==========================================================================
Ubuntu Security Notice USN-6386-2
September 29, 2023
linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
Details:
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)
It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)
Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2023-4569)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
linux-image-5.15.0-1038-raspi 5.15.0-1038.41
linux-image-raspi 5.15.0.1038.36
linux-image-raspi-nolpae 5.15.0.1038.36
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6386-2
https://ubuntu.com/security/notices/USN-6386-1
CVE-2023-20588, CVE-2023-40283, CVE-2023-4128, CVE-2023-4569
Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1038.41
Friday, September 29, 2023
Thursday, September 28, 2023
Contact attempt for the Inactive Packagers Policy for the F39 release cycle
****
This email was sent both to the mailing list for raising awareness to
the community and BCC directly to the affected users from which we need
a reply. If you have received this email only from the mailing list, you
can ignore the next part.
****
Hello,
during our periodic check as per the "Inactive packagers policy" [1] we
detected no activity from you as a packager, nor in other Fedora
community places, like Bodhi or mailing lists.
In order to reduce security risks from possible accounts hijacking we
tried to contact you by tagging your username in the appropriate ticket
within pagure.io repository [2], but your username is not registered
there, so we cannot contact you in that way.
Please, let us know if you're still intersted in participating in Fedora
and if you still need your account to be listed in the packager group.
You can reply here in the mailing list, so that your activity can be
detected by the script, or just login in pagure.io with your Fedora
account and reply to the ticket which refers to your username.
Without any reply from you, one week after the release of F39 the
`packager` group membership will be removed from your account and any
package for which you are the main admin will be orphaned, so that
co-maintainers can pick them up.
[1]
https://docs.fedoraproject.org/en-US/fesco/Policy_for_inactive_packagers/
[2] https://pagure.io/find-inactive-packagers/issues
Thank you.
Mattia
---------
This is the full list of usernames which cannot be reached by tag in
pagure.io:
gsgatlin
dmarlin
andriy
buytenh
jbernard
shardy
bhills
lgao
lgoncalv
krionbsd
rkennke
angelonord
athomas
dmaley
eglynn
endur
florencia
mwringe
rosslagerwall
sgros
tlavocat
xinghong
pcullen
jshort
---------
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
This email was sent both to the mailing list for raising awareness to
the community and BCC directly to the affected users from which we need
a reply. If you have received this email only from the mailing list, you
can ignore the next part.
****
Hello,
during our periodic check as per the "Inactive packagers policy" [1] we
detected no activity from you as a packager, nor in other Fedora
community places, like Bodhi or mailing lists.
In order to reduce security risks from possible accounts hijacking we
tried to contact you by tagging your username in the appropriate ticket
within pagure.io repository [2], but your username is not registered
there, so we cannot contact you in that way.
Please, let us know if you're still intersted in participating in Fedora
and if you still need your account to be listed in the packager group.
You can reply here in the mailing list, so that your activity can be
detected by the script, or just login in pagure.io with your Fedora
account and reply to the ticket which refers to your username.
Without any reply from you, one week after the release of F39 the
`packager` group membership will be removed from your account and any
package for which you are the main admin will be orphaned, so that
co-maintainers can pick them up.
[1]
https://docs.fedoraproject.org/en-US/fesco/Policy_for_inactive_packagers/
[2] https://pagure.io/find-inactive-packagers/issues
Thank you.
Mattia
---------
This is the full list of usernames which cannot be reached by tag in
pagure.io:
gsgatlin
dmarlin
andriy
buytenh
jbernard
shardy
bhills
lgao
lgoncalv
krionbsd
rkennke
angelonord
athomas
dmaley
eglynn
endur
florencia
mwringe
rosslagerwall
sgros
tlavocat
xinghong
pcullen
jshort
---------
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Wednesday, September 27, 2023
[USN-6369-2] libwebp vulnerability
==========================================================================
Ubuntu Security Notice USN-6369-2
September 28, 2023
libwebp vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
libwebp could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- libwebp: Lossy compression of digital photographic images.
Details:
USN-6369-1 fixed a vulnerability in libwebp. This update provides the
corresponding update for Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that libwebp incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a
specially crafted image file, a remote attacker could use this issue to
cause libwebp to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libwebp6 0.6.1-2ubuntu0.18.04.2+esm1
libwebpdemux2 0.6.1-2ubuntu0.18.04.2+esm1
libwebpmux3 0.6.1-2ubuntu0.18.04.2+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6369-2
https://ubuntu.com/security/notices/USN-6369-1
CVE-2023-4863
Ubuntu Security Notice USN-6369-2
September 28, 2023
libwebp vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
libwebp could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- libwebp: Lossy compression of digital photographic images.
Details:
USN-6369-1 fixed a vulnerability in libwebp. This update provides the
corresponding update for Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that libwebp incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a
specially crafted image file, a remote attacker could use this issue to
cause libwebp to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libwebp6 0.6.1-2ubuntu0.18.04.2+esm1
libwebpdemux2 0.6.1-2ubuntu0.18.04.2+esm1
libwebpmux3 0.6.1-2ubuntu0.18.04.2+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6369-2
https://ubuntu.com/security/notices/USN-6369-1
CVE-2023-4863
[USN-6400-1] Python vulnerability
==========================================================================
Ubuntu Security Notice USN-6400-1
September 27, 2023
python2.7, python3.5 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Python could be made to expose sensitive information.
Software Description:
- python2.7: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language
Details:
It was discovered that Python did not properly provide constant-time
processing for a crypto operation. An attacker could possibly use this
issue to perform a timing attack and recover sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libpython2.7 2.7.17-1~18.04ubuntu1.13+esm2
libpython2.7-minimal 2.7.17-1~18.04ubuntu1.13+esm2
libpython2.7-stdlib 2.7.17-1~18.04ubuntu1.13+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libpython2.7 2.7.12-1ubuntu0~16.04.18+esm7
libpython2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm7
libpython2.7-stdlib 2.7.12-1ubuntu0~16.04.18+esm7
libpython3.5 3.5.2-2ubuntu0~16.04.13+esm11
libpython3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm11
libpython3.5-stdlib 3.5.2-2ubuntu0~16.04.13+esm11
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6400-1
CVE-2022-48566
Ubuntu Security Notice USN-6400-1
September 27, 2023
python2.7, python3.5 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Python could be made to expose sensitive information.
Software Description:
- python2.7: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language
Details:
It was discovered that Python did not properly provide constant-time
processing for a crypto operation. An attacker could possibly use this
issue to perform a timing attack and recover sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libpython2.7 2.7.17-1~18.04ubuntu1.13+esm2
libpython2.7-minimal 2.7.17-1~18.04ubuntu1.13+esm2
libpython2.7-stdlib 2.7.17-1~18.04ubuntu1.13+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libpython2.7 2.7.12-1ubuntu0~16.04.18+esm7
libpython2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm7
libpython2.7-stdlib 2.7.12-1ubuntu0~16.04.18+esm7
libpython3.5 3.5.2-2ubuntu0~16.04.13+esm11
libpython3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm11
libpython3.5-stdlib 3.5.2-2ubuntu0~16.04.13+esm11
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6400-1
CVE-2022-48566
[USN-6399-1] Puma vulnerability
==========================================================================
Ubuntu Security Notice USN-6399-1
September 27, 2023
puma vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
Summary:
Puma could allow HTTP Request Smuggling attacks.
Software Description:
- puma: threaded HTTP 1.1 server for Ruby/Rack applications
Details:
It was discovered that Puma incorrectly handled parsing certain headers. A
remote attacker could possibly use this issue to perform an HTTP request
Smuggling attack.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
puma 5.6.5-3ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6399-1
CVE-2023-40175
Package Information:
https://launchpad.net/ubuntu/+source/puma/5.6.5-3ubuntu1.1
Ubuntu Security Notice USN-6399-1
September 27, 2023
puma vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
Summary:
Puma could allow HTTP Request Smuggling attacks.
Software Description:
- puma: threaded HTTP 1.1 server for Ruby/Rack applications
Details:
It was discovered that Puma incorrectly handled parsing certain headers. A
remote attacker could possibly use this issue to perform an HTTP request
Smuggling attack.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
puma 5.6.5-3ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6399-1
CVE-2023-40175
Package Information:
https://launchpad.net/ubuntu/+source/puma/5.6.5-3ubuntu1.1
[USN-6398-1] ReadyMedia vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6398-1
September 27, 2023
minidlna vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in ReadyMedia.
Software Description:
- minidlna: lightweight DLNA/UPnP-AV server targeted at embedded systems
Details:
It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks.
A remote attacker could possibly use this issue to trick the local DLNA
server to leak information. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-26505)
It was discovered that ReadyMedia incorrectly handled certain HTTP requests
using chunked transport encoding. A remote attacker could possibly use this
issue to cause buffer overflows, resulting in out-of-bounds reads and writes.
(CVE-2023-33476)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
minidlna 1.3.0+dfsg-2.2ubuntu0.1
Ubuntu 22.04 LTS:
minidlna 1.3.0+dfsg-2.1ubuntu0.1
Ubuntu 20.04 LTS:
minidlna 1.2.1+dfsg-1ubuntu0.20.04.2
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
minidlna 1.2.1+dfsg-1ubuntu0.18.04.1+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
minidlna 1.1.5+dfsg-2ubuntu0.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6398-1
CVE-2022-26505, CVE-2023-33476
Package Information:
https://launchpad.net/ubuntu/+source/minidlna/1.3.0+dfsg-2.2ubuntu0.1
https://launchpad.net/ubuntu/+source/minidlna/1.3.0+dfsg-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.20.04.2
Ubuntu Security Notice USN-6398-1
September 27, 2023
minidlna vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in ReadyMedia.
Software Description:
- minidlna: lightweight DLNA/UPnP-AV server targeted at embedded systems
Details:
It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks.
A remote attacker could possibly use this issue to trick the local DLNA
server to leak information. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-26505)
It was discovered that ReadyMedia incorrectly handled certain HTTP requests
using chunked transport encoding. A remote attacker could possibly use this
issue to cause buffer overflows, resulting in out-of-bounds reads and writes.
(CVE-2023-33476)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
minidlna 1.3.0+dfsg-2.2ubuntu0.1
Ubuntu 22.04 LTS:
minidlna 1.3.0+dfsg-2.1ubuntu0.1
Ubuntu 20.04 LTS:
minidlna 1.2.1+dfsg-1ubuntu0.20.04.2
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
minidlna 1.2.1+dfsg-1ubuntu0.18.04.1+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
minidlna 1.1.5+dfsg-2ubuntu0.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6398-1
CVE-2022-26505, CVE-2023-33476
Package Information:
https://launchpad.net/ubuntu/+source/minidlna/1.3.0+dfsg-2.2ubuntu0.1
https://launchpad.net/ubuntu/+source/minidlna/1.3.0+dfsg-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.20.04.2
16 packages still need a Python 3.12 rebuild, final freeze in 6 days
Hello packagers,
here is the list of packages that still need a Python 3.12 rebuild for Fedora 39+.
Packages on this list have broken dependencies and hence the users of Fedora
Linux 39+ cannot install them at all.
Moreover, users of Fedora Linux 37 or 38 with the listed packages installed are
unable to upgrade to Fedora Linux 39+.
We need to either rebuild those packages in Fedora Linux 39+ or retire+obsolete
them to clear the upgrade path. Package retirement is not a "punishment" for
not fixing the package, it is merely a way to allow our users to upgrade.
When a retired package is fixed after Fedora Linux 39 final release, it can be
added back to the distribution.
The Fedora 39 Final Freeze starts on 2023-10-03 14:00 UTC -- that leaves only 6
days to push updates via Bodhi, meaning they will not be autopushed in time.
Please, if you are planning to fix the packages, set low karma limits and ask
another packager to test it and add karma.
Request freeze exceptions when needed:
https://qa.fedoraproject.org/blockerbugs/propose_bug
I plan to propose "mass" retirement of the remaining packages without a
requested freeze exception and a clear path forward a couple days after the
freeze starts, so we have time to ship an updated fedora-obsolete-packages.
Packages broken in Rawhide by maintainer:
atkac fail2ban
cottsay python-bloom
dcavalca python-mathics3 python-mathicsscript
echevemaster python-protego
hobbes1069 fail2ban freecad python-pyside2
jcaratzas python-logutils
jkastner freecad
luya openshadinglanguage
matyas condor
music openshadinglanguage
orion fail2ban
qulogic python-geomet
rebus dionaea python-smbpasswd
rmattes python-bloom
salimma python-rust-update-set
sdyroff python-ansi
slaanesh openshadinglanguage
tmz fail2ban
ttheisen condor
valtri condor
zbyszek python-igor
Details:
condor
======
https://bugzilla.redhat.com/2172684
Bugzilla ASSIGNED half a year ago, no update since.
Maintainer NEEDINFOed today.
Seems to a problem with Boost since Fedora 38.
dionaea
=======
https://bugzilla.redhat.com/2219972
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainer NEEDINFOed last week.
fail2ban
========
https://bugzilla.redhat.com/2219991
https://github.com/fail2ban/fail2ban/issues/3487
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainers NEEDINFOed last week.
freecad
=======
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainer NEEDINFOed last week.
Blocked on pyside2.
openshadinglanguage
===================
https://bugzilla.redhat.com/2220055
Seems to be actively progressing, blocked on this clang15 PR:
https://src.fedoraproject.org/rpms/clang15/pull-request/1
python-ansi
===========
https://bugzilla.redhat.com/2220110
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainers NEEDINFOed last week.
The fix of FTBFS is trivial (BR python3-setuptools, as described in
https://bugzilla.redhat.com/2155030 in December 2022).
However, package has no %check, so I am reluctant to fix it myself, not knowing
if it even works.
python-bloom
============
https://bugzilla.redhat.com/2220133
Maintainer said to retire it last week.
python-geomet
=============
https://bugzilla.redhat.com/2220250
https://github.com/geomet/geomet/issues/92
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainer NEEDINFOed last week.
python-igor
===========
https://bugzilla.redhat.com/2220275
Bugzilla ASSIGNED a month ago, no update since.
Maintainer NEEDINFOed last week.
python-logutils
===============
https://bugzilla.redhat.com/2220313
https://src.fedoraproject.org/rpms/python-logutils/pull-request/2
PR opened a month ago, no progress since.
New maintainer NEEDINFOed this week.
python-mathics3
===============
https://bugzilla.redhat.com/2220323
https://src.fedoraproject.org/rpms/python-mathics3/pull-request/2 (still fails)
Bugzilla ASSIGNED a month ago, no update since.
Maintainer NEEDINFOed last week.
python-mathicsscript
====================
https://bugzilla.redhat.com/2220324
Depends on mathics3
Bugzilla ASSIGNED a month ago, no update since.
Maintainer NEEDINFOed last week.
python-protego
==============
https://bugzilla.redhat.com/2240746
Built in Fedora 39 only (the f39 branch is ahead of rawhide).
I'd normally just go ahead and merge the branches myself,
but the "fix" was to remove all the tests and add redundant manual Requires,
so I am reluctant to do that.
python-pyside2
==============
https://bugzilla.redhat.com/2155447
https://bugzilla.redhat.com/2220452
https://bugreports.qt.io/browse/PYSIDE-2388 (WONTFIX)
Upstream no longer cares about this pyside2 version.
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainer NEEDINFOed last week.
python-rust-update-set
======================
https://bugzilla.redhat.com/2220488
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainer NEEDINFOed last week.
python-smbpasswd
================
https://bugzilla.redhat.com/2154979
Bugzilla ASSIGNED 8 months ago, no update since.
Maintainer NEEDINFOed last week.
---
Packages fixed in Rawhide with Fedora 39 updates in need of karma:
python-box https://bodhi.fedoraproject.org/updates/FEDORA-2023-595f85c4f3
python-click-spinner https://bodhi.fedoraproject.org/updates/FEDORA-2023-39dcc5afea
python-elpy https://bodhi.fedoraproject.org/updates/FEDORA-2023-a999e30051
python-nipy https://bodhi.fedoraproject.org/updates/FEDORA-2023-ed0adf8107
python-pvc https://bodhi.fedoraproject.org/updates/FEDORA-2023-05814fcc72
python-pydocstyle https://bodhi.fedoraproject.org/updates/FEDORA-2023-3703495e43
python-sklearn-genetic-opt
https://bodhi.fedoraproject.org/updates/FEDORA-2023-d8d9f6376a
python-streamlink https://bodhi.fedoraproject.org/updates/FEDORA-2023-0eeb1b6b0e
python-uinput https://bodhi.fedoraproject.org/updates/FEDORA-2023-9ba7c6ba53
python-uvicorn https://bodhi.fedoraproject.org/updates/FEDORA-2023-ae19f823c9
python-uvloop https://bodhi.fedoraproject.org/updates/FEDORA-2023-ae19f823c9
python-ZEO https://bodhi.fedoraproject.org/updates/FEDORA-2023-24d588cf46
python-ZODB3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-24d588cf46
Thanks for your help.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
here is the list of packages that still need a Python 3.12 rebuild for Fedora 39+.
Packages on this list have broken dependencies and hence the users of Fedora
Linux 39+ cannot install them at all.
Moreover, users of Fedora Linux 37 or 38 with the listed packages installed are
unable to upgrade to Fedora Linux 39+.
We need to either rebuild those packages in Fedora Linux 39+ or retire+obsolete
them to clear the upgrade path. Package retirement is not a "punishment" for
not fixing the package, it is merely a way to allow our users to upgrade.
When a retired package is fixed after Fedora Linux 39 final release, it can be
added back to the distribution.
The Fedora 39 Final Freeze starts on 2023-10-03 14:00 UTC -- that leaves only 6
days to push updates via Bodhi, meaning they will not be autopushed in time.
Please, if you are planning to fix the packages, set low karma limits and ask
another packager to test it and add karma.
Request freeze exceptions when needed:
https://qa.fedoraproject.org/blockerbugs/propose_bug
I plan to propose "mass" retirement of the remaining packages without a
requested freeze exception and a clear path forward a couple days after the
freeze starts, so we have time to ship an updated fedora-obsolete-packages.
Packages broken in Rawhide by maintainer:
atkac fail2ban
cottsay python-bloom
dcavalca python-mathics3 python-mathicsscript
echevemaster python-protego
hobbes1069 fail2ban freecad python-pyside2
jcaratzas python-logutils
jkastner freecad
luya openshadinglanguage
matyas condor
music openshadinglanguage
orion fail2ban
qulogic python-geomet
rebus dionaea python-smbpasswd
rmattes python-bloom
salimma python-rust-update-set
sdyroff python-ansi
slaanesh openshadinglanguage
tmz fail2ban
ttheisen condor
valtri condor
zbyszek python-igor
Details:
condor
======
https://bugzilla.redhat.com/2172684
Bugzilla ASSIGNED half a year ago, no update since.
Maintainer NEEDINFOed today.
Seems to a problem with Boost since Fedora 38.
dionaea
=======
https://bugzilla.redhat.com/2219972
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainer NEEDINFOed last week.
fail2ban
========
https://bugzilla.redhat.com/2219991
https://github.com/fail2ban/fail2ban/issues/3487
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainers NEEDINFOed last week.
freecad
=======
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainer NEEDINFOed last week.
Blocked on pyside2.
openshadinglanguage
===================
https://bugzilla.redhat.com/2220055
Seems to be actively progressing, blocked on this clang15 PR:
https://src.fedoraproject.org/rpms/clang15/pull-request/1
python-ansi
===========
https://bugzilla.redhat.com/2220110
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainers NEEDINFOed last week.
The fix of FTBFS is trivial (BR python3-setuptools, as described in
https://bugzilla.redhat.com/2155030 in December 2022).
However, package has no %check, so I am reluctant to fix it myself, not knowing
if it even works.
python-bloom
============
https://bugzilla.redhat.com/2220133
Maintainer said to retire it last week.
python-geomet
=============
https://bugzilla.redhat.com/2220250
https://github.com/geomet/geomet/issues/92
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainer NEEDINFOed last week.
python-igor
===========
https://bugzilla.redhat.com/2220275
Bugzilla ASSIGNED a month ago, no update since.
Maintainer NEEDINFOed last week.
python-logutils
===============
https://bugzilla.redhat.com/2220313
https://src.fedoraproject.org/rpms/python-logutils/pull-request/2
PR opened a month ago, no progress since.
New maintainer NEEDINFOed this week.
python-mathics3
===============
https://bugzilla.redhat.com/2220323
https://src.fedoraproject.org/rpms/python-mathics3/pull-request/2 (still fails)
Bugzilla ASSIGNED a month ago, no update since.
Maintainer NEEDINFOed last week.
python-mathicsscript
====================
https://bugzilla.redhat.com/2220324
Depends on mathics3
Bugzilla ASSIGNED a month ago, no update since.
Maintainer NEEDINFOed last week.
python-protego
==============
https://bugzilla.redhat.com/2240746
Built in Fedora 39 only (the f39 branch is ahead of rawhide).
I'd normally just go ahead and merge the branches myself,
but the "fix" was to remove all the tests and add redundant manual Requires,
so I am reluctant to do that.
python-pyside2
==============
https://bugzilla.redhat.com/2155447
https://bugzilla.redhat.com/2220452
https://bugreports.qt.io/browse/PYSIDE-2388 (WONTFIX)
Upstream no longer cares about this pyside2 version.
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainer NEEDINFOed last week.
python-rust-update-set
======================
https://bugzilla.redhat.com/2220488
Bugzilla ASSIGNED 2 months ago, no update since.
Maintainer NEEDINFOed last week.
python-smbpasswd
================
https://bugzilla.redhat.com/2154979
Bugzilla ASSIGNED 8 months ago, no update since.
Maintainer NEEDINFOed last week.
---
Packages fixed in Rawhide with Fedora 39 updates in need of karma:
python-box https://bodhi.fedoraproject.org/updates/FEDORA-2023-595f85c4f3
python-click-spinner https://bodhi.fedoraproject.org/updates/FEDORA-2023-39dcc5afea
python-elpy https://bodhi.fedoraproject.org/updates/FEDORA-2023-a999e30051
python-nipy https://bodhi.fedoraproject.org/updates/FEDORA-2023-ed0adf8107
python-pvc https://bodhi.fedoraproject.org/updates/FEDORA-2023-05814fcc72
python-pydocstyle https://bodhi.fedoraproject.org/updates/FEDORA-2023-3703495e43
python-sklearn-genetic-opt
https://bodhi.fedoraproject.org/updates/FEDORA-2023-d8d9f6376a
python-streamlink https://bodhi.fedoraproject.org/updates/FEDORA-2023-0eeb1b6b0e
python-uinput https://bodhi.fedoraproject.org/updates/FEDORA-2023-9ba7c6ba53
python-uvicorn https://bodhi.fedoraproject.org/updates/FEDORA-2023-ae19f823c9
python-uvloop https://bodhi.fedoraproject.org/updates/FEDORA-2023-ae19f823c9
python-ZEO https://bodhi.fedoraproject.org/updates/FEDORA-2023-24d588cf46
python-ZODB3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-24d588cf46
Thanks for your help.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Tuesday, September 26, 2023
[USN-6387-2] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6387-2
September 26, 2023
linux-bluefield, linux-raspi, linux-raspi-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems
Details:
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)
It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1071-bluefield 5.4.0-1071.77
linux-image-5.4.0-1094-raspi 5.4.0-1094.105
linux-image-bluefield 5.4.0.1071.66
linux-image-raspi 5.4.0.1094.124
linux-image-raspi2 5.4.0.1094.124
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-5.4.0-1094-raspi 5.4.0-1094.105~18.04.1
linux-image-raspi-hwe-18.04 5.4.0.1094.91
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6387-2
https://ubuntu.com/security/notices/USN-6387-1
CVE-2023-20588, CVE-2023-40283, CVE-2023-4128
Package Information:
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1071.77
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1094.105
Ubuntu Security Notice USN-6387-2
September 26, 2023
linux-bluefield, linux-raspi, linux-raspi-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems
Details:
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)
It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1071-bluefield 5.4.0-1071.77
linux-image-5.4.0-1094-raspi 5.4.0-1094.105
linux-image-bluefield 5.4.0.1071.66
linux-image-raspi 5.4.0.1094.124
linux-image-raspi2 5.4.0.1094.124
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-5.4.0-1094-raspi 5.4.0-1094.105~18.04.1
linux-image-raspi-hwe-18.04 5.4.0.1094.91
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6387-2
https://ubuntu.com/security/notices/USN-6387-1
CVE-2023-20588, CVE-2023-40283, CVE-2023-4128
Package Information:
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1071.77
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1094.105
[USN-6397-1] Linux kernel (BlueField) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6397-1
September 26, 2023
linux-bluefield vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)
Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision tracking in certain situations, leading to an out-
of-bounds access vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-2163)
Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)
It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)
It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly perform certain buffer calculations, leading
to an out-of-bounds read vulnerability. A local attacker could use this to
cause a denial of service (system crash) or expose sensitive information
(kernel memory). (CVE-2023-3268)
It was discovered that the video4linux driver for Philips based TV cards in
the Linux kernel contained a race condition during device removal, leading
to a use-after-free vulnerability. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-35823)
It was discovered that the SDMC DM1105 PCI device driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-35824)
It was discovered that the Renesas USB controller driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35828)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1070-bluefield 5.4.0-1070.76
linux-image-bluefield 5.4.0.1070.65
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6397-1
CVE-2022-40982, CVE-2023-2002, CVE-2023-20593, CVE-2023-21255,
CVE-2023-2163, CVE-2023-2269, CVE-2023-31084, CVE-2023-3268,
CVE-2023-35823, CVE-2023-35824, CVE-2023-35828, CVE-2023-3609,
CVE-2023-3611, CVE-2023-3776
Package Information:
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1070.76
Ubuntu Security Notice USN-6397-1
September 26, 2023
linux-bluefield vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)
Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision tracking in certain situations, leading to an out-
of-bounds access vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-2163)
Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)
It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)
It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly perform certain buffer calculations, leading
to an out-of-bounds read vulnerability. A local attacker could use this to
cause a denial of service (system crash) or expose sensitive information
(kernel memory). (CVE-2023-3268)
It was discovered that the video4linux driver for Philips based TV cards in
the Linux kernel contained a race condition during device removal, leading
to a use-after-free vulnerability. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-35823)
It was discovered that the SDMC DM1105 PCI device driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-35824)
It was discovered that the Renesas USB controller driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35828)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1070-bluefield 5.4.0-1070.76
linux-image-bluefield 5.4.0.1070.65
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6397-1
CVE-2022-40982, CVE-2023-2002, CVE-2023-20593, CVE-2023-21255,
CVE-2023-2163, CVE-2023-2269, CVE-2023-31084, CVE-2023-3268,
CVE-2023-35823, CVE-2023-35824, CVE-2023-35828, CVE-2023-3609,
CVE-2023-3611, CVE-2023-3776
Package Information:
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1070.76
[USN-6396-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6396-1
September 26, 2023
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-oracle: Linux kernel for Oracle Cloud systems
Details:
It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)
It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)
It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-4.15.0-1155-gcp 4.15.0-1155.172
linux-image-4.15.0-1161-aws 4.15.0-1161.174
linux-image-4.15.0-1170-azure 4.15.0-1170.185
linux-image-4.15.0-218-generic 4.15.0-218.229
linux-image-4.15.0-218-lowlatency 4.15.0-218.229
linux-image-aws-lts-18.04 4.15.0.1161.159
linux-image-azure-lts-18.04 4.15.0.1170.138
linux-image-gcp-lts-18.04 4.15.0.1155.169
linux-image-generic 4.15.0.218.202
linux-image-lowlatency 4.15.0.218.202
linux-image-virtual 4.15.0.218.202
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
linux-image-4.15.0-1124-oracle 4.15.0-1124.135~16.04.1
linux-image-4.15.0-1155-gcp 4.15.0-1155.172~16.04.1
linux-image-4.15.0-1161-aws 4.15.0-1161.174~16.04.1
linux-image-4.15.0-1170-azure 4.15.0-1170.185~16.04.1
linux-image-4.15.0-218-generic 4.15.0-218.229~16.04.1
linux-image-4.15.0-218-lowlatency 4.15.0-218.229~16.04.1
linux-image-aws-hwe 4.15.0.1161.144
linux-image-azure 4.15.0.1170.154
linux-image-gcp 4.15.0.1155.145
linux-image-generic-hwe-16.04 4.15.0.218.2
linux-image-gke 4.15.0.1155.145
linux-image-lowlatency-hwe-16.04 4.15.0.218.2
linux-image-oem 4.15.0.218.2
linux-image-oracle 4.15.0.1124.105
linux-image-virtual-hwe-16.04 4.15.0.218.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6396-1
CVE-2022-27672, CVE-2022-40982, CVE-2023-3212, CVE-2023-3863,
CVE-2023-40283, CVE-2023-4128
Ubuntu Security Notice USN-6396-1
September 26, 2023
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-oracle: Linux kernel for Oracle Cloud systems
Details:
It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)
It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)
It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-4.15.0-1155-gcp 4.15.0-1155.172
linux-image-4.15.0-1161-aws 4.15.0-1161.174
linux-image-4.15.0-1170-azure 4.15.0-1170.185
linux-image-4.15.0-218-generic 4.15.0-218.229
linux-image-4.15.0-218-lowlatency 4.15.0-218.229
linux-image-aws-lts-18.04 4.15.0.1161.159
linux-image-azure-lts-18.04 4.15.0.1170.138
linux-image-gcp-lts-18.04 4.15.0.1155.169
linux-image-generic 4.15.0.218.202
linux-image-lowlatency 4.15.0.218.202
linux-image-virtual 4.15.0.218.202
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
linux-image-4.15.0-1124-oracle 4.15.0-1124.135~16.04.1
linux-image-4.15.0-1155-gcp 4.15.0-1155.172~16.04.1
linux-image-4.15.0-1161-aws 4.15.0-1161.174~16.04.1
linux-image-4.15.0-1170-azure 4.15.0-1170.185~16.04.1
linux-image-4.15.0-218-generic 4.15.0-218.229~16.04.1
linux-image-4.15.0-218-lowlatency 4.15.0-218.229~16.04.1
linux-image-aws-hwe 4.15.0.1161.144
linux-image-azure 4.15.0.1170.154
linux-image-gcp 4.15.0.1155.145
linux-image-generic-hwe-16.04 4.15.0.218.2
linux-image-gke 4.15.0.1155.145
linux-image-lowlatency-hwe-16.04 4.15.0.218.2
linux-image-oem 4.15.0.218.2
linux-image-oracle 4.15.0.1124.105
linux-image-virtual-hwe-16.04 4.15.0.218.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6396-1
CVE-2022-27672, CVE-2022-40982, CVE-2023-3212, CVE-2023-3863,
CVE-2023-40283, CVE-2023-4128
[USN-6361-2] CUPS vulnerability
==========================================================================
Ubuntu Security Notice USN-6361-2
September 26, 2023
cups vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
CUPS could be made to expose sensitive information.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
USN-6361-1 fixed a vulnerability in CUPS. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that CUPS incorrectly authenticated certain remote
requests. A remote attacker could possibly use this issue to obtain
recently printed documents.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
cups 2.2.7-1ubuntu2.10+esm3
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
cups 2.1.3-4ubuntu0.11+esm5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6361-2
https://ubuntu.com/security/notices/USN-6361-1
CVE-2023-32360
Ubuntu Security Notice USN-6361-2
September 26, 2023
cups vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
CUPS could be made to expose sensitive information.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
USN-6361-1 fixed a vulnerability in CUPS. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that CUPS incorrectly authenticated certain remote
requests. A remote attacker could possibly use this issue to obtain
recently printed documents.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
cups 2.2.7-1ubuntu2.10+esm3
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
cups 2.1.3-4ubuntu0.11+esm5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6361-2
https://ubuntu.com/security/notices/USN-6361-1
CVE-2023-32360
Monday, September 25, 2023
Orphaned packages looking for new maintainers
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will fail to install and/or build when the affected package gets retired.
Request package ownership via the *Take* button in he left column on
https://src.fedoraproject.org/rpms/<pkgname>
Full report available at:
https://churchyard.fedorapeople.org/orphans-2023-09-25.txt
grep it for your FAS username and follow the dependency chain.
For human readable dependency chains,
see https://packager-dashboard.fedoraproject.org/
For all orphaned packages,
see https://packager-dashboard.fedoraproject.org/orphan
Package (co)maintainers Status Change
================================================================================
RBTools orphan 2 weeks ago
aiodnsbrute orphan 2 weeks ago
andriller orphan 2 weeks ago
androwarn orphan 2 weeks ago
brd orphan 2 weeks ago
btest orphan 2 weeks ago
eric orphan 2 weeks ago
fedora-gather-easyfix orphan 2 weeks ago
golang-github-alicebob- go-sig, orphan 0 weeks ago
miniredis
libssh2-python orphan 2 weeks ago
perl-Plack-Middleware-Deflater orphan 1 weeks ago
php-ocramius-generated-hydrator orphan, remi 0 weeks ago
php-symfony4 orphan 0 weeks ago
pico-wizard orphan 2 weeks ago
pseudo ignatenkobrain, orphan 3 weeks ago
pyflowtools orphan 2 weeks ago
python-acora orphan, python-packagers-sig 2 weeks ago
python-adext orphan 2 weeks ago
python-aiozeroconf orphan, python-packagers-sig 2 weeks ago
python-airthings orphan 2 weeks ago
python-alarmdecoder orphan 2 weeks ago
python-ansible-pygments orphan 0 weeks ago
python-apply-defaults orphan 5 weeks ago
python-btlewrap orphan 2 weeks ago
python-cle epel-packagers-sig, fab, 5 weeks ago
orphan
python-convertdate orphan, python-packagers-sig 2 weeks ago
python-cypari2 orphan 2 weeks ago
python-dominate fab, orphan 2 weeks ago
python-elpy orphan 2 weeks ago
python-flask-bootstrap orphan 2 weeks ago
python-fpylll orphan 2 weeks ago
python-gccinvocation orphan 2 weeks ago
python-grako orphan 2 weeks ago
python-ipgetter orphan 2 weeks ago
python-jep orphan, python-packagers-sig 2 weeks ago
python-jsonrpc-server orphan 2 weeks ago
python-lacrosse orphan 2 weeks ago
python-lazr-smtptest orphan 2 weeks ago
python-leveldb orphan, python-packagers-sig 2 weeks ago
python-liblarch orphan 2 weeks ago
python-logging-tree orphan 2 weeks ago
python-metaextract orphan, python-packagers-sig 1 weeks ago
python-molecule gotmax23, orphan 0 weeks ago
python-molecule-docker orphan 0 weeks ago
python-molecule-podman orphan 0 weeks ago
python-nose_fixes orphan 2 weeks ago
python-notario orphan 2 weeks ago
python-py9p orphan 2 weeks ago
python-pyaes orphan 2 weeks ago
python-pybv orphan 2 weeks ago
python-pydiffx orphan 2 weeks ago
python-pyls-spyder orphan 5 weeks ago
python-pytenable orphan 2 weeks ago
python-pytest-metadata orphan 2 weeks ago
python-pyvex epel-packagers-sig, fab, 5 weeks ago
orphan
python-qstylizer jonathanspw, orphan 5 weeks ago
python-restfly orphan 2 weeks ago
python-sklearn-genetic-opt orphan 2 weeks ago
python-smart-gardena orphan 2 weeks ago
python-snipeit orphan 2 weeks ago
python-sphinx_ansible_theme orphan 0 weeks ago
python-sphinxcontrib-actdiag epel-packagers-sig, openstack- 2 weeks ago
sig, orphan
python-stdio-mgr orphan 2 weeks ago
python-tambo orphan 2 weeks ago
python-test_server orphan, python-packagers-sig 2 weeks ago
python-textdistance orphan 5 weeks ago
python-upoints orphan 2 weeks ago
python-uri-templates orphan 2 weeks ago
python-whatthepatch jonathanspw, orphan 5 weeks ago
python-yamlordereddictloader orphan 2 weeks ago
python-yourls orphan 5 weeks ago
python3-script orphan 2 weeks ago
pyutil orphan 2 weeks ago
rubygem-pr_geohash orphan 3 weeks ago
rubygem-shoulda orphan, stahnma 1 weeks ago
sagemath orphan 2 weeks ago
sword cicku, jkastner, orphan 2 weeks ago
The following packages require above mentioned packages:
Depending on: golang-github-alicebob-miniredis (2), status change: 2023-09-25
(0 weeks ago)
golang-github-siddontang-goredis (maintained by: eclipseo, go-sig)
golang-github-siddontang-goredis-0-0.7.20210111git0b4019c.fc39.src requires
golang(github.com/alicebob/miniredis) = 2.14.5-7.fc39
golang-github-ledisdb (maintained by: eclipseo, go-sig)
golang-github-ledisdb-0.6-9.20210112gitd35789e.fc39.src requires
golang(github.com/siddontang/goredis) = 0-0.7.20210111git0b4019c.fc39
golang-github-ledisdb-devel-0.6-9.20210112gitd35789e.fc39.noarch requires
golang(github.com/siddontang/goredis) = 0-0.7.20210111git0b4019c.fc39
Depending on: perl-Plack-Middleware-Deflater (1), status change: 2023-09-16 (1
weeks ago)
perl-Twiggy (maintained by: cheeselee)
perl-Twiggy-0.1026-9.fc39.src requires perl(Plack::Middleware::Deflater) = 0.12
Depending on: php-symfony4 (21), status change: 2023-09-19 (0 weeks ago)
php-doctrine-cache (maintained by: remi, siwinski)
php-doctrine-cache-1.13.0-4.fc39.src requires
php-composer(symfony/var-exporter) = 4.4.47
php-doctrine-datafixtures (maintained by: remi, siwinski)
php-doctrine-datafixtures-1.6.5-2.fc39.src requires
php-composer(doctrine/orm) = 2.14.1, php-symfony4-cache = 4.4.47-1.fc38
php-doctrine-doctrine-bundle (maintained by: siwinski)
php-doctrine-doctrine-bundle-1.12.13-6.fc38.src requires
php-composer(doctrine/orm) = 2.14.1, php-symfony4-cache = 4.4.47-1.fc38,
php-symfony4-config = 4.4.47-1.fc38, php-symfony4-console = 4.4.47-1.fc38,
php-symfony4-dependency-injection = 4.4.47-1.fc38, php-symfony4-doctrine-bridge
= 4.4.47-1.fc38, php-symfony4-framework-bundle = 4.4.47-1.fc38,
php-symfony4-property-info = 4.4.47-1.fc38, php-symfony4-proxy-manager-bridge =
4.4.47-1.fc38, php-symfony4-twig-bridge = 4.4.47-1.fc38, php-symfony4-validator
= 4.4.47-1.fc38, php-symfony4-web-profiler-bundle = 4.4.47-1.fc38,
php-symfony4-yaml = 4.4.47-1.fc38
php-doctrine-orm (maintained by: remi, siwinski)
php-doctrine-orm-2.14.1-3.fc39.src requires php-composer(doctrine/cache) =
1.13.0, php-composer(symfony/var-exporter) = 4.4.47
php-doctrine-orm-2.14.1-3.fc39.noarch requires php-composer(doctrine/cache) =
1.13.0
php-nyholm-psr7 (maintained by: remi)
php-nyholm-psr7-1.8.0-2.fc39.src requires php-composer(symfony/error-handler)
= 4.4.47
php-phpspec (maintained by: remi)
php-phpspec-7.4.0-2.fc39.noarch requires php-symfony4-console =
4.4.47-1.fc38, php-symfony4-event-dispatcher = 4.4.47-1.fc38,
php-symfony4-finder = 4.4.47-1.fc38, php-symfony4-process = 4.4.47-1.fc38,
php-symfony4-yaml = 4.4.47-1.fc38
php-phpunit-DbUnit (maintained by: remi)
php-phpunit-DbUnit-2.0.3-16.fc39.noarch requires php-symfony4-yaml =
4.4.47-1.fc38
php-phpunit-PHPUnit (maintained by: remi)
php-phpunit-PHPUnit-5.7.27-20.fc39.noarch requires php-symfony4-yaml =
4.4.47-1.fc38
php-phpunit-PHPUnit-5.7.27-20.fc39.src requires php-symfony4-yaml = 4.4.47-1.fc38
php-symfony-polyfill (maintained by: siwinski)
php-symfony-polyfill-1.28.0-1.fc40.src requires php-symfony4-intl =
4.4.47-1.fc38, php-symfony4-var-dumper = 4.4.47-1.fc38
php-doctrine-annotations (maintained by: remi, siwinski)
php-doctrine-annotations-1.14.3-2.fc39.src requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-common (maintained by: remi, siwinski)
php-doctrine-common-1:2.13.3-10.fc39.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-dbal (maintained by: lcts, remi)
php-doctrine-dbal-2.13.9-4.fc39.noarch requires php-composer(doctrine/cache)
= 1.13.0
php-doctrine-dbal-2.13.9-4.fc39.src requires php-composer(doctrine/cache) =
1.13.0
php-doctrine-dbal3 (maintained by: remi)
php-doctrine-dbal3-3.6.2-2.fc39.noarch requires php-composer(doctrine/cache)
= 1.13.0
php-doctrine-dbal3-3.6.2-2.fc39.src requires php-composer(doctrine/cache) =
1.13.0
php-doctrine-doctrine-cache-bundle (maintained by: remi, siwinski)
php-doctrine-doctrine-cache-bundle-1.4.0-8.fc39.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-persistence (maintained by: remi)
php-doctrine-persistence-1.3.8-7.fc39.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-persistence-1.3.8-7.fc39.src requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-persistence2 (maintained by: remi)
php-doctrine-persistence2-2.5.7-2.fc39.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-persistence2-2.5.7-2.fc39.src requires
php-composer(doctrine/cache) = 1.13.0
php-symfony (maintained by: siwinski)
php-symfony-2.8.52-10.fc38.src requires php-composer(doctrine/cache) =
1.13.0, php-composer(doctrine/data-fixtures) = 1.6.5,
php-composer(doctrine/doctrine-bundle) = 1.12.13, php-composer(doctrine/orm) =
2.14.1
php-symfony-framework-bundle-2.8.52-10.fc38.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-symfony-serializer-2.8.52-10.fc38.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-symfony-validator-2.8.52-10.fc38.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-symfony-doctrine-bridge-2.8.52-10.fc38.noarch requires
php-composer(doctrine/data-fixtures) = 1.6.5, php-composer(doctrine/orm) = 2.14.1
php-symfony3 (maintained by: remi, siwinski)
php-symfony3-3.4.49-5.fc38.src requires php-composer(doctrine/cache) =
1.13.0, php-composer(doctrine/data-fixtures) = 1.6.5,
php-composer(doctrine/doctrine-bundle) = 1.12.13, php-composer(doctrine/orm) =
2.14.1
php-symfony4 (maintained by: orphan)
php-symfony4-4.4.47-1.fc38.src requires php-composer(doctrine/cache) =
1.13.0, php-composer(doctrine/data-fixtures) = 1.6.5,
php-composer(doctrine/doctrine-bundle) = 1.12.13, php-composer(doctrine/orm) =
2.14.1, php-composer(nyholm/psr7) = 1.8.0
php-symfony4-framework-bundle-4.4.47-1.fc38.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-symfony-psr-http-message-bridge (maintained by: siwinski)
php-symfony-psr-http-message-bridge-1.3.0-7.fc38.src requires
php-composer(nyholm/psr7) = 1.8.0
php-phpspec-prophecy (maintained by: remi)
php-phpspec-prophecy-1.17.0-3.fc39.src requires php-composer(phpspec/phpspec)
= 7.4.0
Too many dependencies for php-symfony4, not all listed here
Depending on: python-ansible-pygments (4), status change: 2023-09-22 (0 weeks ago)
python-sphinx_ansible_theme (maintained by: orphan)
python-sphinx_ansible_theme-0.10.1-1.fc39.src requires
python3dist(ansible-pygments) = 0.1.1
python3-sphinx_ansible_theme-0.10.1-1.fc39.noarch requires
python3.11dist(ansible-pygments) = 0.1.1
python-molecule (maintained by: gotmax23, orphan)
python-molecule-4.0.4-5.fc38.src requires python3dist(sphinx-ansible-theme) =
0.10.1
python-molecule-docker (maintained by: orphan)
python-molecule-docker-2.1.0-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-docker-2.1.0-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
python-molecule-podman (maintained by: orphan)
python-molecule-podman-2.0.3-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-podman-2.0.3-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
Depending on: python-cypari2 (1), status change: 2023-09-04 (2 weeks ago)
sagemath (maintained by: orphan)
sagemath-9.8-2.fc39.src requires python3-cypari2-devel = 2.1.3-1.fc39
sagemath-core-9.8-2.fc39.x86_64 requires python3dist(cypari2) = 2.1.3
Depending on: python-dominate (1), status change: 2023-09-04 (2 weeks ago)
python-flask-bootstrap (maintained by: orphan)
python3-flask-bootstrap-3.3.7.1-22.fc39.noarch requires python3-dominate =
2.7.0-2.fc38
Depending on: python-fpylll (1), status change: 2023-09-04 (2 weeks ago)
sagemath (maintained by: orphan)
sagemath-9.8-2.fc39.src requires python3dist(fpylll) = 0.5.9
sagemath-core-9.8-2.fc39.x86_64 requires python3dist(fpylll) = 0.5.9
Depending on: python-molecule (2), status change: 2023-09-22 (0 weeks ago)
python-molecule-docker (maintained by: orphan)
python-molecule-docker-2.1.0-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-docker-2.1.0-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
python-molecule-podman (maintained by: orphan)
python-molecule-podman-2.0.3-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-podman-2.0.3-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
Depending on: python-pydiffx (1), status change: 2023-09-04 (2 weeks ago)
RBTools (maintained by: orphan)
RBTools-4.0-4.fc39.noarch requires python3.11dist(pydiffx) = 1.1
RBTools-4.0-4.fc39.src requires python3dist(pydiffx) = 1.1
Depending on: python-pyls-spyder (1), status change: 2023-08-16 (5 weeks ago)
spyder (maintained by: jonathanspw, music, neuro-sig, thozza)
python3-spyder-5.3.1-8.fc40.noarch requires python3.12dist(pyls-spyder) = 0.4
Depending on: python-pyvex (1), status change: 2023-08-21 (5 weeks ago)
python-cle (maintained by: epel-packagers-sig, fab, orphan)
python-cle-9.2.39-3.fc39.src requires python3dist(pyvex) = 9.2.39
python3-cle-9.2.39-3.fc39.noarch requires python3.12dist(pyvex) = 9.2.39
Depending on: python-qstylizer (1), status change: 2023-08-16 (5 weeks ago)
spyder (maintained by: jonathanspw, music, neuro-sig, thozza)
python3-spyder-5.3.1-8.fc40.noarch requires python3.12dist(qstylizer) = 0.2.2
Depending on: python-restfly (1), status change: 2023-09-04 (2 weeks ago)
python-pytenable (maintained by: orphan)
python-pytenable-1.4.13-1.fc39.src requires python3dist(restfly) = 1.4.7
python3-pytenable-1.4.13-1.fc39.noarch requires python3.11dist(restfly) = 1.4.7
Depending on: python-sphinx_ansible_theme (3), status change: 2023-09-22 (0
weeks ago)
python-molecule (maintained by: gotmax23, orphan)
python-molecule-4.0.4-5.fc38.src requires python3dist(sphinx-ansible-theme) =
0.10.1
python-molecule-docker (maintained by: orphan)
python-molecule-docker-2.1.0-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-docker-2.1.0-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
python-molecule-podman (maintained by: orphan)
python-molecule-podman-2.0.3-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-podman-2.0.3-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
Depending on: python-textdistance (1), status change: 2023-08-16 (5 weeks ago)
spyder (maintained by: jonathanspw, music, neuro-sig, thozza)
python3-spyder-5.3.1-8.fc40.noarch requires python3.12dist(textdistance) = 4.2
Depending on: python-whatthepatch (4), status change: 2023-08-16 (5 weeks ago)
python-lsp-server (maintained by: gui1ty, jonathanspw, neuro-sig,
python-packagers-sig)
python-lsp-server-1.8.0-1.fc40.src requires python3dist(whatthepatch) = 1.0.2
python-lsp-black (maintained by: gui1ty, jonathanspw, neuro-sig)
python-lsp-black-1.3.0-1.fc40.src requires python3dist(python-lsp-server) =
0.1~~dev2
python3-lsp-black-1.3.0-1.fc40.noarch requires
python3.12dist(python-lsp-server) = 0.1~~dev2
python-pyls-spyder (maintained by: orphan)
python3-pyls-spyder-0.4.0-8.fc39.noarch requires
python3.12dist(python-lsp-server) = 0.1~~dev2
spyder (maintained by: jonathanspw, music, neuro-sig, thozza)
python3-spyder-5.3.1-8.fc40.noarch requires python3.12dist(pyls-spyder) =
0.4, python3.12dist(python-lsp-black) = 1.3, python3.12dist(python-lsp-server)
= 0.1~~dev2
Depending on: sword (2), status change: 2023-09-04 (2 weeks ago)
bibletime (maintained by: cicku, greghellings)
bibletime-3.0.3-2.fc39.src requires sword-devel = 1:1.9.0-16.fc38
bibletime-3.0.3-2.fc39.x86_64 requires libsword.so.1.9()(64bit)
xiphos (maintained by: cicku, greghellings)
xiphos-4.2.1-20.fc39.src requires sword-devel = 1:1.9.0-16.fc38
xiphos-4.2.1-20.fc39.x86_64 requires libsword.so.1.9()(64bit)
See dependency chains of your packages at
https://packager-dashboard.fedoraproject.org/
See all orphaned packages at https://packager-dashboard.fedoraproject.org/orphan
Affected (co)maintainers (either directly or via packages' dependencies):
cheeselee: perl-Plack-Middleware-Deflater
cicku: sword
eclipseo: golang-github-alicebob-miniredis
epel-packagers-sig: python-cle, python-pyvex, python-sphinxcontrib-actdiag
fab: python-cle, python-dominate, python-pyvex
go-sig: golang-github-alicebob-miniredis
gotmax23: python-ansible-pygments, python-sphinx_ansible_theme, python-molecule
greghellings: sword
gui1ty: python-whatthepatch
ignatenkobrain: pseudo
jkastner: sword
jonathanspw: python-textdistance, python-qstylizer, python-whatthepatch,
python-pyls-spyder
lcts: php-symfony4
music: python-textdistance, python-qstylizer, python-whatthepatch,
python-pyls-spyder
neuro-sig: python-textdistance, python-qstylizer, python-whatthepatch,
python-pyls-spyder
openstack-sig: python-sphinxcontrib-actdiag
python-packagers-sig: python-aiozeroconf, python-whatthepatch,
python-metaextract, python-acora, python-convertdate, python-test_server,
python-jep, python-leveldb
remi: php-symfony4, php-ocramius-generated-hydrator
siwinski: php-symfony4
stahnma: rubygem-shoulda
thozza: python-textdistance, python-qstylizer, python-whatthepatch,
python-pyls-spyder
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py
Report finished at 2023-09-25 11:51:42 UTC
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will fail to install and/or build when the affected package gets retired.
Request package ownership via the *Take* button in he left column on
https://src.fedoraproject.org/rpms/<pkgname>
Full report available at:
https://churchyard.fedorapeople.org/orphans-2023-09-25.txt
grep it for your FAS username and follow the dependency chain.
For human readable dependency chains,
see https://packager-dashboard.fedoraproject.org/
For all orphaned packages,
see https://packager-dashboard.fedoraproject.org/orphan
Package (co)maintainers Status Change
================================================================================
RBTools orphan 2 weeks ago
aiodnsbrute orphan 2 weeks ago
andriller orphan 2 weeks ago
androwarn orphan 2 weeks ago
brd orphan 2 weeks ago
btest orphan 2 weeks ago
eric orphan 2 weeks ago
fedora-gather-easyfix orphan 2 weeks ago
golang-github-alicebob- go-sig, orphan 0 weeks ago
miniredis
libssh2-python orphan 2 weeks ago
perl-Plack-Middleware-Deflater orphan 1 weeks ago
php-ocramius-generated-hydrator orphan, remi 0 weeks ago
php-symfony4 orphan 0 weeks ago
pico-wizard orphan 2 weeks ago
pseudo ignatenkobrain, orphan 3 weeks ago
pyflowtools orphan 2 weeks ago
python-acora orphan, python-packagers-sig 2 weeks ago
python-adext orphan 2 weeks ago
python-aiozeroconf orphan, python-packagers-sig 2 weeks ago
python-airthings orphan 2 weeks ago
python-alarmdecoder orphan 2 weeks ago
python-ansible-pygments orphan 0 weeks ago
python-apply-defaults orphan 5 weeks ago
python-btlewrap orphan 2 weeks ago
python-cle epel-packagers-sig, fab, 5 weeks ago
orphan
python-convertdate orphan, python-packagers-sig 2 weeks ago
python-cypari2 orphan 2 weeks ago
python-dominate fab, orphan 2 weeks ago
python-elpy orphan 2 weeks ago
python-flask-bootstrap orphan 2 weeks ago
python-fpylll orphan 2 weeks ago
python-gccinvocation orphan 2 weeks ago
python-grako orphan 2 weeks ago
python-ipgetter orphan 2 weeks ago
python-jep orphan, python-packagers-sig 2 weeks ago
python-jsonrpc-server orphan 2 weeks ago
python-lacrosse orphan 2 weeks ago
python-lazr-smtptest orphan 2 weeks ago
python-leveldb orphan, python-packagers-sig 2 weeks ago
python-liblarch orphan 2 weeks ago
python-logging-tree orphan 2 weeks ago
python-metaextract orphan, python-packagers-sig 1 weeks ago
python-molecule gotmax23, orphan 0 weeks ago
python-molecule-docker orphan 0 weeks ago
python-molecule-podman orphan 0 weeks ago
python-nose_fixes orphan 2 weeks ago
python-notario orphan 2 weeks ago
python-py9p orphan 2 weeks ago
python-pyaes orphan 2 weeks ago
python-pybv orphan 2 weeks ago
python-pydiffx orphan 2 weeks ago
python-pyls-spyder orphan 5 weeks ago
python-pytenable orphan 2 weeks ago
python-pytest-metadata orphan 2 weeks ago
python-pyvex epel-packagers-sig, fab, 5 weeks ago
orphan
python-qstylizer jonathanspw, orphan 5 weeks ago
python-restfly orphan 2 weeks ago
python-sklearn-genetic-opt orphan 2 weeks ago
python-smart-gardena orphan 2 weeks ago
python-snipeit orphan 2 weeks ago
python-sphinx_ansible_theme orphan 0 weeks ago
python-sphinxcontrib-actdiag epel-packagers-sig, openstack- 2 weeks ago
sig, orphan
python-stdio-mgr orphan 2 weeks ago
python-tambo orphan 2 weeks ago
python-test_server orphan, python-packagers-sig 2 weeks ago
python-textdistance orphan 5 weeks ago
python-upoints orphan 2 weeks ago
python-uri-templates orphan 2 weeks ago
python-whatthepatch jonathanspw, orphan 5 weeks ago
python-yamlordereddictloader orphan 2 weeks ago
python-yourls orphan 5 weeks ago
python3-script orphan 2 weeks ago
pyutil orphan 2 weeks ago
rubygem-pr_geohash orphan 3 weeks ago
rubygem-shoulda orphan, stahnma 1 weeks ago
sagemath orphan 2 weeks ago
sword cicku, jkastner, orphan 2 weeks ago
The following packages require above mentioned packages:
Depending on: golang-github-alicebob-miniredis (2), status change: 2023-09-25
(0 weeks ago)
golang-github-siddontang-goredis (maintained by: eclipseo, go-sig)
golang-github-siddontang-goredis-0-0.7.20210111git0b4019c.fc39.src requires
golang(github.com/alicebob/miniredis) = 2.14.5-7.fc39
golang-github-ledisdb (maintained by: eclipseo, go-sig)
golang-github-ledisdb-0.6-9.20210112gitd35789e.fc39.src requires
golang(github.com/siddontang/goredis) = 0-0.7.20210111git0b4019c.fc39
golang-github-ledisdb-devel-0.6-9.20210112gitd35789e.fc39.noarch requires
golang(github.com/siddontang/goredis) = 0-0.7.20210111git0b4019c.fc39
Depending on: perl-Plack-Middleware-Deflater (1), status change: 2023-09-16 (1
weeks ago)
perl-Twiggy (maintained by: cheeselee)
perl-Twiggy-0.1026-9.fc39.src requires perl(Plack::Middleware::Deflater) = 0.12
Depending on: php-symfony4 (21), status change: 2023-09-19 (0 weeks ago)
php-doctrine-cache (maintained by: remi, siwinski)
php-doctrine-cache-1.13.0-4.fc39.src requires
php-composer(symfony/var-exporter) = 4.4.47
php-doctrine-datafixtures (maintained by: remi, siwinski)
php-doctrine-datafixtures-1.6.5-2.fc39.src requires
php-composer(doctrine/orm) = 2.14.1, php-symfony4-cache = 4.4.47-1.fc38
php-doctrine-doctrine-bundle (maintained by: siwinski)
php-doctrine-doctrine-bundle-1.12.13-6.fc38.src requires
php-composer(doctrine/orm) = 2.14.1, php-symfony4-cache = 4.4.47-1.fc38,
php-symfony4-config = 4.4.47-1.fc38, php-symfony4-console = 4.4.47-1.fc38,
php-symfony4-dependency-injection = 4.4.47-1.fc38, php-symfony4-doctrine-bridge
= 4.4.47-1.fc38, php-symfony4-framework-bundle = 4.4.47-1.fc38,
php-symfony4-property-info = 4.4.47-1.fc38, php-symfony4-proxy-manager-bridge =
4.4.47-1.fc38, php-symfony4-twig-bridge = 4.4.47-1.fc38, php-symfony4-validator
= 4.4.47-1.fc38, php-symfony4-web-profiler-bundle = 4.4.47-1.fc38,
php-symfony4-yaml = 4.4.47-1.fc38
php-doctrine-orm (maintained by: remi, siwinski)
php-doctrine-orm-2.14.1-3.fc39.src requires php-composer(doctrine/cache) =
1.13.0, php-composer(symfony/var-exporter) = 4.4.47
php-doctrine-orm-2.14.1-3.fc39.noarch requires php-composer(doctrine/cache) =
1.13.0
php-nyholm-psr7 (maintained by: remi)
php-nyholm-psr7-1.8.0-2.fc39.src requires php-composer(symfony/error-handler)
= 4.4.47
php-phpspec (maintained by: remi)
php-phpspec-7.4.0-2.fc39.noarch requires php-symfony4-console =
4.4.47-1.fc38, php-symfony4-event-dispatcher = 4.4.47-1.fc38,
php-symfony4-finder = 4.4.47-1.fc38, php-symfony4-process = 4.4.47-1.fc38,
php-symfony4-yaml = 4.4.47-1.fc38
php-phpunit-DbUnit (maintained by: remi)
php-phpunit-DbUnit-2.0.3-16.fc39.noarch requires php-symfony4-yaml =
4.4.47-1.fc38
php-phpunit-PHPUnit (maintained by: remi)
php-phpunit-PHPUnit-5.7.27-20.fc39.noarch requires php-symfony4-yaml =
4.4.47-1.fc38
php-phpunit-PHPUnit-5.7.27-20.fc39.src requires php-symfony4-yaml = 4.4.47-1.fc38
php-symfony-polyfill (maintained by: siwinski)
php-symfony-polyfill-1.28.0-1.fc40.src requires php-symfony4-intl =
4.4.47-1.fc38, php-symfony4-var-dumper = 4.4.47-1.fc38
php-doctrine-annotations (maintained by: remi, siwinski)
php-doctrine-annotations-1.14.3-2.fc39.src requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-common (maintained by: remi, siwinski)
php-doctrine-common-1:2.13.3-10.fc39.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-dbal (maintained by: lcts, remi)
php-doctrine-dbal-2.13.9-4.fc39.noarch requires php-composer(doctrine/cache)
= 1.13.0
php-doctrine-dbal-2.13.9-4.fc39.src requires php-composer(doctrine/cache) =
1.13.0
php-doctrine-dbal3 (maintained by: remi)
php-doctrine-dbal3-3.6.2-2.fc39.noarch requires php-composer(doctrine/cache)
= 1.13.0
php-doctrine-dbal3-3.6.2-2.fc39.src requires php-composer(doctrine/cache) =
1.13.0
php-doctrine-doctrine-cache-bundle (maintained by: remi, siwinski)
php-doctrine-doctrine-cache-bundle-1.4.0-8.fc39.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-persistence (maintained by: remi)
php-doctrine-persistence-1.3.8-7.fc39.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-persistence-1.3.8-7.fc39.src requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-persistence2 (maintained by: remi)
php-doctrine-persistence2-2.5.7-2.fc39.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-doctrine-persistence2-2.5.7-2.fc39.src requires
php-composer(doctrine/cache) = 1.13.0
php-symfony (maintained by: siwinski)
php-symfony-2.8.52-10.fc38.src requires php-composer(doctrine/cache) =
1.13.0, php-composer(doctrine/data-fixtures) = 1.6.5,
php-composer(doctrine/doctrine-bundle) = 1.12.13, php-composer(doctrine/orm) =
2.14.1
php-symfony-framework-bundle-2.8.52-10.fc38.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-symfony-serializer-2.8.52-10.fc38.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-symfony-validator-2.8.52-10.fc38.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-symfony-doctrine-bridge-2.8.52-10.fc38.noarch requires
php-composer(doctrine/data-fixtures) = 1.6.5, php-composer(doctrine/orm) = 2.14.1
php-symfony3 (maintained by: remi, siwinski)
php-symfony3-3.4.49-5.fc38.src requires php-composer(doctrine/cache) =
1.13.0, php-composer(doctrine/data-fixtures) = 1.6.5,
php-composer(doctrine/doctrine-bundle) = 1.12.13, php-composer(doctrine/orm) =
2.14.1
php-symfony4 (maintained by: orphan)
php-symfony4-4.4.47-1.fc38.src requires php-composer(doctrine/cache) =
1.13.0, php-composer(doctrine/data-fixtures) = 1.6.5,
php-composer(doctrine/doctrine-bundle) = 1.12.13, php-composer(doctrine/orm) =
2.14.1, php-composer(nyholm/psr7) = 1.8.0
php-symfony4-framework-bundle-4.4.47-1.fc38.noarch requires
php-composer(doctrine/cache) = 1.13.0
php-symfony-psr-http-message-bridge (maintained by: siwinski)
php-symfony-psr-http-message-bridge-1.3.0-7.fc38.src requires
php-composer(nyholm/psr7) = 1.8.0
php-phpspec-prophecy (maintained by: remi)
php-phpspec-prophecy-1.17.0-3.fc39.src requires php-composer(phpspec/phpspec)
= 7.4.0
Too many dependencies for php-symfony4, not all listed here
Depending on: python-ansible-pygments (4), status change: 2023-09-22 (0 weeks ago)
python-sphinx_ansible_theme (maintained by: orphan)
python-sphinx_ansible_theme-0.10.1-1.fc39.src requires
python3dist(ansible-pygments) = 0.1.1
python3-sphinx_ansible_theme-0.10.1-1.fc39.noarch requires
python3.11dist(ansible-pygments) = 0.1.1
python-molecule (maintained by: gotmax23, orphan)
python-molecule-4.0.4-5.fc38.src requires python3dist(sphinx-ansible-theme) =
0.10.1
python-molecule-docker (maintained by: orphan)
python-molecule-docker-2.1.0-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-docker-2.1.0-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
python-molecule-podman (maintained by: orphan)
python-molecule-podman-2.0.3-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-podman-2.0.3-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
Depending on: python-cypari2 (1), status change: 2023-09-04 (2 weeks ago)
sagemath (maintained by: orphan)
sagemath-9.8-2.fc39.src requires python3-cypari2-devel = 2.1.3-1.fc39
sagemath-core-9.8-2.fc39.x86_64 requires python3dist(cypari2) = 2.1.3
Depending on: python-dominate (1), status change: 2023-09-04 (2 weeks ago)
python-flask-bootstrap (maintained by: orphan)
python3-flask-bootstrap-3.3.7.1-22.fc39.noarch requires python3-dominate =
2.7.0-2.fc38
Depending on: python-fpylll (1), status change: 2023-09-04 (2 weeks ago)
sagemath (maintained by: orphan)
sagemath-9.8-2.fc39.src requires python3dist(fpylll) = 0.5.9
sagemath-core-9.8-2.fc39.x86_64 requires python3dist(fpylll) = 0.5.9
Depending on: python-molecule (2), status change: 2023-09-22 (0 weeks ago)
python-molecule-docker (maintained by: orphan)
python-molecule-docker-2.1.0-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-docker-2.1.0-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
python-molecule-podman (maintained by: orphan)
python-molecule-podman-2.0.3-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-podman-2.0.3-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
Depending on: python-pydiffx (1), status change: 2023-09-04 (2 weeks ago)
RBTools (maintained by: orphan)
RBTools-4.0-4.fc39.noarch requires python3.11dist(pydiffx) = 1.1
RBTools-4.0-4.fc39.src requires python3dist(pydiffx) = 1.1
Depending on: python-pyls-spyder (1), status change: 2023-08-16 (5 weeks ago)
spyder (maintained by: jonathanspw, music, neuro-sig, thozza)
python3-spyder-5.3.1-8.fc40.noarch requires python3.12dist(pyls-spyder) = 0.4
Depending on: python-pyvex (1), status change: 2023-08-21 (5 weeks ago)
python-cle (maintained by: epel-packagers-sig, fab, orphan)
python-cle-9.2.39-3.fc39.src requires python3dist(pyvex) = 9.2.39
python3-cle-9.2.39-3.fc39.noarch requires python3.12dist(pyvex) = 9.2.39
Depending on: python-qstylizer (1), status change: 2023-08-16 (5 weeks ago)
spyder (maintained by: jonathanspw, music, neuro-sig, thozza)
python3-spyder-5.3.1-8.fc40.noarch requires python3.12dist(qstylizer) = 0.2.2
Depending on: python-restfly (1), status change: 2023-09-04 (2 weeks ago)
python-pytenable (maintained by: orphan)
python-pytenable-1.4.13-1.fc39.src requires python3dist(restfly) = 1.4.7
python3-pytenable-1.4.13-1.fc39.noarch requires python3.11dist(restfly) = 1.4.7
Depending on: python-sphinx_ansible_theme (3), status change: 2023-09-22 (0
weeks ago)
python-molecule (maintained by: gotmax23, orphan)
python-molecule-4.0.4-5.fc38.src requires python3dist(sphinx-ansible-theme) =
0.10.1
python-molecule-docker (maintained by: orphan)
python-molecule-docker-2.1.0-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-docker-2.1.0-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
python-molecule-podman (maintained by: orphan)
python-molecule-podman-2.0.3-2.fc38.src requires python3dist(molecule) = 4.0.4
python3-molecule-podman-2.0.3-2.fc38.noarch requires python3.11dist(molecule)
= 4.0.4
Depending on: python-textdistance (1), status change: 2023-08-16 (5 weeks ago)
spyder (maintained by: jonathanspw, music, neuro-sig, thozza)
python3-spyder-5.3.1-8.fc40.noarch requires python3.12dist(textdistance) = 4.2
Depending on: python-whatthepatch (4), status change: 2023-08-16 (5 weeks ago)
python-lsp-server (maintained by: gui1ty, jonathanspw, neuro-sig,
python-packagers-sig)
python-lsp-server-1.8.0-1.fc40.src requires python3dist(whatthepatch) = 1.0.2
python-lsp-black (maintained by: gui1ty, jonathanspw, neuro-sig)
python-lsp-black-1.3.0-1.fc40.src requires python3dist(python-lsp-server) =
0.1~~dev2
python3-lsp-black-1.3.0-1.fc40.noarch requires
python3.12dist(python-lsp-server) = 0.1~~dev2
python-pyls-spyder (maintained by: orphan)
python3-pyls-spyder-0.4.0-8.fc39.noarch requires
python3.12dist(python-lsp-server) = 0.1~~dev2
spyder (maintained by: jonathanspw, music, neuro-sig, thozza)
python3-spyder-5.3.1-8.fc40.noarch requires python3.12dist(pyls-spyder) =
0.4, python3.12dist(python-lsp-black) = 1.3, python3.12dist(python-lsp-server)
= 0.1~~dev2
Depending on: sword (2), status change: 2023-09-04 (2 weeks ago)
bibletime (maintained by: cicku, greghellings)
bibletime-3.0.3-2.fc39.src requires sword-devel = 1:1.9.0-16.fc38
bibletime-3.0.3-2.fc39.x86_64 requires libsword.so.1.9()(64bit)
xiphos (maintained by: cicku, greghellings)
xiphos-4.2.1-20.fc39.src requires sword-devel = 1:1.9.0-16.fc38
xiphos-4.2.1-20.fc39.x86_64 requires libsword.so.1.9()(64bit)
See dependency chains of your packages at
https://packager-dashboard.fedoraproject.org/
See all orphaned packages at https://packager-dashboard.fedoraproject.org/orphan
Affected (co)maintainers (either directly or via packages' dependencies):
cheeselee: perl-Plack-Middleware-Deflater
cicku: sword
eclipseo: golang-github-alicebob-miniredis
epel-packagers-sig: python-cle, python-pyvex, python-sphinxcontrib-actdiag
fab: python-cle, python-dominate, python-pyvex
go-sig: golang-github-alicebob-miniredis
gotmax23: python-ansible-pygments, python-sphinx_ansible_theme, python-molecule
greghellings: sword
gui1ty: python-whatthepatch
ignatenkobrain: pseudo
jkastner: sword
jonathanspw: python-textdistance, python-qstylizer, python-whatthepatch,
python-pyls-spyder
lcts: php-symfony4
music: python-textdistance, python-qstylizer, python-whatthepatch,
python-pyls-spyder
neuro-sig: python-textdistance, python-qstylizer, python-whatthepatch,
python-pyls-spyder
openstack-sig: python-sphinxcontrib-actdiag
python-packagers-sig: python-aiozeroconf, python-whatthepatch,
python-metaextract, python-acora, python-convertdate, python-test_server,
python-jep, python-leveldb
remi: php-symfony4, php-ocramius-generated-hydrator
siwinski: php-symfony4
stahnma: rubygem-shoulda
thozza: python-textdistance, python-qstylizer, python-whatthepatch,
python-pyls-spyder
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py
Report finished at 2023-09-25 11:51:42 UTC
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[USN-6190-2] AccountsService vulnerability
==========================================================================
Ubuntu Security Notice USN-6190-2
September 25, 2023
accountsservice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
AccountsService could be made to crash or run programs if it received
specially crafted messages.
Software Description:
- accountsservice: query and manipulate user account information
Details:
USN-6190-1 fixed a vulnerability in AccountsService. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS.
Original advisory details:
Kevin Backhouse discovered that AccountsService incorrectly handled certain
D-Bus messages. A local attacker could use this issue to cause
AccountsService to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
accountsservice 0.6.45-1ubuntu1.3+esm1
libaccountsservice0 0.6.45-1ubuntu1.3+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
accountsservice 0.6.40-2ubuntu11.6+esm1
libaccountsservice0 0.6.40-2ubuntu11.6+esm1
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
accountsservice 0.6.35-0ubuntu7.3+esm3
libaccountsservice0 0.6.35-0ubuntu7.3+esm3
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6190-2
https://ubuntu.com/security/notices/USN-6190-1
CVE-2023-3297
Ubuntu Security Notice USN-6190-2
September 25, 2023
accountsservice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
AccountsService could be made to crash or run programs if it received
specially crafted messages.
Software Description:
- accountsservice: query and manipulate user account information
Details:
USN-6190-1 fixed a vulnerability in AccountsService. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS.
Original advisory details:
Kevin Backhouse discovered that AccountsService incorrectly handled certain
D-Bus messages. A local attacker could use this issue to cause
AccountsService to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
accountsservice 0.6.45-1ubuntu1.3+esm1
libaccountsservice0 0.6.45-1ubuntu1.3+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
accountsservice 0.6.40-2ubuntu11.6+esm1
libaccountsservice0 0.6.40-2ubuntu11.6+esm1
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
accountsservice 0.6.35-0ubuntu7.3+esm3
libaccountsservice0 0.6.35-0ubuntu7.3+esm3
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6190-2
https://ubuntu.com/security/notices/USN-6190-1
CVE-2023-3297
[USN-6365-2] Open VM Tools vulnerability
==========================================================================
Ubuntu Security Notice USN-6365-2
September 25, 2023
open-vm-tools vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Open VM Tools could allow unintended access to network services.
Software Description:
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware
Details:
USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that Open VM Tools incorrectly handled SAML tokens. A
remote attacker could possibly use this issue to bypass SAML token
signature verification and perform VMware Tools Guest Operations.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
open-vm-tools 2:11.0.5-4ubuntu0.18.04.3+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
open-vm-tools 2:10.2.0-3~ubuntu0.16.04.1+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6365-2
https://ubuntu.com/security/notices/USN-6365-1
CVE-2023-20900
Ubuntu Security Notice USN-6365-2
September 25, 2023
open-vm-tools vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Open VM Tools could allow unintended access to network services.
Software Description:
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware
Details:
USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that Open VM Tools incorrectly handled SAML tokens. A
remote attacker could possibly use this issue to bypass SAML token
signature verification and perform VMware Tools Guest Operations.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
open-vm-tools 2:11.0.5-4ubuntu0.18.04.3+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
open-vm-tools 2:10.2.0-3~ubuntu0.16.04.1+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6365-2
https://ubuntu.com/security/notices/USN-6365-1
CVE-2023-20900
Friday, September 22, 2023
[arch-announce] Changes to default password hashing algorithm and umask settings
With *shadow* >= `4.14.0`, Arch Linux's default password hashing algorithm changed from **SHA512** to **yescrypt** [1].
Furthermore, the `umask` [2] settings are now configured in `/etc/login.defs` instead of `/etc/profile`.
This should not require any manual intervention.
## Reasons for Yescrypt
The password-based key derivation function (KDF) and password hashing scheme **yescrypt** has been chosen due to its adoption (readily available in *libxcrypt*, which is used by *pam* [3]) and its stronger resilience towards password cracking attempts over **SHA512**.
Although the winner of the Password Hashing Competition [4] has been **argon2**, this even more resilient algorithm is not yet available in *libxcrypt* [5][6].
## Configuring yescrypt
The `YESCRYPT_COST_FACTOR` setting in `/etc/login.defs` is currently without effect, until *pam* implements reading its value [7]. If a `YESCRYPT_COST_FACTOR` higher (or lower) than the default (`5`) is needed, it can be set using the `rounds` option of the `pam_unix` [8] module (i.e. in `/etc/pam.d/system-auth`).
## General list of changes
- **yescrypt** is used as default password hashing algorithm, instead of **SHA512**
- *pam* honors the chosen `ENCRYPT_METHOD` in `/etc/login.defs` and does not override the chosen method anymore
- changes in the *filesystem* (>= `2023.09.18`) and *pambase* (>= `20230918`) packages ensure, that `umask` is set centrally in `/etc/login.defs` instead of `/etc/profile`
[1] https://www.openwall.com/yescrypt/
[2] https://man.archlinux.org/man/umask.1p
[3] https://wiki.archlinux.org/title/PAM
[4] https://www.password-hashing.net/
[5] https://github.com/besser82/libxcrypt/pull/113
[6] https://github.com/besser82/libxcrypt/pull/150
[7] https://github.com/linux-pam/linux-pam/issues/607
[8] https://man.archlinux.org/man/pam_unix.8
URL: https://archlinux.org/news/changes-to-default-password-hashing-algorithm-and-umask-settings/
Furthermore, the `umask` [2] settings are now configured in `/etc/login.defs` instead of `/etc/profile`.
This should not require any manual intervention.
## Reasons for Yescrypt
The password-based key derivation function (KDF) and password hashing scheme **yescrypt** has been chosen due to its adoption (readily available in *libxcrypt*, which is used by *pam* [3]) and its stronger resilience towards password cracking attempts over **SHA512**.
Although the winner of the Password Hashing Competition [4] has been **argon2**, this even more resilient algorithm is not yet available in *libxcrypt* [5][6].
## Configuring yescrypt
The `YESCRYPT_COST_FACTOR` setting in `/etc/login.defs` is currently without effect, until *pam* implements reading its value [7]. If a `YESCRYPT_COST_FACTOR` higher (or lower) than the default (`5`) is needed, it can be set using the `rounds` option of the `pam_unix` [8] module (i.e. in `/etc/pam.d/system-auth`).
## General list of changes
- **yescrypt** is used as default password hashing algorithm, instead of **SHA512**
- *pam* honors the chosen `ENCRYPT_METHOD` in `/etc/login.defs` and does not override the chosen method anymore
- changes in the *filesystem* (>= `2023.09.18`) and *pambase* (>= `20230918`) packages ensure, that `umask` is set centrally in `/etc/login.defs` instead of `/etc/profile`
[1] https://www.openwall.com/yescrypt/
[2] https://man.archlinux.org/man/umask.1p
[3] https://wiki.archlinux.org/title/PAM
[4] https://www.password-hashing.net/
[5] https://github.com/besser82/libxcrypt/pull/113
[6] https://github.com/besser82/libxcrypt/pull/150
[7] https://github.com/linux-pam/linux-pam/issues/607
[8] https://man.archlinux.org/man/pam_unix.8
URL: https://archlinux.org/news/changes-to-default-password-hashing-algorithm-and-umask-settings/
Ubuntu 23.10 (Mantic Minotaur) Beta released
The Ubuntu team is pleased to announce the Beta release of the Ubuntu 23.10
Desktop, Server, and Cloud products.
Desktop, Server, and Cloud products.
Ubuntu 23.10, codenamed "Mantic Minotaur", continues Ubuntu's proud
tradition of
integrating the latest and greatest open source technologies into a
high-quality, easy-to-use Linux distribution. The team has been hard at work
through this cycle, introducing new features and fixing bugs.
This Beta release includes images from not only the Ubuntu Desktop,
Server, and
Cloud products, but also the Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie,
Ubuntu Cinnamon, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, Ubuntu Unity, and
Xubuntu flavours.
The Beta images are known to be reasonably free of showstopper image
build or
installer bugs, while representing a very recent snapshot of 23.10 that
should
be representative of the features intended to ship with the final release
expected on October 12, 2023.
Ubuntu, Ubuntu Server, Cloud Images:
Mantic Beta includes updated versions of most of our core set of
packages, including a current 6.5 kernel, and much more.
To upgrade to Ubuntu 23.10 Beta from Ubuntu 23.04, follow these
instructions:
https://help.ubuntu.com/community/ManticUpgrades
The Ubuntu 23.10 Beta images can be downloaded at:
https://releases.ubuntu.com/23.10/ (Ubuntu and Ubuntu Server on x86)
The default Ubuntu Desktop installer is now a Flutter snap backed by
Subiquity.
The legacy installer is still available in case of issues with the
new installer.
This Ubuntu Server image features the next generation Subiquity server
installer, bringing the comfortable live session and speedy install of
the Ubuntu Desktop to server users.
Additional images can be found at the following links:
https://cloud-images.ubuntu.com/daily/server/mantic/current/ (Cloud
Images)
https://cdimage.ubuntu.com/releases/23.10/beta/ (Non-x86)
As fixes will be included in new images between now and release, any
daily cloud image should be considered a Beta image. Bugs found should be
filed against the appropriate packages or, failing that, the cloud-images
project in Launchpad.
The full release notes for Ubuntu 23.10 Beta can be found at:
https://discourse.ubuntu.com/t/mantic-minotaur-release-notes
Edubuntu:
Edubuntu is a flavor of Ubuntu designed as a free education oriented
operating system for children of all ages.
The Beta images can be downloaded at:
http://cdimage.ubuntu.com/edubuntu/releases/23.10/beta/
Kubuntu:
Kubuntu is the KDE based flavor of Ubuntu. It uses the Plasma desktop and
includes a wide selection of tools from the KDE project.
The Beta images can be downloaded at:
https://cdimage.ubuntu.com/kubuntu/releases/23.10/beta/
Lubuntu:
Lubuntu is a flavor of Ubuntu which uses the Lightweight Qt Desktop
Environment (LXQt). The project's goal is to provide a lightweight yet
functional Linux distribution based on a rock-solid Ubuntu base.
The Beta images can be downloaded at:
https://cdimage.ubuntu.com/lubuntu/releases/23.10/beta/
Ubuntu Budgie:
Ubuntu Budgie is a community developed desktop, integrating Budgie
Desktop
Environment with Ubuntu at its core.
The Beta images can be downloaded at:
https://cdimage.ubuntu.com/ubuntu-budgie/releases/23.10/beta/
Ubuntu Cinnamon
Ubuntu Cinnamon is a flavor of Ubuntu featuring the Cinnamon desktop
environment.
The Beta images can be downloaded at:
http://cdimage.ubuntu.com/ubuntucinnamon/releases/23.10/beta/
Ubuntu Kylin:
Ubuntu Kylin is a flavor of Ubuntu that is more suitable for Chinese
users.
The Beta images can be downloaded at:
http://cdimage.ubuntu.com/ubuntukylin/releases/23.10/beta/
Ubuntu MATE:
Ubuntu MATE is a flavor of Ubuntu featuring the MATE desktop environment.
The Beta images can be downloaded at:
https://cdimage.ubuntu.com/ubuntu-mate/releases/23.10/beta/
Ubuntu Studio:
Ubuntu Studio is a flavor of Ubuntu that provides a full range of
multimedia
content creation applications for each key category: audio, graphics,
video,
photography and publishing.
The Beta images can be downloaded at:
https://cdimage.ubuntu.com/ubuntustudio/releases/23.10/beta/
Ubuntu Unity:
Ubuntu Unity is a flavor of Ubuntu featuring the Unity7 desktop
environment.
The Beta images can be downloaded at:
https://cdimage.ubuntu.com/ubuntu-unity/releases/23.10/beta/
Xubuntu:
Xubuntu is a flavor of Ubuntu that comes with Xfce, which is a
stable, light
and a configurable desktop environment.
The Beta images can be downloaded at:
https://cdimage.ubuntu.com/xubuntu/releases/23.10/beta/
Regular daily images for Ubuntu, and all flavours, can be found at:
https://cdimage.ubuntu.com
Ubuntu is a full-featured Linux distribution for clients, servers and
clouds,
with a fast and easy installation and regular releases. A tightly-integrated
selection of excellent applications is included, and an incredible
variety of
add-on software is just a few clicks away.
Professional technical support is available from Canonical Limited and
hundreds
of other companies around the world. For more information about support,
visit
https://ubuntu.com/support
If you would like to help shape Ubuntu, take a look at the list of ways
you can
participate at:
https://ubuntu.com/community/participate
Your comments, bug reports, patches and suggestions really help us to
improve
this and future releases of Ubuntu. Instructions can be found at:
https://help.ubuntu.com/community/ReportingBugs
You can find out more about Ubuntu and about this Beta release on our
website, IRC channel and wiki.
To sign up for future Ubuntu announcements, please subscribe to Ubuntu's
very low volume announcement list at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce
On behalf of the Ubuntu Release Team,
Utkarsh Gupta
--
ubuntu-announce mailing list
ubuntu-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce
Thursday, September 21, 2023
[USN-6360-2] FLAC vulnerability
==========================================================================
Ubuntu Security Notice USN-6360-2
September 22, 2023
flac vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
FLAC could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- flac: Free Lossless Audio Codec
Details:
USN-6360-1 fixed a vulnerability in FLAC. This update provides the
corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and
Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that FLAC incorrectly handled encoding certain files. A
remote attacker could use this issue to cause FLAC to crash, resulting
in a
denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
flac 1.3.2-1ubuntu0.1+esm1
libflac8 1.3.2-1ubuntu0.1+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
flac 1.3.1-4ubuntu0.1~esm2
libflac8 1.3.1-4ubuntu0.1~esm2
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
flac 1.3.0-2ubuntu0.14.04.1+esm2
libflac8 1.3.0-2ubuntu0.14.04.1+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6360-2
https://ubuntu.com/security/notices/USN-6360-1
CVE-2020-22219
Ubuntu Security Notice USN-6360-2
September 22, 2023
flac vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
FLAC could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- flac: Free Lossless Audio Codec
Details:
USN-6360-1 fixed a vulnerability in FLAC. This update provides the
corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and
Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that FLAC incorrectly handled encoding certain files. A
remote attacker could use this issue to cause FLAC to crash, resulting
in a
denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
flac 1.3.2-1ubuntu0.1+esm1
libflac8 1.3.2-1ubuntu0.1+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
flac 1.3.1-4ubuntu0.1~esm2
libflac8 1.3.1-4ubuntu0.1~esm2
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
flac 1.3.0-2ubuntu0.14.04.1+esm2
libflac8 1.3.0-2ubuntu0.14.04.1+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6360-2
https://ubuntu.com/security/notices/USN-6360-1
CVE-2020-22219
[USN-6395-1] GNOME Shell vulnerability
==========================================================================
Ubuntu Security Notice USN-6395-1
September 21, 2023
gnome-shell vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
Summary:
GNOME Shell could be made to expose sensitive information.
Software Description:
- gnome-shell: graphical shell for the GNOME desktop
Details:
Mickael Karatekin discovered that GNOME Shell incorrectly allowed the
screenshot tool to view open windows when a session was locked. A local
attacker could possibly use this issue to obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
gnome-shell 44.3-0ubuntu1.1
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6395-1
CVE-2023-43090
Package Information:
https://launchpad.net/ubuntu/+source/gnome-shell/44.3-0ubuntu1.1
Ubuntu Security Notice USN-6395-1
September 21, 2023
gnome-shell vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
Summary:
GNOME Shell could be made to expose sensitive information.
