Bug 23423 - libtirpc new security issue CVE-2018-14622
Summary: libtirpc new security issue CVE-2018-14622
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-10 17:25 CEST by David Walser
Modified: 2018-10-06 12:54 CEST (History)
1 user (show)

See Also:
Source RPM: libtirpc-0.2.5-3.3.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-08-10 17:25:53 CEST 
openSUSE has issued an advisory today (August 10):
https://lists.opensuse.org/opensuse-updates/2018-08/msg00070.html

There are more details in the SUSE bug:
https://bugzilla.suse.com/show_bug.cgi?id=968175

We'll have to check the code to see which versions are affected.
Comment 1 Marja Van Waes 2018-08-10 18:13:41 CEST 
Assigning to all packagers collectively, since there is no registered maintainer for this package.

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

Comment 2 David Walser 2018-09-05 23:01:15 CEST 
This is CVE-2018-14622:
https://bugzilla.suse.com/show_bug.cgi?id=968175#c30
https://bugzilla.suse.com/show_bug.cgi?id=1106517

Ubuntu has issued an advisory for this today (September 5):
https://usn.ubuntu.com/3759-1/

The fix is already in 1.x, so only Mageia 5 is affected.

Severity: normal => major
Summary: libtirpc new security issue => libtirpc new security issue CVE-2018-14622
Source RPM: libtirpc-1.0.3-1.mga7.src.rpm => libtirpc-0.2.5-3.3.mga5.src.rpm
Version: Cauldron => 5

Comment 3 Marja Van Waes 2018-10-06 12:54:27 CEST 
The limited support Mga5 continued to have after its official EOL has ended, so closing this bug as OLD.

Status: NEW => RESOLVED
Resolution: (none) => OLD
Note You need to log in before you can comment on or make changes to this bug.