Bug 23050

Summary: procps-ng new security issues CVE-2018-112[0-6]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Thomas Backlund <tmb>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: geiger.david68210, marja11, mhrambo3501, thierry.vignaud
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: procps-ng-3.3.12-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2018-05-18 12:36:58 CEST 
Several security issues in procps-ng have been announced:
http://openwall.com/lists/oss-security/2018/05/17/1

Details are included in the message above, as is a base64-encoded set of patches.

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-05-18 12:37:11 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-05-19 08:44:04 CEST 
Assigning to the registered maintainer.
CC'ing some committers.

CC: (none) => geiger.david68210, marja11, thierry.vignaud
Assignee: bugsquad => tmb

Comment 2 David Walser 2018-05-23 20:30:24 CEST 
RedHat has issued an advisory today (May 23):
https://access.redhat.com/errata/RHSA-2018:1700

It fixes one of these CVEs plus a new one.

Summary: procps-ng new security issues CVE-2018-112[0-4] => procps-ng new security issues CVE-2018-112[0-4,6]

Comment 3 David Walser 2018-05-24 13:28:56 CEST 
More details:
http://openwall.com/lists/oss-security/2018/05/23/2

Summary: procps-ng new security issues CVE-2018-112[0-4,6] => procps-ng new security issues CVE-2018-112[0-6]

Comment 4 David Walser 2018-06-07 21:24:20 CEST 
Fedora advisory for two of these CVEs from May 22:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PKA4NZVL4XP3ZQDPHESLQBNXEWUKJLPT/
Comment 5 David Walser 2018-06-08 22:11:16 CEST 
Debian has issued an advisory for this on May 22:
https://www.debian.org/security/2018/dsa-4208
Comment 6 David Walser 2018-06-08 22:25:27 CEST 
Ubuntu has issued an advisory for this on May 23:
https://usn.ubuntu.com/3658-1/
Comment 7 David Walser 2018-06-29 19:57:56 CEST 
openSUSE has issued an advisory for this today (June 29):
https://lists.opensuse.org/opensuse-updates/2018-06/msg00145.html
Comment 8 David Walser 2018-12-30 06:09:05 CET 
I believe these issues are fixed in 3.3.15, which is now in Cauldron.

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 9 Mike Rambo 2019-11-06 13:27:51 CET 
Mageia 6 is EOL.

CC: (none) => mrambo
Status: NEW => RESOLVED
Resolution: (none) => OLD