+++ This bug was initially created as a clone of Bug #30422 +++ Docker 20.10.16 has been released on May 12: https://github.com/moby/moby/releases/tag/v20.10.16 It includes a fix for a security issue in its bundled golang-x-sys. Mageia 8 is also affected. ===================================================================== Docker was fixed a month ago, golang-x-sys still needs to be fixed.
Whiteboard: (none) => MGA8TOO
Depends on: 30422 => (none)See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=30422
I was wrong there, embedded golang-x-sys in docker still isn't fixed, either
guillomovitch just pushed golang-x-sys-0-0.44.mga9 thanks :-) guillomovitch <guillomovitch> 0-0.44.mga9: + Revision: 1869189 - new git snapshot I don't know how to see whether that fixes CVE-2022-29526, https://github.com/golang/sys/security/advisories is empty
But here https://github.com/golang/go/issues/52313#issuecomment-1097210431 it says: "golang.org/x/sys/unix".Faccessat suffers from the same problem, but only on Linux kernels < 5.8. We have kernel-5.15.50-1.mga8 and kernel-5.18.12-1.mga9, so our golang-x-sys is not (or at least no longer) affected, right??
I don't see the connection to the CVE and I'm not sure that Faccessat's issue is all that it's about.
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)
(In reply to David Walser from comment #4) > I don't see the connection to the CVE Yeah, sorry, I should have said where I got that link from. It was one of the references here https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526 and the only reference to https://github.com/golang/ > and I'm not sure that Faccessat's > issue is all that it's about.
Thanks.
Status: NEW => RESOLVEDResolution: (none) => INVALID