Software Description:
- gnome-shell: graphical shell for the GNOME desktop
Details:
Mickael Karatekin discovered that GNOME Shell incorrectly allowed the
screenshot tool to view open windows when a session was locked. A local
attacker could possibly use this issue to obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
gnome-shell 44.3-0ubuntu1.1
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6395-1
CVE-2023-43090
Package Information:
https://launchpad.net/ubuntu/+source/gnome-shell/44.3-0ubuntu1.1
[USN-6394-1] Python vulnerability
==========================================================================
Ubuntu Security Notice USN-6394-1
September 21, 2023
python3.5 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Python could be made to execute arbitrary code if it received
a specially crafted script.
Software Description:
- python3.5: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled certain scripts.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
python3.5 3.5.2-2ubuntu0~16.04.13+esm10
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6394-1
CVE-2022-48560
Ubuntu Security Notice USN-6394-1
September 21, 2023
python3.5 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Python could be made to execute arbitrary code if it received
a specially crafted script.
Software Description:
- python3.5: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled certain scripts.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
python3.5 3.5.2-2ubuntu0~16.04.13+esm10
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6394-1
CVE-2022-48560
[USN-6393-1] ImageMagick vulnerability
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmUMX4oFAwAAAAAACgkQa1+PL+d1/Ejj
RQv/eiorQgyUQZefZmEp+jtOSy0CvvzBEVg9iqdwEP/gpYr1UE9PhBAoF0gr9/brP0WJdwF3d4ei
LtgjpHtNETJgh4WQsKJJDjtr7VKWhnvtxQSnxqX/hpj74gFk2YWAaDTL/dXZAKBDvTSBa85Ame7j
dxrIuscNe6VkNVtsHBPb1r8f4+dsY1vJ5uwuLmdSe5A00jdi8L2JR4Lz4gQ0c29hZkAp2AOgtG3x
RYEN6CXvGMutYO4/jE9b7E7EeS9OnNnHM8x4iPD7MXqo7XpoUvcn8sjfBAnTVFXNZvCp8QsSouKT
zaSUsfs/AT2r/xijk2C66P1lTKx5PCA6SyHPHhAIWEAG5IniCJbJtRHW4xn4qH3v3tcddjIbZqc5
Qi6rMlP2h3eeeDNVTRNrqYO5pHj14a5bg2Ue2ODGVKf1eQGfDX0Bm1NNPprDhjlYfkkXqxGw1CMx
moCLscIU0MAxUJ/4YT5WNBSe9mFv/xsSKobTsiSUDZ36GVkB4DMLeUiJlW/l
=5yJK
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6393-1
September 21, 2023
imagemagick vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
ImageMagick could be made to crash when processing the -help option.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick did not properly handle memory when
processing the -help option. An attacker could potentially use this
issue to cause a crash.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1
imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1
imagemagick-6.q16hdri 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.9.7.4+dfsg-16ubuntu6.15+esm2
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm2
imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.8.9.9-7ubuntu5.16+esm9
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm9
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.7.7.10-6ubuntu3.13+esm6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6393-1
CVE-2022-48541
wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmUMX4oFAwAAAAAACgkQa1+PL+d1/Ejj
RQv/eiorQgyUQZefZmEp+jtOSy0CvvzBEVg9iqdwEP/gpYr1UE9PhBAoF0gr9/brP0WJdwF3d4ei
LtgjpHtNETJgh4WQsKJJDjtr7VKWhnvtxQSnxqX/hpj74gFk2YWAaDTL/dXZAKBDvTSBa85Ame7j
dxrIuscNe6VkNVtsHBPb1r8f4+dsY1vJ5uwuLmdSe5A00jdi8L2JR4Lz4gQ0c29hZkAp2AOgtG3x
RYEN6CXvGMutYO4/jE9b7E7EeS9OnNnHM8x4iPD7MXqo7XpoUvcn8sjfBAnTVFXNZvCp8QsSouKT
zaSUsfs/AT2r/xijk2C66P1lTKx5PCA6SyHPHhAIWEAG5IniCJbJtRHW4xn4qH3v3tcddjIbZqc5
Qi6rMlP2h3eeeDNVTRNrqYO5pHj14a5bg2Ue2ODGVKf1eQGfDX0Bm1NNPprDhjlYfkkXqxGw1CMx
moCLscIU0MAxUJ/4YT5WNBSe9mFv/xsSKobTsiSUDZ36GVkB4DMLeUiJlW/l
=5yJK
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6393-1
September 21, 2023
imagemagick vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
ImageMagick could be made to crash when processing the -help option.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick did not properly handle memory when
processing the -help option. An attacker could potentially use this
issue to cause a crash.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1
imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1
imagemagick-6.q16hdri 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.9.7.4+dfsg-16ubuntu6.15+esm2
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm2
imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.8.9.9-7ubuntu5.16+esm9
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm9
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
imagemagick 8:6.7.7.10-6ubuntu3.13+esm6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6393-1
CVE-2022-48541
[USN-6391-2] CUPS vulnerability
==========================================================================
Ubuntu Security Notice USN-6391-2
September 21, 2023
cups vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
CUPS could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
USN-6391-1 fixed a vulnerability in CUPS. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that CUPS incorrectly parsed certain Postscript objects.
If a user or automated system were tricked into printing a specially
crafted document, a remote attacker could use this issue to cause CUPS to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
cups 2.2.7-1ubuntu2.10+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
cups 2.1.3-4ubuntu0.11+esm4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6391-2
https://ubuntu.com/security/notices/USN-6391-1
CVE-2023-4504
Ubuntu Security Notice USN-6391-2
September 21, 2023
cups vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
CUPS could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
USN-6391-1 fixed a vulnerability in CUPS. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that CUPS incorrectly parsed certain Postscript objects.
If a user or automated system were tricked into printing a specially
crafted document, a remote attacker could use this issue to cause CUPS to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
cups 2.2.7-1ubuntu2.10+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
cups 2.1.3-4ubuntu0.11+esm4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6391-2
https://ubuntu.com/security/notices/USN-6391-1
CVE-2023-4504
Wednesday, September 20, 2023
OpenBSD Errata: September 21, 2023 (npppd)
Errata patches for npppd have been released for OpenBSD 7.2 and 7.3.
Binary updates for the amd64, arm64 and i386 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata72.html
https://www.openbsd.org/errata73.html
Binary updates for the amd64, arm64 and i386 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata72.html
https://www.openbsd.org/errata73.html
[USN-6392-1] libppd vulnerability
==========================================================================
Ubuntu Security Notice USN-6392-1
September 20, 2023
libppd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
Summary:
libppd could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- libppd: OpenPrinting libppd
Details:
It was discovered that libppd incorrectly parsed certain Postscript
objects. If a user or automated system were tricked into printing a
specially crafted document, a remote attacker could use this issue to cause
libppd to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
libppd2 2:2.0~rc1-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6392-1
CVE-2023-4504
Package Information:
https://launchpad.net/ubuntu/+source/libppd/2:2.0~rc1-0ubuntu1.2
Ubuntu Security Notice USN-6392-1
September 20, 2023
libppd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
Summary:
libppd could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- libppd: OpenPrinting libppd
Details:
It was discovered that libppd incorrectly parsed certain Postscript
objects. If a user or automated system were tricked into printing a
specially crafted document, a remote attacker could use this issue to cause
libppd to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
libppd2 2:2.0~rc1-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6392-1
CVE-2023-4504
Package Information:
https://launchpad.net/ubuntu/+source/libppd/2:2.0~rc1-0ubuntu1.2
[USN-6390-1] Bind vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6390-1
September 20, 2023
bind9 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Bind could be made to crash if it received specially crafted network
traffic.
Software Description:
- bind9: Internet Domain Name Server
Details:
It was discovered that Bind incorrectly handled certain control channel
messages. A remote attacker with access to the control channel could
possibly use this issue to cause Bind to crash, resulting in a denial of
service. (CVE-2023-3341)
Robert Story discovered that Bind incorrectly handled certain DNS-over-TLS
queries. A remote attacker could possibly use this issue to cause Bind to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS, and Ubuntu 23.04. (CVE-2023-4236)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
bind9 1:9.18.12-1ubuntu1.2
Ubuntu 22.04 LTS:
bind9 1:9.18.12-0ubuntu0.22.04.3
Ubuntu 20.04 LTS:
bind9 1:9.16.1-0ubuntu2.16
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6390-1
CVE-2023-3341, CVE-2023-4236
Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.18.12-1ubuntu1.2
https://launchpad.net/ubuntu/+source/bind9/1:9.18.12-0ubuntu0.22.04.3
https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu2.16
Ubuntu Security Notice USN-6390-1
September 20, 2023
bind9 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Bind could be made to crash if it received specially crafted network
traffic.
Software Description:
- bind9: Internet Domain Name Server
Details:
It was discovered that Bind incorrectly handled certain control channel
messages. A remote attacker with access to the control channel could
possibly use this issue to cause Bind to crash, resulting in a denial of
service. (CVE-2023-3341)
Robert Story discovered that Bind incorrectly handled certain DNS-over-TLS
queries. A remote attacker could possibly use this issue to cause Bind to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS, and Ubuntu 23.04. (CVE-2023-4236)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
bind9 1:9.18.12-1ubuntu1.2
Ubuntu 22.04 LTS:
bind9 1:9.18.12-0ubuntu0.22.04.3
Ubuntu 20.04 LTS:
bind9 1:9.16.1-0ubuntu2.16
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6390-1
CVE-2023-3341, CVE-2023-4236
Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.18.12-1ubuntu1.2
https://launchpad.net/ubuntu/+source/bind9/1:9.18.12-0ubuntu0.22.04.3
https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu2.16
[USN-6391-1] CUPS vulnerability
==========================================================================
Ubuntu Security Notice USN-6391-1
September 20, 2023
cups vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
CUPS could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
It was discovered that CUPS incorrectly parsed certain Postscript objects.
If a user or automated system were tricked into printing a specially
crafted document, a remote attacker could use this issue to cause CUPS to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
cups 2.4.2-3ubuntu2.5
Ubuntu 22.04 LTS:
cups 2.4.1op1-1ubuntu4.7
Ubuntu 20.04 LTS:
cups 2.3.1-9ubuntu1.6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6391-1
CVE-2023-4504
Package Information:
https://launchpad.net/ubuntu/+source/cups/2.4.2-3ubuntu2.5
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.7
https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.6
Ubuntu Security Notice USN-6391-1
September 20, 2023
cups vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
CUPS could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
It was discovered that CUPS incorrectly parsed certain Postscript objects.
If a user or automated system were tricked into printing a specially
crafted document, a remote attacker could use this issue to cause CUPS to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
cups 2.4.2-3ubuntu2.5
Ubuntu 22.04 LTS:
cups 2.4.1op1-1ubuntu4.7
Ubuntu 20.04 LTS:
cups 2.3.1-9ubuntu1.6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6391-1
CVE-2023-4504
Package Information:
https://launchpad.net/ubuntu/+source/cups/2.4.2-3ubuntu2.5
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.7
https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.6
[USN-6389-1] Indent vulnerability
==========================================================================
Ubuntu Security Notice USN-6389-1
September 20, 2023
indent vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Indent could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- indent: C language source code formatting program
Details:
It was discovered that Indent incorrectly handled parsing certain source
files. If a user or automated system were tricked into processing a
specially crafted source file, a remote attacker could use this issue to
cause Indent to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
indent 2.2.12-4ubuntu0.1
Ubuntu 22.04 LTS:
indent 2.2.12-1ubuntu0.22.04.1
Ubuntu 20.04 LTS:
indent 2.2.12-1ubuntu0.20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6389-1
CVE-2023-40305
Package Information:
https://launchpad.net/ubuntu/+source/indent/2.2.12-4ubuntu0.1
https://launchpad.net/ubuntu/+source/indent/2.2.12-1ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/indent/2.2.12-1ubuntu0.20.04.1
Ubuntu Security Notice USN-6389-1
September 20, 2023
indent vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Indent could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- indent: C language source code formatting program
Details:
It was discovered that Indent incorrectly handled parsing certain source
files. If a user or automated system were tricked into processing a
specially crafted source file, a remote attacker could use this issue to
cause Indent to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
indent 2.2.12-4ubuntu0.1
Ubuntu 22.04 LTS:
indent 2.2.12-1ubuntu0.22.04.1
Ubuntu 20.04 LTS:
indent 2.2.12-1ubuntu0.20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6389-1
CVE-2023-40305
Package Information:
https://launchpad.net/ubuntu/+source/indent/2.2.12-4ubuntu0.1
https://launchpad.net/ubuntu/+source/indent/2.2.12-1ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/indent/2.2.12-1ubuntu0.20.04.1
Subscribe to:
Posts (Atom)