29923 – mysql-connector-c++ new security issues CVE-2021-371[12]

Bug 29923 - mysql-connector-c++ new security issues CVE-2021-371[12]

Summary: mysql-connector-c++ new security issues CVE-2021-371[12]

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2022-01-21 20:28 CET by David Walser
Modified:	2022-01-25 13:14 CET (History)
CC List:	6 users (show)

See Also:
Source RPM:	mysql-connector-c++-8.0.27-1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-01-21 20:28:14 CET

January 2022 Oracle CPU:
https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL

The issues are fixed upstream in 8.0.28.

Mageia 8 is also affected.

David Walser 2022-01-21 20:28:24 CET

Status comment: (none) => Fixed upstream in 8.0.28
Whiteboard: (none) => MGA8TOO

Comment 1 David Walser 2022-01-22 21:38:54 CET

mysql-connector-c++-8.0.28-1.mga9 uploaded for Cauldron by Jani.

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 2 Nicolas Lécureuil 2022-01-22 23:43:28 CET

New version pushed in mga8:


src:
    - mysql-connector-c++-8.0.28-1.mga8

CC: (none) => jani.valimaa, mageia
Assignee: jani.valimaa => qa-bugs
Status comment: Fixed upstream in 8.0.28 => (none)

Comment 3 David Walser 2022-01-23 00:21:17 CET

libmysqlcppconn8_2-8.0.28-1.mga8
libmysqlcppconn9-8.0.28-1.mga8
libmysqlcppconn8-devel-8.0.28-1.mga8

from mysql-connector-c++-8.0.28-1.mga8.src.rpm

Comment 4 Herman Viaene 2022-01-24 16:15:25 CET

MGA8-64 Plasma on Lenovo B50 in Dutch
No installattion isssues
Developper libraries, OK on clean install.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 5 Thomas Andrews 2022-01-24 20:54:48 CET

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 6 Dave Hodgins 2022-01-24 22:48:04 CET

Why is the package being added to Mageia 8?

Prior to this update, Mageia 8 only has libmysqlcppconn7 from
mysql-connector-c++-1.1.9-4.mga8.src.rpm

CC: (none) => davidwhodgins
Whiteboard: MGA8-64-OK => MGA8-64-OK
Keywords: (none) => feedback

Comment 7 David Walser 2022-01-25 00:40:54 CET

It wasn't added, it was already in Mageia 8.  The library major was updated, but no packages are built against it.

Keywords: feedback => (none)

Comment 8 Dave Hodgins 2022-01-25 03:40:46 CET

The cve entries

Keywords: (none) => advisory

Comment 9 Mageia Robot 2022-01-25 13:14:37 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0035.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.