3.noarch requires 'libgtk-3-0 = 3.24.38+111', but this requirement cannot be provided" -- You are receiving this mail because: You are on the CC list for the bug.

1 11

[Bug 1235998] New: Black screen after upgrade to plasma 6.3 beta
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235998 Bug ID: 1235998 Summary: Black screen after upgrade to plasma 6.3 beta Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs(a)opensuse.org Reporter: vkrevs(a)yahoo.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Just upgraded to plasma 6.3 beta from 6.2.x on my 15.6 system. 6.2.x worked flawlessly. After upgrade, attempting to login as an existing kde user shows spinning gears on black screen, then it disappears only mouse pointer remains. Login into a newly created user works. Kde plasma version: 6.2.90 Frameworks version: 6.10.0 Qt: 6.8.1 Graphics platform: X11 Graphics processor: NVIDIA GeForce RTX 4060 Ti -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1230228] New: alpine-3.20.2 image fails with "Boot failed: not a bootable disk"
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1230228 Bug ID: 1230228 Summary: alpine-3.20.2 image fails with "Boot failed: not a bootable disk" Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Virtualization:Other Assignee: virt-bugs(a)suse.de Reporter: alice.brooks(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- The following fails to boot with "Boot failed: not a bootable disk": ``` curl -o /tmp/alpine.qcow2 https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/cloud/nocloud_alpine-3… virt-install --debug --connect qemu:///system --name alpine \ --os-variant "alpinelinux3.20" \ --boot hd \ --vcpus 1 \ --memory 128 \ --import --disk /tmp/alpine.qcow2 \ --graphics vnc,listen=127.0.0.1 \ --console file,target.type=serial,source.path=/tmp/vm \ --print-step 1 > /tmp/xml-connection virsh define /tmp/xml-connection virsh start alpine ``` This has only happened in the last few releases (tested on release 20240903 of TW). I've confirmed the qcow2 is fine by running the above on fedora and that's fine -- You are receiving this mail because: You are on the CC list for the bug.

1 9

[Bug 1235097] zypper output cluttered by failed assertions
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235097 https://bugzilla.suse.com/show_bug.cgi?id=1235097#c17 --- Comment #17 from Maintenance Automation <maint-coord+maintenance-robot(a)suse.de> --- SUSE-RU-2025:0151-1: An update that has two fixes can now be installed. URL: https://www.suse.com/support/update/announcement/2025/suse-ru-20250151-1 Category: recommended (moderate) Bug References: 1234940, 1235097 Maintenance Incident: [SUSE:Maintenance:37063](https://smelt.suse.de/incident/37063/) Sources used: openSUSE Leap 15.6 (src): libproxy-client-0.5.3-150600.4.6.2, libproxy-backend-0.5.3-150600.4.6.2 Basesystem Module 15-SP6 (src): libproxy-client-0.5.3-150600.4.6.2, libproxy-backend-0.5.3-150600.4.6.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1226394] New: xdg-desktop-portal-lxqt not started by default
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1226394 Bug ID: 1226394 Summary: xdg-desktop-portal-lxqt not started by default Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: LXQt Assignee: lxqt-bugs(a)suse.de Reporter: brbigam(a)gmail.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- xdg-desktop-portal-lxqt isn't automatically started by xdg-desktop-portal on login, so the LXQt file dialog isn't picked up by apps that could use it, like Firefox. Steps to reproduce: Log in to LXQt check running processes, such as in qps check file dialog in Firefox with widget.use-xdg-desktop-portal.file-picker set to 1 Actual result: x-d-p is running, but not x-d-p-lxqt no file dialog opens in Firefox (Unless another portal backend is also installed) Expected result: x-d-p-lxqt is running LXQt file dialog is used by Firefox System: Tumbleweed 20240613 and earlier, as long as LXQt 2.0.0 has been available LXQt 2.0.0 xdg-desktop-portal-lxqt 1.0.2 xdg-desktop-portal 1.18.4 Qt 6.7.1 Workaround: If I run /usr/libexec/xdg-desktop-portal --replace after login, x-d-p correctly picks up x-d-p-lxqt and everything works correctly. Adding this to autostart apps also works correctly. So if it's an upstream issue, openSUSE might consider adding this to packaging temporarily as a workaround. I don't know what the underlying problem might be. -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1233381] New: Tumbleweed won’t recover from sleep. Force shutdown required
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1233381 Bug ID: 1233381 Summary: Tumbleweed won’t recover from sleep. Force shutdown required Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Major Priority: P5 - None Component: Kernel Assignee: kernel-bugs(a)opensuse.org Reporter: kosimo(a)gmail.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Once the computer enters sleep it won’t wake up anymore. I have to force a shut down and power it up again. Blank screen, not even cap loks light on the keyboard. ---------------- JJJJJJ =JJJJJJJ OS: openSUSE Tumbleweed x86_64 JJJJ =JJJ JJJJ Kernel: 6.11.7-1-default JJJ =JJJ JJJ Uptime: 1 hour, 1 min JJJJ =JJJ JJJ Packages: 42 (pip), 2744 (rpm), 12 (steam), 6 (flatpak-system) JJJJJJJJJJJJJJJ JJJJ Shell: bash 5.2.37 JJJJJJJJJJJJJJ JJJJ Resolution: 3840x2160 JJJJ JJJJ DE: Plasma 6.2.3 [KF 6.8.0] [Qt 6.8.0] (wayland) JJJJJ= JJJJ WM: kwin_wayland_wr JJJJJJJJJJJJJJJJJJJJJJJJJJJJJ= Theme: Breeze-Dark [GTK2/3] =JJJJJJJJJJJJJJJJJJJJJJJJJJJJJ Icons: breeze-dark [GTK2/3] JJJJ =JJJJJJ Terminal: konsole JJJJ =JJJJ CPU: AMD Ryzen 7 7800X3D (8) @ 5.050GHz JJJJ JJJJJJJJJJJJJJ GPU: AMD ATI TUF Gaming Radeon RX 7900 XTX OC JJJJ JJJJJJJJJJJJJJJ GPU: AMD ATI Raphael JJJJ JJJJ JJJJ Memory: 5884.57 MiB / 63432.22 MiB ----------------------- KDE 6.2.3 Frameworks: 6.8.0 QT: 6.8.0 -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1235156] VUL-0: CVE-2023-49295: dnscrypt-proxy: github.com/quic-go/quic-go: memory exhaustion attack against QUIC's path validation mechanism
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235156 https://bugzilla.suse.com/show_bug.cgi?id=1235156#c4 c unix <cunix(a)mail.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(andrea.mattiazzo@ | |suse.com) CC| |andrea.mattiazzo(a)suse.com --- Comment #4 from c unix <cunix(a)mail.de> --- Thanks for the info. Can you please help me, by saying who should do this. If it is me, what should i do - a submit request? To which project/package should it be send to? Directly to openSUSE:Backports:SLE-15-SP6/dnscrypt-proxy or to a Maintenance project ? Thanks for the help! -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235996] New: VUL-0: CVE-2024-9042: talosctl: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235996 Bug ID: 1235996 Summary: VUL-0: CVE-2024-9042: talosctl: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/436893/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, opensuse_buildservice(a)ojkastl.de, security-team(a)suse.de Blocks: 1235978 Target Milestone: --- Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1235978 +++ Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Affected Versions * v1.32.0 * v1.31.0 to v1.31.4 * v1.30.0 to v1.30.8 * <=v1.29.12 To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9042 https://seclists.org/oss-sec/2025/q1/23 https://bugzilla.redhat.com/show_bug.cgi?id=2337297 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1235995] New: VUL-0: CVE-2024-9042: kubeone: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235995 Bug ID: 1235995 Summary: VUL-0: CVE-2024-9042: kubeone: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/436893/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, opensuse_buildservice(a)ojkastl.de, security-team(a)suse.de Blocks: 1235978 Target Milestone: --- Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1235978 +++ Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Affected Versions * v1.32.0 * v1.31.0 to v1.31.4 * v1.30.0 to v1.30.8 * <=v1.29.12 To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9042 https://seclists.org/oss-sec/2025/q1/23 https://bugzilla.redhat.com/show_bug.cgi?id=2337297 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1235994] New: VUL-0: CVE-2024-9042: inspektor-gadget: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235994 Bug ID: 1235994 Summary: VUL-0: CVE-2024-9042: inspektor-gadget: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/436893/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, opensuse_buildservice(a)ojkastl.de, security-team(a)suse.de Blocks: 1235978 Target Milestone: --- Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1235978 +++ Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Affected Versions * v1.32.0 * v1.31.0 to v1.31.4 * v1.30.0 to v1.30.8 * <=v1.29.12 To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9042 https://seclists.org/oss-sec/2025/q1/23 https://bugzilla.redhat.com/show_bug.cgi?id=2337297 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1235020] Hard freeze workqueue lockup mediatek bluetooth
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235020 https://bugzilla.suse.com/show_bug.cgi?id=1235020#c20 Andrea Ippolito <andrea.ippo(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #20 from Andrea Ippolito <andrea.ippo(a)gmail.com> --- Hi Takashi, I just received 6.12.9 with today's snapshot and I have therefore moved back to the Main repo for kernel updates. I haven't seen the workqueue lockup happening ever since I started using the kernels you recommended, and I guess that 6.12.9 has been released based on the Kernel:stable repo, so I think I can close this bug as I expect 6.12.9 to keep behaving well as the other kernels I tried out. Worst case I'll report another bug. Thanks again for the follow-up on this issue and instructions! :) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235993] New: VUL-0: CVE-2024-9042: eksctl: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235993 Bug ID: 1235993 Summary: VUL-0: CVE-2024-9042: eksctl: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/436893/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, opensuse_buildservice(a)ojkastl.de, security-team(a)suse.de Blocks: 1235978 Target Milestone: --- Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1235978 +++ Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Affected Versions * v1.32.0 * v1.31.0 to v1.31.4 * v1.30.0 to v1.30.8 * <=v1.29.12 To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9042 https://seclists.org/oss-sec/2025/q1/23 https://bugzilla.redhat.com/show_bug.cgi?id=2337297 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1235990] New: VUL-0: CVE-2024-9042: ceph-csi: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235990 Bug ID: 1235990 Summary: VUL-0: CVE-2024-9042: ceph-csi: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/436893/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, security-team(a)suse.de, stefan.haas(a)suse.com Blocks: 1235978 Target Milestone: --- Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1235978 +++ Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Affected Versions * v1.32.0 * v1.31.0 to v1.31.4 * v1.30.0 to v1.30.8 * <=v1.29.12 To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9042 https://seclists.org/oss-sec/2025/q1/23 https://bugzilla.redhat.com/show_bug.cgi?id=2337297 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1234736] "findmnt --real -kno source" returns "portal" which is not a real filesystem
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234736 https://bugzilla.suse.com/show_bug.cgi?id=1234736#c4 --- Comment #4 from Stanislav Brabec <sbrabec(a)suse.com> --- Upstream accepted it: https://github.com/util-linux/util-linux/pull/3363/commits/930fed5559cd55b5… Factory will probably get 2.41 soon, and for other products, the fix backport will be submitted to the update channel. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235989] New: VUL-0: CVE-2024-9042: csi-node-driver-registrar: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235989 Bug ID: 1235989 Summary: VUL-0: CVE-2024-9042: csi-node-driver-registrar: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/436893/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, ceph-bugs(a)suse.de, security-team(a)suse.de Blocks: 1235978 Target Milestone: --- Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1235978 +++ Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Affected Versions * v1.32.0 * v1.31.0 to v1.31.4 * v1.30.0 to v1.30.8 * <=v1.29.12 To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9042 https://seclists.org/oss-sec/2025/q1/23 https://bugzilla.redhat.com/show_bug.cgi?id=2337297 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1235988] New: VUL-0: CVE-2024-9042: cri-o: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235988 Bug ID: 1235988 Summary: VUL-0: CVE-2024-9042: cri-o: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/436893/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, security-team(a)suse.de Blocks: 1235978 Target Milestone: --- Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1235978 +++ Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Affected Versions * v1.32.0 * v1.31.0 to v1.31.4 * v1.30.0 to v1.30.8 * <=v1.29.12 To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9042 https://seclists.org/oss-sec/2025/q1/23 https://bugzilla.redhat.com/show_bug.cgi?id=2337297 -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1235987] New: VUL-0: CVE-2024-9042: cri-tools: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235987 Bug ID: 1235987 Summary: VUL-0: CVE-2024-9042: cri-tools: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/436893/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, security-team(a)suse.de Blocks: 1235978 Target Milestone: --- Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1235978 +++ Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Affected Versions * v1.32.0 * v1.31.0 to v1.31.4 * v1.30.0 to v1.30.8 * <=v1.29.12 To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9042 https://seclists.org/oss-sec/2025/q1/23 https://bugzilla.redhat.com/show_bug.cgi?id=2337297 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1235985] New: VUL-0: CVE-2024-9042: multus: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235985 Bug ID: 1235985 Summary: VUL-0: CVE-2024-9042: multus: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/436893/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, mrostecki(a)suse.com, security-team(a)suse.de Blocks: 1235978 Target Milestone: --- Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1235978 +++ Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Affected Versions * v1.32.0 * v1.31.0 to v1.31.4 * v1.30.0 to v1.30.8 * <=v1.29.12 To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9042 https://seclists.org/oss-sec/2025/q1/23 https://bugzilla.redhat.com/show_bug.cgi?id=2337297 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1027519] Xen: Missing upstream bug fixes
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1027519 https://bugzilla.suse.com/show_bug.cgi?id=1027519#c254 --- Comment #254 from Maintenance Automation <maint-coord+maintenance-robot(a)suse.de> --- SUSE-SU-2025:0142-1: An update that solves one vulnerability and has one security fix can now be installed. URL: https://www.suse.com/support/update/announcement/2025/suse-su-20250142-1 Category: security (moderate) Bug References: 1027519, 1234282 CVE References: CVE-2024-53241 Maintenance Incident: [SUSE:Maintenance:37034](https://smelt.suse.de/incident/37034/) Sources used: openSUSE Leap 15.6 (src): xen-4.18.4_02-150600.3.15.2 Basesystem Module 15-SP6 (src): xen-4.18.4_02-150600.3.15.2 Server Applications Module 15-SP6 (src): xen-4.18.4_02-150600.3.15.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1212476] patch shebang line match the python version required in the package
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1212476 https://bugzilla.suse.com/show_bug.cgi?id=1212476#c96 --- Comment #96 from Maintenance Automation <maint-coord+maintenance-robot(a)suse.de> --- SUSE-RU-2025:0145-1: An update that contains one feature and has three fixes can now be installed. URL: https://www.suse.com/support/update/announcement/2025/suse-ru-20250145-1 Category: recommended (moderate) Bug References: 1188902, 1212476, 1216320 Jira References: PED-10504 Maintenance Incident: [SUSE:Maintenance:36956](https://smelt.suse.de/incident/36956/) Sources used: openSUSE Leap 15.5 (src): bubblewrap-0.11.0-150500.3.9.1, wayland-protocols-1.36-150500.3.3.1, flatpak-1.16.0-150500.3.15.1 openSUSE Leap 15.6 (src): bubblewrap-0.11.0-150500.3.9.1, flatpak-1.16.0-150600.3.6.1 Basesystem Module 15-SP6 (src): bubblewrap-0.11.0-150500.3.9.1 Desktop Applications Module 15-SP6 (src): flatpak-1.16.0-150600.3.6.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (src): bubblewrap-0.11.0-150500.3.9.1, wayland-protocols-1.36-150500.3.3.1, flatpak-1.16.0-150500.3.15.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (src): bubblewrap-0.11.0-150500.3.9.1, wayland-protocols-1.36-150500.3.3.1, flatpak-1.16.0-150500.3.15.1 SUSE Linux Enterprise Server 15 SP5 LTSS (src): bubblewrap-0.11.0-150500.3.9.1, wayland-protocols-1.36-150500.3.3.1, flatpak-1.16.0-150500.3.15.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5 (src): bubblewrap-0.11.0-150500.3.9.1, wayland-protocols-1.36-150500.3.3.1, flatpak-1.16.0-150500.3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1188902] [Build 20210728] qgis failed to build
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1188902 https://bugzilla.suse.com/show_bug.cgi?id=1188902#c10 --- Comment #10 from Maintenance Automation <maint-coord+maintenance-robot(a)suse.de> --- SUSE-RU-2025:0145-1: An update that contains one feature and has three fixes can now be installed. URL: https://www.suse.com/support/update/announcement/2025/suse-ru-20250145-1 Category: recommended (moderate) Bug References: 1188902, 1212476, 1216320 Jira References: PED-10504 Maintenance Incident: [SUSE:Maintenance:36956](https://smelt.suse.de/incident/36956/) Sources used: openSUSE Leap 15.5 (src): bubblewrap-0.11.0-150500.3.9.1, wayland-protocols-1.36-150500.3.3.1, flatpak-1.16.0-150500.3.15.1 openSUSE Leap 15.6 (src): bubblewrap-0.11.0-150500.3.9.1, flatpak-1.16.0-150600.3.6.1 Basesystem Module 15-SP6 (src): bubblewrap-0.11.0-150500.3.9.1 Desktop Applications Module 15-SP6 (src): flatpak-1.16.0-150600.3.6.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (src): bubblewrap-0.11.0-150500.3.9.1, wayland-protocols-1.36-150500.3.3.1, flatpak-1.16.0-150500.3.15.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (src): bubblewrap-0.11.0-150500.3.9.1, wayland-protocols-1.36-150500.3.3.1, flatpak-1.16.0-150500.3.15.1 SUSE Linux Enterprise Server 15 SP5 LTSS (src): bubblewrap-0.11.0-150500.3.9.1, wayland-protocols-1.36-150500.3.3.1, flatpak-1.16.0-150500.3.15.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5 (src): bubblewrap-0.11.0-150500.3.9.1, wayland-protocols-1.36-150500.3.3.1, flatpak-1.16.0-150500.3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235982] New: VUL-0: CVE-2024-9042: rook: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235982 Bug ID: 1235982 Summary: VUL-0: CVE-2024-9042: rook: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/436893/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, security-team(a)suse.de, stefan.haas(a)suse.com Blocks: 1235978 Target Milestone: --- Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1235978 +++ Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Affected Versions * v1.32.0 * v1.31.0 to v1.31.4 * v1.30.0 to v1.30.8 * <=v1.29.12 To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9042 https://seclists.org/oss-sec/2025/q1/23 https://bugzilla.redhat.com/show_bug.cgi?id=2337297 -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1235983] New: VUL-0: CVE-2024-9042: rke2,rke2-1.29,rke2-1.30,rke2-1.31: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235983 Bug ID: 1235983 Summary: VUL-0: CVE-2024-9042: rke2,rke2-1.29,rke2-1.30,rke2-1.31: kubelet: command injection affecting Windows nodes via nodes/*/logs/query API Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/436893/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, opensuse_buildservice(a)ojkastl.de, security-team(a)suse.de Blocks: 1235978 Target Milestone: --- Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1235978 +++ Windows nodes are vulnerable to a security issue that allows unauthorized command execution via the /logs endpoint, potentially compromising the host system. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Affected Versions * v1.32.0 * v1.31.0 to v1.31.4 * v1.30.0 to v1.30.8 * <=v1.29.12 To detect whether this vulnerability has been exploited, you can examine your cluster's audit logs to search for node 'logs' queries with suspicious inputs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9042 https://seclists.org/oss-sec/2025/q1/23 https://bugzilla.redhat.com/show_bug.cgi?id=2337297 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1163081] [Build 566.1] openQA test fails in start_install - Caller: /mounts/mp_0001/usr/share/YaST2/modules/Product.rb:129:in `FindBaseProducts' Details: No base product found
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1163081 Jeffrey Cheung <jcheung(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jcheung(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1234445] New: Cannot static link against libelf 0.192-1.1
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234445 Bug ID: 1234445 Summary: Cannot static link against libelf 0.192-1.1 Classification: openSUSE Product: openSUSE Tumbleweed Version: Slowroll Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: doreilly(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Building velociraptor with libelf-devel 0.192-1.1 fails with: exec: go "build" "-o" "output/velociraptor-v0.7.0-4-linux-amd64" "-tags" " server_vql extras release yara disable_gui linuxbpf libbpfgo_static " "-ldflags=-s -w -X \"www.velocidex.com/golang/velociraptor/config.build_time=2024-12-12T11:45:42…" -X \"www.velocidex.com/golang/velociraptor/config.commit_hash=27cfbe1d\"" "./bin/" # www.velocidex.com/golang/velociraptor/bin /usr/lib64/go/1.22/pkg/tool/linux_amd64/link: running gcc failed: exit status 1 /usr/lib64/gcc/x86_64-suse-linux/14/../../../../x86_64-suse-linux/bin/ld: /usr/lib64/gcc/x86_64-suse-linux/14/../../../../lib64/libelf.a(elf_begin.o): in function `file_read_elf': /home/abuild/rpmbuild/BUILD/elfutils-0.192/libelf/elf_begin.c:540:(.text+0x3a9): undefined reference to `eu_search_tree_init' /usr/lib64/gcc/x86_64-suse-linux/14/../../../../x86_64-suse-linux/bin/ld: /home/abuild/rpmbuild/BUILD/elfutils-0.192/libelf/elf_begin.c:540:(.text+0x529): undefined reference to `eu_search_tree_init' /usr/lib64/gcc/x86_64-suse-linux/14/../../../../x86_64-suse-linux/bin/ld: /usr/lib64/gcc/x86_64-suse-linux/14/../../../../lib64/libelf.a(elf_end.o): in function `elf_end': /home/abuild/rpmbuild/BUILD/elfutils-0.192/libelf/elf_end.c:136:(.text+0xb0): undefined reference to `eu_search_tree_fini' collect2: error: ld returned 1 exit status Seems to be fixed in libelf upstream https://sourceware.org/bugzilla/show_bug.cgi?id=32293 -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1229690] New: Periodic system freeze due to btrfs-cleaner even after uninstalling btrfsmaintenance
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1229690 Bug ID: 1229690 Summary: Periodic system freeze due to btrfs-cleaner even after uninstalling btrfsmaintenance Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: o.rojon(a)posteo.net QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0 Build Identifier: There are issues similar but not identical to the current one: - https://bugzilla.opensuse.org/show_bug.cgi?id=1063638 - https://bugzilla.opensuse.org/show_bug.cgi?id=1214988 - https://bugzilla.opensuse.org/show_bug.cgi?id=1111523 There is a regular btrfs-cleaner job which grinds the system to a halt, rendering it completely unresponsive for several minutes. It also happens in moments where I am working, completely disrupting my process (a note on that later). I tried several solutions to stop this from occurring, some of which are described here: https://en.opensuse.org/SDB:Disable_btrfsmaintenance: 1) Disabled Scheduled Maintenance. This did not change the behaviour, btrfs-cleaner continues being executed. 2) Resource Control services related to BTRFSMAINTENANCE with systemd and control groups. While this seemed to temporarily offset the resource usage of btrfs-cleaner in the cpu department, it regularly ground the system to a halt nonetheless. 3) Uninstall BTRFSMAINTENANCE altogether. This didn't do anything, btrfs-cleaner executes nonetheless and grinds the system to a halt. Reproducible: Didn't try Steps to Reproduce: Since I haven't understood the machinery that makes btrfs-cleaner run, I don't know how to reproduce the issue other than waiting for it to grind my system to a halt. By now, I am uncertain whether it is (or is not) related to BTRFSMAINTENANCE, which I spent a bit of time understanding (the systemd-units related to the script). Actual Results: I feel like no matter what I do (see Details), brtfs-cleaner will run anyway. I found one potential piece of interest while viewing and testing the systemd-units. It seems that the BTRFSMAINTENANCE-related units use systemd-settings to determine the current strain on the system in terms of CPU and IO which are called "CPUScheduling(Class|Priority)" and "IOScheduling(Class|Priority)" (not certain if Class or Priority was used anymore, sorry). Trying to activate the BTRFS-BALANCE.service manually, systemd showed that both options are unknown and thus ignored. If it is indeed the case that those options are not implemented in current iterations (found out about a week ago), it is a possible explanation as to why BTRFSMAINTENANCE (or btrfs-cleaner, I really don't know about their relationship) runs in moments when the system is in use, even if the setting for both options is "idle" which, according to my understanding of the manual, should prevent those jobs running when the system is currently in use. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1229732] [SELinux] investigate why relabeling sometime does not work
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1229732 https://bugzilla.suse.com/show_bug.cgi?id=1229732#c13 --- Comment #13 from Fabian Vogt <fvogt(a)suse.com> --- I currently do not understand how the %posttrans script in selinux-policy-targeted (or other policy packages) is supposed to work. FTR, this is how it looks right now, based on "rpm -q --scripts selinux-policy-targeted", formatted by hand: . /etc/selinux/config; if [ -e /etc/selinux/targeted/.rebuild ]; then rm /etc/selinux/targeted/.rebuild; /usr/sbin/semodule -B -n -s targeted; fi; if [ -n "${TRANSACTIONAL_UPDATE}" ]; then touch /etc/selinux/.autorelabel else if [ "${SELINUXTYPE}" = "targeted" ]; then if selinuxenabled; then load_policy; else # probably a first install of the policy true; fi; fi; if selinuxenabled; then if [ $1 -eq 1 ]; then /sbin/restorecon -R /root /var/log /run /etc/passwd* /etc/group* /etc/*shadow* 2> /dev/null; else . /etc/selinux/config; FILE_CONTEXT=/etc/selinux/targeted/contexts/files/file_contexts; if selinuxenabled; then if [ $? = 0 -a "${SELINUXTYPE}" = targeted -a -f ${FILE_CONTEXT}.pre ]; then /usr/sbin/fixfiles -C ${FILE_CONTEXT}.pre restore 2> /dev/null; rm -f ${FILE_CONTEXT}.pre; fi; if /sbin/restorecon -e /run/media -R /root /var/log /var/run /etc/passwd* /etc/group* /etc/*shadow* 2> /dev/null;then continue; fi; fi; fi; else # run fixfiles on next boot touch /.autorelabel fi; fi; I see some weird bugs already: - "if [ $? = 0 ..." after "if selinuxenabled" does not make sense - "continue;" without a loop? In addition, some questions: Is it guaranteed that ${FILE_CONTEXT}.pre exists and is 100% accurate? There should probably be a fallback to a full relabel on policy upgrades without a .pre file. Why is there a call to restorecon for those select paths, even in the case that fixfiles ran? Why those paths? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235659] AUDIT-0: fwupd: new polkit action ins version 2.0
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235659 https://bugzilla.suse.com/show_bug.cgi?id=1235659#c2 Matthias Gerstner <matthias.gerstner(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team(a)suse.de |matthias.gerstner(a)suse.com --- Comment #2 from Matthias Gerstner <matthias.gerstner(a)suse.com> --- I will have a look. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1234308] dracut (yast2 online_update) fails silently when /boot is full
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234308 Marcus Meissner <meissner(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235844] [Build 20250108-SELinux] java-*-openj9: openQA test fails in java because it requests execstack permission, which is not needed
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235844 Fabian Vogt <fvogt(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fvogt(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235844] [Build 20250108-SELinux] java-*-openj9: openQA test fails in java because it requests execstack permission, which is not needed
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235844 https://bugzilla.suse.com/show_bug.cgi?id=1235844#c1 Cathy Hu <cathy.hu(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[Build 20250108-SELinux] |[Build 20250108-SELinux] |openQA test fails in java |java-*-openj9: openQA test | |fails in java because it | |requests execstack | |permission, which is not | |needed CC| |fstrba(a)suse.com Assignee|security-team(a)suse.de |fstrba(a)suse.com Flags| |needinfo?(fstrba(a)suse.com) --- Comment #1 from Cathy Hu <cathy.hu(a)suse.com> --- Hi Fridrich, we are working on moving the tumbleweed default MAC from apparmor to selinux in enforcing mode and on openQA test fails in tumbleweed (to get a test system you can refer to: https://en.opensuse.org/Portal:SELinux/Setup#Tumbleweed) the issue can be reproduced with the commands in comment #1 the reason is that openj9 should not need the execstack permission. probably it is fixed by this commit, could you check and include this fix? might need backports as well. thanks a lot :) https://github.com/eclipse-openj9/openj9/commit/1d145652e0c18a0451e5a56e64e… -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1234308] dracut (yast2 online_update) fails silently when /boot is full
