Bug 32951

Summary: iwd new security issue CVE-2023-52161
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: Jani Välimaa <jani.valimaa>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: iwd, ell CVE: CVE-2023-52161
Status comment: fixed in iwd version 2.15; need also ell 0.63

Nicolas Salguero 2024-03-08 15:37:30 CET

Source RPM: (none) => iwd, libell
CVE: (none) => CVE-2023-52161

Comment 1 Lewis Smith 2024-03-09 20:43:18 CET 
Does this apply also to Mageia 9? If so, pleas add MGA9TOO Whiteboard.

We do not have iwd v2.15, but more recent 2.16 in Cauldron.

For M9, I think the pkg is 'lib64ell0' in SRPM 'ell-0.55-1.mga9.src.rpm'.
Cauldron shows we already (just) have version 0.63.

Exceptionally assigning this to wally, who did all recent updates for both SRPMS.

Assignee: bugsquad => jani.valimaa
Status comment: (none) => fixed in iwd version 2.15; need also libell 0.63

Comment 2 Jani Välimaa 2024-03-10 09:51:01 CET 
(In reply to Lewis Smith from comment #1)
> Does this apply also to Mageia 9? If so, pleas add MGA9TOO Whiteboard.
> 
> We do not have iwd v2.15, but more recent 2.16 in Cauldron.
> 
> For M9, I think the pkg is 'lib64ell0' in SRPM 'ell-0.55-1.mga9.src.rpm'.
> Cauldron shows we already (just) have version 0.63.
> 
> Exceptionally assigning this to wally, who did all recent updates for both
> SRPMS.

Mageia 9 not affected as iwd was imported only after mga9 was released and cauldron reopened.

Source RPM: iwd, libell => iwd, ell
Status comment: fixed in iwd version 2.15; need also libell 0.63 => fixed in iwd version 2.15; need also ell 0.63

Comment 3 Jani Välimaa 2024-03-10 09:52:08 CET 
Closing as FIXED.

In Cauldron we already have:
iwd-2.16-1.mga10
ell-0.63-1.mga10

Resolution: (none) => FIXED
Status: NEW => RESOLVED