SUSE has issued an advisory on March 2: https://lists.suse.com/pipermail/sle-security-updates/2022-March/010333.html The issue is fixed upstream in 3.7.3.
Status comment: (none) => Patch available from upstreamWhiteboard: (none) => MGA8TOO
openSUSE has issued an advisory for this on March 3: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RI5PFWTNO6UDYFJ3HLMKV5PQYAJ77E46/
Suggested advisory: ======================== The updated packages fix a security vulnerability: Null pointer dereference in MD_UPDATE. (CVE-2021-4209) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4209 https://lists.suse.com/pipermail/sle-security-updates/2022-March/010333.html https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RI5PFWTNO6UDYFJ3HLMKV5PQYAJ77E46/ ======================== Updated packages in core/updates_testing: ======================== gnutls-3.6.15-3.2.mga8 lib(64)gnutls30-3.6.15-3.2.mga8 lib(64)gnutlsxx28-3.6.15-3.2.mga8 lib(64)gnutls-devel-3.6.15-3.2.mga8 from SRPM: gnutls-3.6.15-3.2.mga8.src.rpm
CC: (none) => nicolas.salgueroWhiteboard: MGA8TOO => (none)Status: NEW => ASSIGNEDCVE: (none) => CVE-2021-4209Assignee: bugsquad => qa-bugsStatus comment: Patch available from upstream => (none)
Installed and tested without issue. This update has been in use for several days know and several core packages depend on gnutls. Along with the normal workstation usage, I also did some explicit tests with aria2c (a gnutls user) and nothing broke so this update gets an OK from me. Please unOK if you find any issues. System: Mageia 8, x86_654, Intel CPU. $ uname -a Linux marte 5.15.25-desktop-1.mga8 #1 SMP Wed Feb 23 19:39:18 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep gnutls.*3.6.15 | sort gnutls-3.6.15-3.2.mga8 lib64gnutls30-3.6.15-3.2.mga8 libgnutls30-3.6.15-3.1.mga8
Whiteboard: (none) => MGA8-64-OKCC: (none) => mageia
No regressions noticed. Validating the update. Advisory committed to svn.
CC: (none) => davidwhodgins, sysadmin-bugsKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0098.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED