23190 – gdbm new security issues found by fuzzing and fixed upstream in 1.15

Bug 23190 - gdbm new security issues found by fuzzing and fixed upstream in 1.15

Summary: gdbm new security issues found by fuzzing and fixed upstream in 1.15

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Jack M
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-06-17 19:42 CEST by David Walser
Modified:	2019-11-06 13:30 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	gdbm-1.12-1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-06-17 19:42:51 CEST

Security issues in several database libraries have been announced:
http://openwall.com/lists/oss-security/2018/06/17/1

The issues in GDBM were all fixed in 1.15.

Unfortunately it changes the library major, so we probably can't safely update stables releases to it.

Mageia 5 is also affected.

Comment 1 David Walser 2018-06-17 19:47:41 CEST

It does include a libgdbm_compat.so.4 (the old library major).  I'm not sure if that helps.

Comment 2 Marja Van Waes 2018-06-18 16:37:22 CEST

Assigning to the registered gdbm maintainer

Assignee: bugsquad => jackal.j
CC: (none) => marja11

Comment 3 Mike Rambo 2019-11-06 13:30:20 CET

Mageia 6 is EOL.

Resolution: (none) => OLD
Status: NEW => RESOLVED
CC: (none) => mrambo

Note You need to log in before you can comment on or make changes to this bug.