Bug 25750

Summary: fence-agents new security issue CVE-2019-10153
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, geiger.david68210, herman.viaene, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: fence-agents-4.3.0-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2019-11-26 14:47:56 CET 
openSUSE has issued an advisory on July 20:
https://lists.opensuse.org/opensuse-updates/2019-07/msg00075.html

The issue is fixed upstream in 4.3.4.
Comment 1 David GEIGER 2019-12-05 17:57:11 CET 
Done for mga7 updating to the 4.4.0 release!
Comment 2 David Walser 2019-12-05 18:21:32 CET 
Advisory:
========================

Updated fence-agents package fixes security vulnerability:

Denial of service via guest VM comments (CVE-2019-10153).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10153
https://lists.opensuse.org/opensuse-updates/2019-07/msg00075.html
========================

Updated packages in core/updates_testing:
========================
fence-agents-4.4.0-1.mga7

from fence-agents-4.4.0-1.mga7.src.rpm

Assignee: geiger.david68210 => qa-bugs
CC: (none) => geiger.david68210

Comment 3 Herman Viaene 2019-12-07 10:21:01 CET 
MGA7-64 Plasma on Lenovo B50
At installation in MCC I get:
The  following package has to be removed to upgrade others:
krb5-appl-clients-1.0.3-10.mga7.x86_64
 (bacause of conflicts with netkit-telnet).

# urpmq --whatrequires fence-agents
fence-agents

From MCC :"Fence Agents is a collection of scripts to handle remote power management for several devices."
If someone else has an idea what this is about, I don't.
Or agree to OK clean install, there seem to be no adverse effects.

CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2019-12-19 00:07:50 CET 
It's all beyond me, too. But, I can confirm your experience with a clean install and no ill effects. Going to let this one go on just that.

Clean install OK on 64-bit. Validating. Advisory in Comment 2.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Thomas Backlund 2019-12-19 13:21:04 CET

CC: (none) => tmb
Keywords: (none) => advisory

Comment 5 Mageia Robot 2019-12-19 14:45:53 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0398.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED