Bug 32292 - Update request: glibc-2.36-49.mga9
Summary: Update request: glibc-2.36-49.mga9
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard: MGA9-64-OK MGA9-32-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2023-09-16 15:36 CEST by Thomas Backlund
Modified: 2023-09-27 03:50 CEST (History)
5 users (show)

See Also:
Source RPM: glibc
Status comment:


Description Thomas Backlund 2023-09-16 15:36:00 CEST
Security and bugfixes, advisory will follow:



Comment 1 Thomas Backlund 2023-09-16 15:53:42 CEST
- getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)
- Stack read overflow with large TCP responses in no-aaaa mode (CVE-2023-4527)

- elf: Introduce to _dl_call_fini
- elf: Do not run constructors for proxy objects
- elf: Always call destructors in reverse constructor order [BZ #30785]
- elf: Remove unused l_text_end field from struct link_map
- elf: Move l_init_called_next to old place of l_text_end in link map
- elf: Fix slow tls access after dlopen [BZ #19924]
- intl: Treat C.UTF-8 locale like C locale [BZ# 16621]
- x86: Increase non_temporal_threshold to roughly "sizeof_L3 / 4"
- x86: Fix slight bug in shared_per_thread cache size calculation
- x86: Use 3/4*sizeof(per-thread-L3) as low bound for NT threshold
- x86: Fix incorrect scope of setting shared_per_thread [BZ# 30745]
Comment 2 Thomas Andrews 2023-09-17 04:21:40 CEST
AMD Phenom II X4 910, AMD HD 8490 graphics, Atheros wifi, MGA9-64 Plasma system.

No installation issues. No new issues with the reboot, continued failure of the rtl8192eu module to build. (bug 32200) Checked this and that after the reboot, with no issues to report.

CC: (none) => andrewsfarm

Comment 3 Morgan Leijström 2023-09-17 22:46:32 CEST
mga9-64: clean update of existing packages
Also in same session installed kernel and all other stuff from testing.
A day and a couple reboots since, no problems noted.
Intel i7-870, nvidia-current on GTX750, Plasma

CC: (none) => fri

Comment 4 Ulrich Beckmann 2023-09-21 20:36:20 CEST
Tested on a Sony Vaio E Series notebook, Intel i5 4core, KDE Plasma amd64

Other stuff from QA Testing

The System has a AMD/ATI graphic card. It is momentarily disabled (nomodeset) due to misfunction or overheating.

KDE Plasma on Qemu/KVM, Virt-Manger
Host is Fedora 38

No regression found.


CC: (none) => bequimao.de

Comment 5 Ulrich Beckmann 2023-09-21 20:42:23 CEST
The error message from https://bugs.mageia.org/show_bug.cgi?id=31909
is still present.

No regression, no showstopper, as the transaction is complete and without error.
Ulrich Beckmann 2023-09-21 20:46:31 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=31909

Comment 6 Thomas Andrews 2023-09-23 03:18:07 CEST
MGA9-32 Xfce on Foolishness, my Dell Inspiron 5100, P4, Radeon RV200 graphics. No installation issues, and no regressions noted.

MGA9-64 Plasma on an HP Pavilion 15, AMD A8-4555, AMD HD 7600G graphics. No installation issues, and no regressions noted.

Giving this an OK on both arches, and validating.

CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA9-64-OK MGA9-32-OK
Keywords: (none) => validated_update

Comment 7 Marja Van Waes 2023-09-26 22:16:22 CEST
Advisory uploaded, not assigned to sysadmin team, because I'm not a QA team member.

Note that this update might cause a different vulnerability in the GNU C Library


Whiteboard: MGA9-64-OK MGA9-32-OK => MGA9-64-OK MGA9-32-OK advisory
Keywords: (none) => advisory
Summary: Update reuest: glibc-2.36-49.mga9 => Update request: glibc-2.36-49.mga9
CC: (none) => marja11
URL: (none) => https://nvd.nist.gov/vuln/detail/CVE-2023-4806, https://nvd.nist.gov/vuln/detail/CVE-2023-4527

Thomas Andrews 2023-09-27 03:39:33 CEST

Whiteboard: MGA9-64-OK MGA9-32-OK advisory => MGA9-64-OK MGA9-32-OK

Comment 8 Thomas Andrews 2023-09-27 03:50:34 CEST
(In reply to Marja Van Waes from comment #7)
> Advisory uploaded, not assigned to sysadmin team, because I'm not a QA team
> member.
Looking over other resolved updates, it appears that they are rarely re-assigned from QA. sysadmin-bugs is CCed automatically when the update is verified, and that seems to be enough.

Note You need to log in before you can comment on or make changes to this bug.