Fedora has issued an advisory on April 6: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IGQ3XXPAM2RKAOIEXMCKKNICIKDLKWE2/ The issue was fixed in 2.2.6, so Mageia 6 is not affected.
Assigning to all packagers collectively, because afaik the registered maintainer (tv) considers Mga5 to be EOL
CC: (none) => marja11, thierry.vignaudAssignee: bugsquad => pkg-bugs
Actually it looks like tv added a patch for this on top of 2.2.6.
Version: 5 => 6Whiteboard: (none) => MGA5TOOStatus comment: (none) => Patch available from Fedora
(In reply to Marja van Waes from comment #1) > Assigning to all packagers collectively, because afaik the registered > maintainer (tv) considers Mga5 to be EOL Err, that's not my feeling, this is our official policy! See https://www.mageia.org/en/support/ "Mageia 5 was supported until December 31st, 2017".
We're still sort of unofficially supporting core packages for 5, but I'll worry about that. Mageia 6 needs the fixes you have in Cauldron.
I'm not sure what tv was doing, because 2.2.6 does contain the upstream fix.
Version: 6 => 5Whiteboard: MGA5TOO => (none)
Advisory: ======================== Updated cups packages fix security vulnerability: CUPS before version 2.2.6 has a vulnerability in the handling of usernames in the scheduler/ipp.c:add_job() function. A remote attacker could exploit this by submitting a print job with an invalid UTF-8 username to cause a crash and subsequent denial of service (CVE-2017-18248). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18248 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IGQ3XXPAM2RKAOIEXMCKKNICIKDLKWE2/ ======================== Updated packages in core/updates_testing: ======================== cups-2.0.4-1.5.mga5 cups-common-2.0.4-1.5.mga5 libcups2-devel-2.0.4-1.5.mga5 libcups2-2.0.4-1.5.mga5 cups-filesystem-2.0.4-1.5.mga5 from cups-2.0.4-1.5.mga5.src.rpm
CC: marja11, thierry.vignaud => (none)Assignee: pkg-bugs => qa-bugs
MGA5-32 on Dell Latitude D600 Xfce No installation issues After update existing printer was accessible, removed it in MCC - Hardware and installed it again. All seems well on board.
Whiteboard: (none) => MGA5-32-OKCC: (none) => herman.viaene
Thanks you Herman for the test. Advisoried, validating.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0224.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED