A security issue in Keepass has been fixed upstream in 2.54: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32784 There is a public PoC and the issue has caught the attention of the press. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 2.54Whiteboard: (none) => MGA8TOO
Assigning to you, DavidG, as you committed the current version fairly recently, so it is familiar territory.
Assignee: bugsquad => geiger.david68210
https://amp.thehackernews.com/thn/2023/05/keepass-exploit-allows-attackers-to.html This article also mentions another CVE.
Summary: keepass new security issue CVE-2023-32784 => keepass new security issues CVE-2023-24055 and CVE-2023-32784
Done for Cauldron and mga8! Freeze_move requested for Cauldron.
Assigning to QA, Packages in 8/Core/updates_testing: ====================== keepass-2.54-1.mga8.noarch.rpm From SRPMS: keepass-2.54-1.mga8.src.rpm
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Assignee: geiger.david68210 => qa-bugsStatus comment: Fixed upstream in 2.54 => (none)
CC: (none) => geiger.david68210
MGA8-64 MATE on Ace Aspire 5253 No installation issues Ref bug 31475 and https://nerdymishka.com/articles/keepass-a-beginners-guide-to-password-management/ for testing I could make a new entry for ww.testaankoop.be (consumers magazine on which i have a user and password) and then tried to follow the instructions from the site, I can open the site in firefox from keepass, but when I do "Perform Auto-type", it types the user/password on the CLI. What am I missing???
CC: (none) => herman.viaene
MGA8-64, Plasma To satisfy dependencies, the following package(s) also need to be installed: - lib64gdiplus0-6.0.5-1.mga8.x86_64 - lib64xdotool3-3.20160805.1-3.mga8.x86_64 - mono-core-6.10.0-5.mga8.x86_64 - mono-data-6.10.0-5.mga8.x86_64 - mono-data-sqlite-6.10.0-5.mga8.x86_64 - mono-extras-6.10.0-5.mga8.x86_64 - mono-mvc-6.10.0-5.mga8.x86_64 - mono-wcf-6.10.0-5.mga8.x86_64 - mono-web-6.10.0-5.mga8.x86_64 - mono-winforms-6.10.0-5.mga8.x86_64 - xdotool-3.20160805.1-3.mga8.x86_64 - xsel-1.2.0-9.mga8.x86_64 97MB of additional disk space will be used. I was able to create a new database Add some entries close keepas and come back in Use keypas to open firefox with credentials Seems to work for me
CC: (none) => brtians1Whiteboard: (none) => MGA8-64-OK
"There is a public PoC and the issue has caught the attention of the press." Because if this I'm going to send this on based on comment 6. Herman, if you believe your problem in comment 5 may be something more than user error due to inexperience, please remove the validation. Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0221.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED