Fedora has issued an advisory on February 24: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
No evident maintainer, so assigning this globally; CC'ing DavidG who has recently touched it.
Assignee: bugsquad => pkg-bugsCC: (none) => geiger.david68210
Done for both Cauldron and mga7!
Advisory: ======================== Updated hiredis packages fix security vulnerability: async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked (CVE-2020-7105). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7105 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A/ ======================== Updated packages in core/updates_testing: ======================== libhiredis0.13-0.13.3-4.1.mga7 libhiredis-devel-0.13.3-4.1.mga7 from hiredis-0.13.3-4.1.mga7.src.rpm
Whiteboard: MGA7TOO => (none)Assignee: pkg-bugs => qa-bugsVersion: Cauldron => 7
mga7, x86_64 Before updating installed tellico and created a book collection with two entries. Updated the two packages and ran tellico under strace. It picked up the book collection OK. Displayed the entries then started a music collection. $ strace -o tellico.trace tellico $ grep hiredis tellico.trace openat(AT_FDCWD, "/lib64/libhiredis.so.0.13", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib64/libhiredis.so.0.13", O_RDONLY) = 3 openat(AT_FDCWD, "/usr/lib64/libhiredis.so.0.13", O_RDONLY) = 23 Opened the music collection and printed out one of the entries. Tellico works and libhiredis0.13 by inference.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0109.html
Status: NEW => RESOLVEDResolution: (none) => FIXED