Fedora has issued an advisory on April 6: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/ The issue is fixed upstream in 3.4.1. The issue description in the RedHat bug makes it sound like the issue was introduced in 3.3.0, but Fedora patched 3.2.2 in this update, so 3.1.3 may also be affected.
Updates to this SRPM have been done by various people, so assigning this one globally. We have the following versions since 3.1.3 in Cauldron: 3.2.2, 3.3.0, 3.3.1, 3.3.3, 3.4.0, 3.4.1, 3.4.2.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). (CVE-2021-45943) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45943 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/ ======================== Updated packages in core/updates_testing: ======================== gdal-3.1.3-7.2.mga8 lib(64)gdal27-3.1.3-7.2.mga8 lib(64)gdal-devel-3.1.3-7.2.mga8 python3-gdal-3.1.3-7.2.mga8 from SRPM: gdal-3.1.3-7.2.mga8.src.rpm
CC: (none) => nicolas.salgueroAssignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDCVE: (none) => CVE-2021-45943
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues. Ref bug 25809 Comment 9 for testing: Created smal navigation file meierhoek.mdc by drawing some waypoints in merkaartor and saved the file, reopened it to be sure all was there: OK further commands: $ gdalinfo --version GDAL 3.1.3, released 2020/09/01 $ gdalsrsinfo meierhoek.mdc PROJ.4 : +proj=longlat +datum=WGS84 +no_defs OGC WKT2:2018 : GEOGCRS["WGS 84", DATUM["World Geodetic System 1984", ELLIPSOID["WGS 84",6378137,298.257223563, LENGTHUNIT["metre",1]]], PRIMEM["Greenwich",0, ANGLEUNIT["degree",0.0174532925199433]], CS[ellipsoidal,2], AXIS["latitude",north, ORDER[1], ANGLEUNIT["degree",0.0174532925199433]], AXIS["longitude",east, ORDER[2], ANGLEUNIT["degree",0.0174532925199433]], ID["EPSG",4326]] $ ogrinfo meierhoek.mdc INFO: Open of `meierhoek.mdc' using driver `OSM' successful. 1: points (Point) 2: lines (Line String) 3: multilinestrings (Multi Line String) 4: multipolygons (Multi Polygon) 5: other_relations (Geometry Collection) Looks all good to me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0137.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED