| Summary: | freeglut new security issues CVE-2024-2425[89] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, mageia, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK, MGA9-32-OK | ||
| Source RPM: | freeglut-3.4.0-1.mga9.src.rpm | CVE: | CVE-2024-24258, CVE-2024-24259 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-05-02 09:17:54 CEST
Nicolas Salguero
2024-05-02 09:18:11 CEST
CVE:
(none) =>
CVE-2024-24258, CVE-2024-24259 Suggested advisory: ======================== The updated packages fix security vulnerabilities: freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. (CVE-2024-24258) freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. (CVE-2024-24259) References: https://lwn.net/Articles/971670/ ======================== Updated packages in core/updates_testing: ======================== lib(64)freeglut3-3.4.0-1.1.mga9 lib(64)freeglut-devel-3.4.0-1.1.mga9 from SRPM: freeglut-3.4.0-1.1.mga9.src.rpm Status:
NEW =>
ASSIGNED
PC LX
2024-05-02 18:01:47 CEST
CC:
(none) =>
mageia
katnatek
2024-05-02 19:44:37 CEST
Keywords:
(none) =>
advisory RH mageia 9 x86_64
LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date
installing lib64freeglut3-3.4.0-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing... ##################################################################################################
1/1: lib64freeglut3 ##################################################################################################
1/1: removing lib64freeglut3-3.4.0-1.mga9.x86_64
##################################################################################################
urpmq --whatrequires-recursive lib64freeglut3 provides lots of files
Can't find evidence the lib is loaded using strace in glxinfo or smplayer
katnatek
2024-05-04 23:59:03 CEST
CC:
(none) =>
andrewsfarm
katnatek
2024-05-04 23:59:32 CEST
Whiteboard:
(none) =>
MGA9-64-OK, MGA9-32-OK RH mageia 9 i586 Updated without issues Of the applications reported to require libfreeglut3 all what I test works smplayer vlc glxinfo As in 64bit test the library not gives evidence in strace Nothing more to test by my part, feel free of remove the OK if necessary I tried a couple of applications, and couldn't find a trace, either. Letting it go on a clean install that doesn't seem to break anything. Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0165.html Resolution:
(none) =>
FIXED |