RedHat has issued an advisory today (May 18): https://access.redhat.com/errata/RHSA-2021:1585
Mga7 is EOL.
Resolution: (none) => WONTFIXStatus: NEW => RESOLVED
(In reply to Thomas Backlund from comment #1) > Mga7 is EOL. Per https://ml.mageia.org/l/arc/council/2021-05/msg00019.html, Mageia 7 is not yet EOL.
Status: RESOLVED => REOPENEDResolution: WONTFIX => (none)
Advisory: ======================== Updated glibc packages fix security vulnerability: A vulnerability was found in the iconv program provided by glibc when it's invoked with the -c option. It can enter an infinite loop while parsing an invalid multi-byte sequence (CVE-2016-10228). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228 https://access.redhat.com/errata/RHSA-2021:1585 ======================== Updated packages in core/updates_testing: ======================== glibc-2.29-23.mga7 glibc-devel-2.29-23.mga7 glibc-static-devel-2.29-23.mga7 glibc-profile-2.29-23.mga7 nscd-2.29-23.mga7 glibc-utils-2.29-23.mga7 glibc-i18ndata-2.29-23.mga7 glibc-doc-2.29-23.mga7 from glibc-2.29-23.mga7.src.rpm
Assignee: tmb => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues rebooted after installation, comes up OK. Nothing ovious wrong with wifi, internet and NFS-shares aceessand diffent file types.
CC: (none) => herman.viaene
Took a look at the CVE and ran the two oneliners suggested on the RedHat bug. CVE-2016-10228 https://sourceware.org/bugzilla/show_bug.cgi?id=19519 Before updates: $ echo -en '\x80' | iconv -f us-ascii -t us-ascii//translit//ignore -c Hangs.... $ echo -en "\x0e\x0e" | /usr/bin/iconv -c -f IBM1364 $ After the updates neither hang iconv. $ echo -en '\x80' | iconv -f us-ascii -t us-ascii//translit//ignore -c $ echo -en "\x0e\x0e" | /usr/bin/iconv -c -f IBM1364 Note that the second test needs glibc-i18ndata. Going with Herman - this looks good.
Whiteboard: (none) => MGA7-64-OKCC: (none) => tarazed25
Good enough for me. Validating.Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Assigning. Advisory committed.
CC: (none) => ouaurelienCVE: (none) => CVE-2016-10228Status: REOPENED => ASSIGNEDKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0289.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED