Home Home > Tag > CVE
Sign up | Login

Posts Tagged ‘CVE’

Latest Tumbleweed Snapshot Brings Major Versions of Flatpak, qemu, Thunderbird , Nano

September 14th, 2018 by

Since the last openSUSE Tumbleweed update, three snapshots have been released and the latest snapshot has brought two new major versions of both Flatpak and qemu.

On the heels of the Libre Application Summit last week, which is a conference focusing on sandboxing and application distribution, a new major version of Flatpak was released in Snapshot 20180911. Flatpak 1.0 marks a significant improvement in performance and reliability, and includes a big collection of bug fixes with a collection of new features. Naturally, libostree 2018.8 was updated with Flatpak and added a new feature that provides an auto-update-summary config option for repositories. Full-system emulation with qemu 3.0.0 isn’t necessarily significant. The changelog states not to “read anything into the major version number update. It’s been decided to increase the major version number each year.” Yet there is improved support for nested Kernel-based Virtual Machine (KVM) guests running on Hyper-V. The project did emphasized that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package. Mesa 18.1.7 had a handful of fixes and once again added wayland to egl_platforms. The Linux Kernel 4.18.7 added support for Intel Ice Lake microarchitecture in the snapshot. There were several other minor updates in the snapshot, but the nodejs10 update to version 10.9.0 brought a few Common Vulnerability and Exposure (CVE) fixes and upgraded dependencies to OpenSSL 1.0.2.

Mozilla Thunderbird also received a major version update this week in snapshot 20180910. Thunderbird 60.0 improved message handling and composing and also provided Internet Message Access Protocol (IMAP) fixes. A list of CVEs were addressed with the update and the email client also added support for OAuth2 and FIDO U2F. Pixel format translation library babl updated its license to LGPL 3.0 in with the version update to 0.1.56. The library and command-line tool for transferring data using various protocols known as curl had several changes in version 7.61.1 and warn the user if a given file name looks like an option. The GNOME Web browser package epiphany 3.28.4 fixes a crash on homedepot.com and improved the performance of adblocker. The 4.18.6 kernel was made available in this snapshot. Text editor nano 3.0  also had a major version update and provided some speed improvements. Pdf renderer poppler 0.68.0 added Reason and Location to SignatureInfo. Web developers will be happy to see webkit2gtk3 2.22.0. The updated webkit2gtk3 package provides a new JavaScriptCore GLib application programming interface (API) and added playbin3 support to GStreamer media backend.


Tumbleweed Snapshots Bring Changes for KVM, QEMU, Xen

August 23rd, 2018 by

Two openSUSE Tumbleweed snapshots were once again released this past week, which included two Linux Kernel updates.

The most recent snapshot, 20180818, updated the kernel to version 4.18.0, which brought many changes for KVM (Kernel-based Virtual Machine). Mozilla Firefox 61.0.2 improved website rendering with the Retained Display List feature enabled and also fixed broken DevTools panels. The ffmpeg 4.0.2 package in the snapshot added conditional package configuration and AOMedia Video 1 (AV1) support. Netfilter project nftables was restored as the default backend with firewalld 0.6.1 and now nftables and iptables can co-exist after a bug fix with the ‘nat’ table form the 4.18 kernel. The Command Line Interface configuration utility for wireless devices known as iw added support in its 4.14 for all new kernel features of kernel 4.14. The HTTP client/server library for GNOME, libsoup 2.62.3, now uses an atomic-refcounting in classes that are not using GObject-refcounting. The Linux Kernel 4.16 or higher is needed for the strace 4.24 package, which implemented decoding of KVM vcpu (virtual central processing unit) exit reason as an option, and yast2-http-server 4.1.1 fixed PHP support by dropping php5 and using php7.

The 20180815 Tumbleweed snapshot had the last 4.17 kernel with an update from Kernel 4.17.3 to 4.17.4. The new version of ImageMagick has the XBM coder leave the hex image data uninitialized if hex value of the pixel is negative. Several fixes were made with btrfsprogs 4.17.1 and an add ability to fix wrong ram_bytes for compressed inline files was also made with the package update in the snapshot. The advanced twin panel file manager for KDE Plasma, krusader 2.7.1, had a few fixes including a fix to the search bar in the application that showed results for a file that was deleted. The qemu 2.12.1 package dropped several patches and the updated gave new mitigation functionality for CVE-2018-3639. Caching proxy squid 4.2 provided fixes for GNU Compiler Collection 8 and a missing pointer. There were also several patches in the xen 4.11.0 update for GCC 8 and the yast2-storage-ng 4.1.4 update addressed the partitioner and now displays Xen virtual partitions and allows users to format and mount them.

Snapshot 20180815 recorded a stable rating of 93 on the snapshot reviewer and 20180818 is currently trending a moderate rating of 86.

Language, Networking Packages Get Updates in Tumbleweed

August 16th, 2018 by

There were two openSUSE Tumbleweed snapshots this past week that mostly focused on language and network packages.

The Linux Kernel also received an update a couple days ago to version 4.17.13.

The packages in the 20180812 Tumbleweed snapshot brought fixes in NetworkManager-applet 1.8.16, which also modernized the package for GTK 3 use in preparations for GTK 4. The free remote desktop protocol client had its third release candidate for freerdp 2.0.0 where it improved automatic reconnects, added Wave2 support and fixed automount issues. More network device card IDs for the Intel 9000 series were added in kernel  4.17.13. A jump from libstorage-ng 4.1.0 to version 4.1.10 brought several translations and added unit test for probing xen xvd devices. Two Common Vulnerabilities and Exposures fixes were made with the update in postgresql 10.5. Several rubygem packages were updated to versions 5.2.1 including rubygem-rails 5.2.1, which makes the master.key file read-only for the owner upon generation on POSIX-compliant systems. Processing XML and HTML with python-lxml 4.2.4 should have fewer crashes thanks to a fix of sporadic crashes during garbage collection when parse-time schema validation is used and the parser participates in a reference cycle. Several YaST packages receive updates including a new ServiceWidget to manage the service status with yast2-ftp-server 4.1.3 as well with yast2-http-server, yast2-slp-server and yast2-squid 4.1.0 versions.

The snapshot from 20180808 brought the firewalld 0.6.0 version, which switched back to an ‘iptables’ backend as a default; “loads of new services” were added in the newer version including the addition of firewall-config adding a ipv6-icmp to the protocol dropdown box. The Linux Filesystem in Userspace interface, fuse 2.9.8, provided security update for systems where SELinux is active. The security update stops an unprivileged users to specify the allow_other option even when it was forbidden in the /etc/fuse.conf. The snapshot also updated yast2-network 4.1.5 that fixes the networking AutoYaST schema

Snapshot 20180808 recorded a stable rating of 95 on the snapshot reviewer and 20180812 is trending at a 96 rating.

Tumbleweed Gets Python Setuptools 40.0, New Versions of Frameworks, Applications

July 26th, 2018 by

Several packages were updated in openSUSE Tumbleweed snapshots this week and developers will notice the snapshots are reported to be extremely stable.

Wireshark, sysdig, GNOME’s evolution, KDE’s Frameworks and Applications, Ceph, vim and python-setuptools were just a few of the many packages that arrived in Tumbleweed this week.

Wireshark 2.6.2 received several Common Vulnerabilities and Exposures (CVE) updates in snapshot 20180723, which included a HTTP2 dissector crash. The sysdig tool for deep system visibility with native support for containers had a minor update to 0.22.0 and added support for addional custom container types alongside Docker. Configurable text editor vim was updated to version 8.1.0200 and poppler 0.66.0 fixed compilations with some strict compilers when rendering PDFs. Google’s RE2 package, which is fast, safe, thread-friendly alternative to backtracking regular expression engines like those used in PCRE, Perl, and Python, simplified the spec file and fixed a Deterministic Finite Automaton (DFA) out of memory error. Cups-filters 1.20.4 made some ipp and ipps changes and also removed support for hardware-implemented reversing of page order in PostScript printers for some rare printers. (more…)

Tumbleweed Starts Week with Plasma, DigiKam Updates

April 6th, 2018 by

KDE‘s newest point version of Plasma 5.12.4 was released in the first of five openSUSE Tumbleweed snapshots that were released this week.

The  most recent snapshot was 20180403 and it included several updates for gstreamer 1.12.5 packages. Multiple bugs were fixed for gstreamer-editing-services, gstreamer-plugins-libav and gstreamer-validate. The gstreamer-rtsp-server package update to 1.12.5 had to drop the pkgconfig(libcgroup) because of a clash with systemd that causes bug reports. The Lightweight Directory Access Protocol, openldap2 version 2.4.46, fixed a Transport Layer Security connection timeout and removed obsolete back-port patches. The python-cryptography package update from version 2.1.4 to 2.2.1 and allows for the loading of Digital Signature Algorithm Keys with 224 bit q size. The snapshot is currently trending at 91 rating on the rating tool.

The 1.12.5 gstreamer package arrived in snapshot 20180402. The new gstreamer package, which constructs the graphs of media-handling components, fixes the handling of encoded silence, the tagging of keyframes on output buffers and updates the internal copy to ffmpeg 3.3.6. The Generic Graphics Library gegl 0.3.30 now has a build requirement of GIMP 2.10.0 and had some complex changes in the NEWS file.

Snapshot 20180401 added Application Programming Interface support for Microsoft’s .NET 4.7.1 with the update of the mono-core package to version 5.8.1, and snapshot 20180331 update Mozilla Firefox to version 59.0.2. The new version of Firefox fixed more than a handful of bugs, added a couple patches and Common Vulnerabilities and Exposures CVE-2018-5148.


Tumbleweed Has Updates for Frameworks, Applications, Plasma

February 22nd, 2018 by

The were plenty of updated packages in openSUSE Tumbleweed this week and KDE updates were made available for Frameworks, Applications and Plasma.

While the most recent snapshot didn’t include an update of a KDE package, four out of the six snapshots this week did.

Snapshot 20180220 brought a few lesser known packages. The C library for asynchronous DNS requests known as c-ares updated to version 1.14.0. The c-ares update provided a patch for Common Vulnerabilities and Exposures (CVE)-2017-1000381 to protect against a network attack. The image view Eye of GNOME updated translations with the eog-plugins 3.26.2. The Xfce library targeted at application development known as Exo now has version 0.12.0, which was released from upstream six day before being released in this 20180220 snapshot. The requirements were updated for exo 0.12.0 and they include GTK 2.24, GTK 3.22, GLib 2.42, libxfce4ui 4.12 and libxfce4util 4.12. Developers looking to generate random numbers will find the update of the haveged 1.9.2 package. The Haveged package contains a daemon that generates an unpredictable stream of random numbers and feeds the /dev/random device.

Linux Kernel 4.15.4 provided a fix to auto-negotiate security settings mismatches the 20180219 snapshot. Issues with AppStream required appstream-glib to revert from version 0.7.5 back to 0.7.4. The snapshot brought the first point release for KDE’s Long Term Support release of Plasma 5.12. The Plasma 5.12.1 version fixed several bugs including a fix for the mouse settings module that was crashing on Wayland.


Freetype, Flatpak, Sysdig Receive Updates in Tumbleweed

February 15th, 2018 by

The streak of six Tumbleweed snapshots continued this a week as openSUSE’s rolling release has provided a consistent release of six snapshots per week this year.

There were hundreds of packages updated this week and sysdig, Freetype and Flatpak were just a few of the many packages to receive an updated version.

At the time of publishing this article, snapshot 20180213 was the most recent snapshot released. Mozilla Firefox 58.0.2 fixed a tab crash during printing. The package yast2-ca-management was dropped with the autoyast2 4.0.31 update. A new set of functions that allows 64-bit offsets even on 32-bit systems are now available with cryptsetup 2.0.1, which is a user-space utility for dealing with the DMCrypt kernel module for setting up encrypted disk volumes. Cryptsetup also increased maximum allowed Password-Based Key Derivation Function 2 (PBKDF) memory-cost limit to 4 GiB. Another notable package in the snapshot was the update of the Ruby debugger package rubygem-byebug  10.0.0, which added Ruby 2.5.0 support and fixed a remote server crash when interrupting a client.

KDE Applications 17.12.2 was made available in the 20180212 snapshot; about 20 recorded bugfixes include improvements to Kontact, Dolphin, Gwenview, KGet and Okular. View the changelog for a full list of changes and fixes for Applications 17.12.2. Flatpak 0.10.3 fixed vulnerability in dbus proxy and updated a Polish translation. Position Independent Executables improvements were made with Snappy 1.1.7 as well as improvements to CMake build support for 64-bit Linux distributions. Added support for the USB 3.1 SuperSpeedPlus device capability was also made available in the snapshot with the usbutils 009 package. There were also several YaST package updates.


Plasma 5.11, GNOME 3.26.1 Land in Tumbleweed

October 12th, 2017 by

The week has been pretty exciting for desktop enthusiast running openSUSE Tumbleweed since two of this week’s snapshots delivered new versions of GNOME and KDE respectively.

Snapshot 20171010, which is the most recent release, fixed numerous memory leaks with ImageMagick and apache 2.4.28 fixed Optionsbleed or Common Vulnerabilities and Exposures (CVE)-2017-9798, which allows remote attackers to read secret data from process memory. Cmake 3.9.4 added support for Boost 1.65.0 and 1.65.1 and hplip 3.17.9 added support for several new printers. New features were added for the Quick Emulator (QEMU) with the new libvirt 3.8.0 version. Two major version updates were also available in the snapshot; some targets may rebuild when upgrading with the software construction tool SCons 3.0.0 and the memory allocator Jemalloc 5.0.1 added several improvements and new features including the addition of mutex profiling, which collects a variety of statistics useful for diagnosing overhead/contention issues.

Tumbleweed KDE users saw Plasma 5.11 make its way into snapshot 20171009 less than 24 hours after the official upstream release. The new Plasma 5.11 brings a redesigned settings app, improved notifications and a more powerful task manager. The release is the first release to contain the new “Vault”, a system to allow the user to encrypt and open sets of documents in a secure and user-friendly way.    Several CVE fixes were made with the update of Mozilla Firefox 56.0, but users should be aware that Firefox has no 32-bit builds for the application. The Linux Kernel was also upgraded to version 4.13.5 in the snapshot.

Several libraries and XFCE plugins were updated in the 20171007 snapshot and Mesa 17.2.2 had several Vulkan ANV/RADV driver fixes. Support for LLVM 5.0 for the Gallium3D architecture when using SCons was also added with the new Mesa version. YaST 4.0.10 fixed the handling of Pretty Good Privacy (PGP) signatures when running in insecure mode. (more…)

Tumbleweed Goes Astronomical

October 5th, 2017 by

Astronomers using openSUSE Tumbleweed received some major software enhancements in a snapshot this week and the four snapshots released also addressed some architecture issues and critical bug fixes.

The snapshots also brought new versions of the Linux Kernel, git, GNU Compiler Collection and mpg123.

The most recent snapshot to be released, snapshot 20171001, provided an update to the programming tool binutils 2.29.1. An update of the branch head of GNU Compiler Collection 7 disabled a patch to verify a test case. The network authentication protocol krb5 1.15.2 fixed a Key Distribution Center (KDC) Denial of Service (DoS) vulnerability caused by unset status strings; Common Vulnerabilities and Exposures (CVE-2017-11368).

Snapshot 20170929 updated ImageMagick and fixed numerous memory leaks. The Linux Kernel was updated to version 4.13.4 and made several changes, which included fixes for PowerPC and S390. The KBD Project, which offers the package that helps with managing the Linux console, virtual terminals, keyboards and more, received an update to kbd 2.0.4. Git 2.14.2 provided various fixes for output correctness. An updated version of the Router Advertisement Daemon to radvd 2.17 added systemd service file. Several bugs were fixed with the update of php7 7.1.10 including bug 75093 that affected curl detection for OpenSSL, which was not detected. A proper fix for the xrpnt overflow problems were made for the MPEG Audio Player and decoder library mpg123 with version 1.25.7.


Plasma, Ceph, Git Update in Tumbleweed

July 6th, 2017 by

Plasma 5.10.3, Ceph, Git and LibreOffice are among the top package to arrive in openSUSE Tumbleweed this week.

A total of six openSUSE Tumbleweed snapshots arrived in the repositories this week and one of the snapshots includes a new beta version of AqBanking for banking.

AqBanking, which is the successor of OpenHBCI2, is a free library for online-banking and abides by the open German Online Banking Standard. The 20170629 snapshot updated Aqbanking to the 5.7.6 Beta version, which fixes an unclean Transport Layer Security connection shutdown by HBCI servers.

The most recent snapshot, 20170703, had two packages. It updated the Linux Kernel to 4.11.8, which fixed ldisc crash on reopened tty. Kernel 4.11.7 was updated earlier in the week in snapshot 20170628 and had multiple insertions and deletions. Snapshot 20170703 also delivered nano 2.8.5 and now avoids some flickering when resizing the screen while in the file browser.

Snapshot 20170702 brought much of the Plasma 5.10.3 packages that include feature refinements and new modules to complete the desktop experience; the release also Introduced KDE_NO_GLOBAL_MENU env variable to disable global menu, which allows the run of specific Qt applications with global menu disabled in case of issues. Besides the KDE packages, yast2 3.2.40 added support for the new Expert Partitioner and yast2-apparmor 3.2.1 fixed the name of apparmor systemd service.