[Bug 1535240] New: Scilab does not start in FC26: GL3bc -> profileImpl GL4bc !!! not mapped
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1535240
Bug ID: 1535240
Summary: Scilab does not start in FC26: GL3bc -> profileImpl
GL4bc !!! not mapped
Product: Fedora
Version: 26
Component: jogl2
Severity: medium
Assignee: c.david86(a)gmail.com
Reporter: sergio.alberto.garay(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: c.david86(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/63.0.3239.132 Safari/537.36
Build Identifier:
Scilab 6.0.0 can not start from xterminal on my FC 26. It was working in my
FC25 until upgrade the system. I am using an AMD graphic card:
VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Baffin
[Radeon RX 460/560D / Pro 450/455/460/560] (rev cf)
which is using the amdgpu driver.
Reproducible: Always
Steps to Reproduce:
1.start scilab 6.0 on a hardware using AMD videocard.
2.
3.
Actual Results:
Could not create a Scilab main class. Error:
Exception in thread "main" java.lang.InternalError: XXX0 profile[1]: GL3bc ->
profileImpl GL4bc !!! not mapped
at com.jogamp.opengl.GLProfile.computeProfileMap(GLProfile.java:2071)
at
com.jogamp.opengl.GLProfile.initProfilesForDeviceCritical(GLProfile.java:1954)
at com.jogamp.opengl.GLProfile.initProfilesForDevice(GLProfile.java:1875)
at
com.jogamp.opengl.GLProfile.initProfilesForDefaultDevices(GLProfile.java:1842)
at com.jogamp.opengl.GLProfile.access$000(GLProfile.java:80)
at com.jogamp.opengl.GLProfile$1.run(GLProfile.java:230)
at java.security.AccessController.doPrivileged(Native Method)
at com.jogamp.opengl.GLProfile.initSingleton(GLProfile.java:216)
at com.jogamp.opengl.GLProfile.getProfileMap(GLProfile.java:2297)
at com.jogamp.opengl.GLProfile.get(GLProfile.java:988)
at com.jogamp.opengl.GLProfile.getDefault(GLProfile.java:722)
at com.jogamp.opengl.GLProfile.getDefault(GLProfile.java:733)
at org.scilab.modules.gui.SwingView.<init>(Unknown Source)
at org.scilab.modules.gui.SwingView.registerSwingView(Unknown Source)
at org.scilab.modules.core.Scilab.<init>(Unknown Source)
Scilab cannot create Scilab Java Main-Class (we have not been able to find the
main Scilab class. Check if the Scilab and thirdparty packages are available).
Expected Results:
opening Scilab GUI
The problem also affects geogebra 5.0.328.0-3D which it runs normally but it
can't show 3D graphics.
Both programas work perfectly in another PC with nvidia videocard, using i915
driver.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months
[Bug 1353380] New: jenkins-2.7.1 is available
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1353380
Bug ID: 1353380
Summary: jenkins-2.7.1 is available
Product: Fedora
Version: rawhide
Component: jenkins
Keywords: FutureFeature, Triaged
Assignee: msrb(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Latest upstream release: 2.7.1
Current version/release in rawhide: 1.651.3-1.fc25
URL: http://jenkins-ci.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/5493/
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months
[Bug 1539989] New: CVE-2017-12626 poi: Parsing of multiple file types can cause a denial of service via infinite loop or out of memory exception
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Bug ID: 1539989
Summary: CVE-2017-12626 poi: Parsing of multiple file types can
cause a denial of service via infinite loop or out of
memory exception
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: sfowler(a)redhat.com
CC: aileenc(a)redhat.com, alazarot(a)redhat.com,
anstephe(a)redhat.com, chazlett(a)redhat.com,
etirelli(a)redhat.com, gvarsami(a)redhat.com,
hchiorea(a)redhat.com, ibek(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jolee(a)redhat.com,
jstastny(a)redhat.com, kconner(a)redhat.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
lef(a)fedoraproject.org, lpetrovi(a)redhat.com,
mat.booth(a)redhat.com, nwallace(a)redhat.com,
paradhya(a)redhat.com, pavelp(a)redhat.com,
pszubiak(a)redhat.com, rrajasek(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
rzhang(a)redhat.com, sdaley(a)redhat.com,
tcunning(a)redhat.com, tkirby(a)redhat.com,
vhalbert(a)redhat.com
Apache POI versions prior to release 3.17 are vulnerable to Denial of Service
(DoS) attacks caused by multiple bugs in parsing specially crafted files.
Parsing of WMF, EMF, MSG files and macros can lead to infinite loops, while
parsing DOC, PPT and XLS files can cause out of memory exceptions.
External References:
https://nvd.nist.gov/vuln/detail/CVE-2017-12626
https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e...
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months
[Bug 1351504] New: doesn't start
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1351504
Bug ID: 1351504
Summary: doesn't start
Product: Fedora
Version: 24
Component: elasticsearch
Assignee: zbyszek(a)in.waw.pl
Reporter: jpopelka(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bobjensen(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, pahan(a)hubbitus.info,
zbyszek(a)in.waw.pl
Version-Release number of selected component (if applicable):
elasticsearch-1.7.1-3.fc24.noarch
java-1.8.0-openjdk-1.8.0.92-3.b14.fc24.x86_64
Steps to Reproduce:
1. dnf install elasticsearch
2. systemctl start elasticsearch
Actual results:
Jun 30, 2016 10:26:50 AM org.elasticsearch.bootstrap.Natives <clinit>
WARNING: JNA not found. native methods will be disabled.
Jun 30, 2016 10:26:50 AM org.elasticsearch.bootstrap.Natives
addConsoleCtrlHandler
WARNING: cannot register console handler because JNA is not available
Jun 30, 2016 10:26:50 AM org.elasticsearch.node.internal.InternalNode <init>
INFO: [D'Ken] version[1.7.1], pid[31648], build[${build/NA]
Jun 30, 2016 10:26:50 AM org.elasticsearch.node.internal.InternalNode <init>
INFO: [D'Ken] initializing ...
Jun 30, 2016 10:26:50 AM org.elasticsearch.plugins.PluginsService <init>
INFO: [D'Ken] loaded [], sites []
Jun 30, 2016 10:26:50 AM org.elasticsearch.env.NodeEnvironment
maybeLogPathDetails
INFO: [D'Ken] using [1] data paths, mounts [[/ (/dev/mapper/main-root)]], net
usable_space [3.6gb], net total_space [31.3gb], types [ext4]
Jun 30, 2016 10:26:51 AM org.elasticsearch.bootstrap.Bootstrap main
SEVERE: Exception
com.google.common.util.concurrent.ExecutionError:
com.google.common.util.concurrent.ExecutionError:
java.lang.NoClassDefFoundError: Lcom/carrotsearch/hppc/ByteObjectOpenHashMap;
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2201)
at com.google.common.cache.LocalCache.get(LocalCache.java:3937)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3941)
at
com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4824)
at
org.elasticsearch.common.inject.internal.FailableCache.get(FailableCache.java:51)
at
org.elasticsearch.common.inject.ConstructorInjectorStore.get(ConstructorInjectorStore.java:50)
at
org.elasticsearch.common.inject.ConstructorBindingImpl.initialize(ConstructorBindingImpl.java:50)
at
org.elasticsearch.common.inject.InjectorImpl.initializeBinding(InjectorImpl.java:372)
at
org.elasticsearch.common.inject.BindingProcessor$1$1.run(BindingProcessor.java:148)
at
org.elasticsearch.common.inject.BindingProcessor.initializeBindings(BindingProcessor.java:204)
at
org.elasticsearch.common.inject.InjectorBuilder.initializeStatically(InjectorBuilder.java:119)
at
org.elasticsearch.common.inject.InjectorBuilder.build(InjectorBuilder.java:102)
at org.elasticsearch.common.inject.Guice.createInjector(Guice.java:96)
at org.elasticsearch.common.inject.Guice.createInjector(Guice.java:70)
at
org.elasticsearch.common.inject.ModulesBuilder.createInjector(ModulesBuilder.java:59)
at
org.elasticsearch.node.internal.InternalNode.<init>(InternalNode.java:210)
at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:159)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:77)
at org.elasticsearch.bootstrap.Bootstrap.main(Bootstrap.java:245)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:32)
Caused by: com.google.common.util.concurrent.ExecutionError:
java.lang.NoClassDefFoundError: Lcom/carrotsearch/hppc/ByteObjectOpenHashMap;
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2201)
at com.google.common.cache.LocalCache.get(LocalCache.java:3937)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3941)
at
com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4824)
at
org.elasticsearch.common.inject.internal.FailableCache.get(FailableCache.java:51)
at
org.elasticsearch.common.inject.MembersInjectorStore.get(MembersInjectorStore.java:68)
at
org.elasticsearch.common.inject.ConstructorInjectorStore.createConstructor(ConstructorInjectorStore.java:67)
at
org.elasticsearch.common.inject.ConstructorInjectorStore.access$000(ConstructorInjectorStore.java:29)
at
org.elasticsearch.common.inject.ConstructorInjectorStore$1.create(ConstructorInjectorStore.java:37)
at
org.elasticsearch.common.inject.ConstructorInjectorStore$1.create(ConstructorInjectorStore.java:33)
at
org.elasticsearch.common.inject.internal.FailableCache$1.load(FailableCache.java:39)
at
com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3527)
at
com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2319)
at
com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2282)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2197)
... 19 more
Caused by: java.lang.NoClassDefFoundError:
Lcom/carrotsearch/hppc/ByteObjectOpenHashMap;
at java.lang.Class.getDeclaredFields0(Native Method)
at java.lang.Class.privateGetDeclaredFields(Class.java:2583)
at java.lang.Class.getDeclaredFields(Class.java:1916)
at
org.elasticsearch.common.inject.spi.InjectionPoint$Factory$1.getMembers(InjectionPoint.java:378)
at
org.elasticsearch.common.inject.spi.InjectionPoint$Factory$1.getMembers(InjectionPoint.java:376)
at
org.elasticsearch.common.inject.spi.InjectionPoint.addInjectorsForMembers(InjectionPoint.java:351)
at
org.elasticsearch.common.inject.spi.InjectionPoint.addInjectionPoints(InjectionPoint.java:345)
at
org.elasticsearch.common.inject.spi.InjectionPoint.forInstanceMethodsAndFields(InjectionPoint.java:287)
at
org.elasticsearch.common.inject.MembersInjectorStore.createWithListeners(MembersInjectorStore.java:80)
at
org.elasticsearch.common.inject.MembersInjectorStore.access$000(MembersInjectorStore.java:36)
at
org.elasticsearch.common.inject.MembersInjectorStore$1.create(MembersInjectorStore.java:45)
at
org.elasticsearch.common.inject.MembersInjectorStore$1.create(MembersInjectorStore.java:41)
at
org.elasticsearch.common.inject.internal.FailableCache$1.load(FailableCache.java:39)
at
com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3527)
at
com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2319)
at
com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2282)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2197)
... 33 more
Caused by: java.lang.ClassNotFoundException:
com.carrotsearch.hppc.ByteObjectOpenHashMap
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 50 more
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months
[Bug 1512827] New: CVE-2017-9096 itext: External entities not disabled
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1512827
Bug ID: 1512827
Summary: CVE-2017-9096 itext: External entities not disabled
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: alazarot(a)redhat.com, andjrobins(a)gmail.com,
anstephe(a)redhat.com, etirelli(a)redhat.com,
ibek(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
kverlaen(a)redhat.com, lef(a)fedoraproject.org,
lpetrovi(a)redhat.com, oget.fedora(a)gmail.com,
paradhya(a)redhat.com, pavelp(a)redhat.com,
pszubiak(a)redhat.com, puntogil(a)libero.it,
rrajasek(a)redhat.com, rsynek(a)redhat.com,
rzhang(a)redhat.com, sdaley(a)redhat.com
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable
external entities, which might allow remote attackers to conduct XML external
entity (XXE) attacks via a crafted PDF.
External References:
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSN...
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months
[Bug 1471060] New: CVE-2017-1000095 jenkins-plugin-script-security: Unsafe methods in the default whitelist (SECURITY-538)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1471060
Bug ID: 1471060
Summary: CVE-2017-1000095 jenkins-plugin-script-security:
Unsafe methods in the default whitelist (SECURITY-538)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: bleanhar(a)redhat.com, ccoleman(a)redhat.com,
dedgar(a)redhat.com, dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jkeck(a)redhat.com,
joelsmith(a)redhat.com, kseifried(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com
The default whitelist included the entries:
DefaultGroovyMethods.putAt(Object, String, Object)
DefaultGroovyMethods.getAt(Object, String)
These allowed circumventing many of the access restrictions implemented in the
script sandbox by using e.g. currentBuild['rawBuild'] rather than
currentBuild.rawBuild.
Additionally, the following entries allowed accessing private data that would
not be accessible otherwise due to script security:
groovy.json.JsonOutput.toJson(Closure)
groovy.json.JsonOutput.toJson(Object)
External References:
https://jenkins.io/security/advisory/2017-07-10/
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months