Fedora has issued an advisory today (January 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SYXRGHWHD2WWMHBWCVD5ULVINPKNY3P5/ The issue is fixed upstream in 5.2.2 (Fedora updated to 5.2.3): https://github.com/celery/celery/blob/master/Changelog.rst#523 There is a corresponding update to python-kombu: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2P3MQZA5LYEILPH4PPNYOY5ADMSVDZ2H/ https://github.com/celery/kombu/blob/master/Changelog.rst#523 There is a PoC available: https://security.snyk.io/vuln/SNYK-PYTHON-CELERY-2314953 Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 5.2.2Whiteboard: (none) => MGA8TOO
Whiteboard: MGA8TOO => (none)Version: Cauldron => 8CC: (none) => mageia
python-celery-5.2.3-1.mga9 uploaded for Cauldron. python-kombu should be updated too.
Fixed in mga8: src: - python-celery-5.0.5-1.1.mga8
Status comment: Fixed upstream in 5.2.2 => (none)Assignee: python => qa-bugs
RPM: python3-celery-5.0.5-1.1.mga8
Sorry, the following package cannot be selected: - python3-celery-5.0.5-1.1.mga8.noarch (because of unfulfilled python3.8dist(billiard)[>= 3.6.3])
CC: (none) => herman.viaene
Doesn't look like the patch did that; must have already been broken. Strange.
Assignee: qa-bugs => python
just pushed a new python-billiard src: - python-billiard-3.6.4.0-1.mga8
Assignee: python => qa-bugs
RPM: python3-billiard-3.6.4.0-1.mga8
MGA8-64 Plasma on Lenovo B50 IN Dutch Installed both python3-billiard and python3-celery Reading "An open source asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well. The execution units, called tasks, are executed concurrently on one or more worker nodes using multiprocessing, Eventlet or gevent. Tasks can execute asynchronously (in the background) or synchronously (wait until ready)." So this is developers stuff, OK on clean iinstall.
Whiteboard: (none) => MGA8-64-OK
Validating. Please make sure both python-celery and python-billiard are pushed.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
What about python-kombu mentioned in comment 1?
Keywords: (none) => feedbackCC: (none) => davidwhodgins
Kombu only needed a corresponding update in Cauldron and Nicolas updated it.
Keywords: feedback => (none)
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0029.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED