A new glibc security issue was introduced by the fix for CVE-2023-4806. The affected glibc package for Mageia 9 has (at this moment) not yet been moved from testing to core/updates, but is ready to be moved
Whiteboard: (none) => MGA9TOO
Hi, Actually, the glibc package has been moved to core/updates. glibc-2.36-50.mga{9|10} are currently building and they contain the patch for that new CVE. Best regards, Nico.
CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDAssignee: basesystem => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. (CVE-2023-5156) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5156 ======================== Updated packages in core/updates_testing: ======================== glibc-2.36-50.mga9 glibc-devel-2.36-50.mga9 glibc-doc-2.36-50.mga9 glibc-i18ndata-2.36-50.mga9 glibc-profile-2.36-50.mga9 glibc-static-devel-2.36-50.mga9 glibc-utils-2.36-50.mga9 nscd-2.36-50.mga9 from SRPM: glibc-2.36-50.mga9.src.rpm
Version: Cauldron => 9Source RPM: glibc-2.36-49.mga9, glibc-2.36-49.mga10 => glibc-2.36-49.mga9.src.rpmWhiteboard: MGA9TOO => (none)Assignee: nicolas.salguero => qa-bugs
mga9-64 no regressions noted. Normal dekstop activities Plasma, Intel I7-870
CC: (none) => fri
Have used this for a couple of days now, with no regressions noticed. Giving it an OK and Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA9-64-OK
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0281.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED