A security issue in connman has been announced on June 9: https://www.openwall.com/lists/oss-security/2021/06/09/1 A fix in Bug 28321 was incomplete. A corrected fix is attached to the message above. Mageia 7 and Mageia 8 are also affected.
CC: (none) => geiger.david68210Status comment: (none) => Patch available from upstreamWhiteboard: (none) => MGA8TOO, MGA7TOO
This package is committed by different people, so asigning the bug globally. DavidG is CC'd.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). (CVE-2021-33833) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33833 https://www.openwall.com/lists/oss-security/2021/06/09/1 ======================== Updated packages in 7/core/updates_testing: ======================== connman-1.37-1.2.mga7 connman-devel-1.37-1.2.mga7 from SRPM: connman-1.37-1.2.mga7.src.rpm Updated packages in 8/core/updates_testing: ======================== connman-1.38-2.1.mga8 connman-devel-1.38-2.1.mga8 from SRPM: connman-1.38-2.1.mga8.src.rpm
Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroAssignee: pkg-bugs => qa-bugsCVE: (none) => CVE-2021-33833Version: Cauldron => 8Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOStatus comment: Patch available from upstream => (none)
Source RPM: connman-1.39-1.mga9.src.rpm => connman-1.38-2.mga8.src.rpm
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 28321 Comment 20, I get exact the same connection error. I wonder whether this is a HW issue, my Wifi is Intel3610. If someone can run this test successfully, I will not object the OK.
CC: (none) => herman.viaene
I'm not really sure why we have this packaged, as we use other things in Mageia to provide this functionality, but as long as there aren't any obvious regressions I'd go ahead and OK it.
Mga7-64 Plasma on a Probook 6550b. Same system as used for bug 28321 Comment 24. Updated that connman, no installation issues. Went as far as I did in the previous bug, with the same results. Calling it close enough. (Our other tools are much easier to work with)
CC: (none) => andrewsfarmWhiteboard: MGA7TOO => MGA7TOO MGA7-64-OK
(In reply to David Walser from comment #4) > I'm not really sure why we have this packaged, as we use other things in > Mageia to provide this functionality, but as long as there aren't any > obvious regressions I'd go ahead and OK it. It is packaged for e17 environment as it seems there is a GUI tool there to use it.
CC: (none) => ouaurelien
Mga8-64 tested on a Dell Dimension e520 Plasma system. Installed connman and dependencies with no issues. Saw the gui, and installed that, too. Updated before trying anything, no installation issues. The gui was not updated. Killed the net_applet, then attempted to run the gui. It failed, with some verbiage on the Konsole screen. Perhaps it's not meant to be run on a x86_64 system. Not a part of this bug, so leaving it alone. Performed the same commands as in Comment 5, with essentially the same results. (This system did pick up one SSID not available on the other one. Interesting, as the nearest neighbor is 1/4 mile away.) Since it seems to be working as far as I could get with it, I'm giving it an OK, and validating. Advisory in Comment 2.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0331.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
Bug 29124 This is a security bug that is set up to keep computers from being hacked, and this bug has been around for a long time and around the world. https://sedecordle.io https://wordle-2.com
CC: (none) => williamsdanielusa