==========================================================================
Ubuntu Security Notice USN-5790-1
January 06, 2023
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15,
linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm,
linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-dell300x: Linux kernel for Dell 300x platforms
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
It was discovered that the BPF verifier in the Linux kernel did not
properly handle internal data structures. A local attacker could use this
to expose sensitive information (kernel memory). (CVE-2021-4159)
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
It was discovered that the Intel 740 frame buffer driver in the Linux
kernel contained a divide by zero vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3061)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
Jann Horn discovered a race condition existed in the Linux kernel when
unmapping VMAs in certain situations, resulting in possible use-after-free
vulnerabilities. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-39188)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1058-dell300x 4.15.0-1058.63
linux-image-4.15.0-1112-oracle 4.15.0-1112.123
linux-image-4.15.0-1125-raspi2 4.15.0-1125.133
linux-image-4.15.0-1133-kvm 4.15.0-1133.138
linux-image-4.15.0-1142-gcp 4.15.0-1142.158
linux-image-4.15.0-1143-snapdragon 4.15.0-1143.153
linux-image-4.15.0-1147-aws 4.15.0-1147.159
linux-image-4.15.0-1158-azure 4.15.0-1158.173
linux-image-4.15.0-201-generic 4.15.0-201.212
linux-image-4.15.0-201-generic-lpae 4.15.0-201.212
linux-image-4.15.0-201-lowlatency 4.15.0-201.212
linux-image-aws-lts-18.04 4.15.0.1147.145
linux-image-azure-lts-18.04 4.15.0.1158.126
linux-image-dell300x 4.15.0.1058.57
linux-image-gcp-lts-18.04 4.15.0.1142.156
linux-image-generic 4.15.0.201.184
linux-image-generic-lpae 4.15.0.201.184
linux-image-kvm 4.15.0.1133.124
linux-image-lowlatency 4.15.0.201.184
linux-image-oracle-lts-18.04 4.15.0.1112.117
linux-image-raspi2 4.15.0.1125.120
linux-image-snapdragon 4.15.0.1143.142
linux-image-virtual 4.15.0.201.184
Ubuntu 16.04 ESM:
linux-image-4.15.0-1112-oracle 4.15.0-1112.123~16.04.1
linux-image-4.15.0-1142-gcp 4.15.0-1142.158~16.04.1
linux-image-4.15.0-1147-aws-hwe 4.15.0-1147.159~16.04.1
linux-image-4.15.0-201-generic 4.15.0-201.212~16.04.1
linux-image-4.15.0-201-lowlatency 4.15.0-201.212~16.04.1
linux-image-aws-hwe 4.15.0.1147.132
linux-image-gcp 4.15.0.1142.134
linux-image-generic-hwe-16.04 4.15.0.201.186
linux-image-gke 4.15.0.1142.134
linux-image-lowlatency-hwe-16.04 4.15.0.201.186
linux-image-oem 4.15.0.201.186
linux-image-oracle 4.15.0.1112.94
linux-image-virtual-hwe-16.04 4.15.0.201.186
Ubuntu 14.04 ESM:
linux-image-4.15.0-1158-azure 4.15.0-1158.173~14.04.1
linux-image-azure 4.15.0.1158.125
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5790-1
CVE-2021-4159, CVE-2022-20421, CVE-2022-3061, CVE-2022-3586,
CVE-2022-39188, CVE-2022-40307, CVE-2022-4095
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-201.212
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1147.159
https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1158.173
https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1058.63
https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1142.158
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1133.138
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1112.123
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1125.133
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1143.153
Friday, January 6, 2023
[USN-5791-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5791-1
January 06, 2023
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gke,
linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm,
linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-ibm-5.4: Linux kernel for IBM cloud systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems
Details:
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the Intel 740 frame buffer driver in the Linux
kernel contained a divide by zero vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3061)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3646)
Hyunwoo Kim discovered that an integer overflow vulnerability existed in
the PXA3xx graphics driver in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2022-39842)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1041-ibm 5.4.0-1041.46
linux-image-5.4.0-1061-gkeop 5.4.0-1061.65
linux-image-5.4.0-1078-raspi 5.4.0-1078.89
linux-image-5.4.0-1083-kvm 5.4.0-1083.89
linux-image-5.4.0-1091-gke 5.4.0-1091.98
linux-image-5.4.0-1091-oracle 5.4.0-1091.100
linux-image-5.4.0-1093-aws 5.4.0-1093.101
linux-image-5.4.0-1097-gcp 5.4.0-1097.106
linux-image-5.4.0-136-generic 5.4.0-136.153
linux-image-5.4.0-136-generic-lpae 5.4.0-136.153
linux-image-5.4.0-136-lowlatency 5.4.0-136.153
linux-image-aws-lts-20.04 5.4.0.1093.90
linux-image-gcp-lts-20.04 5.4.0.1097.99
linux-image-generic 5.4.0.136.134
linux-image-generic-lpae 5.4.0.136.134
linux-image-gke 5.4.0.1091.96
linux-image-gke-5.4 5.4.0.1091.96
linux-image-gkeop 5.4.0.1061.59
linux-image-gkeop-5.4 5.4.0.1061.59
linux-image-ibm 5.4.0.1041.67
linux-image-ibm-lts-20.04 5.4.0.1041.67
linux-image-kvm 5.4.0.1083.77
linux-image-lowlatency 5.4.0.136.134
linux-image-oem 5.4.0.136.134
linux-image-oem-osp1 5.4.0.136.134
linux-image-oracle-lts-20.04 5.4.0.1091.84
linux-image-raspi 5.4.0.1078.108
linux-image-raspi2 5.4.0.1078.108
linux-image-virtual 5.4.0.136.134
Ubuntu 18.04 LTS:
linux-image-5.4.0-1041-ibm 5.4.0-1041.46~18.04.1
linux-image-5.4.0-1078-raspi 5.4.0-1078.89~18.04.1
linux-image-5.4.0-1091-oracle 5.4.0-1091.100~18.04.1
linux-image-5.4.0-1093-aws 5.4.0-1093.102~18.04.2
linux-image-5.4.0-1097-gcp 5.4.0-1097.106~18.04.1
linux-image-5.4.0-136-generic 5.4.0-136.153~18.04.1
linux-image-5.4.0-136-generic-lpae 5.4.0-136.153~18.04.1
linux-image-5.4.0-136-lowlatency 5.4.0-136.153~18.04.1
linux-image-aws 5.4.0.1093.71
linux-image-gcp 5.4.0.1097.73
linux-image-generic-hwe-18.04 5.4.0.136.153~18.04.111
linux-image-generic-lpae-hwe-18.04 5.4.0.136.153~18.04.111
linux-image-ibm 5.4.0.1041.52
linux-image-lowlatency-hwe-18.04 5.4.0.136.153~18.04.111
linux-image-oem 5.4.0.136.153~18.04.111
linux-image-oem-osp1 5.4.0.136.153~18.04.111
linux-image-oracle 5.4.0.1091.100~18.04.65
linux-image-raspi-hwe-18.04 5.4.0.1078.75
linux-image-snapdragon-hwe-18.04 5.4.0.136.153~18.04.111
linux-image-virtual-hwe-18.04 5.4.0.136.153~18.04.111
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5791-1
CVE-2022-20421, CVE-2022-2663, CVE-2022-3061, CVE-2022-3303,
CVE-2022-3586, CVE-2022-3646, CVE-2022-39842, CVE-2022-40307,
CVE-2022-4095, CVE-2022-43750
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-136.153
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1093.101
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1097.106
https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1091.98
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1061.65
https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1041.46
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1083.89
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1091.100
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1078.89
https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1093.102~18.04.2
https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1097.106~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-136.153~18.04.1
https://launchpad.net/ubuntu/+source/linux-ibm-5.4/5.4.0-1041.46~18.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1091.100~18.04.1
https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1078.89~18.04.1
Ubuntu Security Notice USN-5791-1
January 06, 2023
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gke,
linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm,
linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-ibm-5.4: Linux kernel for IBM cloud systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems
Details:
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the Intel 740 frame buffer driver in the Linux
kernel contained a divide by zero vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3061)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3646)
Hyunwoo Kim discovered that an integer overflow vulnerability existed in
the PXA3xx graphics driver in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2022-39842)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1041-ibm 5.4.0-1041.46
linux-image-5.4.0-1061-gkeop 5.4.0-1061.65
linux-image-5.4.0-1078-raspi 5.4.0-1078.89
linux-image-5.4.0-1083-kvm 5.4.0-1083.89
linux-image-5.4.0-1091-gke 5.4.0-1091.98
linux-image-5.4.0-1091-oracle 5.4.0-1091.100
linux-image-5.4.0-1093-aws 5.4.0-1093.101
linux-image-5.4.0-1097-gcp 5.4.0-1097.106
linux-image-5.4.0-136-generic 5.4.0-136.153
linux-image-5.4.0-136-generic-lpae 5.4.0-136.153
linux-image-5.4.0-136-lowlatency 5.4.0-136.153
linux-image-aws-lts-20.04 5.4.0.1093.90
linux-image-gcp-lts-20.04 5.4.0.1097.99
linux-image-generic 5.4.0.136.134
linux-image-generic-lpae 5.4.0.136.134
linux-image-gke 5.4.0.1091.96
linux-image-gke-5.4 5.4.0.1091.96
linux-image-gkeop 5.4.0.1061.59
linux-image-gkeop-5.4 5.4.0.1061.59
linux-image-ibm 5.4.0.1041.67
linux-image-ibm-lts-20.04 5.4.0.1041.67
linux-image-kvm 5.4.0.1083.77
linux-image-lowlatency 5.4.0.136.134
linux-image-oem 5.4.0.136.134
linux-image-oem-osp1 5.4.0.136.134
linux-image-oracle-lts-20.04 5.4.0.1091.84
linux-image-raspi 5.4.0.1078.108
linux-image-raspi2 5.4.0.1078.108
linux-image-virtual 5.4.0.136.134
Ubuntu 18.04 LTS:
linux-image-5.4.0-1041-ibm 5.4.0-1041.46~18.04.1
linux-image-5.4.0-1078-raspi 5.4.0-1078.89~18.04.1
linux-image-5.4.0-1091-oracle 5.4.0-1091.100~18.04.1
linux-image-5.4.0-1093-aws 5.4.0-1093.102~18.04.2
linux-image-5.4.0-1097-gcp 5.4.0-1097.106~18.04.1
linux-image-5.4.0-136-generic 5.4.0-136.153~18.04.1
linux-image-5.4.0-136-generic-lpae 5.4.0-136.153~18.04.1
linux-image-5.4.0-136-lowlatency 5.4.0-136.153~18.04.1
linux-image-aws 5.4.0.1093.71
linux-image-gcp 5.4.0.1097.73
linux-image-generic-hwe-18.04 5.4.0.136.153~18.04.111
linux-image-generic-lpae-hwe-18.04 5.4.0.136.153~18.04.111
linux-image-ibm 5.4.0.1041.52
linux-image-lowlatency-hwe-18.04 5.4.0.136.153~18.04.111
linux-image-oem 5.4.0.136.153~18.04.111
linux-image-oem-osp1 5.4.0.136.153~18.04.111
linux-image-oracle 5.4.0.1091.100~18.04.65
linux-image-raspi-hwe-18.04 5.4.0.1078.75
linux-image-snapdragon-hwe-18.04 5.4.0.136.153~18.04.111
linux-image-virtual-hwe-18.04 5.4.0.136.153~18.04.111
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5791-1
CVE-2022-20421, CVE-2022-2663, CVE-2022-3061, CVE-2022-3303,
CVE-2022-3586, CVE-2022-3646, CVE-2022-39842, CVE-2022-40307,
CVE-2022-4095, CVE-2022-43750
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-136.153
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1093.101
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1097.106
https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1091.98
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1061.65
https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1041.46
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1083.89
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1091.100
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1078.89
https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1093.102~18.04.2
https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1097.106~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-136.153~18.04.1
https://launchpad.net/ubuntu/+source/linux-ibm-5.4/5.4.0-1041.46~18.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1091.100~18.04.1
https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1078.89~18.04.1
Thursday, January 5, 2023
[USN-5788-1] curl vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5788-1
January 05, 2023
curl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Hiroki Kurosawa discovered that curl incorrectly handled HSTS support
when certain hostnames included IDN characters. A remote attacker could
possibly use this issue to cause curl to use unencrypted connections. This
issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-43551)
It was discovered that curl incorrectly handled denials when using HTTP
proxies. A remote attacker could use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-43552)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
curl 7.85.0-1ubuntu0.2
libcurl3-gnutls 7.85.0-1ubuntu0.2
libcurl3-nss 7.85.0-1ubuntu0.2
libcurl4 7.85.0-1ubuntu0.2
Ubuntu 22.04 LTS:
curl 7.81.0-1ubuntu1.7
libcurl3-gnutls 7.81.0-1ubuntu1.7
libcurl3-nss 7.81.0-1ubuntu1.7
libcurl4 7.81.0-1ubuntu1.7
Ubuntu 20.04 LTS:
curl 7.68.0-1ubuntu2.15
libcurl3-gnutls 7.68.0-1ubuntu2.15
libcurl3-nss 7.68.0-1ubuntu2.15
libcurl4 7.68.0-1ubuntu2.15
Ubuntu 18.04 LTS:
curl 7.58.0-2ubuntu3.22
libcurl3-gnutls 7.58.0-2ubuntu3.22
libcurl3-nss 7.58.0-2ubuntu3.22
libcurl4 7.58.0-2ubuntu3.22
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5788-1
CVE-2022-43551, CVE-2022-43552
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.85.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.7
https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.15
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.22
Ubuntu Security Notice USN-5788-1
January 05, 2023
curl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Hiroki Kurosawa discovered that curl incorrectly handled HSTS support
when certain hostnames included IDN characters. A remote attacker could
possibly use this issue to cause curl to use unencrypted connections. This
issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-43551)
It was discovered that curl incorrectly handled denials when using HTTP
proxies. A remote attacker could use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-43552)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
curl 7.85.0-1ubuntu0.2
libcurl3-gnutls 7.85.0-1ubuntu0.2
libcurl3-nss 7.85.0-1ubuntu0.2
libcurl4 7.85.0-1ubuntu0.2
Ubuntu 22.04 LTS:
curl 7.81.0-1ubuntu1.7
libcurl3-gnutls 7.81.0-1ubuntu1.7
libcurl3-nss 7.81.0-1ubuntu1.7
libcurl4 7.81.0-1ubuntu1.7
Ubuntu 20.04 LTS:
curl 7.68.0-1ubuntu2.15
libcurl3-gnutls 7.68.0-1ubuntu2.15
libcurl3-nss 7.68.0-1ubuntu2.15
libcurl4 7.68.0-1ubuntu2.15
Ubuntu 18.04 LTS:
curl 7.58.0-2ubuntu3.22
libcurl3-gnutls 7.58.0-2ubuntu3.22
libcurl3-nss 7.58.0-2ubuntu3.22
libcurl4 7.58.0-2ubuntu3.22
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5788-1
CVE-2022-43551, CVE-2022-43552
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.85.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.7
https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.15
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.22
[USN-5789-1] Linux kernel (OEM) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5789-1
January 05, 2023
linux-oem-5.14 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oem-5.14: Linux kernel for OEM systems
Details:
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)
Jann Horn discovered that the Linux kernel did not properly track memory
allocations for anonymous VMA mappings in some situations, leading to
potential data structure reuse. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-42703)
Roger Pau Monné discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)
Jan Beulich discovered that the Xen network device frontend driver in the
Linux kernel incorrectly handled socket buffers (skb) references when
communicating with certain backends. A local attacker could use this to
cause a denial of service (guest crash). (CVE-2022-33743)
It was discovered that a memory leak existed in the IPv6 implementation of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-3524)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-3564)
It was discovered that the TCP implementation in the Linux kernel contained
a data race condition. An attacker could possibly use this to cause
undesired behaviors. (CVE-2022-3566)
It was discovered that the IPv6 implementation in the Linux kernel
contained a data race condition. An attacker could possibly use this to
cause undesired behaviors. (CVE-2022-3567)
It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in
the Linux kernel did not properly handle certain error conditions. A local
attacker with physical access could plug in a specially crafted USB device
to cause a denial of service (memory exhaustion). (CVE-2022-3594)
It was discovered that a null pointer dereference existed in the NILFS2
file system implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3621)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.14.0-1055-oem 5.14.0-1055.62
linux-image-oem-20.04 5.14.0.1055.53
linux-image-oem-20.04b 5.14.0.1055.53
linux-image-oem-20.04c 5.14.0.1055.53
linux-image-oem-20.04d 5.14.0.1055.53
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5789-1
CVE-2022-26365, CVE-2022-33743, CVE-2022-3524, CVE-2022-3564,
CVE-2022-3566, CVE-2022-3567, CVE-2022-3594, CVE-2022-3621,
CVE-2022-42703, CVE-2022-43945
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1055.62
Ubuntu Security Notice USN-5789-1
January 05, 2023
linux-oem-5.14 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oem-5.14: Linux kernel for OEM systems
Details:
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)
Jann Horn discovered that the Linux kernel did not properly track memory
allocations for anonymous VMA mappings in some situations, leading to
potential data structure reuse. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-42703)
Roger Pau Monné discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)
Jan Beulich discovered that the Xen network device frontend driver in the
Linux kernel incorrectly handled socket buffers (skb) references when
communicating with certain backends. A local attacker could use this to
cause a denial of service (guest crash). (CVE-2022-33743)
It was discovered that a memory leak existed in the IPv6 implementation of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-3524)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-3564)
It was discovered that the TCP implementation in the Linux kernel contained
a data race condition. An attacker could possibly use this to cause
undesired behaviors. (CVE-2022-3566)
It was discovered that the IPv6 implementation in the Linux kernel
contained a data race condition. An attacker could possibly use this to
cause undesired behaviors. (CVE-2022-3567)
It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in
the Linux kernel did not properly handle certain error conditions. A local
attacker with physical access could plug in a specially crafted USB device
to cause a denial of service (memory exhaustion). (CVE-2022-3594)
It was discovered that a null pointer dereference existed in the NILFS2
file system implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3621)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.14.0-1055-oem 5.14.0-1055.62
linux-image-oem-20.04 5.14.0.1055.53
linux-image-oem-20.04b 5.14.0.1055.53
linux-image-oem-20.04c 5.14.0.1055.53
linux-image-oem-20.04d 5.14.0.1055.53
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5789-1
CVE-2022-26365, CVE-2022-33743, CVE-2022-3524, CVE-2022-3564,
CVE-2022-3566, CVE-2022-3567, CVE-2022-3594, CVE-2022-3621,
CVE-2022-42703, CVE-2022-43945
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1055.62
F38 proposal: TeXLive2022 (Self-Contained Change proposal)
https://fedoraproject.org/wiki/Changes/TeXLive2022
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.
== Summary ==
Update the TeXLive engines and components in Fedora to the 2022 version.
This will improve TeX document processing, conversion, and
internationalization, which is used by some Fedora packages (and
users).
== Owner ==
* Name: [[User:spot| Tom Callaway]]
* Email: spotrh@gmail.com
== Detailed Description ==
The goal is to update Fedora to the latest available version of
TeXLive (2022), including its large number of associated components.
This will resolve outstanding bugs in the existing TeXLive (2021)
packages, add new features, improve performance, and expand
internationalization support.
== Benefit to Fedora ==
Updating to TeXLive 2022 brings the latest versions of the TeX engines
and components into Fedora, which improves document rendering and
conversion. A number of Fedora packages include TeX support, which
depend on the TeXLive utilities.
In each TeXLive release, a large (hundreds) number of TeX components
are updated, a significant (~100) number of new TeX components are
added, and core functionality is enhanced and optimized.
Documents should render properly and export into various formats without issues.
== Scope ==
* Proposal owners:
The necessary changes are contained to the texlive and texlive-base
packages. These changes have already landed in rawhide.
* Other developers
No changes should be necessary for other packagers/developers.
* Release engineering:
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives: It does not align with any current Objectives.
== Upgrade/compatibility impact ==
Users will need to delete old TexLive 2021 cache in order to properly
use TeXLive 2022 upon an upgrade. To do this, a user simply (and
carefully) needs to run:
rm -rf ~/.texlive2021
A new ~/.texlive2022 directory will be generated and used when the
user invokes TeXLive related functionality, but TeXLive will attempt
to use the older cache directory and it will not work properly.
== How To Test ==
Packagers who have packages that use TeX to generate documentation
should simply attempt to rebuild their package in rawhide with the
TeXLive 2022 packages. If it succeeds and the documents generated are
correct, nothing further is necessary. If it fails or the documents
generated are corrupted/damaged, please open a bug against the texlive
component.
== User Experience ==
The way that the user interacts with TeX/TeXLive does not change in
this release. A very small number of components (~10) in TeXLive have
been obsoleted and removed, but they have either been silently
replaced by other functionality or they were outdated documentation.
== Dependencies ==
While other packages in Fedora do depend on texlive component
packages, this is almost always for build-time generation of
documentation, and not in a traditional "linking to library" approach.
Packages with tex() or texlive dependencies should not need to make
any changes to use TeXLive 2022.
== Contingency Plan ==
* Contingency mechanism: Roll back to latest texlive/texlive-base 2021 packages.
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A
== Documentation ==
https://tug.org/texlive/bugs.html
== Release Notes ==
Fedora 38 has updated its TeXLive support to 2022. Users who upgrade
from older versions of Fedora and who have used TeXLive previously may
need to delete the ~/.texlive2021 cache directory in order to have a
working TeXLive environment. A new ~/.texlive2022 cache directory will
be generated on first use of TeXLive 2022, but TeX will attempt to use
older cache directories if they exist.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.
== Summary ==
Update the TeXLive engines and components in Fedora to the 2022 version.
This will improve TeX document processing, conversion, and
internationalization, which is used by some Fedora packages (and
users).
== Owner ==
* Name: [[User:spot| Tom Callaway]]
* Email: spotrh@gmail.com
== Detailed Description ==
The goal is to update Fedora to the latest available version of
TeXLive (2022), including its large number of associated components.
This will resolve outstanding bugs in the existing TeXLive (2021)
packages, add new features, improve performance, and expand
internationalization support.
== Benefit to Fedora ==
Updating to TeXLive 2022 brings the latest versions of the TeX engines
and components into Fedora, which improves document rendering and
conversion. A number of Fedora packages include TeX support, which
depend on the TeXLive utilities.
In each TeXLive release, a large (hundreds) number of TeX components
are updated, a significant (~100) number of new TeX components are
added, and core functionality is enhanced and optimized.
Documents should render properly and export into various formats without issues.
== Scope ==
* Proposal owners:
The necessary changes are contained to the texlive and texlive-base
packages. These changes have already landed in rawhide.
* Other developers
No changes should be necessary for other packagers/developers.
* Release engineering:
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives: It does not align with any current Objectives.
== Upgrade/compatibility impact ==
Users will need to delete old TexLive 2021 cache in order to properly
use TeXLive 2022 upon an upgrade. To do this, a user simply (and
carefully) needs to run:
rm -rf ~/.texlive2021
A new ~/.texlive2022 directory will be generated and used when the
user invokes TeXLive related functionality, but TeXLive will attempt
to use the older cache directory and it will not work properly.
== How To Test ==
Packagers who have packages that use TeX to generate documentation
should simply attempt to rebuild their package in rawhide with the
TeXLive 2022 packages. If it succeeds and the documents generated are
correct, nothing further is necessary. If it fails or the documents
generated are corrupted/damaged, please open a bug against the texlive
component.
== User Experience ==
The way that the user interacts with TeX/TeXLive does not change in
this release. A very small number of components (~10) in TeXLive have
been obsoleted and removed, but they have either been silently
replaced by other functionality or they were outdated documentation.
== Dependencies ==
While other packages in Fedora do depend on texlive component
packages, this is almost always for build-time generation of
documentation, and not in a traditional "linking to library" approach.
Packages with tex() or texlive dependencies should not need to make
any changes to use TeXLive 2022.
== Contingency Plan ==
* Contingency mechanism: Roll back to latest texlive/texlive-base 2021 packages.
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A
== Documentation ==
https://tug.org/texlive/bugs.html
== Release Notes ==
Fedora 38 has updated its TeXLive support to 2022. Users who upgrade
from older versions of Fedora and who have used TeXLive previously may
need to delete the ~/.texlive2021 cache directory in order to have a
working TeXLive environment. A new ~/.texlive2022 cache directory will
be generated on first use of TeXLive 2022, but TeX will attempt to use
older cache directories if they exist.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[HEADS UP] Clamping build mtimes to $SOURCE_DATE_EPOCH now enabled in Rawhide
The following change proposal has been shipped in redhat-rpm-config-238-1.fc38.
If you need to opt-out, you can %undefine clamp_mtime_to_source_date_epoch or
define it to 0.
If you encounter problems, report them in Bugzilla and preferably make it block
the change tracking https://bugzilla.redhat.com/2149310
Or reply to this thread on the devel list.
On 10. 11. 22 21:23, Ben Cotton wrote:
> https://fedoraproject.org/wiki/Changes/ReproducibleBuildsClampMtimes
>
> This document represents a proposed Change. As part of the Changes
> process, proposals are publicly announced in order to receive
> community feedback. This proposal will only be implemented if approved
> by the Fedora Engineering Steering Committee.
>
> == Summary ==
>
> The `%clamp_mtime_to_source_date_epoch` RPM macro will be set to `1`.
> When an RPM package is built, mtimes of packaged files will be clamped
> to `$SOURCE_DATE_EPOCH` which is already set to the date of the latest
> `%changelog` entry. As a result, more RPM packages will be
> reproducible: The actual modification time of files that are e.g.
> modified in the `%prep` section or built in the `%build` section will
> not be reflected in the resulting RPM packages. Files in RPM packages
> will have mtimes that are independent of the time of the actual build.
>
> == Owner ==
> * Name: [[User:Churchyard|Miro Hrončok]], [[User:Zbyszek|Zbigniew
> Jędrzejewski-Szmek]]
> * Email: mhroncok at redhat.com, zbyszek at in.waw.pl
>
>
> == Detailed Description ==
> This change exists to make RPM package builds more reproducible. A
> common problem that prevents [https://reproducible-builds.org/ build
> reproducibility] is the mtime (modification times) of the packaged
> files.
>
> Suppose we package an RPM package of software called `skynet` in
> version `1.0`. Upstream released this version at datetime A. A Fedora
> packager creates the RPM package at datetime B. Unfortunately, the
> packager needs to patch the sources in the RPM `%prep` section. When
> the build runs at datetime C, the modification datetime of the patched
> file is set to C. When the build runs again in an otherwise identical
> environment at datetime D, the modification datetime of the patched
> file is set to D. As a result, the build is not bit-by-bit
> reproducible, because the datetime of the build is saved in the
> resulting package.
> Patching is not necessary to make this happen. When a source file is
> compiled into a binary file, the modification datetime is also set to
> the datetime of the build. In practice, the modification datetime of
> many files packaged in RPM packages is dependent on when the package
> was actually built.
>
> To eliminate this problem, we propose to clamp build mtimes to
> `$SOURCE_DATE_EPOCH`. RPM build in Fedora already sets the
> `$SOURCE_DATE_EPOCH` environment variable based on the latest
> `%changelog` entry because the `%source_date_epoch_from_changelog`
> macro is set to `1`. We will also set the
> `%clamp_mtime_to_source_date_epoch` macro to `1`. As a result, when
> files are packaged to the RPM package, their modification datetimes
> will be clamped to `$SOURCE_DATE_EPOCH` (to the latest changelog entry
> datetime). Clamping means that all files which would otherwise have a
> modification datetime higher than `$SOURCE_DATE_EPOCH` will have the
> modification datetime changed to `$SOURCE_DATE_EPOCH`; files with
> mtime lower (or equal) to `$SOURCE_DATE_EPOCH` will retain the
> original mtimes.
>
> This functionality is already implemented in RPM. We will enable it by
> setting `%clamp_mtime_to_source_date_epoch` to `1`.
>
> === Non-goal ===
>
> We do not aim to make all Fedora packages reproducible (at least not
> as part of this change proposal). We just eliminate one problem that
> we consider the biggest blocker for reproducible builds.
>
> === Python bytecode ===
>
> When Python bytecode cache (a `.pyc` file) is built, the mtime of the
> corresponding Python source file (`.py`) is included in it for
> invalidation purposes. Since the `.pyc` file is created before RPM
> clamps the mtime of the `.py` file, the mtime stored in the `.pyc`
> file might be higher than the corresponding mtime of the `.py` file.
>
> With the previous example, if `skynet` is written in Python:
> # `skynet.py` is modified in `%prep` and hence has mtime set to the
> time of the build
> # `skynet.pyc` is generated in `%install` and the mtime of `skynet.py`
> is saved in it
> # RPM clamps the mtime of `skynet.py`
> # `skynet.pyc` is considered invalid by Python on runtime, as the
> stored and actual mtime of `skynet.py` don't match
>
> To solve this, we will modify Python to clamp the stored mtime to
> `$SOURCE_DATE_EPOCH` as well (when building RPM packages). Upstream
> Python chooses to invalidate bytecode cache based on hashes instead of
> mtimes when `$SOURCE_DATE_EPOCH` is set, but that could cause
> performance issues for big files, so Fedora's Python already deviates
> from upstream behavior when building RPM packages. To avoid
> accidentally breaking the behavior when
> `%clamp_mtime_to_source_date_epoch` is not set to `1`, RPM macros and
> buildroot policy scripts for creating the Python bytecode cache will
> be modified to unset `$SOURCE_DATE_EPOCH` when
> `%clamp_mtime_to_source_date_epoch` is not set to `1`.
>
> This behavior might be proposed upstream if it turns out to be
> superior to the current upstream choice, in case we
> [https://discuss.python.org/t/14594 won't redesign the bytecode-source
> relationship entirely] instead.
>
> === Opting out ===
>
> Packages broken by this new behavior can unset
> `%clamp_mtime_to_source_date_epoch` but packagers are encouraged to
> fix the problem instead.
>
> == Feedback ==
> Enabling this RPM feature was
> [https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/126
> proposed as a pull request] to {{package|redhat-rpm-config}} in April
> 2021. It received good feedback with the exception of the following:
>
> * it was said the change needs to be coordinated with the Python maintainers
> * it was said the change should be done via a change process for
> better coordination and exposure
>
> We believe that by proposing this via the change process and planning
> for the changes needed in Python, both issues are addressed.
>
> == Benefit to Fedora ==
> We believe that many RPM packages will become reproducible and others
> will be more reproducible than before. The benefits of reproducible
> builds are better explained at https://reproducible-builds.org/
>
> == Scope ==
> * Proposal owners:
> ** Propose a PR for {{package|redhat-rpm-config}} (set
> `%clamp_mtime_to_source_date_epoch` to `1`, possibly only when
> `%source_date_epoch_from_changelog` is set)
> ** Propose a PR for {{package|python-rpm-macros}} (unset
> `$SOURCE_DATE_EPOCH` while creating `.pyc` files iff
> `%clamp_mtime_to_source_date_epoch` is not `1`)
> ** Propose a PR for
> [https://src.fedoraproject.org/rpms/python3.11/blob/b2d80045f9/f/00328-pyc-timestamp-invalidation-mode.patch
> the Python's bytecode invalidation mode patch] for all Python versions
> that have it
> ** Backport (the new portion of) the patch to older Pythons
> ({{package|python2.7}}, {{package|python3.6}} and PyPys)
> ** Test everything together in Copr and deploy it if it works.
> ** Optional: Run some reproducibility tests before and after this
> change and produce some statistics.
>
> * Other developers:
> ** Test their packages with the new behavior, report problems, and
> opt-out if really needed.
> * Release engineering: N/A (not needed for this Change)
> * Policies and guidelines: N/A (not needed for this Change)
> * Trademark approval: N/A (not needed for this Change)
> * Alignment with Objectives: N/A (not needed for this Change)
>
>
> == Upgrade/compatibility impact ==
> Nothing anticipated.
>
> == How To Test ==
> The change owners plan to perform a mass rebuild in Copr to see if
> this breaks anything significantly.
> If it actually works as anticipated, they also plan to run some
> reproducibility tests and hopefully produce some statistics before and
> after this change.
>
> Other packages can test by building their packages and verifying they
> still work as expected and no packaged files have higher mtimes than
> the last `%changelog` entry.
>
> To verify if this change has landed, run: `rpm --eval
> '%clamp_mtime_to_source_date_epoch'` on Fedora 38. The result should
> be `1`.
>
> == User Experience ==
> Users of Fedora Linux on their machines should not be impacted at all.
> Users who build RPM packages atop Fedora will be impacted by this
> change the same way Fedora is.
>
> == Dependencies ==
>
> * RPM needs to support this (it already does)
> * RPM needs to set `$SOURCE_DATE_EPOCH` (it already does)
>
> == Contingency Plan ==
>
> * Contingency mechanism: The change owners or
> {{package|redhat-rpm-config}} maintainers or proven packagers will
> revert the change in {{package|redhat-rpm-config}}. That should be
> enough to undo anything as the changes in Python should be dependent
> on that. If not enough, revert everything.
> * Contingency deadline: Ideally, we should do this before the Mass
> Rebuild. Technically, we can land it any time before the Beta Freeze,
> but it would not change all the packages, which is a bit messy. *
> Blocks release? No <
>
> == Documentation ==
>
> This page is the documentation.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
If you need to opt-out, you can %undefine clamp_mtime_to_source_date_epoch or
define it to 0.
If you encounter problems, report them in Bugzilla and preferably make it block
the change tracking https://bugzilla.redhat.com/2149310
Or reply to this thread on the devel list.
On 10. 11. 22 21:23, Ben Cotton wrote:
> https://fedoraproject.org/wiki/Changes/ReproducibleBuildsClampMtimes
>
> This document represents a proposed Change. As part of the Changes
> process, proposals are publicly announced in order to receive
> community feedback. This proposal will only be implemented if approved
> by the Fedora Engineering Steering Committee.
>
> == Summary ==
>
> The `%clamp_mtime_to_source_date_epoch` RPM macro will be set to `1`.
> When an RPM package is built, mtimes of packaged files will be clamped
> to `$SOURCE_DATE_EPOCH` which is already set to the date of the latest
> `%changelog` entry. As a result, more RPM packages will be
> reproducible: The actual modification time of files that are e.g.
> modified in the `%prep` section or built in the `%build` section will
> not be reflected in the resulting RPM packages. Files in RPM packages
> will have mtimes that are independent of the time of the actual build.
>
> == Owner ==
> * Name: [[User:Churchyard|Miro Hrončok]], [[User:Zbyszek|Zbigniew
> Jędrzejewski-Szmek]]
> * Email: mhroncok at redhat.com, zbyszek at in.waw.pl
>
>
> == Detailed Description ==
> This change exists to make RPM package builds more reproducible. A
> common problem that prevents [https://reproducible-builds.org/ build
> reproducibility] is the mtime (modification times) of the packaged
> files.
>
> Suppose we package an RPM package of software called `skynet` in
> version `1.0`. Upstream released this version at datetime A. A Fedora
> packager creates the RPM package at datetime B. Unfortunately, the
> packager needs to patch the sources in the RPM `%prep` section. When
> the build runs at datetime C, the modification datetime of the patched
> file is set to C. When the build runs again in an otherwise identical
> environment at datetime D, the modification datetime of the patched
> file is set to D. As a result, the build is not bit-by-bit
> reproducible, because the datetime of the build is saved in the
> resulting package.
> Patching is not necessary to make this happen. When a source file is
> compiled into a binary file, the modification datetime is also set to
> the datetime of the build. In practice, the modification datetime of
> many files packaged in RPM packages is dependent on when the package
> was actually built.
>
> To eliminate this problem, we propose to clamp build mtimes to
> `$SOURCE_DATE_EPOCH`. RPM build in Fedora already sets the
> `$SOURCE_DATE_EPOCH` environment variable based on the latest
> `%changelog` entry because the `%source_date_epoch_from_changelog`
> macro is set to `1`. We will also set the
> `%clamp_mtime_to_source_date_epoch` macro to `1`. As a result, when
> files are packaged to the RPM package, their modification datetimes
> will be clamped to `$SOURCE_DATE_EPOCH` (to the latest changelog entry
> datetime). Clamping means that all files which would otherwise have a
> modification datetime higher than `$SOURCE_DATE_EPOCH` will have the
> modification datetime changed to `$SOURCE_DATE_EPOCH`; files with
> mtime lower (or equal) to `$SOURCE_DATE_EPOCH` will retain the
> original mtimes.
>
> This functionality is already implemented in RPM. We will enable it by
> setting `%clamp_mtime_to_source_date_epoch` to `1`.
>
> === Non-goal ===
>
> We do not aim to make all Fedora packages reproducible (at least not
> as part of this change proposal). We just eliminate one problem that
> we consider the biggest blocker for reproducible builds.
>
> === Python bytecode ===
>
> When Python bytecode cache (a `.pyc` file) is built, the mtime of the
> corresponding Python source file (`.py`) is included in it for
> invalidation purposes. Since the `.pyc` file is created before RPM
> clamps the mtime of the `.py` file, the mtime stored in the `.pyc`
> file might be higher than the corresponding mtime of the `.py` file.
>
> With the previous example, if `skynet` is written in Python:
> # `skynet.py` is modified in `%prep` and hence has mtime set to the
> time of the build
> # `skynet.pyc` is generated in `%install` and the mtime of `skynet.py`
> is saved in it
> # RPM clamps the mtime of `skynet.py`
> # `skynet.pyc` is considered invalid by Python on runtime, as the
> stored and actual mtime of `skynet.py` don't match
>
> To solve this, we will modify Python to clamp the stored mtime to
> `$SOURCE_DATE_EPOCH` as well (when building RPM packages). Upstream
> Python chooses to invalidate bytecode cache based on hashes instead of
> mtimes when `$SOURCE_DATE_EPOCH` is set, but that could cause
> performance issues for big files, so Fedora's Python already deviates
> from upstream behavior when building RPM packages. To avoid
> accidentally breaking the behavior when
> `%clamp_mtime_to_source_date_epoch` is not set to `1`, RPM macros and
> buildroot policy scripts for creating the Python bytecode cache will
> be modified to unset `$SOURCE_DATE_EPOCH` when
> `%clamp_mtime_to_source_date_epoch` is not set to `1`.
>
> This behavior might be proposed upstream if it turns out to be
> superior to the current upstream choice, in case we
> [https://discuss.python.org/t/14594 won't redesign the bytecode-source
> relationship entirely] instead.
>
> === Opting out ===
>
> Packages broken by this new behavior can unset
> `%clamp_mtime_to_source_date_epoch` but packagers are encouraged to
> fix the problem instead.
>
> == Feedback ==
> Enabling this RPM feature was
> [https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/126
> proposed as a pull request] to {{package|redhat-rpm-config}} in April
> 2021. It received good feedback with the exception of the following:
>
> * it was said the change needs to be coordinated with the Python maintainers
> * it was said the change should be done via a change process for
> better coordination and exposure
>
> We believe that by proposing this via the change process and planning
> for the changes needed in Python, both issues are addressed.
>
> == Benefit to Fedora ==
> We believe that many RPM packages will become reproducible and others
> will be more reproducible than before. The benefits of reproducible
> builds are better explained at https://reproducible-builds.org/
>
> == Scope ==
> * Proposal owners:
> ** Propose a PR for {{package|redhat-rpm-config}} (set
> `%clamp_mtime_to_source_date_epoch` to `1`, possibly only when
> `%source_date_epoch_from_changelog` is set)
> ** Propose a PR for {{package|python-rpm-macros}} (unset
> `$SOURCE_DATE_EPOCH` while creating `.pyc` files iff
> `%clamp_mtime_to_source_date_epoch` is not `1`)
> ** Propose a PR for
> [https://src.fedoraproject.org/rpms/python3.11/blob/b2d80045f9/f/00328-pyc-timestamp-invalidation-mode.patch
> the Python's bytecode invalidation mode patch] for all Python versions
> that have it
> ** Backport (the new portion of) the patch to older Pythons
> ({{package|python2.7}}, {{package|python3.6}} and PyPys)
> ** Test everything together in Copr and deploy it if it works.
> ** Optional: Run some reproducibility tests before and after this
> change and produce some statistics.
>
> * Other developers:
> ** Test their packages with the new behavior, report problems, and
> opt-out if really needed.
> * Release engineering: N/A (not needed for this Change)
> * Policies and guidelines: N/A (not needed for this Change)
> * Trademark approval: N/A (not needed for this Change)
> * Alignment with Objectives: N/A (not needed for this Change)
>
>
> == Upgrade/compatibility impact ==
> Nothing anticipated.
>
> == How To Test ==
> The change owners plan to perform a mass rebuild in Copr to see if
> this breaks anything significantly.
> If it actually works as anticipated, they also plan to run some
> reproducibility tests and hopefully produce some statistics before and
> after this change.
>
> Other packages can test by building their packages and verifying they
> still work as expected and no packaged files have higher mtimes than
> the last `%changelog` entry.
>
> To verify if this change has landed, run: `rpm --eval
> '%clamp_mtime_to_source_date_epoch'` on Fedora 38. The result should
> be `1`.
>
> == User Experience ==
> Users of Fedora Linux on their machines should not be impacted at all.
> Users who build RPM packages atop Fedora will be impacted by this
> change the same way Fedora is.
>
> == Dependencies ==
>
> * RPM needs to support this (it already does)
> * RPM needs to set `$SOURCE_DATE_EPOCH` (it already does)
>
> == Contingency Plan ==
>
> * Contingency mechanism: The change owners or
> {{package|redhat-rpm-config}} maintainers or proven packagers will
> revert the change in {{package|redhat-rpm-config}}. That should be
> enough to undo anything as the changes in Python should be dependent
> on that. If not enough, revert everything.
> * Contingency deadline: Ideally, we should do this before the Mass
> Rebuild. Technically, we can land it any time before the Beta Freeze,
> but it would not change all the packages, which is a bit messy. *
> Blocks release? No <
>
> == Documentation ==
>
> This page is the documentation.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[USN-5782-2] Firefox regressions
==========================================================================
Ubuntu Security Notice USN-5782-2
January 05, 2023
firefox regressions
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-5782-1 caused some minor regressions in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-5782-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Firefox was using an out-of-date libusrsctp library.
An attacker could possibly use this library to perform a reentrancy issue
on Firefox. (CVE-2022-46871)
Nika Layzell discovered that Firefox was not performing a check on paste
received from cross-processes. An attacker could potentially exploit this
to obtain sensitive information. (CVE-2022-46872)
Pete Freitag discovered that Firefox did not implement the unsafe-hashes
CSP directive. An attacker who was able to inject markup into a page
otherwise protected by a Content Security Policy may have been able to
inject an executable script. (CVE-2022-46873)
Matthias Zoellner discovered that Firefox was not keeping the filename
ending intact when using the drag-and-drop event. An attacker could
possibly use this issue to add a file with a malicious extension, leading
to execute arbitrary code. (CVE-2022-46874)
Hafiizh discovered that Firefox was not handling fullscreen notifications
when the browser window goes into fullscreen mode. An attacker could
possibly use this issue to spoof the user and obtain sensitive information.
(CVE-2022-46877)
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-46878,
CVE-2022-46879)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
firefox 108.0.1+build1-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
firefox 108.0.1+build1-0ubuntu0.18.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-5782-2
https://ubuntu.com/security/notices/USN-5782-1
https://launchpad.net/bugs/2001921
Package Information:
https://launchpad.net/ubuntu/+source/firefox/108.0.1+build1-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/firefox/108.0.1+build1-0ubuntu0.18.04.1
Ubuntu Security Notice USN-5782-2
January 05, 2023
firefox regressions
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-5782-1 caused some minor regressions in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-5782-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Firefox was using an out-of-date libusrsctp library.
An attacker could possibly use this library to perform a reentrancy issue
on Firefox. (CVE-2022-46871)
Nika Layzell discovered that Firefox was not performing a check on paste
received from cross-processes. An attacker could potentially exploit this
to obtain sensitive information. (CVE-2022-46872)
Pete Freitag discovered that Firefox did not implement the unsafe-hashes
CSP directive. An attacker who was able to inject markup into a page
otherwise protected by a Content Security Policy may have been able to
inject an executable script. (CVE-2022-46873)
Matthias Zoellner discovered that Firefox was not keeping the filename
ending intact when using the drag-and-drop event. An attacker could
possibly use this issue to add a file with a malicious extension, leading
to execute arbitrary code. (CVE-2022-46874)
Hafiizh discovered that Firefox was not handling fullscreen notifications
when the browser window goes into fullscreen mode. An attacker could
possibly use this issue to spoof the user and obtain sensitive information.
(CVE-2022-46877)
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-46878,
CVE-2022-46879)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
firefox 108.0.1+build1-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
firefox 108.0.1+build1-0ubuntu0.18.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-5782-2
https://ubuntu.com/security/notices/USN-5782-1
https://launchpad.net/bugs/2001921
Package Information:
https://launchpad.net/ubuntu/+source/firefox/108.0.1+build1-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/firefox/108.0.1+build1-0ubuntu0.18.04.1
[USN-5787-1] Libksba vulnerability
==========================================================================
Ubuntu Security Notice USN-5787-1
January 05, 2023
libksba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Libksba could be made to crash or run programs if it processed specially
crafted data.
Software Description:
- libksba: X.509 and CMS support library
Details:
It was discovered that Libksba incorrectly handled parsing CRL signatures.
A remote attacker could use this issue to cause Libksba to crash, resulting
in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libksba8 1.6.0-3ubuntu1.1
Ubuntu 22.04 LTS:
libksba8 1.6.0-2ubuntu0.2
Ubuntu 20.04 LTS:
libksba8 1.3.5-2ubuntu0.20.04.2
Ubuntu 18.04 LTS:
libksba8 1.3.5-2ubuntu0.18.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5787-1
CVE-2022-47629
Package Information:
https://launchpad.net/ubuntu/+source/libksba/1.6.0-3ubuntu1.1
https://launchpad.net/ubuntu/+source/libksba/1.6.0-2ubuntu0.2
https://launchpad.net/ubuntu/+source/libksba/1.3.5-2ubuntu0.20.04.2
https://launchpad.net/ubuntu/+source/libksba/1.3.5-2ubuntu0.18.04.2
Ubuntu Security Notice USN-5787-1
January 05, 2023
libksba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Libksba could be made to crash or run programs if it processed specially
crafted data.
Software Description:
- libksba: X.509 and CMS support library
Details:
It was discovered that Libksba incorrectly handled parsing CRL signatures.
A remote attacker could use this issue to cause Libksba to crash, resulting
in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libksba8 1.6.0-3ubuntu1.1
Ubuntu 22.04 LTS:
libksba8 1.6.0-2ubuntu0.2
Ubuntu 20.04 LTS:
libksba8 1.3.5-2ubuntu0.20.04.2
Ubuntu 18.04 LTS:
libksba8 1.3.5-2ubuntu0.18.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5787-1
CVE-2022-47629
Package Information:
https://launchpad.net/ubuntu/+source/libksba/1.6.0-3ubuntu1.1
https://launchpad.net/ubuntu/+source/libksba/1.6.0-2ubuntu0.2
https://launchpad.net/ubuntu/+source/libksba/1.3.5-2ubuntu0.20.04.2
https://launchpad.net/ubuntu/+source/libksba/1.3.5-2ubuntu0.18.04.2
[USN-5786-1] GNOME Files vulnerability
==========================================================================
Ubuntu Security Notice USN-5786-1
January 05, 2023
nautilus vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
GNOME Files could be made to crash if it opened a specially crafted file.
Software Description:
- nautilus: file manager and graphical shell for GNOME
Details:
It was discovered that GNOME Files incorrectly handled certain filenames.
An attacker could possibly use this issue to cause GNOME Files to crash,
leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
nautilus 1:43.0-1ubuntu2.1
Ubuntu 22.04 LTS:
nautilus 1:42.2-0ubuntu2.1
Ubuntu 20.04 LTS:
nautilus 1:3.36.3-0ubuntu1.20.04.2
Ubuntu 18.04 LTS:
nautilus 1:3.26.4-0~ubuntu18.04.6
After a standard system update you need to restart your session to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5786-1
CVE-2022-37290
Package Information:
https://launchpad.net/ubuntu/+source/nautilus/1:43.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/nautilus/1:42.2-0ubuntu2.1
https://launchpad.net/ubuntu/+source/nautilus/1:3.36.3-0ubuntu1.20.04.2
https://launchpad.net/ubuntu/+source/nautilus/1:3.26.4-0~ubuntu18.04.6
Ubuntu Security Notice USN-5786-1
January 05, 2023
nautilus vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
GNOME Files could be made to crash if it opened a specially crafted file.
Software Description:
- nautilus: file manager and graphical shell for GNOME
Details:
It was discovered that GNOME Files incorrectly handled certain filenames.
An attacker could possibly use this issue to cause GNOME Files to crash,
leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
nautilus 1:43.0-1ubuntu2.1
Ubuntu 22.04 LTS:
nautilus 1:42.2-0ubuntu2.1
Ubuntu 20.04 LTS:
nautilus 1:3.36.3-0ubuntu1.20.04.2
Ubuntu 18.04 LTS:
nautilus 1:3.26.4-0~ubuntu18.04.6
After a standard system update you need to restart your session to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5786-1
CVE-2022-37290
Package Information:
https://launchpad.net/ubuntu/+source/nautilus/1:43.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/nautilus/1:42.2-0ubuntu2.1
https://launchpad.net/ubuntu/+source/nautilus/1:3.36.3-0ubuntu1.20.04.2
https://launchpad.net/ubuntu/+source/nautilus/1:3.26.4-0~ubuntu18.04.6
Wednesday, January 4, 2023
[USN-5785-1] FreeRADIUS vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5785-1
January 04, 2023
freeradius vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in FreeRADIUS.
Software Description:
- freeradius: high-performance and highly configurable RADIUS server
Details:
It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd
handshakes. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17185)
Shane Guan discovered that FreeRADIUS incorrectly handled memory when
checking unknown SIM option sent by EAP-SIM supplicant. An attacker could
possibly use this issue to cause a denial of service on the server. This
issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04
LTS. (CVE-2022-41860)
It was discovered that FreeRADIUS incorrectly handled memory when
processing certain abinary attributes. An attacker could possibly use this
issue to cause a denial of service on the server. (CVE-2022-41861)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
freeradius 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1
Ubuntu 20.04 LTS:
freeradius 3.0.20+dfsg-3ubuntu0.2
Ubuntu 18.04 LTS:
freeradius 3.0.16+dfsg-1ubuntu3.2
Ubuntu 16.04 ESM:
freeradius 2.2.8+dfsg-0.1ubuntu0.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5785-1
CVE-2019-17185, CVE-2022-41860, CVE-2022-41861
Package Information:
https://launchpad.net/ubuntu/+source/freeradius/3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1
https://launchpad.net/ubuntu/+source/freeradius/3.0.20+dfsg-3ubuntu0.2
https://launchpad.net/ubuntu/+source/freeradius/3.0.16+dfsg-1ubuntu3.2
Ubuntu Security Notice USN-5785-1
January 04, 2023
freeradius vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in FreeRADIUS.
Software Description:
- freeradius: high-performance and highly configurable RADIUS server
Details:
It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd
handshakes. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17185)
Shane Guan discovered that FreeRADIUS incorrectly handled memory when
checking unknown SIM option sent by EAP-SIM supplicant. An attacker could
possibly use this issue to cause a denial of service on the server. This
issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04
LTS. (CVE-2022-41860)
It was discovered that FreeRADIUS incorrectly handled memory when
processing certain abinary attributes. An attacker could possibly use this
issue to cause a denial of service on the server. (CVE-2022-41861)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
freeradius 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1
Ubuntu 20.04 LTS:
freeradius 3.0.20+dfsg-3ubuntu0.2
Ubuntu 18.04 LTS:
freeradius 3.0.16+dfsg-1ubuntu3.2
Ubuntu 16.04 ESM:
freeradius 2.2.8+dfsg-0.1ubuntu0.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5785-1
CVE-2019-17185, CVE-2022-41860, CVE-2022-41861
Package Information:
https://launchpad.net/ubuntu/+source/freeradius/3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1
https://launchpad.net/ubuntu/+source/freeradius/3.0.20+dfsg-3ubuntu0.2
https://launchpad.net/ubuntu/+source/freeradius/3.0.16+dfsg-1ubuntu3.2
Tuesday, January 3, 2023
[USN-5784-1] usbredir vulnerability
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGM0XCwBEAC/1sgU6QaxKU49T3i2BdLteX5GqAJfpwzSr2RBvr6L8W//AoUn
gP8z1eiDwutJ62pTf473COZoDXTgdi7R0zT0QCbCZoHo4hVR2VHnfmxOR94XCVSE
1rvO3HF5NVLGVJl2V465y2sz2L2IWTYu1xvY/4FPhtWXLwHJmojmDbuRHF2AmX8A
6ECxYuZAcadLOuQO8mQV95YgVoWmoAjJKb1audHcLA4MRglds7jr9GgYkYWQ38Gk
AM9R6DNEbRowxMBCwkj3jVz8r0kO1WOPWP0in1VvGMrlcSIgjaxW/re427CSB2LA
9QwFc+EmOE5PoNWCoAuPa+vhoo7xqTY2Qr2Wvu86PlpWS596RWFzmz5UVan5yhaB
qEoEsZc7ZQbS4Qwc7x4teKhk8xQjx6lRsO6g1b4Wlm6S0PcELo1J5zwC+16MSZff
eK3zuAdijyNwL2xl8XwShTUxFo/mpyB+W+zDUU8OBudsYwKYSWUbMZzferYlndcv
3atN6ZteWmuPtxHIGkkc5yChs1dsQ1ke1e9sUQA0UCdMVL4awA/LGSlo9ymTvL3Z
Qwh05ujgDs09p7AkUFLLDhgS437yxzT46RqYcurDMn27kwTcfd4s2FJZVV90+Dgr
z4o6lAjObZXVTsE+E2eLIxlXpfH2g3Nr/1Ipe9VZ5FetTgu32Bd3iRUQ2wARAQAB
zUBEYXZpZCBGZXJuYW5kZXogR29uemFsZXogPGRhdmlkLmZlcm5hbmRlemdvbnph
bGV6QGNhbm9uaWNhbC5jb20+wsGUBBMBCgA+FiEEZj5eir1e7OtcLCXYhqc8z4VO
y5oFAmM0XCwCGwMFCQHhM4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQhqc8
z4VOy5oojA/+MNrpuhfKM5Gm5h9cKMDUysMFfULChDjzQZdkM6Gh9xBFYyidoOq2
jOAs0xEk9vb6WfB+enfxFF1jmSXPISBvdHzoI4NpAoF+tf+e2tuC6TA+hLH/VqK8
yGy9SzChihpBLze6/S3dct6ayPew2lGC+r6gUMs8XiZyTMACoZR4ywt3BolWDGpp
6za7ylFUcJOTecqVRLVDKu5+8JrXSeG/jv1QqYR1ltHdAQVxkvctOVJciOcyIz45
XJkrjFJB/kMNE6sOq2z7lMKIauFZCTaLUVrq0brY4IHtXvsa/2vN6h9bWPFor3KU
hVIDhuEdjS4g3ge57+sCYrPGOHXRk+mJrqSd9T1bgLxXOP65kRUhecIRxfTovMTm
iifFcAY2Q/iEAn0SMCycmi9SZngaUd+IxYXk0tCfH2Y0q12vMuuuox94+A0t05Vr
0Vej0NiBebB01a90tcJBbIVV09NrOYXDhyDvUCsuineao+CNXKoM3SaNFjOiwZgz
yR1t2LcBlGVAQq/gySTE8X4WVIwVknUxcIUcOSzGDMEtd4X0qFv6A0oib/VEzuOz
JVE4WqiRCXKRws5j3KMHrNi4Inac/Ew0ph60NctY50xGxQqrHhxIZG9FKb1hM+Ov
cX2dy1HrLJwHf4le+Y4Yeobts8alQvJKd9IaVYZcKSt/M0JolPIPKdTOwU0EYzRc
LAEQANVn81wr2CkEdUQ0l8A5gN3NOft4P6TBQBvxK+9QW9n1l/JT7Pfa1lvE62xx
s+LIceFExzcq1Dfd9qnNBc39qY2XwIwNx7Gz67libTikfYhBO1gtfZ/i8GJuDjLH
xOAEBnDVogkE+lnBxfZ0adfldzJ3wKMQUU7LP6+dAmF91hyJO1HOQ5eOntWhbzqW
R69kRqlN7Wwd++7TbgqgiPtw6Vreu1BLlovkcImA6TZyJeD5SBN0eApBjWNZ5QCj
wd0hTeCUWCu2USBApZQn76ORTIpZ4j573DVvQZq88WsN875Yu2U2pHBQtEYFT8WG
Lrk5aNqDeQGw4jxGVvXwJjPOviGhhrzditvUD2L23fh7cTWSQJ6BZHoymLYQk3YZ
C19ewaoNsVt1a5WxomZdPspkJLaMyiXVT0tqtcyFDb6ekEZQsziU1egsXbnjXG+l
fsJmfv16k0C57EyeQLA66S7WFmjJ8dBmCx2J2WWW7etTbyU356AvZeLAiwMoGY4z
ZREemM6s2hdI6eKbartF3u+aQN8k72X8hfgAM3dl0nvfhx22CaqsR0rDk3A0tYS2
QOLnkzXpulEhidStLVLkRJw59eK4vu2CYZ37923vCvTlBctYHiRudTXQUaRQYiA+
jLdWiGiYWm6wN9TybY9GO7RY06Su1aQ2BMN8w3Why3rsRJK1ABEBAAHCwXwEGAEK
ACYWIQRmPl6KvV7s61wsJdiGpzzPhU7LmgUCYzRcLAIbDAUJAeEzgAAKCRCGpzzP
hU7Lmq0WD/46MGGZbPLp7XFh+rlotr1GBLZ0jwudoT8kkKHRpoMKRt4OZuOBjio7
3bXh74bscu1vmS1b35QvfIfiVrNOmQ8g9794598gpS7izrC/eJfenei93dqnwAMU
hEB16dEIbIevZUT3uYHNd6LgCVLdGLeauhAUZrfZ/NLvChw8+8I1Hn3Fhe5ablV7
ZfiOY/h/fC5MChBGH1izOFBkLEEeeAuaOTJKn4EYZFMitD69YGM621vCtC4jkI2g
bar8O0U9t3gyAS0WbtDz4UoMhdXOY4LIUH5KvvUby1lJq+LdS39HGvgtI+Exme0P
XajNpZBA/axARaUGyulxoz5+Y9InR0b4cIIMXWONVQ1pRglFEw6JrBvLcwS3SCfq
LW/p1ADFcLMcYMFQmJh7IYCD14gPreDELq+gmo57qDmHzaCQbh0XZB84qhIfS/cb
BFqT+0ccCLiTzAbyJeFAEu10KzLVBdUy/dysfHFevTrurObyK99MD1+6RIvNShds
gEMF3sanW3yugha6XoSd855nwiJBOJD8zff201m0IH/Dxzu/EC7zfG/SqoywZnGR
+N4bNLderqMXCgcyTcaLopQgExFMQoUmlRSHUGgPx5uXRkoTqY1V24c33lHp6G9G
GVCAGQawnWBNaJmlqoUcbIueao+hlICYiwhG/ZIP9jUceNt1LyJi9A==
=RGXl
-----END PGP PUBLIC KEY BLOCK-----
==========================================================================
Ubuntu Security Notice USN-5784-1
January 03, 2023
usbredir vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
usbredir could be made to crash or run programs if it received
specially crafted input.
Software Description:
- usbredir: usbredir libraries and utilities
Details:
It was discovered that usbredir incorrectly handled memory when
serializing large amounts of data in the case of a slow or blocked
destination. An attacker could possibly use this issue to cause
applications using usbredir to crash, resulting in a denial of
service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libusbredirhost1 0.8.0-1ubuntu0.1
libusbredirparser1 0.8.0-1ubuntu0.1
usbredirserver 0.8.0-1ubuntu0.1
Ubuntu 18.04 LTS:
libusbredirhost1 0.7.1-1ubuntu0.18.04.1
libusbredirparser1 0.7.1-1ubuntu0.18.04.1
usbredirserver 0.7.1-1ubuntu0.18.04.1
Ubuntu 16.04 ESM:
libusbredirhost1 0.7.1-1ubuntu0.16.04.1~esm1
libusbredirparser1 0.7.1-1ubuntu0.16.04.1~esm1
usbredirserver 0.7.1-1ubuntu0.16.04.1~esm1
Ubuntu 14.04 ESM:
libusbredirhost1 0.6-2ubuntu1.1+esm1
libusbredirparser1 0.6-2ubuntu1.1+esm1
usbredirserver 0.6-2ubuntu1.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5784-1
CVE-2021-3700
Package Information:
https://launchpad.net/ubuntu/+source/usbredir/0.8.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/usbredir/0.7.1-1ubuntu0.18.04.1
xsFNBGM0XCwBEAC/1sgU6QaxKU49T3i2BdLteX5GqAJfpwzSr2RBvr6L8W//AoUn
gP8z1eiDwutJ62pTf473COZoDXTgdi7R0zT0QCbCZoHo4hVR2VHnfmxOR94XCVSE
1rvO3HF5NVLGVJl2V465y2sz2L2IWTYu1xvY/4FPhtWXLwHJmojmDbuRHF2AmX8A
6ECxYuZAcadLOuQO8mQV95YgVoWmoAjJKb1audHcLA4MRglds7jr9GgYkYWQ38Gk
AM9R6DNEbRowxMBCwkj3jVz8r0kO1WOPWP0in1VvGMrlcSIgjaxW/re427CSB2LA
9QwFc+EmOE5PoNWCoAuPa+vhoo7xqTY2Qr2Wvu86PlpWS596RWFzmz5UVan5yhaB
qEoEsZc7ZQbS4Qwc7x4teKhk8xQjx6lRsO6g1b4Wlm6S0PcELo1J5zwC+16MSZff
eK3zuAdijyNwL2xl8XwShTUxFo/mpyB+W+zDUU8OBudsYwKYSWUbMZzferYlndcv
3atN6ZteWmuPtxHIGkkc5yChs1dsQ1ke1e9sUQA0UCdMVL4awA/LGSlo9ymTvL3Z
Qwh05ujgDs09p7AkUFLLDhgS437yxzT46RqYcurDMn27kwTcfd4s2FJZVV90+Dgr
z4o6lAjObZXVTsE+E2eLIxlXpfH2g3Nr/1Ipe9VZ5FetTgu32Bd3iRUQ2wARAQAB
zUBEYXZpZCBGZXJuYW5kZXogR29uemFsZXogPGRhdmlkLmZlcm5hbmRlemdvbnph
bGV6QGNhbm9uaWNhbC5jb20+wsGUBBMBCgA+FiEEZj5eir1e7OtcLCXYhqc8z4VO
y5oFAmM0XCwCGwMFCQHhM4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQhqc8
z4VOy5oojA/+MNrpuhfKM5Gm5h9cKMDUysMFfULChDjzQZdkM6Gh9xBFYyidoOq2
jOAs0xEk9vb6WfB+enfxFF1jmSXPISBvdHzoI4NpAoF+tf+e2tuC6TA+hLH/VqK8
yGy9SzChihpBLze6/S3dct6ayPew2lGC+r6gUMs8XiZyTMACoZR4ywt3BolWDGpp
6za7ylFUcJOTecqVRLVDKu5+8JrXSeG/jv1QqYR1ltHdAQVxkvctOVJciOcyIz45
XJkrjFJB/kMNE6sOq2z7lMKIauFZCTaLUVrq0brY4IHtXvsa/2vN6h9bWPFor3KU
hVIDhuEdjS4g3ge57+sCYrPGOHXRk+mJrqSd9T1bgLxXOP65kRUhecIRxfTovMTm
iifFcAY2Q/iEAn0SMCycmi9SZngaUd+IxYXk0tCfH2Y0q12vMuuuox94+A0t05Vr
0Vej0NiBebB01a90tcJBbIVV09NrOYXDhyDvUCsuineao+CNXKoM3SaNFjOiwZgz
yR1t2LcBlGVAQq/gySTE8X4WVIwVknUxcIUcOSzGDMEtd4X0qFv6A0oib/VEzuOz
JVE4WqiRCXKRws5j3KMHrNi4Inac/Ew0ph60NctY50xGxQqrHhxIZG9FKb1hM+Ov
cX2dy1HrLJwHf4le+Y4Yeobts8alQvJKd9IaVYZcKSt/M0JolPIPKdTOwU0EYzRc
LAEQANVn81wr2CkEdUQ0l8A5gN3NOft4P6TBQBvxK+9QW9n1l/JT7Pfa1lvE62xx
s+LIceFExzcq1Dfd9qnNBc39qY2XwIwNx7Gz67libTikfYhBO1gtfZ/i8GJuDjLH
xOAEBnDVogkE+lnBxfZ0adfldzJ3wKMQUU7LP6+dAmF91hyJO1HOQ5eOntWhbzqW
R69kRqlN7Wwd++7TbgqgiPtw6Vreu1BLlovkcImA6TZyJeD5SBN0eApBjWNZ5QCj
wd0hTeCUWCu2USBApZQn76ORTIpZ4j573DVvQZq88WsN875Yu2U2pHBQtEYFT8WG
Lrk5aNqDeQGw4jxGVvXwJjPOviGhhrzditvUD2L23fh7cTWSQJ6BZHoymLYQk3YZ
C19ewaoNsVt1a5WxomZdPspkJLaMyiXVT0tqtcyFDb6ekEZQsziU1egsXbnjXG+l
fsJmfv16k0C57EyeQLA66S7WFmjJ8dBmCx2J2WWW7etTbyU356AvZeLAiwMoGY4z
ZREemM6s2hdI6eKbartF3u+aQN8k72X8hfgAM3dl0nvfhx22CaqsR0rDk3A0tYS2
QOLnkzXpulEhidStLVLkRJw59eK4vu2CYZ37923vCvTlBctYHiRudTXQUaRQYiA+
jLdWiGiYWm6wN9TybY9GO7RY06Su1aQ2BMN8w3Why3rsRJK1ABEBAAHCwXwEGAEK
ACYWIQRmPl6KvV7s61wsJdiGpzzPhU7LmgUCYzRcLAIbDAUJAeEzgAAKCRCGpzzP
hU7Lmq0WD/46MGGZbPLp7XFh+rlotr1GBLZ0jwudoT8kkKHRpoMKRt4OZuOBjio7
3bXh74bscu1vmS1b35QvfIfiVrNOmQ8g9794598gpS7izrC/eJfenei93dqnwAMU
hEB16dEIbIevZUT3uYHNd6LgCVLdGLeauhAUZrfZ/NLvChw8+8I1Hn3Fhe5ablV7
ZfiOY/h/fC5MChBGH1izOFBkLEEeeAuaOTJKn4EYZFMitD69YGM621vCtC4jkI2g
bar8O0U9t3gyAS0WbtDz4UoMhdXOY4LIUH5KvvUby1lJq+LdS39HGvgtI+Exme0P
XajNpZBA/axARaUGyulxoz5+Y9InR0b4cIIMXWONVQ1pRglFEw6JrBvLcwS3SCfq
LW/p1ADFcLMcYMFQmJh7IYCD14gPreDELq+gmo57qDmHzaCQbh0XZB84qhIfS/cb
BFqT+0ccCLiTzAbyJeFAEu10KzLVBdUy/dysfHFevTrurObyK99MD1+6RIvNShds
gEMF3sanW3yugha6XoSd855nwiJBOJD8zff201m0IH/Dxzu/EC7zfG/SqoywZnGR
+N4bNLderqMXCgcyTcaLopQgExFMQoUmlRSHUGgPx5uXRkoTqY1V24c33lHp6G9G
GVCAGQawnWBNaJmlqoUcbIueao+hlICYiwhG/ZIP9jUceNt1LyJi9A==
=RGXl
-----END PGP PUBLIC KEY BLOCK-----
==========================================================================
Ubuntu Security Notice USN-5784-1
January 03, 2023
usbredir vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
usbredir could be made to crash or run programs if it received
specially crafted input.
Software Description:
- usbredir: usbredir libraries and utilities
Details:
It was discovered that usbredir incorrectly handled memory when
serializing large amounts of data in the case of a slow or blocked
destination. An attacker could possibly use this issue to cause
applications using usbredir to crash, resulting in a denial of
service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libusbredirhost1 0.8.0-1ubuntu0.1
libusbredirparser1 0.8.0-1ubuntu0.1
usbredirserver 0.8.0-1ubuntu0.1
Ubuntu 18.04 LTS:
libusbredirhost1 0.7.1-1ubuntu0.18.04.1
libusbredirparser1 0.7.1-1ubuntu0.18.04.1
usbredirserver 0.7.1-1ubuntu0.18.04.1
Ubuntu 16.04 ESM:
libusbredirhost1 0.7.1-1ubuntu0.16.04.1~esm1
libusbredirparser1 0.7.1-1ubuntu0.16.04.1~esm1
usbredirserver 0.7.1-1ubuntu0.16.04.1~esm1
Ubuntu 14.04 ESM:
libusbredirhost1 0.6-2ubuntu1.1+esm1
libusbredirparser1 0.6-2ubuntu1.1+esm1
usbredirserver 0.6-2ubuntu1.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5784-1
CVE-2021-3700
Package Information:
https://launchpad.net/ubuntu/+source/usbredir/0.8.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/usbredir/0.7.1-1ubuntu0.18.04.1
Monday, January 2, 2023
Orphaned packages looking for new maintainers
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will fail to install and/or build when the affected package gets retired.
Request package ownership via the *Take* button in he left column on
https://src.fedoraproject.org/rpms/<pkgname>
Full report available at:
https://churchyard.fedorapeople.org/orphans-2023-01-02.txt
grep it for your FAS username and follow the dependency chain.
For human readable dependency chains,
see https://packager-dashboard.fedoraproject.org/
For all orphaned packages,
see https://packager-dashboard.fedoraproject.org/orphan
Package (co)maintainers Status Change
================================================================================
5minute orphan 4 weeks ago
CFR jvanek, orphan 4 weeks ago
CheMPS2 orphan 4 weeks ago
PolicyKit-olpc orphan 5 weeks ago
aboot orphan 4 weeks ago
albatross orphan 5 weeks ago
alleyoop orphan 5 weeks ago
alure orphan 4 weeks ago
amor jgrulich, kde-sig, orphan, 5 weeks ago
rdieter, than
anki chkr, orphan 4 weeks ago
ansible-collection-google-cloud infra-sig, orphan 3 weeks ago
asn1c orphan 4 weeks ago
backup-manager orphan 5 weeks ago
bharati-m17n orphan 4 weeks ago
bibtex2html orphan, thofmann 4 weeks ago
bluecurve-classic-metacity- gnome-sig, orphan, rstrode 4 weeks ago
theme
bluecurve-gnome-theme gnome-sig, orphan, rstrode 4 weeks ago
bluecurve-gtk-themes gnome-sig, orphan, rstrode 4 weeks ago
bluecurve-icon-theme gnome-sig, orphan, rstrode 4 weeks ago
bluecurve-kde-theme gnome-sig, kkofler, orphan, 4 weeks ago
rdieter, rstrode, than
bluecurve-metacity-theme gnome-sig, orphan, rstrode 4 weeks ago
bluecurve-xmms-skin gnome-sig, orphan, rstrode 4 weeks ago
cairo-clock orphan 4 weeks ago
code-editor orphan 5 weeks ago
compton orphan 5 weeks ago
cups-bjnp orphan 5 weeks ago
devilspie2 orphan 2 weeks ago
dmz-cursor-themes company, orphan 5 weeks ago
ejabberd bowlofeggs, jcline, orphan, 4 weeks ago
xavierb
erlang-epgsql lkundrak, orphan 5 weeks ago
fwsnort orphan 5 weeks ago
gdeploy godas, orphan 4 weeks ago
ghasher orphan 4 weeks ago
gl-117 orphan, steve 4 weeks ago
glusterfs-selinux kkeithle, orphan, shwetha 4 weeks ago
gnome-activity-journal orphan 5 weeks ago
gnome-nds-thumbnailer orphan 5 weeks ago
gnome-search-tool gnome-sig, orphan 4 weeks ago
gnome-shell-theme-selene orphan 5 weeks ago
gnonlin orphan 4 weeks ago
golang-github-gocomply-scap go-sig, orphan 5 weeks ago
golang-github-justinas-alice go-sig, orphan 4 weeks ago
golang-github-lpabon-godbc go-sig, orphan 5 weeks ago
golang-github-pkg-browser go-sig, orphan 4 weeks ago
golang-github-spaolacci-murmur3 go-sig, orphan 4 weeks ago
golang-github-sqshq-sampler atim, go-sig, orphan 3 weeks ago
golie go-sig, orphan 5 weeks ago
grads orphan 5 weeks ago
gsm-ussd orphan 5 weeks ago
heisenbug-kde-theme jreznik, orphan 5 weeks ago
highcontrast-qt jgrulich, orphan 5 weeks ago
holland orphan, survient 5 weeks ago
jama orphan 4 weeks ago
jargs ellert, orphan 4 weeks ago
java-mersenne-twister orphan 5 weeks ago
javadocofflinesearch orphan 6 weeks ago
jcodings orphan 5 weeks ago
jffi orphan 5 weeks ago
jgrapht gil, orphan 5 weeks ago
jnr-constants orphan 5 weeks ago
jnr-ffi orphan 5 weeks ago
jnr-netdb orphan 5 weeks ago
jnr-posix orphan 5 weeks ago
jnr-x86asm orphan 5 weeks ago
js-web-socket-js orphan 5 weeks ago
kcm-fcitx cheeselee, orphan, yanqiyu 5 weeks ago
kfaenza-icon-theme orphan 5 weeks ago
kfilefactory orphan 5 weeks ago
kompose dustymabe, go-sig, orphan 5 weeks ago
libannodex orphan 4 weeks ago
libbsr orphan 4 weeks ago
libcmml orphan 4 weeks ago
libfap orphan 5 weeks ago
libmacaroons ellert, orphan 4 weeks ago
libnatspec orphan 5 weeks ago
libstroke orphan 4 weeks ago
libusbauth-configparser orphan 5 weeks ago
libverto-jsonrpc orphan 4 weeks ago
lttv greenscientist, orphan 4 weeks ago
lua-fun orphan 4 weeks ago
mediawiki-backtick-code orphan 5 weeks ago
mediawiki-semantic orphan 4 weeks ago
mediawiki-validator orphan 4 weeks ago
mesos orphan 5 weeks ago
mingw-cxxtest orphan 5 weeks ago
mingw-sigar orphan 5 weeks ago
moarvm orphan 5 weeks ago
mod_annodex orphan 4 weeks ago
monosim orphan 5 weeks ago
msgpuck orphan 4 weeks ago
mupen64plus dreua, orphan 4 weeks ago
myman orphan 5 weeks ago
nailgun orphan 5 weeks ago
nodejs-supervisor orphan 4 weeks ago
nqp orphan 5 weeks ago
ogmtools orphan 5 weeks ago
pakiti andreamanzi, orphan 5 weeks ago
perl-Gnome2-Wnck orphan 5 weeks ago
perl-Goo-Canvas orphan 5 weeks ago
perl-Gtk2-Unique orphan 5 weeks ago
perl-MARC-Charset orphan 5 weeks ago
perl-MARC-XML orphan 5 weeks ago
perl-Parse-EDID epel-packagers-sig, jcpunk, 5 weeks ago
orphan
perl-TAP-Harness-Multiple orphan 5 weeks ago
php-pdepend-PHP-Depend cdamian, orphan, remi 5 weeks ago
php-phpmd-PHP-PMD cdamian, orphan, remi 5 weeks ago
php-phpunit-bytekit cdamian, orphan, remi 5 weeks ago
php-phpunit-phpcpd cdamian, orphan, remi 5 weeks ago
php-phpunit-phploc cdamian, orphan, remi 5 weeks ago
php-zipstream orphan 5 weeks ago
plug orphan 5 weeks ago
pydf cstratak, orphan 5 weeks ago
pynag orphan 4 weeks ago
python-Pyped orphan 4 weeks ago
python-bintrees orphan 4 weeks ago
python-colour-runner orphan 4 weeks ago
python-cssmin orphan, qa-tools-sig 4 weeks ago
python-dockerpty lsm5, orphan, ttomecek 5 weeks ago
python-flask-restful kparal, orphan, qa-tools-sig, 5 weeks ago
ralph
python-formats orphan 4 weeks ago
python-frozen-flask echevemaster, orphan 5 weeks ago
python-gnocchiclient mrunge, openstack-sig, orphan 4 weeks ago
python-gzipstream orphan 2 weeks ago
python-importmagic orphan 5 weeks ago
python-jsonmodels orphan 4 weeks ago
python-lightblue orphan 5 weeks ago
python-okaara orphan 5 weeks ago
python-pmw orphan 4 weeks ago
python-posix_ipc orphan 4 weeks ago
python-pydispatcher orphan 4 weeks ago
python-pynlpl orphan 4 weeks ago
python-pytest-beakerlib orphan 4 weeks ago
python-pytest-sanic orphan 4 weeks ago
python-restsh orphan 5 weeks ago
python-signalfd orphan 4 weeks ago
python-simpy orphan 4 weeks ago
python-spdx orphan 5 weeks ago
python-spdx-lookup orphan 5 weeks ago
python-tortilla orphan 4 weeks ago
python-upt-cpan orphan 5 weeks ago
python-upt-fedora orphan 5 weeks ago
python-upt-pypi orphan 5 weeks ago
python-upt-rubygems orphan 5 weeks ago
python-versiontools mrunge, orphan 5 weeks ago
python-websockify apevec, epel-packagers-sig, 4 weeks ago
lon, ndipanov, orphan
python-xtermcolor orphan 5 weeks ago
python-zabbix-api-erigones orphan 4 weeks ago
q orphan 5 weeks ago
qconf orphan 5 weeks ago
qxmpp orphan 5 weeks ago
rakudo orphan, ppisar, steve 5 weeks ago
rakudo-MIME-Base64 orphan 5 weeks ago
rakudo-Readline orphan 5 weeks ago
rakudo-URI orphan 5 weeks ago
rakudo-XML orphan 5 weeks ago
rakudo-zef orphan 5 weeks ago
rdfind orphan 5 weeks ago
refmac-dictionary orphan 4 weeks ago
resultsdb orphan, qa-tools-sig 4 weeks ago
resultsdb_frontend orphan, qa-tools-sig 4 weeks ago
rhythmbox-alternative-toolbar orphan 4 weeks ago
rshim orphan 5 weeks ago
ruby-ncurses orphan 4 weeks ago
rubygem-ZenTest orphan, tdawson 4 weeks ago
rubygem-abstract orphan 4 weeks ago
rubygem-activeresource orphan 4 weeks ago
rubygem-archive-tar-minitar orphan, tdawson 4 weeks ago
rubygem-cinch orphan 5 weeks ago
rubygem- orphan 5 weeks ago
declarative_authorization
rubygem-foreigner orphan 5 weeks ago
rubygem-lockfile orphan 4 weeks ago
rubygem-memcache-client orphan, tdawson 4 weeks ago
rubygem-more_core_extensions orphan 4 weeks ago
rubygem-openscap orphan 5 weeks ago
rubygem-plist orphan 5 weeks ago
rubygem-rubeyond orphan 5 weeks ago
rubygem-scruffy orphan 4 weeks ago
rubygem-session orphan 5 weeks ago
rubygem-sexp_processor orphan 4 weeks ago
rubygem-state_machine orphan 5 weeks ago
rubygem-syntax orphan, stahnma 4 weeks ago
rubygem-uuidtools orphan 4 weeks ago
rust-dbus-tokio orphan, rust-sig 5 weeks ago
rust-faccess orphan, rust-sig 2 weeks ago
rust-fbthrift_codegen_includer_ orphan, rust-sig 4 weeks ago
proc_macro
rust-fdlimit orphan, rust-sig 4 weeks ago
rust-iptables orphan, rust-sig 2 weeks ago
rust-lipsum orphan, rust-sig 4 weeks ago
rust-loggerv orphan, rust-sig 4 weeks ago
rust-lzw orphan, rust-sig 4 weeks ago
rust-macro-attr orphan, rust-sig 4 weeks ago
rust-mdl orphan, rust-sig 4 weeks ago
rust-mktemp orphan, rust-sig 4 weeks ago
rust-mnt orphan, rust-sig 4 weeks ago
rust-newtype_derive orphan, rust-sig 4 weeks ago
rust-oauth2 jbtrystram, orphan, rust-sig 3 weeks ago
rust-odds orphan, rust-sig 4 weeks ago
rust-osstrtools orphan, rust-sig 4 weeks ago
rust-parse_cfg orphan, rust-sig 4 weeks ago
rust-permutate orphan, rust-sig 4 weeks ago
rust-piper orphan, rust-sig 4 weeks ago
rust-proc-quote-impl orphan, rust-sig 4 weeks ago
rust-process_path orphan, rust-sig 4 weeks ago
rust-protoc-rust orphan, rust-sig 4 weeks ago
rust-quickersort orphan, rust-sig 4 weeks ago
rust-relay orphan, rust-sig 4 weeks ago
rust-rustdoc-stripper orphan, rust-sig 4 weeks ago
rust-rustfilt orphan, rust-sig 4 weeks ago
rust-safe-transmute orphan, rust-sig 4 weeks ago
rust-scoped-tls-hkt orphan, rust-sig 4 weeks ago
rust-serde-pickle orphan, rust-sig 4 weeks ago
rust-simple-error orphan, rust-sig 2 weeks ago
rust-sluice orphan, rust-sig 4 weeks ago
rust-spinning_top orphan, rust-sig 4 weeks ago
rust-spmc orphan, rust-sig 4 weeks ago
rust-string_cache_shared orphan, rust-sig 4 weeks ago
rust-strings orphan, rust-sig 4 weeks ago
rust-sudo_plugin orphan, rust-sig 4 weeks ago
rust-sxd-document orphan, rust-sig 4 weeks ago
rust-synom orphan, rust-sig 4 weeks ago
rust-tabwriter orphan, rust-sig 4 weeks ago
rust-take orphan, rust-sig 4 weeks ago
rust-unic-ucd-category orphan, rust-sig 4 weeks ago
rust-url_serde orphan, rust-sig 4 weeks ago
rust-utf8-ranges orphan, rust-sig 4 weeks ago
sassist orphan 5 weeks ago
schroedinger-cat-kde-theme jreznik, orphan 5 weeks ago
scim-anthy orphan 4 weeks ago
seren orphan 5 weeks ago
simple-mtpfs orphan 4 weeks ago
sipcalc orphan 5 weeks ago
spamprobe orphan 2 weeks ago
spawn-fcgi orphan 4 weeks ago
spherical-cow-kde-theme jreznik, orphan 5 weeks ago
sshrc orphan 4 weeks ago
sugar-flip chimosky, orphan 5 weeks ago
sugar-fototoon aperezbios, chimosky, orphan 5 weeks ago
sugar-fractionbounce chimosky, orphan 5 weeks ago
sugar-jukebox chimosky, orphan, pbrobinson 5 weeks ago
sugar-locosugar chimosky, orphan 5 weeks ago
sugar-nutrition chimosky, orphan 5 weeks ago
sugar-paint chimosky, orphan, pbrobinson 5 weeks ago
sugar-playgo chimosky, orphan, pbrobinson 5 weeks ago
sugar-portfolio chimosky, orphan 5 weeks ago
sugar-pukllanapac chimosky, orphan 5 weeks ago
sugar-recall chimosky, orphan 5 weeks ago
sugar-typing-turtle chimosky, orphan 5 weeks ago
sugar-words chimosky, orphan 5 weeks ago
superkb echevemaster, orphan 4 weeks ago
sweep orphan 5 weeks ago
tetrominos orphan 5 weeks ago
themonospot-base orphan 5 weeks ago
themonospot-console orphan 5 weeks ago
themonospot-gui-gtk orphan 5 weeks ago
themonospot-plugin-avi orphan 5 weeks ago
themonospot-plugin-mkv orphan 5 weeks ago
thunarx-python kevin, nonamedotc, orphan 5 weeks ago
tkcvs lkundrak, orphan 5 weeks ago
tnt orphan 4 weeks ago
torrent-file-editor orphan 5 weeks ago
tpp orphan 5 weeks ago
tss2 orphan, snits 5 weeks ago
upt orphan 5 weeks ago
usbauth orphan 5 weeks ago
usbauth-notifier orphan 5 weeks ago
vcglib orphan 5 weeks ago
vicious orphan 4 weeks ago
vim-nerdtree orphan 5 weeks ago
whipper-plugin-eaclogger orphan 5 weeks ago
wipe orphan 4 weeks ago
wmMatrix orphan 4 weeks ago
wmclock orphan 4 weeks ago
wmnd orphan 4 weeks ago
wmpager orphan 4 weeks ago
wmsystemtray orphan 4 weeks ago
wordpress-plugin-defaults orphan 5 weeks ago
workspace orphan 5 weeks ago
xaos orphan 5 weeks ago
xjparse orphan 5 weeks ago
xmltool orphan 4 weeks ago
yourls orphan 4 weeks ago
The following packages require above mentioned packages:
Report too long, see the full version at
https://churchyard.fedorapeople.org/orphans-2023-01-02.txt
See dependency chains of your packages at
https://packager-dashboard.fedoraproject.org/
See all orphaned packages at https://packager-dashboard.fedoraproject.org/orphan
Affected (co)maintainers (either directly or via packages' dependencies):
andreamanzi: pakiti, libmacaroons
andymenderunix: vcglib
aperezbios: sugar-fototoon
apevec: python-websockify
atim: alure, vim-nerdtree, golang-github-sqshq-sampler
bowlofeggs: ejabberd
cdamian: php-pdepend-PHP-Depend, php-phpmd-PHP-PMD, php-phpunit-bytekit,
php-phpunit-phploc, php-phpunit-phpcpd
cheeselee: kcm-fcitx
chimosky: sugar-pukllanapac, sugar-recall, sugar-fractionbounce,
sugar-nutrition, sugar-locosugar, sugar-typing-turtle, sugar-paint,
sugar-fototoon, sugar-playgo, sugar-portfolio, sugar-flip, sugar-words,
sugar-jukebox
chkr: anki
cicku: thunarx-python
company: dmz-cursor-themes
copr-sig: python-flask-restful
cstratak: pydf
dcavalca: python-websockify, golang-github-spaolacci-murmur3, libstroke
devrim: python-cssmin
didiksupriadi41: jcodings
dreua: mupen64plus
dustymabe: kompose
echevemaster: superkb, python-frozen-flask, python-pydispatcher
eclipseo: golang-github-pkg-browser, golang-github-spaolacci-murmur3
ellert: libmacaroons, jargs
epel-packagers-sig: python-websockify, perl-Parse-EDID
frostyx: python-flask-restful
gil: jgrapht
gilboa: alure
gnome-sig: bluecurve-icon-theme, bluecurve-kde-theme, bluecurve-gnome-theme,
bluecurve-metacity-theme, gnome-search-tool, bluecurve-xmms-skin,
bluecurve-classic-metacity-theme, bluecurve-gtk-themes
go-sig: golang-github-pkg-browser, golang-github-sqshq-sampler,
golang-github-spaolacci-murmur3, golang-github-justinas-alice,
golang-github-gocomply-scap, golie, kompose, golang-github-lpabon-godbc
godas: gdeploy
greenscientist: lttv
infra-sig: ansible-collection-google-cloud
iztokf: python-cssmin
jbtrystram: rust-oauth2
jcline: ejabberd
jcpunk: perl-Parse-EDID
jgrulich: amor, highcontrast-qt
jonathanspw: libmacaroons, python-websockify, perl-Parse-EDID
jonkni: libmacaroons
jplesnik: libmacaroons
jreznik: schroedinger-cat-kde-theme, spherical-cow-kde-theme, heisenbug-kde-theme
jussilehtola: CheMPS2
jvanek: CFR
kde-sig: qconf, amor
kevin: thunarx-python
kkeithle: glusterfs-selinux
kkofler: bluecurve-kde-theme
kparal: python-flask-restful
lfield: libmacaroons
limb: thunarx-python
lkundrak: rubygem-archive-tar-minitar, tkcvs, erlang-epgsql
lon: python-websockify
lsm5: python-dockerpty
lyarwood: python-websockify
martinkg: alure, perl-Goo-Canvas
mcermak: libstroke
melmorabity: dmz-cursor-themes
mhjacks: moarvm, rakudo, nqp
mipatras: libmacaroons
mrunge: python-gnocchiclient, python-versiontools
msuchy: python-flask-restful
ndipanov: python-websockify
nonamedotc: thunarx-python
openstack-sig: python-gnocchiclient
pbrobinson: sugar-playgo, sugar-jukebox, sugar-paint
peter: libstroke
ppisar: libmacaroons, moarvm, rakudo, nqp
praiskup: python-flask-restful
pwalter: thunarx-python
qa-tools-sig: resultsdb_frontend, resultsdb, python-cssmin, python-flask-restful
r-maint-sig: libmacaroons
ralph: python-flask-restful
rdieter: amor, bluecurve-kde-theme
remi: php-pdepend-PHP-Depend, php-phpmd-PHP-PMD, php-phpunit-bytekit,
php-phpunit-phploc, php-phpunit-phpcpd
rocha: libmacaroons
rstrode: bluecurve-icon-theme, bluecurve-kde-theme, bluecurve-gnome-theme,
bluecurve-metacity-theme, bluecurve-xmms-skin,
bluecurve-classic-metacity-theme, bluecurve-gtk-themes
rust-sig: rust-iptables, rust-synom, rust-string_cache_shared,
rust-utf8-ranges, rust-mktemp, rust-lzw, rust-dbus-tokio, rust-scoped-tls-hkt,
rust-spmc, rust-fbthrift_codegen_includer_proc_macro, rust-process_path,
rust-tabwriter, rust-macro-attr, rust-sluice, rust-parse_cfg, rust-lipsum,
rust-strings, rust-faccess, rust-proc-quote-impl, rust-simple-error,
rust-piper, rust-rustfilt, rust-fdlimit, rust-osstrtools, rust-newtype_derive,
rust-oauth2, rust-mdl, rust-loggerv, rust-relay, rust-rustdoc-stripper,
rust-sudo_plugin, rust-safe-transmute, rust-take, rust-permutate,
rust-spinning_top, rust-mnt, rust-sxd-document, rust-odds, rust-quickersort,
rust-unic-ucd-category, rust-url_serde, rust-protoc-rust, rust-serde-pickle
sagitter: python-pmw
salimma: libstroke
schlupov: python-flask-restful
sergiomb: python-pmw
shwetha: glusterfs-selinux
simonm: libmacaroons
snits: tss2
spot: alure
stahnma: rubygem-syntax
steve: rakudo, moarvm, gl-117, nqp
survient: holland
tdawson: rubygem-archive-tar-minitar, rubygem-memcache-client, rubygem-ZenTest
than: amor, bluecurve-kde-theme
thofmann: bibtex2html
thunderbirdtr: qconf
ttomecek: python-dockerpty
vokac: libmacaroons
xavierb: ejabberd
yanqiyu: kcm-fcitx
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py
Report finished at 2023-01-02 15:43:58 UTC
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will fail to install and/or build when the affected package gets retired.
Request package ownership via the *Take* button in he left column on
https://src.fedoraproject.org/rpms/<pkgname>
Full report available at:
https://churchyard.fedorapeople.org/orphans-2023-01-02.txt
grep it for your FAS username and follow the dependency chain.
For human readable dependency chains,
see https://packager-dashboard.fedoraproject.org/
For all orphaned packages,
see https://packager-dashboard.fedoraproject.org/orphan
Package (co)maintainers Status Change
================================================================================
5minute orphan 4 weeks ago
CFR jvanek, orphan 4 weeks ago
CheMPS2 orphan 4 weeks ago
PolicyKit-olpc orphan 5 weeks ago
aboot orphan 4 weeks ago
albatross orphan 5 weeks ago
alleyoop orphan 5 weeks ago
alure orphan 4 weeks ago
amor jgrulich, kde-sig, orphan, 5 weeks ago
rdieter, than
anki chkr, orphan 4 weeks ago
ansible-collection-google-cloud infra-sig, orphan 3 weeks ago
asn1c orphan 4 weeks ago
backup-manager orphan 5 weeks ago
bharati-m17n orphan 4 weeks ago
bibtex2html orphan, thofmann 4 weeks ago
bluecurve-classic-metacity- gnome-sig, orphan, rstrode 4 weeks ago
theme
bluecurve-gnome-theme gnome-sig, orphan, rstrode 4 weeks ago
bluecurve-gtk-themes gnome-sig, orphan, rstrode 4 weeks ago
bluecurve-icon-theme gnome-sig, orphan, rstrode 4 weeks ago
bluecurve-kde-theme gnome-sig, kkofler, orphan, 4 weeks ago
rdieter, rstrode, than
bluecurve-metacity-theme gnome-sig, orphan, rstrode 4 weeks ago
bluecurve-xmms-skin gnome-sig, orphan, rstrode 4 weeks ago
cairo-clock orphan 4 weeks ago
code-editor orphan 5 weeks ago
compton orphan 5 weeks ago
cups-bjnp orphan 5 weeks ago
devilspie2 orphan 2 weeks ago
dmz-cursor-themes company, orphan 5 weeks ago
ejabberd bowlofeggs, jcline, orphan, 4 weeks ago
xavierb
erlang-epgsql lkundrak, orphan 5 weeks ago
fwsnort orphan 5 weeks ago
gdeploy godas, orphan 4 weeks ago
ghasher orphan 4 weeks ago
gl-117 orphan, steve 4 weeks ago
glusterfs-selinux kkeithle, orphan, shwetha 4 weeks ago
gnome-activity-journal orphan 5 weeks ago
gnome-nds-thumbnailer orphan 5 weeks ago
gnome-search-tool gnome-sig, orphan 4 weeks ago
gnome-shell-theme-selene orphan 5 weeks ago
gnonlin orphan 4 weeks ago
golang-github-gocomply-scap go-sig, orphan 5 weeks ago
golang-github-justinas-alice go-sig, orphan 4 weeks ago
golang-github-lpabon-godbc go-sig, orphan 5 weeks ago
golang-github-pkg-browser go-sig, orphan 4 weeks ago
golang-github-spaolacci-murmur3 go-sig, orphan 4 weeks ago
golang-github-sqshq-sampler atim, go-sig, orphan 3 weeks ago
golie go-sig, orphan 5 weeks ago
grads orphan 5 weeks ago
gsm-ussd orphan 5 weeks ago
heisenbug-kde-theme jreznik, orphan 5 weeks ago
highcontrast-qt jgrulich, orphan 5 weeks ago
holland orphan, survient 5 weeks ago
jama orphan 4 weeks ago
jargs ellert, orphan 4 weeks ago
java-mersenne-twister orphan 5 weeks ago
javadocofflinesearch orphan 6 weeks ago
jcodings orphan 5 weeks ago
jffi orphan 5 weeks ago
jgrapht gil, orphan 5 weeks ago
jnr-constants orphan 5 weeks ago
jnr-ffi orphan 5 weeks ago
jnr-netdb orphan 5 weeks ago
jnr-posix orphan 5 weeks ago
jnr-x86asm orphan 5 weeks ago
js-web-socket-js orphan 5 weeks ago
kcm-fcitx cheeselee, orphan, yanqiyu 5 weeks ago
kfaenza-icon-theme orphan 5 weeks ago
kfilefactory orphan 5 weeks ago
kompose dustymabe, go-sig, orphan 5 weeks ago
libannodex orphan 4 weeks ago
libbsr orphan 4 weeks ago
libcmml orphan 4 weeks ago
libfap orphan 5 weeks ago
libmacaroons ellert, orphan 4 weeks ago
libnatspec orphan 5 weeks ago
libstroke orphan 4 weeks ago
libusbauth-configparser orphan 5 weeks ago
libverto-jsonrpc orphan 4 weeks ago
lttv greenscientist, orphan 4 weeks ago
lua-fun orphan 4 weeks ago
mediawiki-backtick-code orphan 5 weeks ago
mediawiki-semantic orphan 4 weeks ago
mediawiki-validator orphan 4 weeks ago
mesos orphan 5 weeks ago
mingw-cxxtest orphan 5 weeks ago
mingw-sigar orphan 5 weeks ago
moarvm orphan 5 weeks ago
mod_annodex orphan 4 weeks ago
monosim orphan 5 weeks ago
msgpuck orphan 4 weeks ago
mupen64plus dreua, orphan 4 weeks ago
myman orphan 5 weeks ago
nailgun orphan 5 weeks ago
nodejs-supervisor orphan 4 weeks ago
nqp orphan 5 weeks ago
ogmtools orphan 5 weeks ago
pakiti andreamanzi, orphan 5 weeks ago
perl-Gnome2-Wnck orphan 5 weeks ago
perl-Goo-Canvas orphan 5 weeks ago
perl-Gtk2-Unique orphan 5 weeks ago
perl-MARC-Charset orphan 5 weeks ago
perl-MARC-XML orphan 5 weeks ago
perl-Parse-EDID epel-packagers-sig, jcpunk, 5 weeks ago
orphan
perl-TAP-Harness-Multiple orphan 5 weeks ago
php-pdepend-PHP-Depend cdamian, orphan, remi 5 weeks ago
php-phpmd-PHP-PMD cdamian, orphan, remi 5 weeks ago
php-phpunit-bytekit cdamian, orphan, remi 5 weeks ago
php-phpunit-phpcpd cdamian, orphan, remi 5 weeks ago
php-phpunit-phploc cdamian, orphan, remi 5 weeks ago
php-zipstream orphan 5 weeks ago
plug orphan 5 weeks ago
pydf cstratak, orphan 5 weeks ago
pynag orphan 4 weeks ago
python-Pyped orphan 4 weeks ago
python-bintrees orphan 4 weeks ago
python-colour-runner orphan 4 weeks ago
python-cssmin orphan, qa-tools-sig 4 weeks ago
python-dockerpty lsm5, orphan, ttomecek 5 weeks ago
python-flask-restful kparal, orphan, qa-tools-sig, 5 weeks ago
ralph
python-formats orphan 4 weeks ago
python-frozen-flask echevemaster, orphan 5 weeks ago
python-gnocchiclient mrunge, openstack-sig, orphan 4 weeks ago
python-gzipstream orphan 2 weeks ago
python-importmagic orphan 5 weeks ago
python-jsonmodels orphan 4 weeks ago
python-lightblue orphan 5 weeks ago
python-okaara orphan 5 weeks ago
python-pmw orphan 4 weeks ago
python-posix_ipc orphan 4 weeks ago
python-pydispatcher orphan 4 weeks ago
python-pynlpl orphan 4 weeks ago
python-pytest-beakerlib orphan 4 weeks ago
python-pytest-sanic orphan 4 weeks ago
python-restsh orphan 5 weeks ago
python-signalfd orphan 4 weeks ago
python-simpy orphan 4 weeks ago
python-spdx orphan 5 weeks ago
python-spdx-lookup orphan 5 weeks ago
python-tortilla orphan 4 weeks ago
python-upt-cpan orphan 5 weeks ago
python-upt-fedora orphan 5 weeks ago
python-upt-pypi orphan 5 weeks ago
python-upt-rubygems orphan 5 weeks ago
python-versiontools mrunge, orphan 5 weeks ago
python-websockify apevec, epel-packagers-sig, 4 weeks ago
lon, ndipanov, orphan
python-xtermcolor orphan 5 weeks ago
python-zabbix-api-erigones orphan 4 weeks ago
q orphan 5 weeks ago
qconf orphan 5 weeks ago
qxmpp orphan 5 weeks ago
rakudo orphan, ppisar, steve 5 weeks ago
rakudo-MIME-Base64 orphan 5 weeks ago
rakudo-Readline orphan 5 weeks ago
rakudo-URI orphan 5 weeks ago
rakudo-XML orphan 5 weeks ago
rakudo-zef orphan 5 weeks ago
rdfind orphan 5 weeks ago
refmac-dictionary orphan 4 weeks ago
resultsdb orphan, qa-tools-sig 4 weeks ago
resultsdb_frontend orphan, qa-tools-sig 4 weeks ago
rhythmbox-alternative-toolbar orphan 4 weeks ago
rshim orphan 5 weeks ago
ruby-ncurses orphan 4 weeks ago
rubygem-ZenTest orphan, tdawson 4 weeks ago
rubygem-abstract orphan 4 weeks ago
rubygem-activeresource orphan 4 weeks ago
rubygem-archive-tar-minitar orphan, tdawson 4 weeks ago
rubygem-cinch orphan 5 weeks ago
rubygem- orphan 5 weeks ago
declarative_authorization
rubygem-foreigner orphan 5 weeks ago
rubygem-lockfile orphan 4 weeks ago
rubygem-memcache-client orphan, tdawson 4 weeks ago
rubygem-more_core_extensions orphan 4 weeks ago
rubygem-openscap orphan 5 weeks ago
rubygem-plist orphan 5 weeks ago
rubygem-rubeyond orphan 5 weeks ago
rubygem-scruffy orphan 4 weeks ago
rubygem-session orphan 5 weeks ago
rubygem-sexp_processor orphan 4 weeks ago
rubygem-state_machine orphan 5 weeks ago
rubygem-syntax orphan, stahnma 4 weeks ago
rubygem-uuidtools orphan 4 weeks ago
rust-dbus-tokio orphan, rust-sig 5 weeks ago
rust-faccess orphan, rust-sig 2 weeks ago
rust-fbthrift_codegen_includer_ orphan, rust-sig 4 weeks ago
proc_macro
rust-fdlimit orphan, rust-sig 4 weeks ago
rust-iptables orphan, rust-sig 2 weeks ago
rust-lipsum orphan, rust-sig 4 weeks ago
rust-loggerv orphan, rust-sig 4 weeks ago
rust-lzw orphan, rust-sig 4 weeks ago
rust-macro-attr orphan, rust-sig 4 weeks ago
rust-mdl orphan, rust-sig 4 weeks ago
rust-mktemp orphan, rust-sig 4 weeks ago
rust-mnt orphan, rust-sig 4 weeks ago
rust-newtype_derive orphan, rust-sig 4 weeks ago
rust-oauth2 jbtrystram, orphan, rust-sig 3 weeks ago
rust-odds orphan, rust-sig 4 weeks ago
rust-osstrtools orphan, rust-sig 4 weeks ago
rust-parse_cfg orphan, rust-sig 4 weeks ago
rust-permutate orphan, rust-sig 4 weeks ago
rust-piper orphan, rust-sig 4 weeks ago
rust-proc-quote-impl orphan, rust-sig 4 weeks ago
rust-process_path orphan, rust-sig 4 weeks ago
rust-protoc-rust orphan, rust-sig 4 weeks ago
rust-quickersort orphan, rust-sig 4 weeks ago
rust-relay orphan, rust-sig 4 weeks ago
rust-rustdoc-stripper orphan, rust-sig 4 weeks ago
rust-rustfilt orphan, rust-sig 4 weeks ago
rust-safe-transmute orphan, rust-sig 4 weeks ago
rust-scoped-tls-hkt orphan, rust-sig 4 weeks ago
rust-serde-pickle orphan, rust-sig 4 weeks ago
rust-simple-error orphan, rust-sig 2 weeks ago
rust-sluice orphan, rust-sig 4 weeks ago
rust-spinning_top orphan, rust-sig 4 weeks ago
rust-spmc orphan, rust-sig 4 weeks ago
rust-string_cache_shared orphan, rust-sig 4 weeks ago
rust-strings orphan, rust-sig 4 weeks ago
rust-sudo_plugin orphan, rust-sig 4 weeks ago
rust-sxd-document orphan, rust-sig 4 weeks ago
rust-synom orphan, rust-sig 4 weeks ago
rust-tabwriter orphan, rust-sig 4 weeks ago
rust-take orphan, rust-sig 4 weeks ago
rust-unic-ucd-category orphan, rust-sig 4 weeks ago
rust-url_serde orphan, rust-sig 4 weeks ago
rust-utf8-ranges orphan, rust-sig 4 weeks ago
sassist orphan 5 weeks ago
schroedinger-cat-kde-theme jreznik, orphan 5 weeks ago
scim-anthy orphan 4 weeks ago
seren orphan 5 weeks ago
simple-mtpfs orphan 4 weeks ago
sipcalc orphan 5 weeks ago
spamprobe orphan 2 weeks ago
spawn-fcgi orphan 4 weeks ago
spherical-cow-kde-theme jreznik, orphan 5 weeks ago
sshrc orphan 4 weeks ago
sugar-flip chimosky, orphan 5 weeks ago
sugar-fototoon aperezbios, chimosky, orphan 5 weeks ago
sugar-fractionbounce chimosky, orphan 5 weeks ago
sugar-jukebox chimosky, orphan, pbrobinson 5 weeks ago
sugar-locosugar chimosky, orphan 5 weeks ago
sugar-nutrition chimosky, orphan 5 weeks ago
sugar-paint chimosky, orphan, pbrobinson 5 weeks ago
sugar-playgo chimosky, orphan, pbrobinson 5 weeks ago
sugar-portfolio chimosky, orphan 5 weeks ago
sugar-pukllanapac chimosky, orphan 5 weeks ago
sugar-recall chimosky, orphan 5 weeks ago
sugar-typing-turtle chimosky, orphan 5 weeks ago
sugar-words chimosky, orphan 5 weeks ago
superkb echevemaster, orphan 4 weeks ago
sweep orphan 5 weeks ago
tetrominos orphan 5 weeks ago
themonospot-base orphan 5 weeks ago
themonospot-console orphan 5 weeks ago
themonospot-gui-gtk orphan 5 weeks ago
themonospot-plugin-avi orphan 5 weeks ago
themonospot-plugin-mkv orphan 5 weeks ago
thunarx-python kevin, nonamedotc, orphan 5 weeks ago
tkcvs lkundrak, orphan 5 weeks ago
tnt orphan 4 weeks ago
torrent-file-editor orphan 5 weeks ago
tpp orphan 5 weeks ago
tss2 orphan, snits 5 weeks ago
upt orphan 5 weeks ago
usbauth orphan 5 weeks ago
usbauth-notifier orphan 5 weeks ago
vcglib orphan 5 weeks ago
vicious orphan 4 weeks ago
vim-nerdtree orphan 5 weeks ago
whipper-plugin-eaclogger orphan 5 weeks ago
wipe orphan 4 weeks ago
wmMatrix orphan 4 weeks ago
wmclock orphan 4 weeks ago
wmnd orphan 4 weeks ago
wmpager orphan 4 weeks ago
wmsystemtray orphan 4 weeks ago
wordpress-plugin-defaults orphan 5 weeks ago
workspace orphan 5 weeks ago
xaos orphan 5 weeks ago
xjparse orphan 5 weeks ago
xmltool orphan 4 weeks ago
yourls orphan 4 weeks ago
The following packages require above mentioned packages:
Report too long, see the full version at
https://churchyard.fedorapeople.org/orphans-2023-01-02.txt
See dependency chains of your packages at
https://packager-dashboard.fedoraproject.org/
See all orphaned packages at https://packager-dashboard.fedoraproject.org/orphan
Affected (co)maintainers (either directly or via packages' dependencies):
andreamanzi: pakiti, libmacaroons
andymenderunix: vcglib
aperezbios: sugar-fototoon
apevec: python-websockify
atim: alure, vim-nerdtree, golang-github-sqshq-sampler
bowlofeggs: ejabberd
cdamian: php-pdepend-PHP-Depend, php-phpmd-PHP-PMD, php-phpunit-bytekit,
php-phpunit-phploc, php-phpunit-phpcpd
cheeselee: kcm-fcitx
chimosky: sugar-pukllanapac, sugar-recall, sugar-fractionbounce,
sugar-nutrition, sugar-locosugar, sugar-typing-turtle, sugar-paint,
sugar-fototoon, sugar-playgo, sugar-portfolio, sugar-flip, sugar-words,
sugar-jukebox
chkr: anki
cicku: thunarx-python
company: dmz-cursor-themes
copr-sig: python-flask-restful
cstratak: pydf
dcavalca: python-websockify, golang-github-spaolacci-murmur3, libstroke
devrim: python-cssmin
didiksupriadi41: jcodings
dreua: mupen64plus
dustymabe: kompose
echevemaster: superkb, python-frozen-flask, python-pydispatcher
eclipseo: golang-github-pkg-browser, golang-github-spaolacci-murmur3
ellert: libmacaroons, jargs
epel-packagers-sig: python-websockify, perl-Parse-EDID
frostyx: python-flask-restful
gil: jgrapht
gilboa: alure
gnome-sig: bluecurve-icon-theme, bluecurve-kde-theme, bluecurve-gnome-theme,
bluecurve-metacity-theme, gnome-search-tool, bluecurve-xmms-skin,
bluecurve-classic-metacity-theme, bluecurve-gtk-themes
go-sig: golang-github-pkg-browser, golang-github-sqshq-sampler,
golang-github-spaolacci-murmur3, golang-github-justinas-alice,
golang-github-gocomply-scap, golie, kompose, golang-github-lpabon-godbc
godas: gdeploy
greenscientist: lttv
infra-sig: ansible-collection-google-cloud
iztokf: python-cssmin
jbtrystram: rust-oauth2
jcline: ejabberd
jcpunk: perl-Parse-EDID
jgrulich: amor, highcontrast-qt
jonathanspw: libmacaroons, python-websockify, perl-Parse-EDID
jonkni: libmacaroons
jplesnik: libmacaroons
jreznik: schroedinger-cat-kde-theme, spherical-cow-kde-theme, heisenbug-kde-theme
jussilehtola: CheMPS2
jvanek: CFR
kde-sig: qconf, amor
kevin: thunarx-python
kkeithle: glusterfs-selinux
kkofler: bluecurve-kde-theme
kparal: python-flask-restful
lfield: libmacaroons
limb: thunarx-python
lkundrak: rubygem-archive-tar-minitar, tkcvs, erlang-epgsql
lon: python-websockify
lsm5: python-dockerpty
lyarwood: python-websockify
martinkg: alure, perl-Goo-Canvas
mcermak: libstroke
melmorabity: dmz-cursor-themes
mhjacks: moarvm, rakudo, nqp
mipatras: libmacaroons
mrunge: python-gnocchiclient, python-versiontools
msuchy: python-flask-restful
ndipanov: python-websockify
nonamedotc: thunarx-python
openstack-sig: python-gnocchiclient
pbrobinson: sugar-playgo, sugar-jukebox, sugar-paint
peter: libstroke
ppisar: libmacaroons, moarvm, rakudo, nqp
praiskup: python-flask-restful
pwalter: thunarx-python
qa-tools-sig: resultsdb_frontend, resultsdb, python-cssmin, python-flask-restful
r-maint-sig: libmacaroons
ralph: python-flask-restful
rdieter: amor, bluecurve-kde-theme
remi: php-pdepend-PHP-Depend, php-phpmd-PHP-PMD, php-phpunit-bytekit,
php-phpunit-phploc, php-phpunit-phpcpd
rocha: libmacaroons
rstrode: bluecurve-icon-theme, bluecurve-kde-theme, bluecurve-gnome-theme,
bluecurve-metacity-theme, bluecurve-xmms-skin,
bluecurve-classic-metacity-theme, bluecurve-gtk-themes
rust-sig: rust-iptables, rust-synom, rust-string_cache_shared,
rust-utf8-ranges, rust-mktemp, rust-lzw, rust-dbus-tokio, rust-scoped-tls-hkt,
rust-spmc, rust-fbthrift_codegen_includer_proc_macro, rust-process_path,
rust-tabwriter, rust-macro-attr, rust-sluice, rust-parse_cfg, rust-lipsum,
rust-strings, rust-faccess, rust-proc-quote-impl, rust-simple-error,
rust-piper, rust-rustfilt, rust-fdlimit, rust-osstrtools, rust-newtype_derive,
rust-oauth2, rust-mdl, rust-loggerv, rust-relay, rust-rustdoc-stripper,
rust-sudo_plugin, rust-safe-transmute, rust-take, rust-permutate,
rust-spinning_top, rust-mnt, rust-sxd-document, rust-odds, rust-quickersort,
rust-unic-ucd-category, rust-url_serde, rust-protoc-rust, rust-serde-pickle
sagitter: python-pmw
salimma: libstroke
schlupov: python-flask-restful
sergiomb: python-pmw
shwetha: glusterfs-selinux
simonm: libmacaroons
snits: tss2
spot: alure
stahnma: rubygem-syntax
steve: rakudo, moarvm, gl-117, nqp
survient: holland
tdawson: rubygem-archive-tar-minitar, rubygem-memcache-client, rubygem-ZenTest
than: amor, bluecurve-kde-theme
thofmann: bibtex2html
thunderbirdtr: qconf
ttomecek: python-dockerpty
vokac: libmacaroons
xavierb: ejabberd
yanqiyu: kcm-fcitx
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py
Report finished at 2023-01-02 15:43:58 UTC
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Subscribe to:
Posts (Atom)