CVE-2023-49582 was announced here: https://openwall.com/lists/oss-security/2024/08/26/1 Fixed in 1.7.5.
Source RPM: (none) => apr-1.7.4-1.mga10.src.rpmWhiteboard: (none) => MGA9TOOCVE: (none) => CVE-2023-49582
No registered maintainer, so assigning to all. CC'ing daviddavid, who was the last one to touch this package
Assignee: bugsquad => pkg-bugsCC: (none) => geiger.david68210, marja11
Suggested advisory: ======================== The updated packages fix a security vulnerability: Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. (CVE-203-49582) References: https://openwall.com/lists/oss-security/2024/08/26/1 ======================== Updated packages in core/updates_testing: ======================== lib(64)apr1_0-1.7.5-1.mga9 lib(64)apr-devel-1.7.5-1.mga9 from SRPM: apr-1.7.5-1.mga9.src.rpm
Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDSource RPM: apr-1.7.4-1.mga10.src.rpm => apr-1.7.2-1.mga9.src.rpmWhiteboard: MGA9TOO => (none)Version: Cauldron => 9
Keywords: (none) => advisory
MGA9-64 server Plasma Wayland on HP-Pavillion No installation issues. Similar problem as in bug 31485, had processes for httpd running while status said inactive. Had to issue two consecutive stop commands and then all seems to work normally. # systemctl -l status httpd × httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled) Active: failed (Result: exit-code) since Mon 2024-09-09 11:15:31 CEST; 4min 13s ago Process: 61295 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Main PID: 61295 (code=exited, status=1/FAILURE) Status: "Reading configuration..." CPU: 135ms Sep 09 11:15:31 mach4.hviaene.thuis systemd[1]: Starting httpd.service... Sep 09 11:15:31 mach4.hviaene.thuis systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAI> Sep 09 11:15:32 mach4.hviaene.thuis httpd[61295]: (98)Address already in use: AH00072: make_sock: could not b> Sep 09 11:15:32 mach4.hviaene.thuis httpd[61295]: (98)Address already in use: AH00072: make_sock: could not b> Sep 09 11:15:32 mach4.hviaene.thuis httpd[61295]: no listening sockets available, shutting down Sep 09 11:15:32 mach4.hviaene.thuis httpd[61295]: AH00015: Unable to open logs Sep 09 11:15:31 mach4.hviaene.thuis systemd[1]: httpd.service: Failed with result 'exit-code'. Sep 09 11:15:31 mach4.hviaene.thuis systemd[1]: Failed to start httpd.service. # systemctl stop httpd # systemctl stop httpd # systemctl start httpd # systemctl -l status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled) Active: active (running) since Mon 2024-09-09 11:20:21 CEST; 29s ago Main PID: 61583 (/usr/sbin/httpd) Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes served/sec: 0 B/sec" Tasks: 6 (limit: 4473) Memory: 36.6M CPU: 787ms CGroup: /system.slice/httpd.service ├─61583 /usr/sbin/httpd -DFOREGROUND ├─61587 /usr/sbin/httpd -DFOREGROUND ├─61588 /usr/sbin/httpd -DFOREGROUND ├─61589 /usr/sbin/httpd -DFOREGROUND ├─61590 /usr/sbin/httpd -DFOREGROUND └─61591 /usr/sbin/httpd -DFOREGROUND Sep 09 11:20:20 mach4.hviaene.thuis systemd[1]: Starting httpd.service... Sep 09 11:20:21 mach4.hviaene.thuis systemd[1]: Started httpd.service. # systemctl stop httpd # systemctl -l status httpd ○ httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled) Active: inactive (dead) since Mon 2024-09-09 11:25:53 CEST; 3s ago Duration: 5min 31.454s Process: 61583 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS) Main PID: 61583 (code=exited, status=0/SUCCESS) Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes served/sec: 0 B/sec" CPU: 1.213s Sep 09 11:20:20 mach4.hviaene.thuis systemd[1]: Starting httpd.service... Sep 09 11:20:21 mach4.hviaene.thuis systemd[1]: Started httpd.service. Sep 09 11:25:52 mach4.hviaene.thuis systemd[1]: Stopping httpd.service... Sep 09 11:25:53 mach4.hviaene.thuis systemd[1]: httpd.service: Deactivated successfully. Sep 09 11:25:53 mach4.hviaene.thuis systemd[1]: Stopped httpd.service. Sep 09 11:25:53 mach4.hviaene.thuis systemd[1]: httpd.service: Consumed 1.213s CPU time. # systemctl start httpd # systemctl -l status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled) Active: active (running) since Mon 2024-09-09 11:26:07 CEST; 2s ago Main PID: 61857 (/usr/sbin/httpd) Status: "Processing requests..." Tasks: 6 (limit: 4473) Memory: 18.2M CPU: 416ms CGroup: /system.slice/httpd.service ├─61857 /usr/sbin/httpd -DFOREGROUND ├─61859 /usr/sbin/httpd -DFOREGROUND ├─61860 /usr/sbin/httpd -DFOREGROUND ├─61861 /usr/sbin/httpd -DFOREGROUND ├─61862 /usr/sbin/httpd -DFOREGROUND └─61863 /usr/sbin/httpd -DFOREGROUND Sep 09 11:26:07 mach4.hviaene.thuis systemd[1]: Starting httpd.service... Sep 09 11:26:07 mach4.hviaene.thuis systemd[1]: Started httpd.service. pointing to http://localhost:631/ brings up CUPS OK. Seems good enough.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0292.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED