Bug 29272

Summary: Update request: kernel-linus-5.10.52-1.mga8
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: ouaurelien, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: kernel-linus CVE:
Status comment:

Description Thomas Backlund 2021-07-20 23:06:14 CEST 
bug and security fixes, including a fix for a local root exploit
advisory will follow...


SRPM:
kernel-linus-5.10.52-1.mga8.src.rpm



i586:
kernel-linus-5.10.52-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.10.52-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.10.52-1.mga8.i586.rpm
kernel-linus-doc-5.10.52-1.mga8.noarch.rpm
kernel-linus-latest-5.10.52-1.mga8.i586.rpm
kernel-linus-source-5.10.52-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.52-1.mga8.noarch.rpm



x86_64:
kernel-linus-5.10.52-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.10.52-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.10.52-1.mga8.x86_64.rpm
kernel-linus-doc-5.10.52-1.mga8.noarch.rpm
kernel-linus-latest-5.10.52-1.mga8.x86_64.rpm
kernel-linus-source-5.10.52-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.52-1.mga8.noarch.rpm
Comment 1 Aurelien Oudelet 2021-07-20 23:23:24 CEST 
No regressions noticed with the 5.10.52-1.mga8 (linus) package

$ inxi -MSxx
System:    Host: mageia.local Kernel: 5.10.52-1.mga8 x86_64 bits: 64 compiler: gcc v: 10.3.0 
           Desktop: KDE Plasma 5.20.4 tk: Qt 5.15.2 wm: kwin_x11 dm: SDDM Distro: Mageia 8 mga8 
Machine:   Type: Desktop System: Gigabyte product: Z170X-Ultra Gaming v: N/A 
           Mobo: Gigabyte model: Z170X-Ultra Gaming-CF
           UEFI: American Megatrends v: F23j date: 03/09/2018

Virtualbox OK.
4 mga8 Clients also.
1 opensuse client same.
1 Windows 10 Client is OK.

WiFi OK, Bluetooth OK, nvidia well rebuilt. Audio OK.
Ethernet OK.

CC: (none) => ouaurelien

Comment 2 Thomas Backlund 2021-07-21 10:42:03 CEST 
Advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
 - CVE-2021-3609
 - CVE-2021-33909
src:
  8:
   core:
     - kernel-linus-5.10.52-1.mga8
description: |
  This kernel-linus update is based on upstream 5.10.52 and fixes atleast
  the following security issues:

  There is a race condition in net/can/bcm.c that can lead to local
  privilege escalation to root (CVE-2021-3609).

  fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does
  not properly restrict seq buffer allocations, leading to an integer
  overflow, an Out-of-bounds Write, and escalation to root by an unprivileged
  user (CVE-2021-33909).

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=29272
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.49
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.50
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.51
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.52
 - https://www.openwall.com/lists/oss-security/2021/06/19/1
 - https://www.openwall.com/lists/oss-security/2021/07/20/1

Keywords: (none) => advisory

Thomas Backlund 2021-07-22 08:37:52 CEST

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2021-07-22 09:09:19 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0367.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED