Upstream has issued an advisory on December 13: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk Fedora has issued an advisory for this today (December 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KV6JC75W3QMSB2MM4EQL5FRQP3K7VFO3/ The issue is fixed upstream in 3.2.8. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 3.2.8
This is DavidG's baby.
Assignee: bugsquad => geiger.david68210
Patch addded in cauldron and mga8 src: - olm-3.2.1-1.1.mga8
CC: (none) => mageiaStatus comment: Fixed upstream in 3.2.8 => (none)Assignee: geiger.david68210 => qa-bugs
Nicolas, please update Cauldron to 3.2.8 if you can. It needs to happen at some point, might as well be now. Thanks. For this update for Mageia 8: libolm3-3.2.1-1.1.mga8 python3-olm-3.2.1-1.1.mga8 libolm-devel-3.2.1-1.1.mga8 from olm-3.2.1-1.1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)Version: Cauldron => 8
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues. In MCC: lib64olm3 - Double Ratchet cryptographic library ]# urpmq --whatrequires lib64olm3 lib64olm-devel lib64olm3 lib64qtolm3 lib64qtolm3 python3-olm python3-olm python3-olm # urpmq --whatrequires-recursive lib64olm3 lib64olm-devel lib64olm3 lib64qtolm-devel lib64qtolm-devel lib64qtolm3 lib64qtolm3 python3-olm python3-olm python3-olm Seems all developer's stuff, so I propose OK on clean install.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0571.html
Status: NEW => RESOLVEDResolution: (none) => FIXED