introduced security issue due to "openssh-7.6p1-audit.patch" https://lwn.net/ml/all/20240708162106.GA4920@openwall.com/ (CVE-2024-6409) (german news): https://www.heise.de/news/OpenSSH-Weitere-RegreSSHion-artige-Luecke-entdeckt-9795874.html Cauldron already dropped many patches, including this one....
CVE: (none) => CVE-2024-6409
@wally: looks like we should backport the fix, we made in cauldron; I guess audit patch is really not needed by mga.
CC: (none) => jani.valimaa
Hi, That CVE does not affect Mageia 9. From https://lwn.net/ml/all/20240708162106.GA4920@openwall.com/: """ The audit patch is also found in Fedora, so the package versions that were based on 8.7p1 and 8.8p1 are affected. Per change log, it appears that out of Fedora releases only 36 and 37 were affected, as well as some updates maybe starting with those for 35 and until those for 37. These versions are now end-of-life, and Fedora 38+ has moved to newer upstream OpenSSH that doesn't make the problematic cleanup_exit() call. """ I checked and I confirm that the code of the function grace_alarm_handler() (in sshd.c) does not call cleanup_exit(). Best regards, Nico.
Resolution: (none) => INVALIDStatus: NEW => RESOLVEDCC: (none) => nicolas.salguero