Bug 29236 - Update request: kernel-linus-5.10.48-1.mga8
Summary: Update request: kernel-linus-5.10.48-1.mga8
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2021-07-07 20:42 CEST by Thomas Backlund
Modified: 2021-07-12 22:28 CEST (History)
2 users (show)

See Also:
Source RPM: kernel-linus
CVE:
Status comment:


Attachments

Description Thomas Backlund 2021-07-07 20:42:02 CEST
security and bugfixes...


SRPM:
kernel-linus-5.10.48-1.mga8.src.rpm


i586:
kernel-linus-5.10.48-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.10.48-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.10.48-1.mga8.i586.rpm
kernel-linus-doc-5.10.48-1.mga8.noarch.rpm
kernel-linus-latest-5.10.48-1.mga8.i586.rpm
kernel-linus-source-5.10.48-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.48-1.mga8.noarch.rpm


x86_64:
kernel-linus-5.10.48-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.10.48-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.10.48-1.mga8.x86_64.rpm
kernel-linus-doc-5.10.48-1.mga8.noarch.rpm
kernel-linus-latest-5.10.48-1.mga8.x86_64.rpm
kernel-linus-source-5.10.48-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.48-1.mga8.noarch.rpm
Comment 1 Thomas Backlund 2021-07-09 20:52:13 CEST
Advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
 - CVE-2020-26541
 - CVE-2021-22543
 - CVE-2021-35039
src:
  8:
   core:
     - kernel-linus-5.10.48-1.mga8
description: |
  This kernel-linus update is based on upstream 5.10.48 and fixes atleast the
  following security issues:

  The Linux kernel through 5.8.13 does not properly enforce the Secure Boot
  Forbidden Signature Database (aka dbx) protection mechanism. This affects
  certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541).

  An issue was discovered in Linux: KVM through Improper handling of VM_IO|
  VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being
  freed while still accessible by the VMM and guest. This allows users with
  the ability to start and control a VM to read/write random pages of memory
  and can result in local privilege escalation (CVE-2021-22543).

  kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature
  Verification. Without CONFIG_MODULE_SIG, verification that a kernel module
  is signed, for loading via init_module, does not occur for a
  module.sig_enforce=1 command-line argument (CVE-2021-35039).

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=29236
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.47
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.48

Keywords: (none) => advisory

Comment 2 Aurelien Oudelet 2021-07-12 21:03:44 CEST
$ inxi -SGxx
System:    Host: mageia.local Kernel: 5.10.48-1.mga8 x86_64 bits: 64 compiler: gcc v: 10.3.0 
           Desktop: KDE Plasma 5.20.4 tk: Qt 5.15.2 wm: kwin_x11 dm: SDDM Distro: Mageia 8 mga8 
Graphics:  Device-1: NVIDIA TU116 [GeForce GTX 1660 Ti] vendor: Gigabyte driver: nvidia v: 460.84 
           bus ID: 01:00.0 chip ID: 10de:2182 
           Display: x11 server: Mageia X.org 1.20.11 compositor: kwin_x11 driver: modesetting,nvidia,v4l 
           resolution: 1: 1920x1080~60Hz 2: 1920x1080 s-dpi: 80 
           OpenGL: renderer: GeForce GTX 1660 Ti/PCIe/SSE2 v: 4.6.0 NVIDIA 460.84 direct render: Yes


All running fine for 4 days.

CC: (none) => ouaurelien

Thomas Backlund 2021-07-12 21:13:03 CEST

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2021-07-12 22:28:01 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0348.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.