Bug 29935

sigh, of course going public with new issues one day after we just released an update..

Cauldron fixed in glibc-2.34-24.mga9

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

CVE-2021-3998 does not affect mga8 as the affected code came in later:

git describe --contains c6e0b0b5b0b7922cdf0dce2af671e0c7e500df95
glibc-2.33~87


CVE-2021-3999 fixed in glibc-2.32-24.mga8 currently building

Fedora has issued an advisory for this today (February 3):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P4R5YTUHS7OZ4HZCUKF6SRVXGDHSZAOF/

Ready to assign to QA?

Installed it jan 26.  No issues noted.

CC: (none) => fri

Nope, I'm looking at more fixes that has landed upstream...

I'll write up the advisory later, here are the rpms

SRPM:
glibc-2.32-25.mga8.src.rpm


i586:
glibc-2.32-25.mga8.i586.rpm
glibc-devel-2.32-25.mga8.i586.rpm
glibc-doc-2.32-25.mga8.noarch.rpm
glibc-i18ndata-2.32-25.mga8.i586.rpm
glibc-profile-2.32-25.mga8.i586.rpm
glibc-static-devel-2.32-25.mga8.i586.rpm
glibc-utils-2.32-25.mga8.i586.rpm
nscd-2.32-25.mga8.i586.rpm


x86_64:
glibc-2.32-25.mga8.x86_64.rpm
glibc-devel-2.32-25.mga8.x86_64.rpm
glibc-doc-2.32-25.mga8.noarch.rpm
glibc-i18ndata-2.32-25.mga8.x86_64.rpm
glibc-profile-2.32-25.mga8.x86_64.rpm
glibc-static-devel-2.32-25.mga8.x86_64.rpm
glibc-utils-2.32-25.mga8.x86_64.rpm
nscd-2.32-25.mga8.x86_64.rpm

Assignee: tmb => qa-bugs

5.15.18-desktop-2.mga8  x86_64
Updated the eight packages and rebooted.
/etc/nscd.conf looks alright to the untrained eye.
The desktop continues to function normally.
$ urpmq -i glibc-utils
.....
The glibc-utils package contains memusage, a memory usage profiler,
mtrace, a memory leak tracer and xtrace, a function call tracer which
can be helpful during program debugging.

$ cat test-posix-memalign.c
#include <stdlib.h>
#include <stdint.h>

int main(int argc, char **argv)
{
	void *p;
 	return posix_memalign(&p, 0x10, SIZE_MAX - 0x20);
}
$ mtrace test-posix-memalign
No memory leaks.

Tried a local build of celestia as in bug 26309 but hit problems at the bm stage even after running `sudo urpmi --buildrequires SPECS/celestia.spec` so gave up on that.  Some 14K other applications and libraries require glibc so we shall leave it at that.  It is OK but others may wish to test it further.

CC: (none) => tarazed25

The priority of the update and the warning to restart the system are enough to indicate Mageia's fundamental reliance on glibc. It's used practically everywhere.

Tested on a MGA8-64 Plasma desktop system with an i5-2500, Intel graphics, and a wired Internet connection. Also tested with a MGA8-32 Xfce system on a Dell Inspiron 5100, with a P4, Radeon RV200 graphics, and an aging Atheros-based wifi connection.

No installation issues for either system. After the reboot, tried this and that, including removing some stale kernels with rpmdrake, Firefox, VLC on 64-bit and Parole on 32-bit, Thunderbird on 64-bit. No issues noted.

This looks OK to me on both x86_64 and i586 real hardware.

CC: (none) => andrewsfarm

So this should go out for both architectures based on comment 9.

Whiteboard: (none) => MGA8-64-OK MGA8-32-OK

Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0052.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED