Fedora has issued an advisory on December 15: https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147737.html Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated mpfr packages fix security vulnerability: A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer (CVE-2014-9474). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9474 https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147737.html ======================== Updated packages in core/updates_testing: ======================== libmpfr4-3.1.2-2.1.mga4 libmpfr-devel-3.1.2-2.1.mga4 libmpfr-static-devel-3.1.2-2.1.mga4 from mpfr-3.1.2-2.1.mga4.src.rpm Reproducible: Steps to Reproduce:
MGA4-64 on HP Probook 6555b KDE No installation issues. urpmq --whatrequires lib64mpfr4 shows a.o. genius I installed genius, and ran it with strace gave it 30*70+67^3.0 to calculate , returned = 302863.0 trace shows : open("/lib64/libmpfr.so.4"
CC: (none) => herman.viaeneWhiteboard: (none) => MGA4-64-OK
MGA4-32 on AcerD620 Xfce Confirm results as per Comment 1
Whiteboard: MGA4-64-OK => MGA4-64-OK MGA4-32-OK
Genius, well done Herman. Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA4-64-OK MGA4-32-OK => has_procedure advisory MGA4-64-OK MGA4-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0021.html
Status: NEW => RESOLVEDResolution: (none) => FIXED