Debian has issued an advisory on July 24: https://www.debian.org/security/2022/dsa-5189 The issue is fixed upstream in 2.0.1. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 2.0.1Whiteboard: (none) => MGA8TOO
Assigning this update globally since 'libgsasl' is a pkg seldom touched, and with no particular associated packager.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client. (CVE-2022-2469) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2469 https://www.debian.org/security/2022/dsa-5189 ======================== Updated packages in core/updates_testing: ======================== lib(64)gsasl7-1.8.1-2.1.mga8 lib(64)gsasl-devel-1.8.1-2.1.mga8 libgsasl-1.8.1-2.1.mga8 from SRPM: libgsasl-1.8.1-2.1.mga8.src.rpm
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)CVE: (none) => CVE-2022-2469Assignee: pkg-bugs => qa-bugsCC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDSource RPM: libgsasl-1.10.0-2.mga9.src.rpm => libgsasl-1.8.1-2.mga8.src.rpmStatus comment: Fixed upstream in 2.0.1 => (none)
MGA8-64 Plasma o, Acer Aspire 5253 No installation issues, no previous updates. # urpmq --whatrequires libgsasl libgsasl [root@mach7 ~]# urpmq --whatrequires lib64gsasl7 lib64gsasl-devel lib64gsasl-devel lib64gsasl7 lib64infinity0.7_0 lib64jreen-qt5_1 lib64jreen1 lib64vmime0 pokerth pokerth-server So installed and lauched pokerth and pushe some buttons in the game. $ strace -o libgsasl.txt pokerth found ref. in trace file: openat(AT_FDCWD, "/lib64/libgsasl.so.7", O_RDONLY|O_CLOEXEC) = 3 That'a as far as I go.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0298.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED