Bug 30683

Summary: libguestfs new security issue CVE-2022-2211
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Thierry Vignaud <thierry.vignaud>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: joequant, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libguestfs-1.44.0-2.2.mga8.src.rpm CVE: CVE-2022-2211
Status comment:

Description David Walser 2022-07-29 17:42:00 CEST 
SUSE has issued an advisory on July 28:
https://lists.suse.com/pipermail/sle-security-updates/2022-July/011703.html

Mageia 8 may also be affected.
Comment 2 Lewis Smith 2022-07-30 21:35:02 CEST 
Need to dig to find the fix.
 https://bugzilla.suse.com/1201064
Fix, patch (I think):
 https://bugzilla.suse.com/attachment.cgi?id=859933&action=diff
Upstream documentation for the fix:
 https://bugzilla.suse.com/attachment.cgi?id=859934&action=diff

RedHat has a lot about this, but it is complicated and embraces other issues, notably LUKS. I saw references to patches, but never a patch.
 https://bugzilla.redhat.com/show_bug.cgi?id=2100862

This is nominally with joequant (CC'ing), but latest updates have been done by tv, so assigning thus.

CC: (none) => joequant
Assignee: bugsquad => thierry.vignaud

Comment 3 David Walser 2022-11-09 17:28:34 CET 
RedHat has issued an advisory for this on November 8:
https://access.redhat.com/errata/RHSA-2022:7472
Comment 4 Nicolas Salguero 2024-03-12 11:29:15 CET 
It was already fixed in Mageia 9.

Mageia 8 EOL.

CVE: (none) => CVE-2022-2211
CC: (none) => nicolas.salguero
Status: NEW => RESOLVED
Resolution: (none) => OLD
Source RPM: libguestfs-1.49.2-1.mga9.src.rpm => libguestfs-1.44.0-2.2.mga8.src.rpm
Version: Cauldron => 8