Bug 32292 - Update request: glibc-2.36-49.mga9
Summary: Update request: glibc-2.36-49.mga9
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard: MGA9-64-OK MGA9-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2023-09-16 15:36 CEST by Thomas Backlund
Modified: 2023-09-27 18:33 CEST (History)
5 users (show)

See Also:
Source RPM: glibc
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2023-09-16 15:36:00 CEST 
Security and bugfixes, advisory will follow:


SRPMS:
glibc-2.36-49.mga9.src.rpm


i586:
glibc-2.36-49.mga9.i586.rpm
glibc-devel-2.36-49.mga9.i586.rpm
glibc-doc-2.36-49.mga9.noarch.rpm
glibc-i18ndata-2.36-49.mga9.i586.rpm
glibc-profile-2.36-49.mga9.i586.rpm
glibc-static-devel-2.36-49.mga9.i586.rpm
glibc-utils-2.36-49.mga9.i586.rpm
nscd-2.36-49.mga9.i586.rpm


x86_64:
glibc-2.36-49.mga9.x86_64.rpm
glibc-devel-2.36-49.mga9.x86_64.rpm
glibc-doc-2.36-49.mga9.noarch.rpm
glibc-i18ndata-2.36-49.mga9.x86_64.rpm
glibc-profile-2.36-49.mga9.x86_64.rpm
glibc-static-devel-2.36-49.mga9.x86_64.rpm
glibc-utils-2.36-49.mga9.x86_64.rpm
nscd-2.36-49.mga9.x86_64.rpm
Comment 1 Thomas Backlund 2023-09-16 15:53:42 CEST 
changes:
- getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)
- Stack read overflow with large TCP responses in no-aaaa mode (CVE-2023-4527)

- elf: Introduce to _dl_call_fini
- elf: Do not run constructors for proxy objects
- elf: Always call destructors in reverse constructor order [BZ #30785]
- elf: Remove unused l_text_end field from struct link_map
- elf: Move l_init_called_next to old place of l_text_end in link map
- elf: Fix slow tls access after dlopen [BZ #19924]
- intl: Treat C.UTF-8 locale like C locale [BZ# 16621]
- x86: Increase non_temporal_threshold to roughly "sizeof_L3 / 4"
- x86: Fix slight bug in shared_per_thread cache size calculation
- x86: Use 3/4*sizeof(per-thread-L3) as low bound for NT threshold
- x86: Fix incorrect scope of setting shared_per_thread [BZ# 30745]
Comment 2 Thomas Andrews 2023-09-17 04:21:40 CEST 
AMD Phenom II X4 910, AMD HD 8490 graphics, Atheros wifi, MGA9-64 Plasma system.

No installation issues. No new issues with the reboot, continued failure of the rtl8192eu module to build. (bug 32200) Checked this and that after the reboot, with no issues to report.

CC: (none) => andrewsfarm

Comment 3 Morgan Leijström 2023-09-17 22:46:32 CEST 
mga9-64: clean update of existing packages
Also in same session installed kernel and all other stuff from testing.
A day and a couple reboots since, no problems noted.
Intel i7-870, nvidia-current on GTX750, Plasma

CC: (none) => fri

Comment 4 Ulrich Beckmann 2023-09-21 20:36:20 CEST 
Tested on a Sony Vaio E Series notebook, Intel i5 4core, KDE Plasma amd64

Other stuff from QA Testing
Kernel-Linus
Mariadb

The System has a AMD/ATI graphic card. It is momentarily disabled (nomodeset) due to misfunction or overheating.

KDE Plasma on Qemu/KVM, Virt-Manger
Host is Fedora 38

No regression found.

Ulrich

CC: (none) => bequimao.de

Comment 5 Ulrich Beckmann 2023-09-21 20:42:23 CEST 
N.B.
The error message from https://bugs.mageia.org/show_bug.cgi?id=31909
is still present.

No regression, no showstopper, as the transaction is complete and without error.
Ulrich Beckmann 2023-09-21 20:46:31 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=31909

Comment 6 Thomas Andrews 2023-09-23 03:18:07 CEST 
MGA9-32 Xfce on Foolishness, my Dell Inspiron 5100, P4, Radeon RV200 graphics. No installation issues, and no regressions noted.

MGA9-64 Plasma on an HP Pavilion 15, AMD A8-4555, AMD HD 7600G graphics. No installation issues, and no regressions noted.

Giving this an OK on both arches, and validating.

Whiteboard: (none) => MGA9-64-OK MGA9-32-OK
CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Comment 7 Marja Van Waes 2023-09-26 22:16:22 CEST 
Advisory uploaded, not assigned to sysadmin team, because I'm not a QA team member.

Note that this update might cause a different vulnerability in the GNU C Library

https://nvd.nist.gov/vuln/detail/CVE-2023-5156

URL: (none) => https://nvd.nist.gov/vuln/detail/CVE-2023-4806, https://nvd.nist.gov/vuln/detail/CVE-2023-4527
Keywords: (none) => advisory
Whiteboard: MGA9-64-OK MGA9-32-OK => MGA9-64-OK MGA9-32-OK advisory
CC: (none) => marja11
Summary: Update reuest: glibc-2.36-49.mga9 => Update request: glibc-2.36-49.mga9

Thomas Andrews 2023-09-27 03:39:33 CEST

Whiteboard: MGA9-64-OK MGA9-32-OK advisory => MGA9-64-OK MGA9-32-OK

Comment 8 Thomas Andrews 2023-09-27 03:50:34 CEST 
(In reply to Marja Van Waes from comment #7)
> Advisory uploaded, not assigned to sysadmin team, because I'm not a QA team
> member.
> 
Looking over other resolved updates, it appears that they are rarely re-assigned from QA. sysadmin-bugs is CCed automatically when the update is verified, and that seems to be enough.
Marja Van Waes 2023-09-27 11:38:10 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=32328

Comment 9 Mageia Robot 2023-09-27 18:33:43 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0270.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.