| Summary: | unixODBC new security issue CVE-2024-1013 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | unixODBC-2.3.11-1.mga9.src.rpm | CVE: | CVE-2024-1013 |
| Status comment: | Patch available from upstream and Ubuntu | ||
|
Description
Nicolas Salguero
2024-03-29 11:17:19 CET
Nicolas Salguero
2024-03-29 11:18:23 CET
Source RPM:
(none) =>
unixODBC-2.3.12-1.mga10.src.rpm Done for Cauldron and mga9 too! Version:
Cauldron =>
9 Assigning to QA, Packages in 9/Core/Updates_testing: ====================== libunixODBC-devel-2.3.11-1.1.mga9 libunixODBC2-2.3.11-1.1.mga9 lib64unixODBC-devel-2.3.11-1.1.mga9 lib64unixODBC2-2.3.11-1.1.mga9 unixODBC-2.3.11-1.1.mga9 From SRPMS: unixODBC-2.3.11-1.1.mga9.src.rpm Assignee:
bugsquad =>
qa-bugs
katnatek
2024-03-31 19:40:43 CEST
Keywords:
(none) =>
advisory RH mageia 9 x86_64
Install current packages
LC_ALL=C urpmi lib64unixODBC-devel lib64unixODBC2 unixODBC
Package lib64unixODBC2-2.3.11-1.mga9.x86_64 is already installed
Marking lib64unixODBC2 as manually installed, it won't be auto-orphaned
writing /var/lib/rpm/installed-through-deps.list
To satisfy dependencies, the following packages are going to be installed:
Package Version Release Arch
(medium "Core Release (distrib1)")
lib64ltdl-devel 2.4.7 1.mga9 x86_64
lib64unixODBC-devel 2.3.11 1.mga9 x86_64
libtool 2.4.7 1.mga9 x86_64
unixODBC 2.3.11 1.mga9 x86_64
1.3MB of additional disk space will be used.
406KB of packages will be retrieved.
Proceed with the installation of the 4 packages? (Y/n) y
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64ltdl-devel-2.4.7-1.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/unixODBC-2.3.11-1.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64unixODBC-devel-2.3.11-1.mga9.x86_64.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/libtool-2.4.7-1.mga9.x86_64.rpm
installing libtool-2.4.7-1.mga9.x86_64.rpm lib64unixODBC-devel-2.3.11-1.mga9.x86_64.rpm unixODBC-2.3.11-1.mga9.x86_64.rpm lib64ltdl-devel-2.4.7-1.mga9.x86_64.rpm from /var/cache/urpmi/rpms
Preparing... ##################################################################################################
1/4: libtool ##################################################################################################
2/4: lib64ltdl-devel ##################################################################################################
3/4: lib64unixODBC-devel ##################################################################################################
4/4: unixODBC ##################################################################################################
LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date
installing lib64unixODBC-devel-2.3.11-1.1.mga9.x86_64.rpm lib64unixODBC2-2.3.11-1.1.mga9.x86_64.rpm unixODBC-2.3.11-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing... ##################################################################################################
1/3: lib64unixODBC2 ##################################################################################################
2/3: lib64unixODBC-devel ##################################################################################################
3/3: unixODBC ##################################################################################################
1/3: removing unixODBC-2.3.11-1.mga9.x86_64
##################################################################################################
2/3: removing lib64unixODBC-devel-2.3.11-1.mga9.x86_64
##################################################################################################
3/3: removing lib64unixODBC2-2.3.11-1.mga9.x86_64
##################################################################################################
See bug#23253 as reference
odbcinst -j
unixODBC 2.3.11
DRIVERS............: /etc/odbcinst.ini
SYSTEM DATA SOURCES: /etc/odbc.ini
FILE DATA SOURCES..: /etc/ODBCDataSources
USER DATA SOURCES..: /root/.odbc.ini
SQLULEN Size.......: 8
SQLLEN Size........: 8
SQLSETPOSIROW Size.: 8
katnatek
2024-03-31 20:34:56 CEST
CC:
(none) =>
andrewsfarm
katnatek
2024-03-31 20:35:14 CEST
Whiteboard:
(none) =>
MGA9-64-OK Validating. Keywords:
(none) =>
validated_update
katnatek
2024-03-31 22:01:16 CEST
Source RPM:
unixODBC-2.3.12-1.mga10.src.rpm =>
unixODBC-2.3.11-1.mga9.src.rpm An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0106.html Resolution:
(none) =>
FIXED |