RedHat has issued an advisory today (March 15): https://access.redhat.com/errata/RHSA-2022:0889 Mageia 8 is also affected.
Another package with different maintainers, so assigning this globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. (CVE-2021-4091) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4091 https://access.redhat.com/errata/RHSA-2022:0889 ======================== Updated packages in core/updates_testing: ======================== 389-ds-base-1.4.0.26-8.2.mga8 389-ds-base-snmp-1.4.0.26-8.2.mga8 cockpit-389-ds-1.4.0.26-8.2.mga8 lib(64)389-ds-base0-1.4.0.26-8.2.mga8 lib(64)389-ds-base-devel-1.4.0.26-8.2.mga8 lib(64)svrcore0-1.4.0.26-8.2.mga8 lib(64)svrcore-devel-1.4.0.26-8.2.mga8 from SRPM: 389-ds-base-1.4.0.26-8.2.mga8.src.rpm
Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsCVE: (none) => CVE-2021-4091Version: Cauldron => 8Source RPM: 389-ds-base-1.4.0.26-10.mga9.src.rpm => 389-ds-base-1.4.0.26-8.1.mga8.src.rpmCC: (none) => nicolas.salguero
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues Ref bug 25824 and 22466 for testing gving sam results with final test # ldapsearch -x -h localhost -s base -b "" "objectclass=*" returning: # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: objectclass=* # requesting: ALL # # dn: objectClass: top defaultnamingcontext: dc=hviaene,dc=thuis dataversion: 020220317151351 netscapemdsuffix: cn=ldap://dc=mach5,dc=hviaene,dc=thuis:389 OK for me
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0106.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED