Fedora has issued an advisory on April 6:
The issue was fixed in 2.2.6, so Mageia 6 is not affected.
Assigning to all packagers collectively, because afaik the registered maintainer (tv) considers Mga5 to be EOL
Actually it looks like tv added a patch for this on top of 2.2.6.
Patch available from Fedora
(In reply to Marja van Waes from comment #1)
> Assigning to all packagers collectively, because afaik the registered
> maintainer (tv) considers Mga5 to be EOL
Err, that's not my feeling, this is our official policy!
"Mageia 5 was supported until December 31st, 2017".
We're still sort of unofficially supporting core packages for 5, but I'll worry about that. Mageia 6 needs the fixes you have in Cauldron.
I'm not sure what tv was doing, because 2.2.6 does contain the upstream fix.
Updated cups packages fix security vulnerability:
CUPS before version 2.2.6 has a vulnerability in the handling of usernames in
the scheduler/ipp.c:add_job() function. A remote attacker could exploit this by
submitting a print job with an invalid UTF-8 username to cause a crash and
subsequent denial of service (CVE-2017-18248).
Updated packages in core/updates_testing:
marja11, thierry.vignaud =>
MGA5-32 on Dell Latitude D600 Xfce
No installation issues
After update existing printer was accessible, removed it in MCC - Hardware and installed it again.
All seems well on board.
Thanks you Herman for the test. Advisoried, validating.
An update for this issue has been pushed to the Mageia Updates repository.