Bug 29864

Summary: systemd new security issue CVE-2021-3997
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: systemd-246.16-1.mga8.src.rpm CVE:
Status comment: Patches available from upstream and openSUSE

Description David Walser 2022-01-11 00:03:26 CET 
A security issue fixed upstream in systemd has been announced today (January 10):
https://www.openwall.com/lists/oss-security/2022/01/10/2

The commit that fixed the issue is linked in the message above.

Mageia 8 is also affected.
David Walser 2022-01-11 00:03:38 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patch available from upstream

Comment 1 David Walser 2022-01-12 00:26:24 CET 
openSUSE has issued an advisory for this today (January 11):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BMN5QRPEKDGOKDHBMC6SXHPA733I43MV/

Status comment: Patch available from upstream => Patches available from upstream and openSUSE

Comment 2 Thomas Backlund 2022-01-12 20:36:26 CET 
Cauldron fixed with  systemd-249.8-1.mga9

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

Comment 3 David Walser 2022-01-13 17:17:44 CET 
Ubuntu has issued an advisory for this today (January 13):
https://ubuntu.com/security/notices/USN-5226-1

Source RPM: systemd-249.7-1.mga9.src.rpm => systemd-246.16-1.mga8.src.rpm

Comment 4 Thomas Backlund 2022-01-14 21:20:41 CET 
SRPM:
systemd-246.16-2.mga8.src.rpm


i586:
libsystemd0-246.16-2.mga8.i586.rpm
libudev1-246.16-2.mga8.i586.rpm
libudev-devel-246.16-2.mga8.i586.rpm
nss-myhostname-246.16-2.mga8.i586.rpm
systemd-246.16-2.mga8.i586.rpm
systemd-devel-246.16-2.mga8.i586.rpm
systemd-homed-246.16-2.mga8.i586.rpm
systemd-tests-246.16-2.mga8.i586.rpm


x86_64:
lib64systemd0-246.16-2.mga8.x86_64.rpm
lib64udev1-246.16-2.mga8.x86_64.rpm
lib64udev-devel-246.16-2.mga8.x86_64.rpm
nss-myhostname-246.16-2.mga8.x86_64.rpm
systemd-246.16-2.mga8.x86_64.rpm
systemd-devel-246.16-2.mga8.x86_64.rpm
systemd-homed-246.16-2.mga8.x86_64.rpm
systemd-tests-246.16-2.mga8.x86_64.rpm

Assignee: basesystem => qa-bugs

Comment 5 Dave Hodgins 2022-01-15 00:09:25 CET 
No regressions noticed. Validating the update. Advisory committed to svn.

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 6 Mageia Robot 2022-01-15 09:11:21 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0016.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED