29917 – Update request: kernel-linus-5.15.16-1.mga8

Bug 29917 - Update request: kernel-linus-5.15.16-1.mga8

Summary: Update request: kernel-linus-5.15.16-1.mga8

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	High Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2022-01-20 22:02 CET by Thomas Backlund
Modified:	2022-01-21 22:42 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	kernel-linus
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2022-01-20 22:02:31 CET

Closing down a local root exploit...

SRPM:
kernel-linus-5.15.16-1.mga8.src.rpm


i586:
kernel-linus-5.15.16-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-5.15.16-1.mga8-1-1.mga8.i586.rpm
kernel-linus-devel-latest-5.15.16-1.mga8.i586.rpm
kernel-linus-doc-5.15.16-1.mga8.noarch.rpm
kernel-linus-latest-5.15.16-1.mga8.i586.rpm
kernel-linus-source-5.15.16-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.16-1.mga8.noarch.rpm


x86_64:
kernel-linus-5.15.16-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-5.15.16-1.mga8-1-1.mga8.x86_64.rpm
kernel-linus-devel-latest-5.15.16-1.mga8.x86_64.rpm
kernel-linus-doc-5.15.16-1.mga8.noarch.rpm
kernel-linus-latest-5.15.16-1.mga8.x86_64.rpm
kernel-linus-source-5.15.16-1.mga8-1-1.mga8.noarch.rpm
kernel-linus-source-latest-5.15.16-1.mga8.noarch.rpm

Comment 1 Thomas Backlund 2022-01-20 22:20:26 CET

Advisory, added to svn:

type: security
subject: Updated kernel-linus packages fix security vulnerability
CVE:
 - CVE-2022-0185
src:
  8:
   core:
     - kernel-linus-5.15.16-1.mga8
description: |
  This kernel-linus update is based on upstream 5.15.16 and fixes atleast
  the following security issue:

  William Liu and Jamie Hill-Daniel discovered that the file system context
  functionality in the Linux kernel contained an integer underflow
  vulnerability, leading to an out-of-bounds write. A local attacker could
  use this to cause a denial of service (system crash) or execute arbitrary
  code (CVE-2022-0185).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=29917
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.16

Priority: Normal => High
Keywords: (none) => advisory

Thomas Backlund 2022-01-20 22:20:54 CET

Component: RPM Packages => Security
QA Contact: (none) => security

Comment 2 Len Lawrence 2022-01-21 12:42:07 CET

x86_64
Installed without problems on intel Core i7 with nvidia graphics.  Ran a few tests on Mate desktop - no issues - leaving it running.

CC: (none) => tarazed25

Comment 3 Thomas Backlund 2022-01-21 22:01:09 CET


Thanks for the tests, flushing out...

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2022-01-21 22:42:20 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0027.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.