Bug 22711

Summary: glibc new security issues CVE-2018-6485, CVE-2018-6551, and CVE-2018-11236
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: David Walser <luigiwalser>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: glibc-2.20-27.mga5.src.rpm CVE:
Status comment: Fixes checked into SVN
Bug Depends on: 22614, 23136    
Bug Blocks:    

Description David Walser 2018-03-06 14:22:10 CET 
+++ This bug was initially created as a clone of Bug #22614 +++

SUSE has issued an advisory on February 15:
https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00026.html

The upstream commit to fix the issues is linked from the SUSE bug:
https://bugzilla.suse.com/show_bug.cgi?id=1079036

Cloning this for Mageia 5.  SVN patch for Mageia 5 is attached to 22614.  This doesn't need to be pushed as an update right away; it can just be queued for later.
David Walser 2018-03-11 16:08:41 CET

Status comment: (none) => Patch attached to Bug 22614

Comment 1 David Walser 2018-03-15 20:15:29 CET 
Patch committed to Mageia 5 SVN.

Status comment: Patch attached to Bug 22614 => Fixed checked into SVN

Comment 2 David Walser 2018-06-24 18:00:32 CEST 
openSUSE has issued an advisory on June 8:
https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00010.html

CVE-2018-11236 is the only new CVE that affects Mageia 5.

Patch checked into Mageia 5 SVN.

Summary: glibc new security issues CVE-2018-6485 and CVE-2018-6551 => glibc new security issues CVE-2018-6485, CVE-2018-6551, and CVE-2018-11236
Status comment: Fixed checked into SVN => Fixes checked into SVN
Depends on: (none) => 23136

Comment 3 Marja Van Waes 2018-10-02 10:32:46 CEST 
Closing as OLD, since Mga5 is really EOL now.

CC: (none) => marja11
Status: NEW => RESOLVED
Resolution: (none) => OLD