Debian-LTS has issued an advisory today (September 19): https://www.debian.org/lts/security/2022/dla-3115 The issue is fixed upstream in 0.25.4. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 0.25.4
Debian has issued an advisory for this on September 21: https://www.debian.org/security/2022/dsa-5233
Fedora has issued an advisory for this today (October 3): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HU6UVQ3HZUY2YI7LQDNOZYSQZBANL6OE/ They also updated efl as part of this update: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZYYEG6N6HGY6WA4Y5BIIFXQLIE4X4TKC/
Severity: normal => critical
I am having a look, an updgrade of enlightenment might not be well suited for mga8.
For Mageia 8, you might be able to borrow the patch from Debian-LTS.
Patched enlightenment landing in updates_testing for mga8. Suggested advisory: ======================== Updated enlightenment package to fix the security vulnerability CVE-2022-37706 that would allow an user to gain root privileges. References: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141 ======================== Updated packages in core/updates_testing: ======================== enlightenment-0.24.2-2.1.mga8 enlightenment-devel-0.24.2-2.1.mga8 Source RPMs: enlightenment-0.24.2-2.1.mga8.src.rpm
CC: (none) => eatdirtAssignee: eatdirt => qa-bugs
Cauldron is getting a full upgrade for both efl and enlightenment to latest version (0.25.4)
Source RPM: enlightenment-0.25.3-1.mga9.src.rpm => enlightenment-0.24.2-2.mga8.src.rpmStatus comment: Fixed upstream in 0.25.4 => (none)Whiteboard: MGA8TOO => (none)Version: Cauldron => 8
mga8, x64 Installed enlightenment, logged out and selected E for login. The desktop came up with a warning that the user could not access system services without modifying /etc/enlightenment/system.conf. Checked terminology - working as expected. Installed the update and logged out and in again. Edited system.conf and cycled login. No obvious regressions with the desktop environment. Bluetooth sound working, firefox and a few other applications like mediaplayer, vlc, by left-clicking on the background -> Applications -> .... This looks sound.
CC: (none) => tarazed25Whiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 5.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0360.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED