SUSE has issued an advisory on March 29: https://lists.suse.com/pipermail/sle-security-updates/2023-March/014246.html Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
Fedora has issued an advisory for this today (March 30): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4HPJ26L3GAUDVNKJFCJNA2GLTI6EUJXO/
From fedora: Update Information: Update to zstd-1.5.4, fixes CVE-2022.4899. So it is fixed for Cauldron.
CC: (none) => geiger.david68210
Done for mga8 adding upstream patches!
zstd-1.4.8-1.2.mga8 libzstd1-1.4.8-1.2.mga8 libzstd-devel-1.4.8-1.2.mga8 from zstd-1.4.8-1.2.mga8.src.rpm
Whiteboard: MGA8TOO => (none)Source RPM: zstd-1.5.4-2.mga9.src.rpm => zstd-1.4.8-1.1.mga8.src.rpmAssignee: bugsquad => qa-bugsVersion: Cauldron => 8
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Followed examples (more or less) from bug 25375 Comment 3 cd tmp $ zstd --train ~/Pictures/* Trying 5 different sets of parameters k=50 d=8 f=20 steps=4 split=75 accel=1 Save dictionary of size 10149 into file dictionary File is there of indicated size, but not human readable, so accepting as it is. Created test directory under tmp and went on after copying all files from ~/Pictures/. $ cd zstdtest/ $ zstd -z * 40 files compressed : 39.77% (404504369 => 160862163 bytes) Copied compressed files to new folder zstddecomp $ cd ../zstddecomp/ $ zstd -d *.zst zstd: test.tiff.xz already exists; overwrite (y/n) ? y zstd: yann2 already exists; overwrite (y/n) ? y 37 files decompressed : 358153709 bytes total There were files which were remnants from other tests (tar e.a.) and zstd excluded those, fair enough. All decompressed files look OK. Good to go.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0128.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED