Bug 29864 - systemd new security issue CVE-2021-3997
Summary: systemd new security issue CVE-2021-3997
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-01-11 00:03 CET by David Walser
Modified: 2022-01-15 09:11 CET (History)
2 users (show)

See Also:
Source RPM: systemd-246.16-1.mga8.src.rpm
CVE:
Status comment: Patches available from upstream and openSUSE


Attachments

Description David Walser 2022-01-11 00:03:26 CET
A security issue fixed upstream in systemd has been announced today (January 10):
https://www.openwall.com/lists/oss-security/2022/01/10/2

The commit that fixed the issue is linked in the message above.

Mageia 8 is also affected.
David Walser 2022-01-11 00:03:38 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patch available from upstream

Comment 1 David Walser 2022-01-12 00:26:24 CET
openSUSE has issued an advisory for this today (January 11):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BMN5QRPEKDGOKDHBMC6SXHPA733I43MV/

Status comment: Patch available from upstream => Patches available from upstream and openSUSE

Comment 2 Thomas Backlund 2022-01-12 20:36:26 CET
Cauldron fixed with  systemd-249.8-1.mga9

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

Comment 3 David Walser 2022-01-13 17:17:44 CET
Ubuntu has issued an advisory for this today (January 13):
https://ubuntu.com/security/notices/USN-5226-1

Source RPM: systemd-249.7-1.mga9.src.rpm => systemd-246.16-1.mga8.src.rpm

Comment 4 Thomas Backlund 2022-01-14 21:20:41 CET
SRPM:
systemd-246.16-2.mga8.src.rpm


i586:
libsystemd0-246.16-2.mga8.i586.rpm
libudev1-246.16-2.mga8.i586.rpm
libudev-devel-246.16-2.mga8.i586.rpm
nss-myhostname-246.16-2.mga8.i586.rpm
systemd-246.16-2.mga8.i586.rpm
systemd-devel-246.16-2.mga8.i586.rpm
systemd-homed-246.16-2.mga8.i586.rpm
systemd-tests-246.16-2.mga8.i586.rpm


x86_64:
lib64systemd0-246.16-2.mga8.x86_64.rpm
lib64udev1-246.16-2.mga8.x86_64.rpm
lib64udev-devel-246.16-2.mga8.x86_64.rpm
nss-myhostname-246.16-2.mga8.x86_64.rpm
systemd-246.16-2.mga8.x86_64.rpm
systemd-devel-246.16-2.mga8.x86_64.rpm
systemd-homed-246.16-2.mga8.x86_64.rpm
systemd-tests-246.16-2.mga8.x86_64.rpm

Assignee: basesystem => qa-bugs

Comment 5 Dave Hodgins 2022-01-15 00:09:25 CET
No regressions noticed. Validating the update. Advisory committed to svn.

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 6 Mageia Robot 2022-01-15 09:11:21 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0016.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.