Ubuntu has issued an advisory on July 11: https://ubuntu.com/security/notices/USN-5508-1 The issue is fixed upstream in 3.4: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 3.4.0
One of those SRPMs with no particular packager associated, so have to assign this globally.
Assignee: bugsquad => pkg-bugs
Updated package pushed for cauldron and Mageia 8. Advisory: ======================== Updated python-ldap package fixes security vulnerability: It was discovered that Python LDAP incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause a denial of service (CVE-2021-46823). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46823 https://nvd.nist.gov/vuln/detail/CVE-2021-46823 https://ubuntu.com/security/notices/USN-5508-1 ======================== Updated packages in core/updates_testing: ======================== python3-ldap-3.3.1-1.1.mga8 from python-ldap-3.3.1-1.1.mga8.src.rpm
Assignee: pkg-bugs => qa-bugsStatus comment: Fixed upstream in 3.4.0 => (none)CC: (none) => mhrambo3501Whiteboard: MGA8TOO => (none)Version: Cauldron => 8
MGA8-64 Plasma on Acer Aspire 5253 No installation issues No wiki, no previous update, so looking for info # urpmq --whatrequires python3-ldap nagios-check_syncrepl python3-django-auth-ldap python3-ldap Ventured into installing nagios, making sure the check_syncrepl pugin and the nagios-www was installed. Then # systemctl start httpd # systemctl start nagios # systemctl -l status nagios ● nagios.service - Nagios network monitor Loaded: loaded (/usr/lib/systemd/system/nagios.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2022-07-18 09:36:24 CEST; 7min ago Process: 4447 ExecStart=/usr/sbin/nagios -d /etc/nagios/nagios.cfg (code=exited, status=0/SUCCESS) Main PID: 4448 (nagios) Tasks: 6 (limit: 4364) Memory: 2.0M CPU: 582ms CGroup: /system.slice/nagios.service ├─4448 /usr/sbin/nagios -d /etc/nagios/nagios.cfg ├─4449 /usr/sbin/nagios --worker /var/spool/nagios/nagios.qh ├─4450 /usr/sbin/nagios --worker /var/spool/nagios/nagios.qh ├─4451 /usr/sbin/nagios --worker /var/spool/nagios/nagios.qh ├─4452 /usr/sbin/nagios --worker /var/spool/nagios/nagios.qh └─4455 /usr/sbin/nagios -d /etc/nagios/nagios.cfg Jul 18 09:36:24 mach7.hviaene.thuis nagios[4448]: qh: echo service query handler registered Jul 18 09:36:24 mach7.hviaene.thuis nagios[4448]: qh: help for the query handler registered Jul 18 09:36:24 mach7.hviaene.thuis nagios[4448]: wproc: Successfully registered manager as @wproc with query handler Jul 18 09:36:24 mach7.hviaene.thuis nagios[4448]: wproc: Registry request: name=Core Worker 4450;pid=4450 Jul 18 09:36:24 mach7.hviaene.thuis nagios[4448]: wproc: Registry request: name=Core Worker 4452;pid=4452 Jul 18 09:36:24 mach7.hviaene.thuis nagios[4448]: wproc: Registry request: name=Core Worker 4449;pid=4449 Jul 18 09:36:24 mach7.hviaene.thuis nagios[4448]: wproc: Registry request: name=Core Worker 4451;pid=4451 Jul 18 09:36:25 mach7.hviaene.thuis nagios[4448]: Successfully launched command file worker with pid 4455 Jul 18 09:36:32 mach7.hviaene.thuis nagios[4448]: SERVICE ALERT: localhost;SSH;CRITICAL;SOFT;3;connect to address 127.0.0.1 and port > Jul 18 09:37:32 mach7.hviaene.thuis nagios[4448]: SERVICE ALERT: localhost;SSH;CRITICAL;HARD;4;connect to address 127.0.0.1 and port > lines 1-26/26 (END) Then point firefox to http://localhost/nagios/ and its home page opens correctly AFAICS, but then I'm lost.... Anyway, it doesn't seem to harm anything else on the system.....
CC: (none) => herman.viaene
For lack of any feedback or criticism, giving the OK as fat as as I understand it.
Whiteboard: (none) => MGA8-64-OK
Out of my experience too, Herman, but it looks reasonable. Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0310.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED