Bug 23423

Summary: libtirpc new security issue CVE-2018-14622
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: marja11
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libtirpc-0.2.5-3.3.mga5.src.rpm CVE:
Status comment:

Description David Walser 2018-08-10 17:25:53 CEST 
openSUSE has issued an advisory today (August 10):
https://lists.opensuse.org/opensuse-updates/2018-08/msg00070.html

There are more details in the SUSE bug:
https://bugzilla.suse.com/show_bug.cgi?id=968175

We'll have to check the code to see which versions are affected.
Comment 1 Marja Van Waes 2018-08-10 18:13:41 CEST 
Assigning to all packagers collectively, since there is no registered maintainer for this package.

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

Comment 2 David Walser 2018-09-05 23:01:15 CEST 
This is CVE-2018-14622:
https://bugzilla.suse.com/show_bug.cgi?id=968175#c30
https://bugzilla.suse.com/show_bug.cgi?id=1106517

Ubuntu has issued an advisory for this today (September 5):
https://usn.ubuntu.com/3759-1/

The fix is already in 1.x, so only Mageia 5 is affected.

Severity: normal => major
Summary: libtirpc new security issue => libtirpc new security issue CVE-2018-14622
Source RPM: libtirpc-1.0.3-1.mga7.src.rpm => libtirpc-0.2.5-3.3.mga5.src.rpm
Version: Cauldron => 5

Comment 3 Marja Van Waes 2018-10-06 12:54:27 CEST 
The limited support Mga5 continued to have after its official EOL has ended, so closing this bug as OLD.

Status: NEW => RESOLVED
Resolution: (none) => OLD