Bug 23190

Summary: gdbm new security issues found by fuzzing and fixed upstream in 1.15
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Jack M <jackal.j>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11, mhrambo3501
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: gdbm-1.12-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2018-06-17 19:42:51 CEST 
Security issues in several database libraries have been announced:
http://openwall.com/lists/oss-security/2018/06/17/1

The issues in GDBM were all fixed in 1.15.

Unfortunately it changes the library major, so we probably can't safely update stables releases to it.

Mageia 5 is also affected.
Comment 1 David Walser 2018-06-17 19:47:41 CEST 
It does include a libgdbm_compat.so.4 (the old library major).  I'm not sure if that helps.
Comment 2 Marja Van Waes 2018-06-18 16:37:22 CEST 
Assigning to the registered gdbm maintainer

Assignee: bugsquad => jackal.j
CC: (none) => marja11

Comment 3 Mike Rambo 2019-11-06 13:30:20 CET 
Mageia 6 is EOL.

Resolution: (none) => OLD
Status: NEW => RESOLVED
CC: (none) => mrambo