CVE-2024-46544 was announced here: https://www.openwall.com/lists/oss-security/2024/09/23/1
Source RPM: (none) => apache-mod_jk-1.2.49-1.mga10.src.rpmCVE: (none) => CVE-2024-46544Whiteboard: (none) => MGA9TOOStatus comment: (none) => Fixed upstream in 1.2.50
Suggested advisory: ======================== The updated packages fix a security vulnerability: Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. (CVE-2024-46544) References: https://www.openwall.com/lists/oss-security/2024/09/23/1 ======================== Updated packages in core/updates_testing: ======================== apache-mod_jk-1.2.50-1.mga9 apache-mod_jk-manual-1.2.50-1.mga9 apache-mod_jk-tools-1.2.50-1.mga9 from SRPM: apache-mod_jk-1.2.50-1.mga9.src.rpm
Version: Cauldron => 9Whiteboard: MGA9TOO => (none)Source RPM: apache-mod_jk-1.2.49-1.mga10.src.rpm => apache-mod_jk-1.2.49-1.mga9.src.rpmAssignee: bugsquad => qa-bugsStatus: NEW => ASSIGNEDStatus comment: Fixed upstream in 1.2.50 => (none)
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. Ref bug 16078 for testing # systemctl start httpd # systemctl -l status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled) Active: active (running) since Wed 2024-09-25 09:56:29 CEST; 2min 40s ago Main PID: 4337 (/usr/sbin/httpd) Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes served/sec: 0 B/sec" Tasks: 11 (limit: 4473) Memory: 18.6M CPU: 903ms CGroup: /system.slice/httpd.service ├─4337 /usr/sbin/httpd -DFOREGROUND ├─4341 /usr/sbin/httpd -DFOREGROUND ├─4343 /usr/sbin/httpd -DFOREGROUND ├─4345 /usr/sbin/httpd -DFOREGROUND ├─4347 /usr/sbin/httpd -DFOREGROUND └─4349 /usr/sbin/httpd -DFOREGROUND Sep 25 09:56:28 mach4.hviaene.thuis systemd[1]: Starting httpd.service... Sep 25 09:56:29 mach4.hviaene.thuis systemd[1]: Started httpd.service. # systemctl stop httpd # systemctl -l status httpd ○ httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled) Active: inactive (dead) since Wed 2024-09-25 09:59:55 CEST; 6s ago Duration: 3min 25.553s Process: 4337 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS) Main PID: 4337 (code=exited, status=0/SUCCESS) Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes served/sec: 0 B/sec" CPU: 1.361s Sep 25 09:56:28 mach4.hviaene.thuis systemd[1]: Starting httpd.service... Sep 25 09:56:29 mach4.hviaene.thuis systemd[1]: Started httpd.service. Sep 25 09:59:54 mach4.hviaene.thuis systemd[1]: Stopping httpd.service... Sep 25 09:59:55 mach4.hviaene.thuis systemd[1]: httpd.service: Deactivated successfully. Sep 25 09:59:55 mach4.hviaene.thuis systemd[1]: Stopped httpd.service. Sep 25 09:59:55 mach4.hviaene.thuis systemd[1]: httpd.service: Consumed 1.361s CPU time. # httpd -M | grep jk jk_module (shared) Looks OK as in bug 33083.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0315.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED