openSUSE has issued an advisory on June 8: https://lists.opensuse.org/opensuse-updates/2020-06/msg00030.html The issue is fixed upstream in 2.17.8.
Done for mga7!
Advisory: ======================== Updated axel package fixes security vulnerability: An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification (CVE-2020-13614). The axel package has been updated to version 2.17.8, fixing this issue and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13614 https://github.com/axel-download-accelerator/axel/releases/ https://lists.opensuse.org/opensuse-updates/2020-06/msg00030.html ======================== Updated packages in core/updates_testing: ======================== axel-2.17.8-2.mga7 from axel-2.17.8-2.mga7.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
mga7, x86_64 Tried this out before updating to make sure that basic functions were working. $ axel -n 4 -s 1024 https://lists.opensuse.org/opensuse-updates/2020-06/msg00030.html Initializing download: https://lists.opensuse.org/opensuse-updates/2020-06/msg00030.html File size: 10353 bytes Opening output file msg00030.html Starting download [ 0%] .......... Connection 0 finished Connection 3 finished Downloaded 10.1 Kilobyte in 0 seconds. (33.53 KB/s) The downloaded file could be viewed in a browser. The actual download took no more than a second even though the requested maximum speed was 1 KB/sec. Perhaps too small a file for the algorithm to kick in. Updated axel and tried an image at NASA's APOD. $ axel -s 2048000 -n 4 https://apod.nasa.gov/apod/image/2006/NGC1300HSTfull.jpg Initializing download: https://apod.nasa.gov/apod/image/2006/NGC1300HSTfull.jpg File size: 2851135 bytes Opening output file NGC1300HSTfull.jpg Starting download Connection 1 finished Connection 2 finished Connection 0 finished [100%] [..................................................] [ 1.1MB/s] [00:00] Downloaded 2.71905 Megabyte(s) in 2 second(s). (1150.92 KB/s) The progress indicator showed that several channels from 0 to 3 were being utilised. The image was perfect compared with the browser image.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => mageia
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0263.html
Status: NEW => RESOLVEDResolution: (none) => FIXED