That CVE was announced here: https://www.openwall.com/lists/oss-security/2024/04/17/9
Source RPM: (none) => glibc-2.36-52.mga9.src.rpmStatus comment: (none) => Patch available from upstreamCVE: (none) => CVE-2024-2961
Suggested advisory: ======================== The updated packages fix a security vulnerability: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. (CVE-2024-2961) References: https://www.openwall.com/lists/oss-security/2024/04/17/9 ======================== Updated packages in core/updates_testing: ======================== glibc-2.36-53.mga9 glibc-devel-2.36-53.mga9 glibc-doc-2.36-53.mga9 glibc-i18ndata-2.36-53.mga9 glibc-profile-2.36-53.mga9 glibc-static-devel-2.36-53.mga9 glibc-utils-2.36-53.mga9 nscd-2.36-53.mga9 from SRPM: glibc-2.36-53.mga9.src.rpm
Status comment: Patch available from upstream => (none)Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNED
CC: (none) => mageia
Keywords: (none) => advisory
Mageia9, x86_64 All packages installed/updated cleanly. Rebooted from linus kernel to desktop kernel OK and all seems to be well.
CC: (none) => tarazed25
Tried out memusage in basic manner: $ memusage --png=test glmark2 -b refract This produced columns of numbers and histograms in the terminal and also a graphical representation in test.png. No idea what it all means but it seems to work. The other glibc-utils are trace facilities for memory leaks and function calls.
Mageia9, x86_64 All packages installed/updated cleanly. Reboot ok, no issues for the moment. Currently, I have using my computer fine.
CC: (none) => joselp
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. Rebooted after installation. Repeated test from Comment 3 above with same results. Tested LO files, wav, avi, this internet connection, all works OK.
CC: (none) => herman.viaene
MGA9-64, Cinnamon, i7 M620, nvidia GT218M (Nouveau), laptop It was installed with my kernel testing on this machine. No issues with machine and functioning as expected.
CC: (none) => brtians1
mga9-64 on my workstation Updated, rebooted, used a few hours, no issues noted
CC: (none) => fri
MGA9-64 Plasma on an HP Pavilion. Updated without issues this morning, used it for a couple of hours without any problems.
CC: (none) => andrewsfarm
MGA9-32 Xfce, Foolishness, my Dell Inspiron 5100, P4, Radeon RV200 graphics, desktop586 kernel. No installation issues, and a quick check showed no issues to report. I will do a better test later today when I get the time, but I don't anticipate any problems.
RH mageia 8 i586 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date installing glibc-devel-2.36-53.mga9.i586.rpm glibc-2.36-53.mga9.i586.rpm glibc-utils-2.36-53.mga9.i586.rpm from //home/katnatek/qa-testing/i586 Preparing... ################################################################ 1/3: glibc ################################################################ 2/3: glibc-devel ################################################################ 3/3: glibc-utils ################################################################ 1/3: removing glibc-utils-6:2.36-52.mga9.i586 ################################################################ 2/3: removing glibc-devel-6:2.36-52.mga9.i586 ################################################################ 3/3: removing glibc-6:2.36-52.mga9.i586 ################################################################ You should restart your computer for glibc restarting urpmi installing nscd-2.36-53.mga9.i586.rpm glibc-doc-2.36-53.mga9.noarch.rpm glibc-i18ndata-2.36-53.mga9.i586.rpm glibc-profile-2.36-53.mga9.i586.rpm from //home/katnatek/qa-testing/i586 Preparing... ################################################################ 1/4: glibc-profile ################################################################ 2/4: glibc-i18ndata ################################################################ 3/4: glibc-doc ################################################################ 4/4: nscd ################################################################ 1/4: removing glibc-profile-6:2.36-52.mga9.i586 ################################################################ 2/4: removing glibc-i18ndata-6:2.36-52.mga9.i586 ################################################################ 3/4: removing glibc-doc-6:2.36-52.mga9.noarch ################################################################ 4/4: removing nscd-6:2.36-52.mga9.i586 ################################################################ Reboot test memusage --png=test rpm -qa Works fine
(In reply to katnatek from comment #10) > RH mageia 8 i586 Of course is mageia 9
MGA9-32 Xfce again on Foolishness, this time with the desktop kernel. This particular install hadn't been used in a while, and there were several updates waiting, a good test of that situation. No installation issues, including updating the kernel. After the reboot, tried several things, with no obvious issues to report. Looks good enough to me. Validating the update.
CC: (none) => sysadmin-bugsWhiteboard: (none) => MGA9-32-OK MGA9-64-OKKeywords: (none) => validated_update
This was pushed to updates while Bugzilla was down. https://advisories.mageia.org/MGASA-2024-0147.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXEDCC: (none) => dan
(In reply to Dan Fandrich from comment #13) > This was pushed to updates while Bugzilla was down. > https://advisories.mageia.org/MGASA-2024-0147.html I note that, but I was waiting to see if the normal notification of mageia robot come or not Thank you
It won't come. It tries once and if it fails, that's it.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0147.html
Interesting, the notification did eventually come. It seems mgaadv looks at the status file for previous advisories every time it's run and retries previous failures in the bug close (and presumbably) mail steps. I learned something today.