[Bug 1225537] New: openSUSE Leap 15.6 known security regressions
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug ID: 1225537 Summary: openSUSE Leap 15.6 known security regressions Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: lubos.kocman@suse.com Blocks: 1224165 Target Milestone: --- Found By: --- Blocker: --- The packages listed blow are missing security maintenance in Leap 15.6 that we already released into openSUSE Leap 15.5. We should not release a new distribution release with known vulnerability regressions. Specifically these are maintenance updates we already performed into penSUSE:Backports:SLE-15-SP5:Update, that are not in openSUSE:Backports:SLE-15-SP6 in one way or another. boo#1217918 tor https://build.opensuse.org/request/show/1177405 to TW boo#1223420 cJSON https://build.opensuse.org/request/show/1176529 to devel project boo#1216403 gifsicle https://build.opensuse.org/request/show/1177406 to TW boo#1216429 roundcubemail https://build.opensuse.org/request/show/1177407 to TW boo#1222593, boo#1222594 sngrep https://build.opensuse.org/request/show/1177409 to TW boo#1212060, boo#1212061, boo#1212062, boo#1212063 sox https://build.opensuse.org/request/show/1177410 boo#1217153 yt-dlp https://build.opensuse.org/request/show/1177411 Bonus: CVE-2024-22423 not addressed boo#1219775, boo#1218199 zabbix https://build.opensuse.org/request/show/1177412 This does not include a comparison as to what is fixed in in Tumbleweed and missing in Leap 15.6. Ask to security and release team: monitor all of the above, and ensure that these or equivalent updates are submitted -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
https://bugzilla.suse.com/show_bug.cgi?id=1225537#c1
--- Comment #1 from Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1217918, which changed state. Bug 1217918 Summary: VUL-0: tor: UAF and NULL pointer dereference crash on Exit relays (TROVE-2023-007) https://bugzilla.suse.com/show_bug.cgi?id=1217918 What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1216403, which changed state. Bug 1216403 Summary: VUL-0: CVE-2023-46009: gifsicle: floating point exception vulnerability via resize_stream at src/xform.c https://bugzilla.suse.com/show_bug.cgi?id=1216403 What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1212060, which changed state. Bug 1212060 Summary: VUL-0: CVE-2023-26590: sox: floating point exception in src/aiff.c https://bugzilla.suse.com/show_bug.cgi?id=1212060 What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1212061, which changed state. Bug 1212061 Summary: VUL-0: CVE-2023-32627: sox: floating point exception in src/voc.c https://bugzilla.suse.com/show_bug.cgi?id=1212061 What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1212062, which changed state. Bug 1212062 Summary: VUL-0: CVE-2023-34318: sox: heap-buffer-overflow in src/hcom.c https://bugzilla.suse.com/show_bug.cgi?id=1212062 What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1212063, which changed state. Bug 1212063 Summary: VUL-0: CVE-2023-34432: sox: heap-buffer-overflow in src/formats_i.c https://bugzilla.suse.com/show_bug.cgi?id=1212063 What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
https://bugzilla.suse.com/show_bug.cgi?id=1225537#c2
--- Comment #2 from Andreas Stieger
boo#1216403 gifsicle https://build.opensuse.org/request/show/1177406
This is missing in 15.5 instead -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1212063, which changed state. Bug 1212063 Summary: VUL-0: CVE-2023-34432: sox: heap-buffer-overflow in src/formats_i.c https://bugzilla.suse.com/show_bug.cgi?id=1212063 What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1218199, which changed state. Bug 1218199 Summary: VUL-0: CVE-2023-32727: zabbix: potential arbitrary code execution in icmpping() function https://bugzilla.suse.com/show_bug.cgi?id=1218199 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1217918, which changed state. Bug 1217918 Summary: VUL-0: tor: UAF and NULL pointer dereference crash on Exit relays (TROVE-2023-007) https://bugzilla.suse.com/show_bug.cgi?id=1217918 What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1212060, which changed state. Bug 1212060 Summary: VUL-0: CVE-2023-26590: sox: floating point exception in src/aiff.c https://bugzilla.suse.com/show_bug.cgi?id=1212060 What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1222594, which changed state. Bug 1222594 Summary: VUL-0: CVE-2024-3120: sngrep: stack-buffer overflow due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers https://bugzilla.suse.com/show_bug.cgi?id=1222594 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1219775, which changed state. Bug 1219775 Summary: VUL-0: CVE-2024-22119: zabbix: stored XSS in graph items select form https://bugzilla.suse.com/show_bug.cgi?id=1219775 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1222593, which changed state. Bug 1222593 Summary: VUL-0: CVE-2024-3119: sngrep: buffer overflow due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers https://bugzilla.suse.com/show_bug.cgi?id=1222593 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1212061, which changed state. Bug 1212061 Summary: VUL-0: CVE-2023-32627: sox: floating point exception in src/voc.c https://bugzilla.suse.com/show_bug.cgi?id=1212061 What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1216429, which changed state. Bug 1216429 Summary: VUL-0: CVE-2023-46267: roundcube: XSS via a text/html e-mail message containing an SVG image with a USE element https://bugzilla.suse.com/show_bug.cgi?id=1216429 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1212062, which changed state. Bug 1212062 Summary: VUL-0: CVE-2023-34318: sox: heap-buffer-overflow in src/hcom.c https://bugzilla.suse.com/show_bug.cgi?id=1212062 What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537 Bug 1225537 depends on bug 1217153, which changed state. Bug 1217153 Summary: VUL-0: CVE-2023-46121: yt-dlp: MITM from yt-dlp's HTTP session https://bugzilla.suse.com/show_bug.cgi?id=1217153 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
Andreas Stieger
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225537
https://bugzilla.suse.com/show_bug.cgi?id=1225537#c5
Andreas Stieger
participants (1)
-
bugzilla_noreply@suse.com