Bug 34380 - udisks2 new security issue CVE-2025-6019
Summary: udisks2 new security issue CVE-2025-6019
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-32-OK MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2025-06-18 16:13 CEST by Nicolas Salguero
Modified: 2025-06-24 22:12 CEST (History)
10 users (show)

See Also:
Source RPM: udisks2-2.10.1-1.mga10.src.rpm, udisks2-2.9.4-3.mga9.src.rpm, libblockdev-3.2.1-1.mga10, libblockdev-2.28-2.mga9
CVE: CVE-2025-6019
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-06-18 16:13:36 CEST 
CVE-2025-6019 was announced here:
https://www.openwall.com/lists/oss-security/2025/06/17/4
Nicolas Salguero 2025-06-18 16:14:30 CEST

CVE: (none) => CVE-2025-6019
Source RPM: (none) => udisks2-2.10.1-1.mga10.src.rpm, udisks2-2.9.4-3.mga9.src.rpm
Whiteboard: (none) => MGA9TOO

David Walser 2025-06-18 20:49:35 CEST

Summary: udisk2 new security issue CVE-2025-6019 => udisks2 new security issue CVE-2025-6019

Comment 1 Marja Van Waes 2025-06-18 21:27:15 CEST 
No registered maintainer, so assigning to all. CC'ing daviddavid, who was the last one to touch it.

Assignee: bugsquad => pkg-bugs
CC: (none) => geiger.david68210, marja11

Comment 2 papoteur 2025-06-19 09:59:05 CEST 
Fixed for Cauldron in libblockdev 3.3.1
libblockdev-3.3.1-1.mga10

Source RPM: udisks2-2.10.1-1.mga10.src.rpm, udisks2-2.9.4-3.mga9.src.rpm => udisks2-2.10.1-1.mga10.src.rpm, udisks2-2.9.4-3.mga9.src.rpm, libblockdev-3.2.1-1.mga10, libblockdev-2.28-2.mga9
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Status comment: (none) => fix in libblockdev 3.3.1
CC: (none) => yvesbrungard

Comment 3 papoteur 2025-06-20 16:55:02 CEST Comment hidden (obsolete)
papoteur 2025-06-20 16:55:59 CEST

Assignee: pkg-bugs => qa-bugs

PC LX 2025-06-21 00:01:21 CEST

CC: (none) => mageia

Comment 4 papoteur 2025-06-21 08:33:26 CEST 
I get this error in journal:
/usr/libexec/udisks2/udisksd: symbol lookup error: /usr/libexec/udisks2/udisksd: undefined symbol: udisks_manager_nvme_skeleton_get_type

Assignee: qa-bugs => yvesbrungard

Comment 5 papoteur 2025-06-21 11:34:18 CEST 
Submitting:
RPMS:
udisks2-2.10.1-1.1.mga9
udisks2-lsm-2.10.1-1.1.mga9
lib64udisks2_0-2.10.1-1.1.mga9
udisks2-lvm2-2.10.1-1.1.mga9
udisks2-btrfs-2.10.1-1.1.mga9
lib64udisks-gir2.0-2.10.1-1.1.mga9
lib64udisks2-devel-2.10.1-1.1.mga9
lib64bd_smartmontools3-3.3.1-1.mga9
lib64blockdev3-3.3.1-1.mga9
lib64bd_smart3-3.3.1-1.mga9
lib64blockdev-gir3.0-3.3.1-1.mga9
lib64bd_fs3-3.3.1-1.mga9
lib64bd_lvm-dbus3-3.3.1-1.mga9
python3-blockdev-3.3.1-1.mga9
lib64bd_lvm3-3.3.1-1.mga9
lib64bd_crypto3-3.3.1-1.mga9
lib64bd_nvme3-3.3.1-1.mga9
lib64bd_part3-3.3.1-1.mga9
lib64bd_utils3-3.3.1-1.mga9
lib64bd_mdraid3-3.3.1-1.mga9
lib64bd_btrfs3-3.3.1-1.mga9
lib64bd_nvdimm3-3.3.1-1.mga9
libblockdev-tools-3.3.1-1.mga9
lib64bd_swap3-3.3.1-1.mga9
lib64bd_dm3-3.3.1-1.mga9
lib64bd_mpath3-3.3.1-1.mga9
lib64bd_loop3-3.3.1-1.mga9
lib64bd_lvm-dbus-devel-3.3.1-1.mga9
lib64bd_fs-devel-3.3.1-1.mga9
lib64bd_lvm-devel-3.3.1-1.mga9
lib64bd_utils-devel-3.3.1-1.mga9
lib64bd_crypto-devel-3.3.1-1.mga9
lib64bd_part-devel-3.3.1-1.mga9
lib64bd_mdraid-devel-3.3.1-1.mga9
lib64bd_btrfs-devel-3.3.1-1.mga9
lib64bd_nvdimm-devel-3.3.1-1.mga9
lib64bd_loop-devel-3.3.1-1.mga9
lib64bd_swap-devel-3.3.1-1.mga9
lib64bd_dm-devel-3.3.1-1.mga9
lib64bd_mpath-devel-3.3.1-1.mga9
lib64blockdev-devel-3.3.1-1.mga9
lib64bd_nvme-devel-3.3.1-1.mga9
lib64bd_smart-devel-3.3.1-1.mga9

SRPMS:
udisks2-2.10.1-1.1.mga9
libblockdev-3.3.1-1.mga9

Status comment: fix in libblockdev 3.3.1 => (none)

papoteur 2025-06-21 11:34:41 CEST

Assignee: yvesbrungard => qa-bugs

Comment 6 Brian Rockwell 2025-06-21 15:00:05 CEST 
MGA9-64, Plasma, ext4 file systems

he following 21 packages are going to be installed:

- exfatprogs-1.2.0-1.1.mga9.x86_64
- lib64bd_crypto3-3.3.1-1.mga9.x86_64
- lib64bd_fs3-3.3.1-1.mga9.x86_64
- lib64bd_loop3-3.3.1-1.mga9.x86_64
- lib64bd_lvm3-3.3.1-1.mga9.x86_64
- lib64bd_mdraid3-3.3.1-1.mga9.x86_64
- lib64bd_mpath3-3.3.1-1.mga9.x86_64
- lib64bd_nvme3-3.3.1-1.mga9.x86_64
- lib64bd_part3-3.3.1-1.mga9.x86_64
- lib64bd_smartmontools3-3.3.1-1.mga9.x86_64
- lib64bd_swap3-3.3.1-1.mga9.x86_64
- lib64bd_utils3-3.3.1-1.mga9.x86_64
- lib64blockdev3-3.3.1-1.mga9.x86_64
- lib64mpathcmd0-0.8.8-2.1.mga9.x86_64
- lib64mpathpersist0-0.8.8-2.1.mga9.x86_64
- lib64multipath0-0.8.8-2.1.mga9.x86_64
- lib64nvme1-1.3-1.mga9.x86_64
- lib64udisks2_0-2.10.1-1.1.mga9.x86_64
- multipath-tools-0.8.8-2.1.mga9.x86_64
- udftools-2.3-2.mga9.x86_64
- udisks2-2.10.1-1.1.mga9.x86_64

3.4MB of additional disk space will be used.


- rebooted

USB 
- mounted ISO, ntfs.  Multiple types of USB drives

CD
- mount and played different media files


no issues on my end

CC: (none) => brtians1

Comment 7 Jean Michel Varvou 2025-06-21 18:07:35 CEST 
Installation of the patch on my mageia 9 machine. My USB flash drives are mounted. No error messages. Patch validated on my side.

CC: (none) => jeanmichel.varvou

Comment 8 katnatek 2025-06-21 20:07:08 CEST 
RH x86_64

installing //home/katnatek/qa-testing/x86_64/lib64bd_loop3-3.3.1-1.mga9.x86_64.rpm                                                  
//home/katnatek/qa-testing/x86_64/lib64udisks2_0-2.10.1-1.1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64bd_utils3-3.3.1-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64bd_fs3-3.3.1-1.mga9.x86_64.rpm
/var/cache/urpmi/rpms/lib64nvme1-1.3-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64bd_mdraid3-3.3.1-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64blockdev3-3.3.1-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64bd_part3-3.3.1-1.mga9.x86_64.rpm
/var/cache/urpmi/rpms/udftools-2.3-2.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64bd_nvme3-3.3.1-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64bd_swap3-3.3.1-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/lib64bd_crypto3-3.3.1-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/udisks2-2.10.1-1.1.mga9.x86_64.rpm
Preparing...                     ##################################################################################################
     1/13: lib64bd_utils3        ##################################################################################################
     2/13: lib64bd_loop3         ##################################################################################################
     3/13: lib64bd_fs3           ##################################################################################################
     4/13: lib64bd_mdraid3       ##################################################################################################
     5/13: lib64blockdev3        ##################################################################################################
     6/13: lib64bd_part3         ##################################################################################################
     7/13: lib64bd_swap3         ##################################################################################################
     8/13: lib64bd_crypto3       ##################################################################################################
     9/13: udftools              ##################################################################################################
    10/13: lib64nvme1            ##################################################################################################
    11/13: lib64bd_nvme3         ##################################################################################################
    12/13: lib64udisks2_0        ##################################################################################################
    13/13: udisks2               ##################################################################################################
      1/2: removing udisks2-2.9.4-3.mga9.x86_64
                                 ##################################################################################################
      2/2: removing lib64udisks2_0-2.9.4-3.mga9.x86_64
                                 ##################################################################################################

Connect usb memory and mount without issues
Disconnect usb memory, open isodumper, it says not detect devices, connect again the memory and click on refresh, the device is listed in the dropdown box.

OK for me
Comment 9 Brian Rockwell 2025-06-21 21:08:28 CEST 
MGA9-64, Xfce, ext4

The following 13 packages are going to be installed:

- lib64bd_crypto3-3.3.1-1.mga9.x86_64
- lib64bd_fs3-3.3.1-1.mga9.x86_64
- lib64bd_loop3-3.3.1-1.mga9.x86_64
- lib64bd_mdraid3-3.3.1-1.mga9.x86_64
- lib64bd_nvme3-3.3.1-1.mga9.x86_64
- lib64bd_part3-3.3.1-1.mga9.x86_64
- lib64bd_swap3-3.3.1-1.mga9.x86_64
- lib64bd_utils3-3.3.1-1.mga9.x86_64
- lib64blockdev3-3.3.1-1.mga9.x86_64
- lib64nvme1-1.3-1.mga9.x86_64
- lib64udisks2_0-2.10.1-1.1.mga9.x86_64
- udftools-2.3-2.mga9.x86_64
- udisks2-2.10.1-1.1.mga9.x86_64

1.6MB of additional disk space will be used.

- rebooted

USB mount, and usage working. 


-- i'll do a 32bit test.
Comment 10 Brian Rockwell 2025-06-21 21:34:25 CEST 
MGA9-32, Xfce

The following 14 packages are going to be installed:

- exfatprogs-1.2.0-1.1.mga9.i586
- libbd_crypto3-3.3.1-1.mga9.i586
- libbd_fs3-3.3.1-1.mga9.i586
- libbd_loop3-3.3.1-1.mga9.i586
- libbd_mdraid3-3.3.1-1.mga9.i586
- libbd_nvme3-3.3.1-1.mga9.i586
- libbd_part3-3.3.1-1.mga9.i586
- libbd_swap3-3.3.1-1.mga9.i586
- libbd_utils3-3.3.1-1.mga9.i586
- libblockdev3-3.3.1-1.mga9.i586
- libnvme1-1.3-1.mga9.i586
- libudisks2_0-2.10.1-1.1.mga9.i586
- udftools-2.3-2.mga9.i586
- udisks2-2.10.1-1.1.mga9.i586

--rebooted

usb mounting worked.

Whiteboard: (none) => MGA9-32-OK

Comment 11 Morgan Leijström 2025-06-21 23:29:34 CEST 
(In reply to Jean Michel Varvou from comment #7)
> Installation of the patch on my mageia 9 machine. My USB flash drives are
> mounted. No error messages. Patch validated on my side.

Thank you for the test contribution.

Please also tell if your system is i586 or x86_64, or some arm

CC: (none) => fri

Comment 12 Morgan Leijström 2025-06-21 23:31:50 CEST 
mga9 x86_64, Plasma X11

jun 21 23:21:18 svarten.tribun systemd[1]: Starting udisks2.service...
jun 21 23:21:19 svarten.tribun udisksd[1374]: udisks daemon version 2.10.1 starting
jun 21 23:21:20 svarten.tribun systemd[1]: Started udisks2.service.
jun 21 23:21:20 svarten.tribun udisksd[1374]: Acquired the name org.freedesktop.UDisks2 on the system message bus


Plugged in a USB stick with FAT32 filesystem:

jun 21 23:25:21 svarten.tribun udisksd[1374]: Mounted /dev/sdb1 at /run/media/morgan/CRUZER4GRET on behalf of uid 10702

...and got system tray popup, had it open in Dolphin OK.
Comment 13 Thomas Andrews 2025-06-22 14:17:49 CEST 
Even without knowing the arch for the test of comment 7, there are enough successful 64-bit tests to OK and validate this critical update.

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: MGA9-32-OK => MGA9-32-OK MGA9-64-OK

Comment 14 Morgan Leijström 2025-06-22 19:23:45 CEST 
i586 OK on Thinkpad T43, lxde

Plugged in USBstick with FAT32, and got a popup, accepted and it opened in flie browser OK.
Comment 15 Morgan Leijström 2025-06-22 20:43:53 CEST 
I note the old versions of lib64bd* are not removed.

Before update: 

[kajsa@aspire ~]$ rpm -qa --last|grep lib64bd
lib64bd_fs2-2.28-2.mga9.x86_64                mån 18 nov 2024 23:02:28
lib64bd_mdraid2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:24
lib64bd_crypto2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:12
lib64bd_loop2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:58
lib64bd_swap2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:43
lib64bd_part2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:36
lib64bd_utils2-2.28-2.mga9.x86_64             mån 18 nov 2024 23:01:19

And then i ran drakrpm, clicked only udisks2, and it added dependencies, after the update:

[kajsa@aspire ~]$ rpm -qa --last|grep lib64bd
lib64bd_utils3-3.3.1-1.mga9.x86_64            sön 22 jun 2025 20:26:14
lib64bd_swap3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
lib64bd_part3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
lib64bd_nvme3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
lib64bd_mdraid3-3.3.1-1.mga9.x86_64           sön 22 jun 2025 20:26:14
lib64bd_loop3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
lib64bd_fs3-3.3.1-1.mga9.x86_64               sön 22 jun 2025 20:26:14
lib64bd_crypto3-3.3.1-1.mga9.x86_64           sön 22 jun 2025 20:26:14
lib64bd_fs2-2.28-2.mga9.x86_64                mån 18 nov 2024 23:02:28
lib64bd_mdraid2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:24
lib64bd_crypto2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:12
lib64bd_loop2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:58
lib64bd_swap2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:43
lib64bd_part2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:36
lib64bd_utils2-2.28-2.mga9.x86_64             mån 18 nov 2024 23:01:19

Similar results on my 1586, where i had set testing repo as update repo and let the updater do its thing.

I am thinking it is meant that the old versions, i.e lib64bd_swap2 should have been removed?

- Both to avoid bloat, but also to remove the security hole.

Keywords: validated_update => feedback
Assignee: qa-bugs => pkg-bugs

Comment 16 katnatek 2025-06-22 21:11:13 CEST 
(In reply to Morgan Leijström from comment #15)
> I note the old versions of lib64bd* are not removed.
> 
> Before update: 
> 
> [kajsa@aspire ~]$ rpm -qa --last|grep lib64bd
> lib64bd_fs2-2.28-2.mga9.x86_64                mån 18 nov 2024 23:02:28
> lib64bd_mdraid2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:24
> lib64bd_crypto2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:12
> lib64bd_loop2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:58
> lib64bd_swap2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:43
> lib64bd_part2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:36
> lib64bd_utils2-2.28-2.mga9.x86_64             mån 18 nov 2024 23:01:19
> 
> And then i ran drakrpm, clicked only udisks2, and it added dependencies,
> after the update:
> 
> [kajsa@aspire ~]$ rpm -qa --last|grep lib64bd
> lib64bd_utils3-3.3.1-1.mga9.x86_64            sön 22 jun 2025 20:26:14
> lib64bd_swap3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
> lib64bd_part3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
> lib64bd_nvme3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
> lib64bd_mdraid3-3.3.1-1.mga9.x86_64           sön 22 jun 2025 20:26:14
> lib64bd_loop3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
> lib64bd_fs3-3.3.1-1.mga9.x86_64               sön 22 jun 2025 20:26:14
> lib64bd_crypto3-3.3.1-1.mga9.x86_64           sön 22 jun 2025 20:26:14
> lib64bd_fs2-2.28-2.mga9.x86_64                mån 18 nov 2024 23:02:28
> lib64bd_mdraid2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:24
> lib64bd_crypto2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:12
> lib64bd_loop2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:58
> lib64bd_swap2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:43
> lib64bd_part2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:36
> lib64bd_utils2-2.28-2.mga9.x86_64             mån 18 nov 2024 23:01:19
> 
> Similar results on my 1586, where i had set testing repo as update repo and
> let the updater do its thing.
> 
> I am thinking it is meant that the old versions, i.e lib64bd_swap2 should
> have been removed?
> 
> - Both to avoid bloat, but also to remove the security hole.
To Brian (comments 6,9 & 10) and me (comment 8) the packages are updated
Comment 17 katnatek 2025-06-22 21:14:33 CEST 
(In reply to katnatek from comment #16)
> (In reply to Morgan Leijström from comment #15)
> > I note the old versions of lib64bd* are not removed.
> > 
> > Before update: 
> > 
> > [kajsa@aspire ~]$ rpm -qa --last|grep lib64bd
> > lib64bd_fs2-2.28-2.mga9.x86_64                mån 18 nov 2024 23:02:28
> > lib64bd_mdraid2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:24
> > lib64bd_crypto2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:12
> > lib64bd_loop2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:58
> > lib64bd_swap2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:43
> > lib64bd_part2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:36
> > lib64bd_utils2-2.28-2.mga9.x86_64             mån 18 nov 2024 23:01:19
> > 
> > And then i ran drakrpm, clicked only udisks2, and it added dependencies,
> > after the update:
> > 
> > [kajsa@aspire ~]$ rpm -qa --last|grep lib64bd
> > lib64bd_utils3-3.3.1-1.mga9.x86_64            sön 22 jun 2025 20:26:14
> > lib64bd_swap3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
> > lib64bd_part3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
> > lib64bd_nvme3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
> > lib64bd_mdraid3-3.3.1-1.mga9.x86_64           sön 22 jun 2025 20:26:14
> > lib64bd_loop3-3.3.1-1.mga9.x86_64             sön 22 jun 2025 20:26:14
> > lib64bd_fs3-3.3.1-1.mga9.x86_64               sön 22 jun 2025 20:26:14
> > lib64bd_crypto3-3.3.1-1.mga9.x86_64           sön 22 jun 2025 20:26:14
> > lib64bd_fs2-2.28-2.mga9.x86_64                mån 18 nov 2024 23:02:28
> > lib64bd_mdraid2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:24
> > lib64bd_crypto2-2.28-2.mga9.x86_64            mån 18 nov 2024 23:02:12
> > lib64bd_loop2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:58
> > lib64bd_swap2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:43
> > lib64bd_part2-2.28-2.mga9.x86_64              mån 18 nov 2024 23:01:36
> > lib64bd_utils2-2.28-2.mga9.x86_64             mån 18 nov 2024 23:01:19
> > 
> > Similar results on my 1586, where i had set testing repo as update repo and
> > let the updater do its thing.
> > 
> > I am thinking it is meant that the old versions, i.e lib64bd_swap2 should
> > have been removed?
> > 
> > - Both to avoid bloat, but also to remove the security hole.
> To Brian (comments 6,9 & 10) and me (comment 8) the packages are updated

But not removed and is not the first time I see some old package is not removed in update

rpm -qa|grep lib64bd
lib64bd_utils2-2.28-2.mga9
lib64bd_part2-2.28-2.mga9
lib64bd_swap2-2.28-2.mga9
lib64bd_fs2-2.28-2.mga9
lib64bd_mdraid2-2.28-2.mga9
lib64bd_loop2-2.28-2.mga9
lib64bd_crypto2-2.28-2.mga9
lib64bd_utils3-3.3.1-1.mga9
lib64bd_loop3-3.3.1-1.mga9
lib64bd_fs3-3.3.1-1.mga9
lib64bd_mdraid3-3.3.1-1.mga9
lib64bd_part3-3.3.1-1.mga9
lib64bd_swap3-3.3.1-1.mga9
lib64bd_crypto3-3.3.1-1.mga9
lib64bd_nvme3-3.3.1-1.mga9
Comment 18 Morgan Leijström 2025-06-22 21:19:47 CEST 
Functionality test OK on two more laptops plugging in USB flashdrive and phone (Fairphone 5 running Murena).
Comment 19 Morgan Leijström 2025-06-22 21:25:57 CEST 
If there is no risk of having old versions lingering, I think it is OK to ship in order to fix the security issue ASAP.
Comment 20 papoteur 2025-06-22 22:05:06 CEST 
This is the practice to not remove previous libraries.
The new packages claims the new libraries, thus this is not a problem.
urpme --auto-orphans will do the job.
Comment 21 Morgan Leijström 2025-06-22 22:07:08 CEST 
OK then
Thank you for the quick reply

Keywords: feedback => validated_update
Assignee: pkg-bugs => qa-bugs

Comment 22 Morgan Leijström 2025-06-22 22:08:00 CEST 
advisory needed
Comment 23 katnatek 2025-06-22 22:26:28 CEST 
The openwall list 2 CVEs but I include just the listed here, please let me know if is right

Keywords: (none) => advisory

Comment 24 papoteur 2025-06-22 22:37:08 CEST 
The second one is only for Suse.
Comment 25 David Walser 2025-06-22 23:19:12 CEST 
Do make sure nothing is still linked against the older libraries.
Comment 26 Brian Rockwell 2025-06-23 00:49:20 CEST 
MGA9-64, Gnome

The following 13 packages are going to be installed:

- lib64bd_crypto3-3.3.1-1.mga9.x86_64
- lib64bd_fs3-3.3.1-1.mga9.x86_64
- lib64bd_loop3-3.3.1-1.mga9.x86_64
- lib64bd_mdraid3-3.3.1-1.mga9.x86_64
- lib64bd_nvme3-3.3.1-1.mga9.x86_64
- lib64bd_part3-3.3.1-1.mga9.x86_64
- lib64bd_swap3-3.3.1-1.mga9.x86_64
- lib64bd_utils3-3.3.1-1.mga9.x86_64
- lib64blockdev3-3.3.1-1.mga9.x86_64
- lib64nvme1-1.3-1.mga9.x86_64
- lib64udisks2_0-2.10.1-1.1.mga9.x86_64
- udftools-2.3-2.mga9.x86_64
- udisks2-2.10.1-1.1.mga9.x86_64

ran urpme --auto-orphans 

It did clean up the old

--- rebooted

USB mount is working from a preliminary test
Comment 27 Morgan Leijström 2025-06-23 09:01:46 CEST 
auto-orphans do not work on my workstation

[morgan@svarten ~]$ rpm -qa | grep lib64bd | sort
lib64bd_crypto2-2.28-2.mga9
lib64bd_crypto3-3.3.1-1.mga9
lib64bd_fs2-2.28-2.mga9
lib64bd_fs3-3.3.1-1.mga9
lib64bd_loop2-2.28-2.mga9
lib64bd_loop3-3.3.1-1.mga9
lib64bd_mdraid2-2.28-2.mga9
lib64bd_mdraid3-3.3.1-1.mga9
lib64bd_nvme3-3.3.1-1.mga9
lib64bd_part2-2.28-2.mga9
lib64bd_part3-3.3.1-1.mga9
lib64bd_swap2-2.28-2.mga9
lib64bd_swap3-3.3.1-1.mga9
lib64bd_utils2-2.28-2.mga9
lib64bd_utils3-3.3.1-1.mga9
[morgan@svarten ~]$ LC_ALL=C sudo urpme --auto-orphans
No orphans to remove
Comment 28 Morgan Leijström 2025-06-23 09:06:05 CEST 
[morgan@svarten ~]$ LC_ALL=C sudo urpme --test lib64bd_swap2
testing removal of lib64bd_swap2-2.28-2.mga9.x86_64
Removal is possible

[morgan@svarten ~]$ LC_ALL=C sudo urpme --test lib64bd_crypto2 lib64bd_fs2 lib64bd_loop2 lib64bd_mdraid2 lib64bd_part2 lib64bd_swap2 lib64bd_utils2
To satisfy dependencies, the following 8 packages will be removed (506KB):
  lib64bd_crypto2-2.28-2.mga9.x86_64
   (due to missing libbd_utils.so.2()(64bit))
  lib64bd_fs2-2.28-2.mga9.x86_64
   (due to unsatisfied lib64bd_utils2(x86-64) == 2.28-2.mga9,
    due to missing libbd_part_err.so.2()(64bit),
    due to missing libbd_utils.so.2()(64bit))
  lib64bd_loop2-2.28-2.mga9.x86_64
   (due to unsatisfied lib64bd_utils2(x86-64) == 2.28-2.mga9,
    due to missing libbd_utils.so.2()(64bit))
  lib64bd_mdraid2-2.28-2.mga9.x86_64
   (due to unsatisfied lib64bd_utils2(x86-64) == 2.28-2.mga9,
    due to missing libbd_utils.so.2()(64bit))
  lib64bd_part2-2.28-2.mga9.x86_64
   (due to unsatisfied lib64bd_utils2(x86-64) == 2.28-2.mga9,
    due to missing libbd_part_err.so.2()(64bit),
    due to missing libbd_utils.so.2()(64bit))
  lib64bd_swap2-2.28-2.mga9.x86_64
   (due to unsatisfied lib64bd_utils2(x86-64) == 2.28-2.mga9,
    due to missing libbd_utils.so.2()(64bit))
  lib64bd_utils2-2.28-2.mga9.x86_64
  lib64blockdev2-2.28-2.mga9.x86_64
   (due to missing libbd_utils.so.2()(64bit))
Remove 8 packages? (y/N) n
Comment 29 papoteur 2025-06-23 19:02:30 CEST 
Version 2.28 are part of the release repository, we can't remove them.
There is no harm to have them still installed, even if they are no more useful.
Perhaps "Conflicts" directives could remove the old ones, but this can be done later, with an new update. This does not merit to delay the update.
Comment 30 katnatek 2025-06-24 20:55:22 CEST 
ping

CC: (none) => dan

Comment 31 Mageia Robot 2025-06-24 22:12:46 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0188.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.