Ubuntu has issued an advisory on October 30: https://usn.ubuntu.com/4173-1/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
This is already fixed upstream in 1.1.16 release from Cauldron: "FreeTDS through 1.1.11 has a Buffer Overflow."
Source RPM: freetds-1.1.16-1.mga8.src.rpm => freetds-1.00.83-2.mga7.src.rpmWhiteboard: MGA7TOO => (none)Version: Cauldron => 7CC: (none) => geiger.david68210
And now mga7 fixed.
Advisory: ======================== Updated freetds packages fix security vulnerability: Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2019-13508). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13508 https://usn.ubuntu.com/4173-1/ ======================== Updated packages in core/updates_testing: ======================== libfreetds0-1.00.83-2.1.mga7 libfreetds0-unixodbc-1.00.83-2.1.mga7 libfreetds-devel-1.00.83-2.1.mga7 freetds-doc-1.00.83-2.1.mga7 from freetds-1.00.83-2.1.mga7.src.rpm
Assignee: bugsquad => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. I read from www.freetds.org "FreeTDS is a set of libraries for Unix and Linux that allows your programs to natively talk to Microsoft SQL Server and Sybase databases". I don't have these databases available, but found some sample at https://www.freetds.org/userguide/perl.htm Installed package perl-dBD-Sybase and used the sample progam there, giving $ perl freetdstest.pl Unable for connect to server OpenClient message: LAYER = (0) ORIGIN = (0) SEVERITY = (78) NUMBER = (44) Server JDBC, database Message String: Server name not found in configuration files. OpenClient message: LAYER = (0) ORIGIN = (0) SEVERITY = (78) NUMBER = (45) Server JDBC, database Message String: Unknown host machine name. OpenClient message: LAYER = (0) ORIGIN = (0) SEVERITY = (78) NUMBER = (41) Server JDBC, database Message String: Unable to connect: Adaptive Server is unavailable or does not exist Meaning probably that the Sybase's public JDBC server isn'tt there anymore, but anyway, the feedback seems sensible enough. OK'ing unless someonehas a better idea to test.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
I'm going to go with it, Herman. Validating. Advisory in Comment 3.
Keywords: (none) => validated_backportCC: (none) => andrewsfarm
Keywords: validated_backport => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0319.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
It looks like the Ubuntu comment (Comment 1) was incorrect and the fix was actually included in 1.1.11. Just noting that.