Bug 31880 - patchelf new security issue CVE-2022-44940
Summary: patchelf new security issue CVE-2022-44940
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2023-05-06 22:48 CEST by David Walser
Modified: 2023-05-21 10:44 CEST (History)
5 users (show)

See Also:
Source RPM: patchelf-0.11-1.mga8.src.rpm
Status comment:


Description David Walser 2023-05-06 22:48:47 CEST
Ubuntu has issued an advisory on April 20:

The issue is fixed upstream in 0.16.0.

Mageia 8 is also affected.
David Walser 2023-05-06 22:48:59 CEST

Status comment: (none) => Fixed upstream in 0.16.0
Whiteboard: (none) => MGA8TOO

Comment 1 David GEIGER 2023-05-07 17:13:24 CEST
Done for both mga8 and cauldron!

freeze_move asked for cauldron.

CC: (none) => geiger.david68210

Comment 2 David Walser 2023-05-07 19:37:21 CEST

from patchelf-0.16.1-1.mga8.src.rpm

Freeze move for Cauldron pending.

Source RPM: patchelf-0.15.0-1.mga9.src.rpm => patchelf-0.11-1.mga8.src.rpm
Status comment: Fixed upstream in 0.16.0 => (none)

Comment 3 Lewis Smith 2023-05-07 20:58:33 CEST
Another bug for you DavidG, since you have already done it...

Assignee: bugsquad => geiger.david68210
CC: geiger.david68210 => (none)

Comment 4 David GEIGER 2023-05-12 06:34:51 CEST
Assigning to QA

Assignee: geiger.david68210 => qa-bugs

David GEIGER 2023-05-12 06:36:20 CEST

Version: Cauldron => 8
CC: (none) => geiger.david68210
Whiteboard: MGA8TOO => (none)

Comment 5 Herman Viaene 2023-05-18 16:16:05 CEST
MGA8-64 MATE on Acer Aspire 5253
No installation issues
No wiki, no previous updates. MCC reads "PatchELF is a simple utility for modifying an existing ELF executable or library.  It can change the dynamic loader ("ELF interpreter") of an executable and change the RPATH of an executable or library."
That does nor sound like something an everyday user (or a QA person at that) would need to know.
At least it does nt seem to harm my system, so I propose to OK this on clean install.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 6 Thomas Andrews 2023-05-19 01:39:10 CEST

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-05-21 02:19:34 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2023-05-21 10:44:25 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.