RedHat has issued an advisory on April 30: https://lwn.net/Articles/971670/ The fix is: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57 Mageia 9 is also affected.
CVE: (none) => CVE-2024-24258, CVE-2024-24259Source RPM: (none) => freeglut-3.4.0-1.mga9.src.rpmWhiteboard: (none) => MGA9TOO
Suggested advisory: ======================== The updated packages fix security vulnerabilities: freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. (CVE-2024-24258) freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. (CVE-2024-24259) References: https://lwn.net/Articles/971670/ ======================== Updated packages in core/updates_testing: ======================== lib(64)freeglut3-3.4.0-1.1.mga9 lib(64)freeglut-devel-3.4.0-1.1.mga9 from SRPM: freeglut-3.4.0-1.1.mga9.src.rpm
Status: NEW => ASSIGNEDVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)Assignee: bugsquad => qa-bugs
CC: (none) => mageia
Keywords: (none) => advisory
RH mageia 9 x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing lib64freeglut3-3.4.0-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: lib64freeglut3 ################################################################################################## 1/1: removing lib64freeglut3-3.4.0-1.mga9.x86_64 ################################################################################################## urpmq --whatrequires-recursive lib64freeglut3 provides lots of files Can't find evidence the lib is loaded using strace in glxinfo or smplayer
CC: (none) => andrewsfarm
Whiteboard: (none) => MGA9-64-OK, MGA9-32-OK
RH mageia 9 i586 Updated without issues Of the applications reported to require libfreeglut3 all what I test works smplayer vlc glxinfo As in 64bit test the library not gives evidence in strace Nothing more to test by my part, feel free of remove the OK if necessary
I tried a couple of applications, and couldn't find a trace, either. Letting it go on a clean install that doesn't seem to break anything. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0165.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED