Fedora has issued an advisory on June 14: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/ The issue is fixed upstream in 2.34. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 2.34
rpms for tests... advisory will follow... SRPMS: glibc-2.32-16.mga8.src.rpm i586: glibc-2.32-16.mga8.i586.rpm glibc-devel-2.32-16.mga8.i586.rpm glibc-doc-2.32-16.mga8.noarch.rpm glibc-i18ndata-2.32-16.mga8.i586.rpm glibc-profile-2.32-16.mga8.i586.rpm glibc-static-devel-2.32-16.mga8.i586.rpm glibc-utils-2.32-16.mga8.i586.rpm nscd-2.32-16.mga8.i586.rpm x86_64: glibc-2.32-16.mga8.x86_64.rpm glibc-devel-2.32-16.mga8.x86_64.rpm glibc-doc-2.32-16.mga8.noarch.rpm glibc-i18ndata-2.32-16.mga8.x86_64.rpm glibc-profile-2.32-16.mga8.x86_64.rpm glibc-static-devel-2.32-16.mga8.x86_64.rpm glibc-utils-2.32-16.mga8.x86_64.rpm nscd-2.32-16.mga8.x86_64.rpm
Whiteboard: MGA8TOO => (none)Assignee: tmb => qa-bugsVersion: Cauldron => 8
Advisory, added to svn: ype: security subject: Updated glibc packages fix security vulnerability CVE: - CVE-2021-33574 src: 8: core: - glibc-2.32-16.mga8 description: | The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact (CVE-2021-33574). Other fixes in this update: - fix triggers so ldconfig is always run on both installing and uninstalling libs (mga#28797) - Fix SXID_ERASE behavior in setuid programs [BZ#27471] references: - https://bugs.mageia.org/show_bug.cgi?id=29142 - https://bugs.mageia.org/show_bug.cgi?id=28797 - https://sourceware.org/bugzilla/show_bug.cgi?id=27471
Keywords: (none) => advisory
$ inxi -Sxx System: Host: mageia.local Kernel: 5.10.45-1.mga8 x86_64 bits: 64 compiler: gcc v: 10.3.0 Desktop: KDE Plasma 5.20.4 tk: Qt 5.15.2 wm: kwin_x11 dm: SDDM Distro: Mageia 8 mga8 Running this since day one. No issue so far. MGA8-64-OK
Source RPM: glibc-2.33-11.mga9.src.rpm => glibc-2.32-15.mga8.src.rpmCVE: (none) => CVE-2021-33574Status comment: Fixed upstream in 2.34 => (none)Whiteboard: (none) => MGA8-64-OKCC: (none) => ouaurelien
Validating, advisory already loaded.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0308.html
Status: NEW => RESOLVEDResolution: (none) => FIXED