Bug 29436 - Update request: kernel-linus-5.10.62-1.mga8
Summary: Update request: kernel-linus-5.10.62-1.mga8
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: High major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2021-09-03 19:53 CEST by Thomas Backlund
Modified: 2021-09-08 11:25 CEST (History)
1 user (show)

See Also:
Source RPM: kernel-linus
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2021-09-03 19:53:30 CEST 
Security and bugfixes, advisory will follow...

SRPMS:
kernel-linus-5.10.62-1.mga8.src.rpm


i586:
kernel-linus-5.10.62-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.10.62-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.10.62-1.mga8.i586.rpm
kernel-linus-doc-5.10.62-1.mga8.noarch.rpm
kernel-linus-latest-5.10.62-1.mga8.i586.rpm
kernel-linus-source-5.10.62-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.62-1.mga8.noarch.rpm


x86_64:
kernel-linus-5.10.62-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.10.62-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.10.62-1.mga8.x86_64.rpm
kernel-linus-doc-5.10.62-1.mga8.noarch.rpm
kernel-linus-latest-5.10.62-1.mga8.x86_64.rpm
kernel-linus-source-5.10.62-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.10.62-1.mga8.noarch.rpm
Thomas Backlund 2021-09-03 19:54:21 CEST

Priority: Normal => High

Comment 1 Thomas Backlund 2021-09-04 17:32:11 CEST 
Advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
 - CVE-2020-3702
 - CVE-2021-3739
 - CVE-2021-3743
 - CVE-2021-3753
src:
  8:
   core:
     - kernel-linus-5.10.62-1.mga8
description: |
  This kernel-linus update is based on upstream 5.10.62 and fixes atleast the
  following security issues:

  Specifically timed and handcrafted traffic can cause internal errors
  in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a
  consequent possibility of information disclosure over the air for a
  discrete set of traffic in ath9k (CVE-2020-3702).

  A process with CAP_SYS_ADMIN can cause a kernel NULL pointer dereference
  in btrfs code (CVE-2021-3739).

  there is an out-of-bound read bug in qrtr_endpoint_post in net/qrtr/qrtr.c
  (CVE-2021-3743).

  An out-of-bounds read due to a race condition has been found in the Linux
  kernel due to write access to vc_mode is not protected by a lock in vt_ioctl
  (KDSETMDE) (CVE-2021-3753).

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=29436

Keywords: (none) => advisory

Comment 2 Thomas Backlund 2021-09-08 10:57:04 CEST 
Works here

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2021-09-08 11:25:02 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0419.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.