Bug 33766 - glib2.0 new security issue CVE-2024-52533
Summary: glib2.0 new security issue CVE-2024-52533
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-11-14 09:42 CET by Nicolas Salguero
Modified: 2024-12-02 18:46 CET (History)
4 users (show)

See Also:
Source RPM: glib2.0-2.76.3-1.2.mga9.src.rpm
CVE: CVE-2024-52533
Status comment:


Attachments

Description Nicolas Salguero 2024-11-14 09:42:28 CET
CVE-2024-52533 was announced here:
https://www.openwall.com/lists/oss-security/2024/11/12/11
Nicolas Salguero 2024-11-14 09:44:02 CET

Source RPM: (none) => glib2.0-2.76.3-1.2.mga9.src.rpm
CVE: (none) => CVE-2024-52533

Comment 1 Lewis Smith 2024-11-14 22:07:32 CET
Our M9 version  2.76.3 goes back a long way; we have in Cauldron recent version 2.82.2. Is it sufficient to update it?
CC'ing DavidG because you have done most updates for glib2.0

Assignee: bugsquad => basesystem
CC: (none) => geiger.david68210

Comment 2 Nicolas Salguero 2024-11-28 11:45:51 CET
Suggested advisory:
========================

The updated packages fix a security vulnerability:

Buffer overflow in socks proxy code in glib < 2.82.1. (CVE-2024-52533)

References:
https://www.openwall.com/lists/oss-security/2024/11/12/11
========================

Updated packages in core/updates_testing:
========================
glib-gettextize-2.76.3-1.3.mga9
glib2.0-common-2.76.3-1.3.mga9
glib2.0-tests-2.76.3-1.3.mga9
lib(64)gio2.0_0-2.76.3-1.3.mga9
lib(64)glib2.0_0-2.76.3-1.3.mga9
lib(64)glib2.0-devel-2.76.3-1.3.mga9
lib(64)glib2.0-static-devel-2.76.3-1.3.mga9

from SRPM:
glib2.0-2.76.3-1.3.mga9.src.rpm

Assignee: basesystem => qa-bugs
Status: NEW => ASSIGNED

katnatek 2024-11-28 18:09:05 CET

Keywords: (none) => advisory

Comment 3 katnatek 2024-11-28 18:30:48 CET
RH x86_64

installing lib64glib2.0_0-2.76.3-1.3.mga9.x86_64.rpm glib2.0-common-2.76.3-1.3.mga9.x86_64.rpm lib64gio2.0_0-2.76.3-1.3.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/3: lib64glib2.0_0        ##################################################################################################
      2/3: lib64gio2.0_0         ##################################################################################################
      3/3: glib2.0-common        ##################################################################################################
      1/3: removing glib2.0-common-2.76.3-1.2.mga9.x86_64
                                 ##################################################################################################
      2/3: removing lib64gio2.0_0-2.76.3-1.2.mga9.x86_64
                                 ##################################################################################################
      3/3: removing lib64glib2.0_0-2.76.3-1.2.mga9.x86_64
                                 ##################################################################################################

audacity works
pidgin works
Comment 4 Herman Viaene 2024-11-29 10:05:22 CET
Note: the quicklink in the updates list links to "0" for this entry. Bug???

CC: (none) => herman.viaene

Comment 5 Herman Viaene 2024-11-29 10:41:03 CET
MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues.
Tested by running audacity and thunar, all work OK.
Comment 6 katnatek 2024-11-30 01:41:04 CET
(In reply to Herman Viaene from comment #4)
> Note: the quicklink in the updates list links to "0" for this entry. Bug???

Yes a bug in madb https://bugs.mageia.org/show_bug.cgi?id=33729 and mga-advisor
katnatek 2024-12-02 16:40:36 CET

Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm

Comment 7 Herman Viaene 2024-12-02 16:43:58 CET
MGA8 ?????
katnatek 2024-12-02 16:46:04 CET

Whiteboard: MGA8-64-OK => MGA9-64-OK

Comment 8 Thomas Andrews 2024-12-02 18:01:08 CET
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 9 Mageia Robot 2024-12-02 18:46:47 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0386.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.