Bug 7354 - gnome-keyring new security issue CVE-2012-3466
: gnome-keyring new security issue CVE-2012-3466
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: http://lwn.net/Vulnerabilities/514953/
: MGA2-64-OK MGA2-32-OK
: validated_update
  Show dependency treegraph
Reported: 2012-09-04 23:36 CEST by David Walser
Modified: 2012-09-09 13:41 CEST (History)
4 users (show)

See Also:
Source RPM: gnome-keyring-3.4.1-1.mga2.src.rpm
Status comment:


Description David Walser 2012-09-04 23:36:38 CEST
Version 3.4.1, which we have in Mageia 2, is affected.

I don't know if Mageia 1 or Cauldron are affected.

More info here:
Comment 1 David Walser 2012-09-05 21:18:07 CEST

Upstream bug.
Comment 2 David Walser 2012-09-05 21:21:20 CEST
Fedora has issued an advisory on August 21:

Patches added here:

Looks like Cauldron should not be affected.
Comment 3 David Walser 2012-09-05 21:27:29 CEST
The first Fedora patch says regression 3.3.x, so maybe doesn't affect Mageia 1, but the second patch there does apply to the code in Mageia 1.
Comment 4 David Walser 2012-09-05 21:31:24 CEST
From the upstream bug, sounds like Mageia 1 shouldn't be affected.
Comment 5 David Walser 2012-09-05 21:51:29 CEST
Patched package uploaded for Mageia 2.


Updated gnome-keyring package fixes security vulnerability:

gnome-keyring seems to obey the configuration asking it to stop caching
passphrases, but after a while it doesn't cache nor does it ask for the
passphrase (CVE-2012-3466).


Updated packages in core/updates_testing:

from gnome-keyring-3.4.1-1.1.mga2.src.rpm
Comment 6 Eduard Beliaev 2012-09-08 23:13:11 CEST
No problems with Mageia 2 x86_64.
Comment 7 Eduard Beliaev 2012-09-09 00:05:02 CEST
Works ok on Mageia 2 i568/x86.

Could sysadmin please push from core/updates_testing to core/updates.

See comment 5 for srpm and advisory.

Thank you.
Comment 8 Thomas Backlund 2012-09-09 13:41:10 CEST
Update pushed:

Note You need to log in before you can comment on or make changes to this bug.