Regardless of how the bluetooth device works, enabling unbonded devices
in BlueZ makes a computer vulnerable to CVE-2023-45866. It won't be
enabled by the security team.
Perhaps GNOME or other desktops could become more aware of gaming
controllers with these issues to make pairing easier, without
Public bug reported:
If pam_pwqaulity is restrictively set a user can still be created by
adduser without a password.
e.g.,
```
eslerm@mino:~$ cat /etc/pam.d/common-password |grep pwquality
password requisite pam_pwquality.so retry=3 minlen=8 maxrepeat=3 ucredit=-1
lcredit=-1 dcredit=-1 ocredit=
Public bug reported:
If pam_pwqaulity is restrictively set a user can still be created by
adduser without a password.
e.g.,
```
eslerm@mino:~$ cat /etc/pam.d/common-password |grep pwquality
password requisite pam_pwquality.so retry=3 minlen=8 maxrepeat=3 ucredit=-1
lcredit=-1 dcredit=-1 ocredit=
This impacts all arm64 installs, not just raspberry pi.
The MIR for qrtr and protection-domain-mapper [0] was requested late in
the Mantic cycle and was only approved by Security since it was promised
to only be used for x13s hardware enablement. Hopefully Qualcomm IPC is
only enabled for x13s ker
Hi Rabee,
The metapackage android-sdk-platform-tools installs several packages,
which includes e2fsprogs (https://packages.ubuntu.com/focal/android-sdk-
platform-tools). It also make a symbolic link from /usr/lib/android-
sdk/platform-tools/mke2fs.conf to /etc/mke2fs.conf All of which should
not c
Done! Nice write-up Rory :D
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wpa in Ubuntu.
https://bugs.launchpad.net/bugs/2067613
Title:
CVE-2024-5290 : Fix loading of arbitrary shared objects
Status in wpa package in Ubu
Public bug reported:
In mantic, -mbranch-protection=standard is now a default dpkg compiler
flag for arm64 [0]. This breaks libunwind and dependencies [1]. This has
not affected any libunwind binaries, since rebuilds have not been
performed since this change.
>From local testing, the build will c
hi @yudamjoo o/
Please check the end of your `DpkgTerminalLog.txt` file.
To fix CVE-2023-45866 [0] a configuration file
(`/etc/bluetooth/input.conf`) was changed. If there had been edits made
to this file before updating BlueZ, apt will ask what you want to do
with the configuration file. "Y" is
=> Won't Fix
** Changed in: bluez (Ubuntu)
Assignee: Nishit Majithia (0xnishit) => Mark Esler (eslerm)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/2045931
T
hi @werdem o/
What bluetooth device are you using?
Your version of BlueZ has a security patch for vulnerability
CVE-2023-45866 which disables support for certain legacy bluetooth
devices.
If your device does not support Classic Bonding, you can re-enable it by
setting `ClassicBondedOnly=false` i
Desktop no longer has engineering goals to support smart cards.
Foundations team might.
Security Team is blocked until there is a mandate, an owning team,
hardware funding, and possibly engineering support to resolve
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930530
Unassigning Security Te
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libwebp in Ubuntu.
https://bugs.launchpad.net/bugs/2035220
Title:
cve-2023-4863
Status in chromium-browse
@halfgaar, I've requested that the Foundation's team review the priority
of this bug
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wget in Ubuntu.
https://bugs.launchpad.net/bugs/2029930
Title:
wget crash when printing do
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/2038365
Title:
Audio
Status in pulseaudio package in Ubuntu:
https://www.cve.org/CVERecord?id=CVE-2024-11586 published.
Updates will go to ESM.
Thanks Ratchanan!
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulse
There is a discussion on GitHub [0] and Debian [1] as well.
[0] https://github.com/polkit-org/polkit/issues/545
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093276
In those reports, this issue has been verified on Debian and Linux Mint.
I have verified this issue on 24.04+. Both Desktop
16 matches
Mail list logo
