CVE-2024-45751 was announced here: https://www.openwall.com/lists/oss-security/2024/09/07/2
Status comment: (none) => Fixed upstream in 1.0.93CVE: (none) => CVE-2024-45751Whiteboard: (none) => MGA9TOOSource RPM: (none) => tgt-1.0.85-1.mga9.src.rpm
No registered maintainer, so assigning to all.
URL: (none) => https://www.openwall.com/lists/oss-security/2024/09/07/2Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Suggested advisory: ======================== The updated package fixes a security vulnerability: tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. (CVE-2024-45751) References: https://www.openwall.com/lists/oss-security/2024/09/07/2 ======================== Updated package in core/updates_testing: ======================== tgt-1.0.85-1.1.mga9 from SRPM: tgt-1.0.85-1.1.mga9.src.rpm
Status comment: Fixed upstream in 1.0.93 => (none)Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugs
Whiteboard: MGA9TOO => (none)Version: Cauldron => 9
Keywords: (none) => advisory
RH x86_64 LC_ALL=C urpmi tgt To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release (distrib1)") perl-Config-General 2.650.0 1.mga9 noarch tgt 1.0.85 1.mga9 x86_64 654KB of additional disk space will be used. 252KB of packages will be retrieved. Proceed with the installation of the 2 packages? (Y/n) y https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/tgt-1.0.85-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/perl-Config-General-2.650.0-1.mga9.noarch.rpm installing perl-Config-General-2.650.0-1.mga9.noarch.rpm tgt-1.0.85-1.mga9.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ################################################################################################## 1/2: perl-Config-General ################################################################################################## 2/2: tgt ################################################################################################## LC_ALL=C urpmi --auto --auto-update adding 66 new rpms not available in existing hdlist replacing /var/cache/urpmi/partial/synthesis.hdlist.cz with synthesis.hdlist.cz.tmp updating /var/cache/urpmi/partial/MD5SUM updated medium "QA Testing (32-bit)" medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing tgt-1.0.85-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: tgt ################################################################################################## 1/1: removing tgt-1.0.85-1.mga9.x86_64 ################################################################################################## Not previous round and information about this looks a few complex to me Aso the url https://stgt.sourceforge.net/ us not valid, perhaps should be changed to https://github.com/fujita/tgt
Thomas I require you view on this
CC: (none) => andrewsfarm
There are three entries in the man pages: tgt-admin tgt-setup-lun (lun => logical unit number) tgtadm None of them particularly helpful to a complete beginner so katnatek is correct that this is probably too complex for real testing in QA. It needs somebody with actual experience of using frameworks to build projects or tools.
CC: (none) => tarazed25
Len has been at this longer than I have, and I value his judgement. Sending this on...
Whiteboard: (none) => MGA9-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0304.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED