Ubuntu has issued an advisory on November 29: https://usn.ubuntu.com/usn/usn-3501-1/ Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Suggested advisory: ======================== The updated packages fix a security vulnerability: Heap overflows when parsing malicious files. (CVE-2017-16612) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612 https://usn.ubuntu.com/usn/usn-3501-1/ ======================== Updated packages in 5/core/updates_testing: ======================== lib(64)xcursor1-1.1.14-5.1.mga5 lib(64)xcursor-devel-1.1.14-5.1.mga5 from SRPMS: libxcursor-1.1.14-5.1.mga5.src.rpm Updated packages in 6/core/updates_testing: ======================== lib(64)xcursor1-1.1.14-6.1.mga6 lib(64)xcursor-devel-1.1.14-6.1.mga6 from SRPMS: libxcursor-1.1.14-6.1.mga6.src.rpm
Version: Cauldron => 6Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsCVE: (none) => CVE-2017-16612CC: (none) => nicolas.salgueroWhiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Installed an tested without issues. System: Mageia 5, x86_64, Plasma DE, Intel CPU, nVidia GPU with nvidia340 proprietary driver. Since libxcursor is used by kwin and plasma-desktop, to test I simply restarted the Xorg server and session to be certain the new library was loaded and used. Also changed the cursor theme in KDE's systemsettings. No regressions noticed. $ rpm -q lib64xcursor1 lib64xcursor1-1.1.14-5.1.mga5 $ uname -a Linux marte 4.4.103-desktop-1.mga5 #1 SMP Thu Nov 30 12:44:39 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ urpmq --whatrequires lib64xcursor1 | egrep -v ^lib | sort -u 0ad aseprite chromium-browser-stable fife flash-player-plugin freerdp freshplayerplugin gambas3-gb-sdl gimp godot jogl2 kdebase4-runtime kdebase4-workspace kwin lxqt-config marco mate-control-center metacity mousetweaks muffin openbox plasma-desktop sk1 spectrwm spring virtualbox weston wine64 x11-driver-video-intel xcursorgen xfce4-settings xsetroot
CC: (none) => mageia
Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OK
Mageia 6 on x86_64 - Mate Followed the lead of PC LX, comment 3. Restarted the session and X. Changed the mouse pointer via Mate settings -> Appearance -> Themes -> customize current theme. Tried gimp, which appears in the list in comment 3. $ strace gimp ManDogSun_Hackmann.jpg 2> trace $ cat trace | grep libXcursor open("/lib64/libXcursor.so.1", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/libXcursor.so.1.0.2", O_RDONLY) = 3
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OKCC: (none) => tarazed25
MGA5-32 on Dell Latitude D600 Xfce No installation issues. Followed Comment 4 in Xfce settings and ran gimp, new cursor behaves OK.
Whiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK MGA5-32-OKCC: (none) => herman.viaene
Mageia 6 :: i586 in virtualbox Updated the two libraries. Changed the mouse pointer in Mate preferences -> look & feel Restarted the session. Everything running fine. New mouse pointer in use. Good for 32 bits.
Whiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK MGA5-32-OK => MGA5TOO MGA5-64-OK MGA6-64-OK MGA5-32-OK MGA6-32-OK
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0443.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED