Ubuntu has issued an advisory on January 20: https://usn.ubuntu.com/4243-1/ The issue is fixed upstream in 0.10.0.
Done for mga7 witn an upstream patch!
Advisory: ======================== Updated libbsd packages fix security vulnerability: It was discovered that libbsd incorrectly handled certain strings, due to an out-of-bounds read during a comparison for a symbol name from the string table (strtab) in nlist.c. An attacker could possibly use this issue to access sensitive information (CVE-2019-20367). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20367 https://usn.ubuntu.com/4243-1/ ======================== Updated packages in core/updates_testing: ======================== libbsd0-0.9.1-3.1.mga7 libbsd-devel-0.9.1-3.1.mga7 from libbsd-0.9.1-3.1.mga7.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
$ urpmq --whatrequires lib64bsd0 | sort -u Mageia7, x86_64 A list of the extra C utility functions provided by libbsd can be seen athttps://packages.debian.org/sid/libbsd-dev A short list of applications using it includes bumblebee ettercap - https://www.ettercap-project.org/ fwts - firmware test suite - https://github.com/ColinIanKing/fwts/blob/master/README links metastore - https://www.quora.com/What-is-Hive-Metastore opendkim - http://www.opendkim.org/opendkim-README x11-server-xorg x11-server-xwayland xdm Installed the packages and fwts. Ran a quick test with strace to check that fwts actually uses libbsd. $ strace -o trace fwts acpiinfo $ grep bsd trace openat(AT_FDCWD, "/lib64/libbsd.so.0", O_RDONLY|O_CLOEXEC) = 3 Updated the packages. Used ftws to test the library. $ fwts --show-tests ACPI tests: acpi_ac AC adapter device test acpi_als Ambient light sensor device test ..... It is an extensive list. $ sudo fwts boot Running 1 tests, results appended to results.log Test: BOOT Table test. Test skipped. $ sudo fwts acpiinfo Running 1 tests, results appended to results.log Test: General ACPI information test. Determine Kernel ACPI version. 1 info only Determine machine's ACPI version. 1 info only Determine AML compiler. 1 info only $ tail results.log Low failures: NONE Other failures: NONE Test |Pass |Fail |Abort|Warn |Skip |Info | ---------------+-----+-----+-----+-----+-----+-----+ acpiinfo | | | | | | 3| ---------------+-----+-----+-----+-----+-----+-----+ Total: | 0| 0| 0| 0| 0| 3| ---------------+-----+-----+-----+-----+-----+-----+ $ sudo fwts cmosdump Running 1 tests, results appended to results.log Test: Dump CMOS Memory. Dump CMOS Memory. 1 info only $ tail -30 results.log Drive 1: Type 16-47 Installed H/W: (CMOS 0x14): 0xff Maths Coprocessor: 0x1 (Installed) Keyboard: 0x1 (Installed) Display Adaptor: 0x1 (Installed) Primary Display: 0x3 (Monochrome) Floppy Drives: 0x03 (4 drives) Base Mem: (CMOS 0x16): 0x027f (639K) Extended Mem: (CMOS 0x18): 0xffff (65535K) [untrustworthy] Hard Disk Extended Types (CMOS 0x19, 0x1a): Hard Disk 0: 0xff Hard Disk 1: 0xff CMOS Checksum:(CMOS 0x2e):0x261b Extended Mem: (CMOS 0x30):0xffff Century Date: (CMOS 0x32):20 POST Information Flag (CMOS 0x33): POST cache test: 0x1 Failed BIOS size: 0x1 128KB This should be enough to pass the update.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0061.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED