Fedora has issued an advisory on October 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4ZP6L5HXDOVKYTM5ELLYE64H75MT4LZR/ Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to the Base System maintainers, CC'ing the registered maintainer.
Assignee: bugsquad => basesystemCC: (none) => marja11, tmb
coreutils-8.30-3.mga7 uploaded for Cauldron to fix this.
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6
Blocks: (none) => 22495
Advisory: ======================== Updated coreutils packages fix security vulnerabilities: A flaw was found in GNU Coreutils through 8.29 in chown-core.c. The functions chown and chgrp do not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition (CVE-2017-18018). A flaw was found in Gnulib before 2018-09-23. The convert_to_decimal function in vasnprintf.c has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing (CVE-2018-17942). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17942 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JK2ISMPYUEU3JS3L7AVXEHWCI56INCJJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4ZP6L5HXDOVKYTM5ELLYE64H75MT4LZR/ https://bugs.mageia.org/show_bug.cgi?id=22495 https://bugs.mageia.org/show_bug.cgi?id=23825 ======================== Updated packages in core/updates_testing: ======================== coreutils-8.25-3.1.mga6 coreutils-doc-8.25-3.1.mga6 from coreutils-8.25-3.1.mga6.src.rpm
Assignee: basesystem => qa-bugs
MGA6-32 MATE on IBM Thinkpad R50e No installation issues Tested commands basename, cat, date, df, id, hostid, uname,users,whoami, mkdir, rmdir All seem OK
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0022.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED