Bug 31138

Summary: systemd new security issue CVE-2022-3821
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tarazed25, tmb
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: systemd-246.16-2.mga8.src.rpm CVE:
Status comment:

Description David Walser 2022-11-16 17:48:35 CET 
SUSE has issued an advisory on November 15:
https://lists.suse.com/pipermail/sle-security-updates/2022-November/012929.html

The issue is fixed upstream in 252.
David Walser 2022-11-16 17:48:48 CET

Status comment: (none) => Fixed upstream in 252

Comment 2 David Walser 2022-11-16 23:44:16 CET 
Patched package uploaded for Mageia 8 by tmb:
systemd-tests-246.16-3.mga8
systemd-246.16-3.mga8
libsystemd0-246.16-3.mga8
nss-myhostname-246.16-3.mga8
systemd-homed-246.16-3.mga8
libudev1-246.16-3.mga8
libudev-devel-246.16-3.mga8
systemd-devel-246.16-3.mga8

from systemd-246.16-3.mga8.src.rpm

Status comment: Fixed upstream in 252 => (none)
Assignee: bugsquad => qa-bugs
CC: (none) => tmb

Comment 3 Len Lawrence 2022-11-17 13:30:22 CET 
mga8, x64

Installed missing core packages then updated:
systemd-tests-246.16-3.mga8
systemd-246.16-3.mga8
lib64systemd0-246.16-3.mga8
nss-myhostname-246.16-3.mga8
systemd-homed-246.16-3.mga8
lib64udev1-246.16-3.mga8
lib64udev-devel-246.16-3.mga8
systemd-devel-246.16-3.mga8

Rebooted without fuss.  NAS and NFS automounted, external USB drives mounted.  Plugged in another USB device which mounted on /mount/run/<user>/<drivename>.
$ systemctl status bluetooth
● bluetooth.service - Bluetooth service
     Loaded: loaded (/usr/lib/systemd/system/bluetooth.service; enabled; vendor>
     Active: active (running) since Thu 2022-11-17 12:20:02 GMT; 7min ago
       Docs: man:bluetoothd(8)
   Main PID: 950 (bluetoothd)
     Status: "Running"
      Tasks: 1 (limit: 37762)
     Memory: 1.8M
        CPU: 28ms
     CGroup: /system.slice/bluetooth.service
             └─950 /usr/libexec/bluetooth/bluetoothd

So far everything looks fine.

CC: (none) => tarazed25
Whiteboard: (none) => MGA8-64-OK

Comment 4 Dave Hodgins 2022-11-17 19:28:59 CET 
No regressions noticed. Advisory committed to svn. Validating.

Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 5 Mageia Robot 2022-11-17 21:46:34 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0429.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED