Fedora has issued an advisory today (January 18): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/ The upstream commit that fixed this is linked from the RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1912960 and the issue is fixed upstream in 2.33. Mageia 7 is also affected.
Status comment: (none) => Patch available from upstream and FedoraWhiteboard: (none) => MGA7TOO
the CVE is fixed in Cauldron since: Name : glibc Relocations: (not relocatable) Version : 2.32 Vendor: Mageia.Org Release : 7.mga8 Build Date: Mon 21 Dec 2020 05:28:17 PM CET The rep movsb landed in 2.32-9, and the IFUNC and CET fix is in sinece 2.32-10
Version: Cauldron => 7Whiteboard: MGA7TOO => (none)
SRPM: glibc-2.29-21.mga7.src.rpm i586: glibc-2.29-21.mga7.i586.rpm glibc-devel-2.29-21.mga7.i586.rpm glibc-doc-2.29-21.mga7.noarch.rpm glibc-i18ndata-2.29-21.mga7.i586.rpm glibc-profile-2.29-21.mga7.i586.rpm glibc-static-devel-2.29-21.mga7.i586.rpm glibc-utils-2.29-21.mga7.i586.rpm nscd-2.29-21.mga7.i586.rpm x86_64: glibc-2.29-21.mga7.x86_64.rpm glibc-devel-2.29-21.mga7.x86_64.rpm glibc-doc-2.29-21.mga7.noarch.rpm glibc-i18ndata-2.29-21.mga7.x86_64.rpm glibc-profile-2.29-21.mga7.x86_64.rpm glibc-static-devel-2.29-21.mga7.x86_64.rpm glibc-utils-2.29-21.mga7.x86_64.rpm nscd-2.29-21.mga7.x86_64.rpm Security fixes: - fix buffer overrun in EUC-KR conversion module [bz #2497] (CVE-2019-25013) - arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620] - arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620] - iconv: Fix incorrect UCS4 inner loop bounds [BZ #26923] (CVE-2020-29562) other upstream fixes: - libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203] - string.h: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232] - misc/test-errno-linux: Handle EINVAL from quotactl - nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976] - Fix avx2 strncmp offset compare condition check [BZ #25933] - AArch64: Align ENTRY to a cacheline - AArch64: Add optimized Q-register memcpy - AArch64: Improve backwards memmove performance - AArch64: Rename IS_ARES to IS_NEOVERSE_N1 - AArch64: Increase small and medium cases for __memcpy_generic - AArch64: Improve integer memcpy - AArch64: Use __memcpy_simd on Neoverse N2/V1 - AArch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798] - AArch64: fix stack missing after sp is updated - x86-64: Avoid rep movsb with short distance [BZ #27130] - x86: Assume --enable-cet if GCC defaults to CET [BZ #25225] - x86: Check IFUNC definition in unrelocated executable [BZ #20019] - x86: Set header.feature_1 in TCB for always-on CET [BZ #27177] - Fix parsing of /sys/devices/system/cpu/online [BZ #25859] - Use O_CLOEXEC in sysconf [BZ #26791]
Assignee: tmb => qa-bugs
Blocks: (none) => 26982
Intel i5-2500, Intel graphics, wired Internet connection, 64-bit Plasma system. Also, AMD Phenom II 910, AMD HD 8490 graphics, Atheros wifi, 64-bit Plasma system. No installation issues on either system. Rebooted each system, worked with each briefly, no issues noted. Will use each system for a day or two to look for problems, but so far, so good.
CC: (none) => andrewsfarm
Running on my main testing workstation for a few days without any trouble. x86_64, mga7
CC: (none) => tarazed25
Tested on my x86_64 host for several days. Tested under vb using qarepo on both Mageia 7 i586 and x86_64 guests. No regressions found. Validating the update.
Whiteboard: (none) => MGA7-64-OK MGA7-32-OKKeywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0053.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED