| Summary: | golang-x-sys new security issue CVE-2022-29526 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Marja Van Waes <marja11> |
| Component: | Security | Assignee: | Pascal Terjan <pterjan> |
| Status: | RESOLVED INVALID | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | bruno, guillomovitch, luigiwalser, marja11, pterjan, qa-bugs, security |
| Version: | 8 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.mageia.org/show_bug.cgi?id=30422 | ||
| Whiteboard: | |||
| Source RPM: | golang-x-sys-0-0.43.mga9.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Marja Van Waes
2022-07-16 12:24:50 CEST
Marja Van Waes
2022-07-16 12:25:20 CEST
Whiteboard:
(none) =>
MGA8TOO
Marja Van Waes
2022-07-16 13:19:41 CEST
Depends on:
30422 =>
(none) I was wrong there, embedded golang-x-sys in docker still isn't fixed, either guillomovitch just pushed golang-x-sys-0-0.44.mga9 thanks :-) guillomovitch <guillomovitch> 0-0.44.mga9: + Revision: 1869189 - new git snapshot I don't know how to see whether that fixes CVE-2022-29526, https://github.com/golang/sys/security/advisories is empty But here https://github.com/golang/go/issues/52313#issuecomment-1097210431 it says: "golang.org/x/sys/unix".Faccessat suffers from the same problem, but only on Linux kernels < 5.8. We have kernel-5.15.50-1.mga8 and kernel-5.18.12-1.mga9, so our golang-x-sys is not (or at least no longer) affected, right?? I don't see the connection to the CVE and I'm not sure that Faccessat's issue is all that it's about. Version:
Cauldron =>
8 (In reply to David Walser from comment #4) > I don't see the connection to the CVE Yeah, sorry, I should have said where I got that link from. It was one of the references here https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526 and the only reference to https://github.com/golang/ > and I'm not sure that Faccessat's > issue is all that it's about. Thanks. Status:
NEW =>
RESOLVED |