Displaying 20 results from an estimated 1200 matches similar to: "Regarding the Security Vulnerability CVE 2024 - 27322"
2024 Jun 26
2
Regarding the Security Vulnerability CVE 2024 - 27322
Dear Aishwarya Priyadarshini,
Welcome to R-help! Most people here aren't affiliated with R Foundation.
? Wed, 26 Jun 2024 17:03:37 +0000
"Priya, Aishwarya via R-help" <r-help at r-project.org> ?????:
> I am reaching out to seek your guidance on addressing the security
> vulnerability CVE-2024-27322.
> To address this issue effectively, it appears that we need to
2024 Jun 27
1
Regarding the Security Vulnerability CVE 2024 - 27322
Hi Ivan and R - Help Team,
Thank you for your prompt response and the helpful information.
I have another query: Is there a way to patch or upgrade the existing installation to version 4.4.0, rather than having to uninstall the older version and then install the latest one? A direct upgrade or patch would greatly simplify the process and reduce downtime.
Your guidance on this matter would be
2024 Apr 30
1
Patches for CVE-2024-27322
Dear R-core,
I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We
updated R to v4.4.0 in Fedora rawhide, F40, EPEL9 and EPEL8, so no problem
there. However, F38 and F39 will stay at v4.3.3, and I was wondering if
there's a specific patch available, or if you could point me to the commits
that fixed the issue, so that we can cherry-pick them for F38 and F39.
Thanks.
2024 Apr 30
1
Patches for CVE-2024-27322
svn diff -c 86235 ~/r-devel/R
(or 86238 for the port to the release branch) should be easily backported.
(CC Luke in case there is more to it)
- pd
> On 30 Apr 2024, at 11:28 , I?aki Ucar <iucar at fedoraproject.org> wrote:
>
> Dear R-core,
>
> I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We
> updated R to v4.4.0 in Fedora rawhide, F40,
2024 Apr 30
1
Patches for CVE-2024-27322
On 30 April 2024 at 11:59, peter dalgaard wrote:
| svn diff -c 86235 ~/r-devel/R
Which is also available as
https://github.com/r-devel/r-svn/commit/f7c46500f455eb4edfc3656c3fa20af61b16abb7
Dirk
| (or 86238 for the port to the release branch) should be easily backported.
|
| (CC Luke in case there is more to it)
|
| - pd
|
| > On 30 Apr 2024, at 11:28 , I?aki Ucar <iucar at
2024 Apr 30
1
Patches for CVE-2024-27322
Many thanks both. I'll wait for Luke's confirmation to trigger the update
with the backported fix.
I?aki
On Tue, 30 Apr 2024 at 12:42, Dirk Eddelbuettel <edd at debian.org> wrote:
>
> On 30 April 2024 at 11:59, peter dalgaard wrote:
> | svn diff -c 86235 ~/r-devel/R
>
> Which is also available as
>
>
2024 May 01
2
De-serialization vulnerability?
All,
There seems to be a hullaboo about a vulnerability in R when deserializing untrusted data:
https://hiddenlayer.com/research/r-bitrary-code-execution
https://nvd.nist.gov/vuln/detail/CVE-2024-27322
https://www.kb.cert.org/vuls/id/238194
Apparently a fix was made for R 4.4.0, but I see no mention of it in the changes report:
https://cloud.r-project.org/bin/windows/base/NEWS.R-4.4.0.html
2024 May 13
1
[External] R hang/bug with circular references and promises
On Mon, 13 May 2024 09:54:27 -0500 (CDT)
luke-tierney--- via R-devel <r-devel at r-project.org> wrote:
> Looks like I added that warning 22 years ago, so that should be enough
> notice :-). I'll look into removing it now.
Dear Luke,
I've got a somewhat niche use case: as a way of protecting myself
against rogue *.rds files and vulnerabilities in the C code, I've been
2024 May 13
1
[External] R hang/bug with circular references and promises
On Sat, 11 May 2024, Peter Langfelder wrote:
> On Sat, May 11, 2024 at 9:34?AM luke-tierney--- via R-devel
> <r-devel at r-project.org> wrote:
>>
>> On Sat, 11 May 2024, Travers Ching wrote:
>>
>>> The following code snippet causes R to hang. This example might be a
>>> bit contrived as I was experimenting and trying to understand
>>>
2003 Sep 03
3
Pointer to upgrade 7960sip beyond v3.2.0?
Slightly off topic, but maybe some can suggest something off list...
Trying to upgrade a 7960 that was running skinny. I've got sip v3.2.0
installed and running, and am able to place calls via *, etc.
However, when upgrading to v4.4.0 I can never get to the point of
being able to place a call (eg, no dialtone, etc). I can ping the
phone, look at the Network Config, etc, but I can't
2024 Apr 25
1
[External] Re: Is ALTREP "non-API"?
On Thu, Apr 25, 2024 at 4:24?AM Ivan Krylov via R-devel
<r-devel at r-project.org> wrote:
>
> On Wed, 24 Apr 2024 15:31:39 -0500 (CDT)
> luke-tierney--- via R-devel <r-devel at r-project.org> wrote:
>
> > We would be better off (in my view, not necessarily shared by others
> > in R-core) if we could get to a point where:
> >
> > all entry points
2016 Oct 14
2
not quite demoted, yet
A few days ago I demoted my first DC (a v4.2.14, I think) and thought
the demote had gone well. Now, when I run "samba-tool dnsupdate
--verbose" I can see references to the first DC that remain.
Unfortunately, that DC no longer exists so I simply cannot demote it
again.
Following the instructions on the "Demote a Samba AD DC" page "Verifying
The Demotion" section, I
2024 Jan 18
1
Choices to remove `srcref` (and its buddies) when serializing objects
? Tue, 16 Jan 2024 14:16:19 -0500
Dipterix Wang <dipterix.wang at gmail.com> ?????:
> Could you recommend any packages/functions that compute hash such
> that the source references and sexpinfo_struct are ignored? Basically
> a version of `serialize` that convert R objects to raw without
> storing the ancillary source reference and sexpinfo.
I can show how this can be done, but
2024 Jan 16
2
Choices to remove `srcref` (and its buddies) when serializing objects
Could you recommend any packages/functions that compute hash such that the source references and sexpinfo_struct are ignored? Basically a version of `serialize` that convert R objects to raw without storing the ancillary source reference and sexpinfo.
I think most people would think of `digest` but that package uses `serialize` (see discussion
2016 Oct 16
0
not quite demoted, yet
On Thu, 2016-10-13 at 19:00 -0500, Bob of Donelson Trophy via samba
wrote:
> A few days ago I demoted my first DC (a v4.2.14, I think) and thought
> the demote had gone well. Now, when I run "samba-tool dnsupdate
> --verbose" I can see references to the first DC that remain.
> Unfortunately, that DC no longer exists so I simply cannot demote it
> again.
>
>
2016 Jan 15
0
linux v4.4.0 nouveau fails
On Fri, Jan 15, 2016 at 5:04 PM, Wakko Warner <wakko at animx.eu.org> wrote:
> Ilia Mirkin wrote:
>> I suspect the fb0 issue is because you disabled
>> CONFIG_DRM_FBDEV_EMULATION? Does the freeze also happen with 4.3? Any
>> chance you could bisect?
>
> I saw this config option, but I didn't realize that.
> The issue also occurs with 4.3. I even tried
2016 Jan 15
0
linux v4.4.0 nouveau fails
I suspect the fb0 issue is because you disabled
CONFIG_DRM_FBDEV_EMULATION? Does the freeze also happen with 4.3? Any
chance you could bisect?
On Mon, Jan 11, 2016 at 7:23 PM, Wakko Warner <wakko at animx.eu.org> wrote:
> Please keep me in the CC. I am not subscribed to this list.
>
> When booting 4.4.0 on one of my systems, when nouveau loads, the screen goes
> into powersave.
2016 Jan 15
3
linux v4.4.0 nouveau fails
Ilia Mirkin wrote:
> I suspect the fb0 issue is because you disabled
> CONFIG_DRM_FBDEV_EMULATION? Does the freeze also happen with 4.3? Any
> chance you could bisect?
I saw this config option, but I didn't realize that.
The issue also occurs with 4.3. I even tried 4.3-rc1 with the same results.
Would the DRM_FBDEV_EMULATION effect 3D?
> On Mon, Jan 11, 2016 at 7:23 PM, Wakko
2024 Jun 10
1
head.ts, tail.ts loses time
Hi, Martin et al.:
On 6/10/24 9:32 AM, Martin Maechler wrote:
>>>>>> Spencer Graves
>>>>>> on Mon, 10 Jun 2024 07:50:13 -0500 writes:
>
> > Hi, Gabor et al.: Thanks for this. I should change my
> > current application to use either zoo or xts, as Gabor
> > suggests.
>
>
> > However, I was
2016 Jan 12
2
linux v4.4.0 nouveau fails
Please keep me in the CC. I am not subscribed to this list.
When booting 4.4.0 on one of my systems, when nouveau loads, the screen goes
into powersave. It doesn't appear to register the fb0 device.
When X starts up, the screen comes back and I'm able to login. When
launching anything that accesses 3D, the screen freezes. Nothing is logged
in either X or dmesg.
This same system works