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234308 https://bugzilla.suse.com/show_bug.cgi?id=1234308#c22 Martin Wilck <martin.wilck(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |maint-coord(a)suse.de Flags| |needinfo?(maint-coord@suse. | |de) --- Comment #22 from Martin Wilck <martin.wilck(a)suse.com> --- Adding maint-coord to discuss whether to backport this fix to released service packs (see comment 16). -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1229732] [SELinux] investigate why relabeling sometime does not work
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1229732 https://bugzilla.suse.com/show_bug.cgi?id=1229732#c12 --- Comment #12 from Cathy Hu <cathy.hu(a)suse.com> --- ftr there was another report on tw relabeling not working after update: https://bugzilla.suse.com/show_bug.cgi?id=1234620#c3 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1234620] [SELinux] virt-manager fails with AVC denial
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234620 https://bugzilla.suse.com/show_bug.cgi?id=1234620#c3 --- Comment #3 from Cathy Hu <cathy.hu(a)suse.com> --- ah interesting, yes it should trigger it as you are on tumbleweed.... we have a bug open for relabeling issues (https://bugzilla.suse.com/show_bug.cgi?id=1229732) will crossreference your comment there until then, you can relabel manually to fix it :) thanks :) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1234619] New: CPU reporting and using incorrect max freq
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234619 Bug ID: 1234619 Summary: CPU reporting and using incorrect max freq Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-bugs(a)opensuse.org Reporter: ez2blost(a)yahoo.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- On an Intel i9-13900HX, /sys/devices/system/cpu/cpu*/cpufreq/cpuinfo_max_freq reports the same frequency as base_frequency. E.g., cat /sys/devices/system/cpu/cpu0/cpufreq/{base_frequency,cpuinfo_max_freq} 2200000 2200000 By default the maximum scaling frequency for performance is set to the cpuinfo_max_freq cat /sys/devices/system/cpu/cpu1/cpufreq/scaling_max_freq 2200000 However the maximum frequency for cpu1 is 5400000 as can be seen if a higher valuer is written to scaling_max_freq: echo 10000000 >| /sys/devices/system/cpu/cpu1/cpufreq/scaling_max_freq ; cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 5400000 By default the cpu frequency never exceeds 2.2Ghz resulting in poor performance. A workaround is to set the maximum scaling frequency in the TLP configuration file (if tlp is used), e.g. Echo "CPU_SCALING_MAX_FREQ_ON_AC=5400000" >> /etc/tlp.d/50.local.conf This is partial fix because other software, such as NVIDIA power management features, can reset the scaling_max_frequency to cpuinfo_max_frequency, and cannot be enabled easily without a performance hit. -- You are receiving this mail because: You are on the CC list for the bug.

1 9

[Bug 1234620] [SELinux] virt-manager fails with AVC denial
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234620 https://bugzilla.suse.com/show_bug.cgi?id=1234620#c2 --- Comment #2 from pallas wept <pallaswept(a)proton.me> --- (In reply to Cathy Hu from comment #1) > ah sorry just saw that i never told you that this should be fixed > > this should be fixed with the december policy update, please let me know if > it still occurs. thanks! No worries Cathy! I did get the error, but restorecon tells me that the target file label would change, which is new. Should the new policy packages automatically trigger file labels to change? I even have restorecond running here (I noticed it was removed from the meta package, should I remove it?) so I would have thought so. Anyway no worries for now, I'll do it manually. Thanks! -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1234620] [SELinux] virt-manager fails with AVC denial
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234620 https://bugzilla.suse.com/show_bug.cgi?id=1234620#c1 Cathy Hu <cathy.hu(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #1 from Cathy Hu <cathy.hu(a)suse.com> --- ah sorry just saw that i never told you that this should be fixed this should be fixed with the december policy update, please let me know if it still occurs. thanks! -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235689] New: ghostty files in the terminfo package break ghostty 1.0.1
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235689 Bug ID: 1235689 Summary: ghostty files in the terminfo package break ghostty 1.0.1 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem Assignee: werner(a)suse.com Reporter: mrueckert(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- please skip the intree ghostty files. we provide a terminfo-ghostty package with the latest files from the ghostty package. actually using ghostty with the files shipped inside of the terminfo package is broken. -- You are receiving this mail because: You are on the CC list for the bug.

