Fedora has issued an advisory today (February 9): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KQX5YL7OVJTMPDFFPFACDNNE2LEUDC3J/ The issue is fixed upstream in 1.9.5. There are no details on the security issue, but it'd be nice if we could find it and backport a patch. Cauldron has been updated.
Upstream ticket and commit: https://sourceforge.net/p/nas/bugs/8/ https://sourceforge.net/p/nas/nas.git/ci/7c0e91c6779f2a06073026d277021d8711200c01/
Another update to a package with no visible maintainer = assign to all.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a potential buffer overflow security issue. References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KQX5YL7OVJTMPDFFPFACDNNE2LEUDC3J/ https://sourceforge.net/p/nas/bugs/8/ ======================== Updated packages in core/updates_testing: ======================== lib(64)nas2-1.9.4-11.1.mga8 lib(64)nas-devel-1.9.4-11.1.mga8 lib(64)nas-static-devel-1.9.4-11.1.mga8 nas-1.9.4-11.1.mga8 from SRPM: nas-1.9.4-11.1.mga8.src.rpm
Assignee: pkg-bugs => qa-bugsCC: (none) => nicolas.salgueroStatus: NEW => ASSIGNED
Suggested advisory: ======================== Updated nas packages fix security issue: Stack-based buffer overflow in auphone.c that can be triggered by an environment variable. Also, the x11-util-cf-files package has been patched to allow building nas. References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KQX5YL7OVJTMPDFFPFACDNNE2LEUDC3J/ https://sourceforge.net/p/nas/bugs/8/ https://bugzilla.redhat.com/show_bug.cgi?id=1943020 ======================== Updated packages in core/updates_testing: ======================== x11-util-cf-files-1.0.6-5.1.mga8 lib(64)nas2-1.9.4-11.1.mga8 lib(64)nas-devel-1.9.4-11.1.mga8 lib(64)nas-static-devel-1.9.4-11.1.mga8 nas-1.9.4-11.1.mga8 from SRPMS: x11-util-cf-files-1.0.6-5.1.mga8.src.rpm nas-1.9.4-11.1.mga8.src.rpm
*** Bug 30049 has been marked as a duplicate of this bug. ***
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues. Ref bug 11305for testing Run into same problem as Claire, buitis not clear to me what was the exact solution she applied. Anyway, after installation and reboot, I still get: # systemctl -l status nasd ● nasd.service - LSB: Starts the nas daemon Loaded: loaded (/etc/rc.d/init.d/nasd; generated) Active: active (exited) since Thu 2022-02-17 10:18:59 CET; 20min ago Docs: man:systemd-sysv-generator(8) Process: 829 ExecStart=/etc/rc.d/init.d/nasd start (code=exited, status=0/SUCCESS) CPU: 33ms feb 17 10:18:56 mach5.hviaene.thuis systemd[1]: Starting LSB: Starts the nas daemon... feb 17 10:18:58 mach5.hviaene.thuis runuser[893]: pam_unix(runuser:session): session opened for user nasd by (uid=0) feb 17 10:18:59 mach5.hviaene.thuis nas[953]: Network Audio System Release 1.9.4 feb 17 10:18:59 mach5.hviaene.thuis runuser[893]: pam_unix(runuser:session): session closed for user nasd feb 17 10:18:59 mach5.hviaene.thuis nasd[829]: Starting nasd: feb 17 10:18:59 mach5.hviaene.thuis nasd[953]: Network Audio System Release 1.9.4 feb 17 10:18:59 mach5.hviaene.thuis nasd[829]: [ OK ] feb 17 10:18:59 mach5.hviaene.thuis systemd[1]: Started LSB: Starts the nas daemon. That seems OK, but then $ export AUDIOSERVER="mach5:0" $ echo $AUDIOSERVER mach5:0 $ auinfo -audio "mach5:0" auinfo: unable to connect to audio server $ nasd -pn Network Audio System Release 1.9.4 Network Audio System Release 1.9.4 Error binding unix socket: /var/run/nasd/audio0 : No such file or directory Cannot establish unix listening socket Init: Output open(/dev/dsp) failed: No such file or directory Fatal server error: could not create audio connection block info
CC: (none) => herman.viaene
/dev/dsp is present only if ossp is installed. After installing ossp and rebooting, installed nas and started it. # systemctl status nasd ● nasd.service - LSB: Starts the nas daemon Loaded: loaded (/etc/rc.d/init.d/nasd; generated) Active: active (exited) since Thu 2022-02-17 11:21:11 EST; 6s ago Docs: man:systemd-sysv-generator(8) Process: 5370 ExecStart=/etc/rc.d/init.d/nasd start (code=exited, status=0/SUCCESS) CPU: 21ms Feb 17 11:21:11 x3.hodgins.homeip.net systemd[1]: Starting LSB: Starts the nas daemon... Feb 17 11:21:11 x3.hodgins.homeip.net runuser[5378]: pam_unix(runuser:session): session opened for user nasd by (uid=0) Feb 17 11:21:11 x3.hodgins.homeip.net nas[5381]: Network Audio System Release 1.9.4 Feb 17 11:21:11 x3.hodgins.homeip.net nasd[5370]: Starting nasd: Feb 17 11:21:11 x3.hodgins.homeip.net nasd[5381]: Network Audio System Release 1.9.4 Feb 17 11:21:11 x3.hodgins.homeip.net runuser[5378]: pam_unix(runuser:session): session closed for user nasd Feb 17 11:21:11 x3.hodgins.homeip.net nasd[5370]: [ OK ] Feb 17 11:21:11 x3.hodgins.homeip.net systemd[1]: Started LSB: Starts the nas daemon. Oking and validating.
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA8-64-OK
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0066.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED