Fedora has issued an advisory on March 26: https://lists.fedoraproject.org/pipermail/package-announce/2015-March/154116.html The RedHat bug says that the issue is fixed in 0.85.3: https://bugzilla.redhat.com/show_bug.cgi?id=1194196 I don't see a release announcement upstream yet. Fedora added this patch from the 0.84 branch in Fedora 21: http://pkgs.fedoraproject.org/cgit/glpi.git/plain/glpi-0.84-bug5218.patch?h=f21&id=facea57d576dda9f4f2e01ec5065f38301b957b5 Mageia 4 and Mageia 5 are affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
URL: (none) => http://lwn.net/Vulnerabilities/639227/
Here's the Fedora advisory for the Fedora 21 update: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154284.html
Ping?
Blocks: (none) => 14674
cauldron is fixed. I will look for mga4
CC: (none) => mageia
fixed package is in mga4 core/updates_testing
Patched packages uploaded for Mageia 4 and Cauldron. Thanks Nicolas! They did finally post a release announcement for 0.85.3 upstream: http://www.glpi-project.org/spip.php?page=annonce&id_breve=338&lang=en Advisory: ======================== Updated glpi package fixes security vulnerability: Any user who has the rights to create a new user can create a super-admin user. References: https://forge.indepnet.net/issues/5218 https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154284.html ======================== Updated packages in core/updates_testing: ======================== glpi-0.84.3-1.3.mga4 from glpi-0.84.3-1.3.mga4.src.rpm
CC: (none) => guillomovitchVersion: Cauldron => 4Blocks: 14674 => (none)Assignee: guillomovitch => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)Severity: normal => major
Testing complete mga4 32 Just ensuring it updates cleanly during mga5 final release cycle.
Whiteboard: (none) => mga4-32-ok
(In reply to claire robinson from comment #6) > Testing complete mga4 32 > > Just ensuring it updates cleanly during mga5 final release cycle. Package update cleanly on MGA4-64-OK on a VBox x86-64 VM.
CC: (none) => shlomifWhiteboard: mga4-32-ok => mga4-32-ok mga4-64-ok
Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: mga4-32-ok mga4-64-ok => advisory mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0204.html
Status: NEW => RESOLVEDResolution: (none) => FIXED