Bug 31880

Summary: patchelf new security issue CVE-2022-44940
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, davidwhodgins, geiger.david68210, herman.viaene, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: patchelf-0.11-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2023-05-06 22:48:47 CEST 
Ubuntu has issued an advisory on April 20:
https://ubuntu.com/security/notices/USN-6036-1

The issue is fixed upstream in 0.16.0.

Mageia 8 is also affected.
David Walser 2023-05-06 22:48:59 CEST

Status comment: (none) => Fixed upstream in 0.16.0
Whiteboard: (none) => MGA8TOO

Comment 1 David GEIGER 2023-05-07 17:13:24 CEST 
Done for both mga8 and cauldron!

freeze_move asked for cauldron.

CC: (none) => geiger.david68210

Comment 2 David Walser 2023-05-07 19:37:21 CEST 
patchelf-0.16.1-1.mga8

from patchelf-0.16.1-1.mga8.src.rpm


Freeze move for Cauldron pending.

Source RPM: patchelf-0.15.0-1.mga9.src.rpm => patchelf-0.11-1.mga8.src.rpm
Status comment: Fixed upstream in 0.16.0 => (none)

Comment 3 Lewis Smith 2023-05-07 20:58:33 CEST 
Another bug for you DavidG, since you have already done it...

Assignee: bugsquad => geiger.david68210
CC: geiger.david68210 => (none)

Comment 4 David GEIGER 2023-05-12 06:34:51 CEST 
Assigning to QA

Assignee: geiger.david68210 => qa-bugs

David GEIGER 2023-05-12 06:36:20 CEST

Version: Cauldron => 8
CC: (none) => geiger.david68210
Whiteboard: MGA8TOO => (none)

Comment 5 Herman Viaene 2023-05-18 16:16:05 CEST 
MGA8-64 MATE on Acer Aspire 5253
No installation issues
No wiki, no previous updates. MCC reads "PatchELF is a simple utility for modifying an existing ELF executable or library.  It can change the dynamic loader ("ELF interpreter") of an executable and change the RPATH of an executable or library."
That does nor sound like something an everyday user (or a QA person at that) would need to know.
At least it does nt seem to harm my system, so I propose to OK this on clean install.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 6 Thomas Andrews 2023-05-19 01:39:10 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-05-21 02:19:34 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2023-05-21 10:44:25 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0179.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED