| Summary: | gssproxy new security issue CVE-2020-12658 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, guillomovitch, ouaurelien, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | gssproxy-0.8.2-2.mga7.src.rpm | CVE: | CVE-2020-12658 |
| Status comment: | |||
|
Description
David Walser
2021-01-06 00:04:17 CET
David Walser
2021-01-06 00:05:01 CET
Status comment:
(none) =>
Fixed upstream in 0.8.3 This is just for M7, we have 0.8.3 in Cauldron. Assigning to the current maintainer. Assignee:
bugsquad =>
guillomovitch I just submitted gssproxy-0.8.2-2.1.mga7 in update_testing for mageia 7. Advisory: ======================== Updated gssproxy package fixes security vulnerability: gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c (CVE-2020-12658). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12658 https://www.debian.org/lts/security/2021/dla-2516 ======================== Updated packages in core/updates_testing: ======================== gssproxy-0.8.2-2.1.mga7 from gssproxy-0.8.2-2.1.mga7.src.rpm CC:
(none) =>
guillomovitch Passing this along on a clean install. Advisory in Comment 3. Keywords:
(none) =>
validated_update Advisory committed to SVN. CVE:
(none) =>
CVE-2020-12658 An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0081.html Resolution:
(none) =>
FIXED |