Fedora has issued an advisory on April 16: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/ The problem is fixed in version 2.28.8. Mageia 9 is also affected.
CVE: (none) => CVE-2024-28960Status comment: (none) => Fixed upstream in 2.28.8Whiteboard: (none) => MGA9TOOSource RPM: (none) => mbedtls-2.28.7-1.mga9.src.rpm
Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. (CVE-2024-28960) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/ ======================== Updated packages in core/updates_testing: ======================== lib(64)mbedcrypto7-2.28.8-1.mga9 lib(64)mbedtls14-2.28.8-1.mga9 lib(64)mbedtls-devel-2.28.8-1.mga9 lib(64)mbedx509_1-2.28.8-1.mga9 mbedtls-2.28.8-1.mga9 from SRPM: mbedtls-2.28.8-1.mga9.src.rpm
Version: Cauldron => 9Whiteboard: MGA9TOO => (none)Status: NEW => ASSIGNEDStatus comment: Fixed upstream in 2.28.8 => (none)Assignee: bugsquad => qa-bugs
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on HP-Pavillion. No installation issues. Repeated tests as in bug 31058 Comment 3: hiawatha runs OK and answsers with its webpage, godot let me download some demo and move an object around. OK for me.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
CC: (none) => andrewsfarm
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
This was pushed to updates while Bugzilla was down. https://advisories.mageia.org/MGASA-2024-0146.html
Resolution: (none) => FIXEDCC: (none) => danStatus: ASSIGNED => RESOLVED
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0146.html