| Summary: | gdk-pixbuf2.0 new security issue CVE-2022-48622 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | gdk-pixbuf2.0-2.42.10-2.mga9.src.rpm | CVE: | CVE-2022-48622 |
| Status comment: | Fixed upstream in 2.42.12 and patch available from upstream | ||
|
Description
Nicolas Salguero
2024-05-16 16:07:20 CEST
Nicolas Salguero
2024-05-16 16:08:47 CEST
Source RPM:
(none) =>
gdk-pixbuf2.0-2.42.10-2.mga9.src.rpm Assigning globally. We did not do v2.42.11. Assignee:
bugsquad =>
pkg-bugs Fixed for Cauldron! Version:
Cauldron =>
9 Assigning to QA, Packages in 9/Core/Updates_testing: ====================== gdk-pixbuf2.0-2.42.10-2.1.mga9 libgdk_pixbuf-gir2.0-2.42.10-2.1.mga9 libgdk_pixbuf2.0-devel-2.42.10-2.1.mga9 libgdk_pixbuf2.0_0-2.42.10-2.1.mga9 lib64gdk_pixbuf-gir2.0-2.42.10-2.1.mga9 lib64gdk_pixbuf2.0-devel-2.42.10-2.1.mga9 lib64gdk_pixbuf2.0_0-2.42.10-2.1.mga9 From SRPMS: gdk-pixbuf2.0-2.42.10-2.1.mga9.src.rpm Assignee:
pkg-bugs =>
qa-bugs
katnatek
2024-05-18 18:55:35 CEST
Keywords:
(none) =>
advisory RH mageia 9 x86_64
LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date
installing gdk-pixbuf2.0-2.42.10-2.1.mga9.x86_64.rpm lib64gdk_pixbuf-gir2.0-2.42.10-2.1.mga9.x86_64.rpm lib64gdk_pixbuf2.0_0-2.42.10-2.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing... ##################################################################################################
1/3: lib64gdk_pixbuf2.0_0 ##################################################################################################
2/3: gdk-pixbuf2.0 ##################################################################################################
3/3: lib64gdk_pixbuf-gir2.0
##################################################################################################
1/3: removing lib64gdk_pixbuf-gir2.0-2.42.10-2.mga9.x86_64
##################################################################################################
2/3: removing lib64gdk_pixbuf2.0_0-2.42.10-2.mga9.x86_64
##################################################################################################
3/3: removing gdk-pixbuf2.0-2.42.10-2.mga9.x86_64
##################################################################################################
In the long list of urpmq --whatrequires lib64gdk_pixbuf2.0_0 we find audacity
strace shows that the application load the library
openat(AT_FDCWD, "/lib64/libgdk_pixbuf-2.0.so.0", O_RDONLY|O_CLOEXEC) = 3
audacity starts without issues
It's not the usual test and is not related with the CVE but is a sort of probe
Feel free of remove the OK if necessary Whiteboard:
(none) =>
MGA9-64-OK Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0182.html Status:
NEW =>
RESOLVED |