1 13

[Bug 1235897] installation-images vs rpm 4.20: /usr/bin/rpm2cpio is now a symlink to rpm2archive
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235897 https://bugzilla.suse.com/show_bug.cgi?id=1235897#c1 Steffen Winterfeldt <snwint(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #1 from Steffen Winterfeldt <snwint(a)suse.com> --- fixed: - https://github.com/openSUSE/installation-images/pull/751 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1234665] New: Request to backport glibc patch for prctl bug on ppc64le
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234665 Bug ID: 1234665 Summary: Request to backport glibc patch for prctl bug on ppc64le Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: PowerPC-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: tdevries(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- I investigated a gdb testsuite failure on ppc64le, in gdb.ada/tasks.exp. The root cause turned out to be a glibc bug related to prctl ( https://sourceware.org/bugzilla/show_bug.cgi?id=29770 ). This is fixed in 2.40. Is a backport possible? Leap 15.6 has 2.38. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1234865] emacs-wayland startup failure
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234865 https://bugzilla.suse.com/show_bug.cgi?id=1234865#c48 --- Comment #48 from Stefan Dirsch <sndirsch(a)suse.com> --- Hmm. Not sure why these env variables are being set by default. This should only happen when running launching a program with switcherooctl and selecting nvidia device. I have things runnning here (including emasc-wayland 29.4) on a Laptop with Intel/nvidia Ampere, so a comparable system. With 565.77 driver packages for Leap 15.6. But these packages are not availabe officially. I guess you have your packages from nvidia's CUDA repository. Official packages for next production branch driver > 565 are planned for end of this month. Hopefully things will run better on your sytem with them. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235536] New: Flickering screen on TUF Gaming A16 FA617NSR. Functioning workaround.
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235536 Bug ID: 1235536 Summary: Flickering screen on TUF Gaming A16 FA617NSR. Functioning workaround. Classification: openSUSE Product: openSUSE Tumbleweed Version: Slowroll Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-bugs(a)opensuse.org Reporter: email(a)chanjp.me QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- # Problem Description ## Overview With an ASUS TUF Gaming A16 FA617NSR, the screen will flicker and the only thing being displayed are mostly white stripes. After a few seconds the screen is rendered properly again. The flickering does not occur during bootup, but starts when the mouse is visible and moving beginning from the login screen. This problem occurs in both X11 and Wayland sessions as well after logging in. This issue is explained in various forums as needing to set the graphics mode to Hybrid using the tools in https://asus-linux.org/ However, this does not appear to resolve the issue on this computer. It is also already in Hybrid mode, according to: sudo supergfxctl -g Hybrid ## How to Reproduce Weirdly however, the flickering only occurs with mouse movement. Furthermore, the flickering mostly disappears if the mouse is moving within the rendered window of a website in Firefox, but flickers again if it is in the menubar or other parts of the screen that are not part of the website. # Current Workaround Finally, as a strange but completely feasible workaround until someone figures this out, if I play a video using Firefox, the flickering bug no longer appears. The flickering effect returns when I navigate away from the video even if it is still playing. However, playing the video using the Picture-in-Picture option (and setting it to be always on top of other windows) in Firefox stabilizes the desktop experience again. Playing videos in VLC does not stop the flickering. Do let me know what kind of debug logs to collect that will shed more light on this bug. # System Info Operating System: openSUSE Tumbleweed 20250106 KDE Plasma Version: 6.2.5 KDE Frameworks Version: 6.9.0 Qt Version: 6.8.1 Kernel Version: 6.12.8-1-default (64-bit) Graphics Platform: Wayland Processors: 16 × AMD Ryzen 7 7435HS Memory: 31.1 GiB of RAM Graphics Processor: AMD Radeon RX 7600S Manufacturer: ASUSTeK COMPUTER INC. Product Name: ASUS TUF Gaming A16 FA617NSR_FA617NSR System Version: 1.0 -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1233517] VUL-0: CVE-2025-23013: pam_u2f: problematic PAM_IGNORE return values in `pam_sm_authenticate()`
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1233517 Matthias Gerstner <matthias.gerstner(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(matthias.gerstner | |(a)suse.com) | -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1233517] VUL-0: CVE-2025-23013: pam_u2f: problematic PAM_IGNORE return values in `pam_sm_authenticate()`
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1233517 Paolo Perego <paolo.perego(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |matthias.gerstner(a)suse.com Flags| |needinfo?(matthias.gerstner | |(a)suse.com) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235962] New: No FDE password accepted indication and no boot progress on screen
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235962 Bug ID: 1235962 Summary: No FDE password accepted indication and no boot progress on screen Classification: openSUSE Product: openSUSE Aeon Version: Current Hardware: x86-64 OS: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Desktop Environment Assignee: rbrown(a)suse.com Reporter: woord(a)duck.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Build Identifier: At system start up, when the FDE password has been entered, there is no indication on screen that the password has been accepted and that the boot process is in progress. Boot time may vary significantly depending on upgrades being applied. Currently the only visual cue that the operating system is being loaded, is the HD LED on the PC. An on screen message that OS loading is actually happening would be informative. Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1235689] ghostty files in the terminfo package break ghostty 1.0.1
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235689 Emiliano Langella <emiliano.langella(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |emiliano.langella(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235959] Kernel 6.6.69 & 6.6.71 does not boot
by bugzilla_noreply＠suse.com 16 Jan '25

16 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235959 Takashi Iwai <tiwai(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rfrohl(a)suse.com, | |tiwai(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0