Fedora has issued an advisory today (January 5): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M2TTCIDC6ZNFMU5XFFFDFZEBHO2CU5NG/ The issue is fixed upstream in 2.3.3.
Status comment: (none) => Fixed upstream in 2.3.3
Debian-LTS has issued an advisory on February 23: https://www.debian.org/lts/security/2023/dla-3339 The issue is fixed upstream in 2.3.4. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: Fixed upstream in 2.3.3 => Fixed upstream in 2.3.4Version: 8 => CauldronSummary: binwalk new security issue CVE-2021-4287 => binwalk new security issues CVE-2021-4287 and CVE-2022-4510
Done for both mga8 and Cauldron! Freeze_move requested for Cauldron.
CC: (none) => geiger.david68210
binwalk-2.3.4-1.mga8 from binwalk-2.3.4-1.mga8.src.rpm
Status comment: Fixed upstream in 2.3.4 => (none)
Cauldron package moved to core/release.
CC: (none) => mageiaWhiteboard: MGA8TOO => (none)Version: Cauldron => 8Assignee: mageia => qa-bugs
MGA8-64 MATE on Acer Aspire 5253. No installation issues. No wiki, no previous updates, found https://allabouttesting.org/short-tutorial-firmware-analysis-tool-binwalk/ so $ binwalk -h Binwalk v2.3.4 Craig Heffner, ReFirmLabs https://github.com/ReFirmLabs/binwalk Usage: binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ... Signature Scan Options: -B, --signature Scan target file(s) for common file signatures -R, --raw=<str> Scan target file(s) for the specified sequence of bytes -A, --opcodes Scan target file(s) for common executable opcode signatures -m, --magic=<file> Specify a custom magic file to use -b, --dumb Disable smart signature keywords -I, --invalid Show results marked as invalid -x, --exclude=<str> Exclude results that match <str> -y, --include=<str> Only show results that match <str> Extraction Options: -e, --extract Automatically extract known file types and a lot more ..... Xent chasing for firmware files, found loads of them installed, but only $ binwalk /lib/firmware/3com/typhoon.bin DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 23711 0x5C9F Copyright string: "Copyright (c) 2001 3Com Corporation" this one returned something more than just the headers (tried some 30 of them) Giving the OK on seeing the command is not giving nay kind of error.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0074.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED