Ubuntu has issued an advisory on March 27: https://ubuntu.com/security/notices/USN-6715-1 Mageia 9 is also affected.
Source RPM: (none) => unixODBC-2.3.12-1.mga10.src.rpmWhiteboard: (none) => MGA9TOOCVE: (none) => CVE-2024-1013Status comment: (none) => Patch available from upstream and Ubuntu
Done for Cauldron and mga9 too!
Version: Cauldron => 9CC: (none) => geiger.david68210Whiteboard: MGA9TOO => (none)
Assigning to QA, Packages in 9/Core/Updates_testing: ====================== libunixODBC-devel-2.3.11-1.1.mga9 libunixODBC2-2.3.11-1.1.mga9 lib64unixODBC-devel-2.3.11-1.1.mga9 lib64unixODBC2-2.3.11-1.1.mga9 unixODBC-2.3.11-1.1.mga9 From SRPMS: unixODBC-2.3.11-1.1.mga9.src.rpm
Assignee: bugsquad => qa-bugs
Keywords: (none) => advisory
RH mageia 9 x86_64 Install current packages LC_ALL=C urpmi lib64unixODBC-devel lib64unixODBC2 unixODBC Package lib64unixODBC2-2.3.11-1.mga9.x86_64 is already installed Marking lib64unixODBC2 as manually installed, it won't be auto-orphaned writing /var/lib/rpm/installed-through-deps.list To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release (distrib1)") lib64ltdl-devel 2.4.7 1.mga9 x86_64 lib64unixODBC-devel 2.3.11 1.mga9 x86_64 libtool 2.4.7 1.mga9 x86_64 unixODBC 2.3.11 1.mga9 x86_64 1.3MB of additional disk space will be used. 406KB of packages will be retrieved. Proceed with the installation of the 4 packages? (Y/n) y https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64ltdl-devel-2.4.7-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/unixODBC-2.3.11-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64unixODBC-devel-2.3.11-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/libtool-2.4.7-1.mga9.x86_64.rpm installing libtool-2.4.7-1.mga9.x86_64.rpm lib64unixODBC-devel-2.3.11-1.mga9.x86_64.rpm unixODBC-2.3.11-1.mga9.x86_64.rpm lib64ltdl-devel-2.4.7-1.mga9.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ################################################################################################## 1/4: libtool ################################################################################################## 2/4: lib64ltdl-devel ################################################################################################## 3/4: lib64unixODBC-devel ################################################################################################## 4/4: unixODBC ################################################################################################## LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing lib64unixODBC-devel-2.3.11-1.1.mga9.x86_64.rpm lib64unixODBC2-2.3.11-1.1.mga9.x86_64.rpm unixODBC-2.3.11-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/3: lib64unixODBC2 ################################################################################################## 2/3: lib64unixODBC-devel ################################################################################################## 3/3: unixODBC ################################################################################################## 1/3: removing unixODBC-2.3.11-1.mga9.x86_64 ################################################################################################## 2/3: removing lib64unixODBC-devel-2.3.11-1.mga9.x86_64 ################################################################################################## 3/3: removing lib64unixODBC2-2.3.11-1.mga9.x86_64 ################################################################################################## See bug#23253 as reference odbcinst -j unixODBC 2.3.11 DRIVERS............: /etc/odbcinst.ini SYSTEM DATA SOURCES: /etc/odbc.ini FILE DATA SOURCES..: /etc/ODBCDataSources USER DATA SOURCES..: /root/.odbc.ini SQLULEN Size.......: 8 SQLLEN Size........: 8 SQLSETPOSIROW Size.: 8
CC: (none) => andrewsfarm
Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Source RPM: unixODBC-2.3.12-1.mga10.src.rpm => unixODBC-2.3.11-1.mga9.src.rpm
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0106.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED