33305 – virtuoso-opensource new security issues CVE-2023-3160[7-9], CVE-2023-3161[0-9], CVE-2023-31620, CVE-2023-3162[2-9], CVE-2023-3163[01], CVE-2023-4894[5-7], CVE-2023-4895[01]

Bug 33305 - virtuoso-opensource new security issues CVE-2023-3160[7-9], CVE-2023-3161[0-9], CVE-2023-31620, CVE-2023-3162[2-9], CVE-2023-3163[01], CVE-2023-4894[5-7], CVE-2023-4895[01]

Summary: virtuoso-opensource new security issues CVE-2023-3160[7-9], CVE-2023-3161[0-9...

Status:	NEW

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	All Packagers
QA Contact:	Sec team

URL:
Whiteboard:	MGA9TOO
Keywords:

Depends on:
Blocks:

Reported:	2024-06-13 16:45 CEST by Nicolas Salguero
Modified:	2024-07-05 14:48 CEST (History)
CC List:	0 users

See Also:
Source RPM:	virtuoso-opensource-6.1.8-10.mga9.src.rpm
CVE:	CVE-2023-31607,CVE-2023-31608,CVE-2023-31609,CVE-2023-31610,CVE-2023-31611,CVE-2023-31612,CVE-2023-31613,CVE-2023-31614,CVE-2023-31615,CVE-2023-31616,CVE-2023-31617,CVE-2023-31618,CVE-2023-31619,CVE-2023-31623,CVE-2023-31625,CVE-2023-31628
Status comment:	Patches available from Ubuntu

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-06-13 16:45:13 CEST

Ubuntu has issued an advisory on June 13:
https://ubuntu.com/security/notices/USN-6832-1

Mageia 9 is also affected.

Nicolas Salguero 2024-06-13 16:47:12 CEST

Status comment: (none) => Patches available from Ubuntu
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => virtuoso-opensource-6.1.8-10.mga9.src.rpm
CVE: (none) => CVE-2023-31607,CVE-2023-31608,CVE-2023-31609,CVE-2023-31610,CVE-2023-31611,CVE-2023-31612,CVE-2023-31613,CVE-2023-31614,CVE-2023-31615,CVE-2023-31616,CVE-2023-31617,CVE-2023-31618,CVE-2023-31619,CVE-2023-31623,CVE-2023-31625,CVE-2023-31628

Comment 1 Lewis Smith 2024-06-13 21:55:01 CEST

"Patches available from Ubuntu": Most CVEs have what I think are the following patches:
https://github.com/openlink/virtuoso-opensource/commit/ea8b2c975c6c96f36e34014d6c71a73761198ebe
https://github.com/openlink/virtuoso-opensource/commit/9c5bdeb73b00b5ae88db0be036d429d779126094
https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
https://github.com/openlink/virtuoso-opensource/commit/db0b768dfbb66e306504d0f7951c4ae4932edd74
https://github.com/openlink/virtuoso-opensource/commit/2b64ad928ef5f75fc93091677a78abfbd17ea07f
https://github.com/openlink/virtuoso-opensource/commit/030e47a29976709a50603e3f34e82278e5f462df
https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2024-07-05 14:48:41 CEST

Ubuntu has issued an advisory on July 4:
https://ubuntu.com/security/notices/USN-6879-1

They fix CVE-2023-3162[024679], CVE-2023-3163[01], CVE-2023-4894[5-7], CVE-2023-4895[01].

Summary: virtuoso-opensource new security issues CVE-2023-3160[7-9], CVE-2023-3161[0-9], CVE-2023-3162[358] => virtuoso-opensource new security issues CVE-2023-3160[7-9], CVE-2023-3161[0-9], CVE-2023-31620, CVE-2023-3162[2-9], CVE-2023-3163[01], CVE-2023-4894[5-7], CVE-2023-4895[01]

Note You need to log in before you can comment on or make changes to this bug.