| Summary: | 389-ds-base possible new security issue CVE-2021-45710 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Mageia Bug Squad <bugsquad> |
| Status: | RESOLVED INVALID | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | lewyssmith, nicolas.salguero, rverschelde |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | 389-ds-base-1.4.0.26-16.mga9.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-11-16 17:57:54 CET
David Walser
2022-11-16 17:58:11 CET
CC:
(none) =>
nicolas.salguero, rverschelde Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZWHM3NVX2ER6EG5E2T2KWUBDPCGYBLYI/ Hi, That CVE affects tokio but 389-ds-base-1.4.0.26 does not seem to use that crate but another one: rsds. Best regards, Nico. Does this mean that this is not relevant to Mageia? If so, can it be closed 'invalid'? Await luigi's response. CC:
(none) =>
lewyssmith Has our rust package fixed this issue? I cannot find any package named tokio or rust-tokio. Duplicate of bug 30001? (In reply to David Walser from comment #4) > Has our rust package fixed this issue? According to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45710: > An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption. Both rust-1.60.0-1.mga8 and rust-1.65.0-1.mga9 use tokio 1.8.4 as a vendored crate, so it should be fine. Thanks. Resolution:
(none) =>
INVALID |