Bug 30135 - cve-2022-0847 vulnerability
Summary: cve-2022-0847 vulnerability
Status: RESOLVED DUPLICATE of bug 30131
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL: https://dirtypipe.cm4all.com/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-08 09:34 CET by Jan Smout
Modified: 2022-03-08 15:46 CET (History)
1 user (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jan Smout 2022-03-08 09:34:12 CET 
cve-2022-0847 aka 'Dirty Pipe'

kernels affected : >= 5.8

Request urgent kernel updates to

Mageia 6 : (still supported?)
Mageia 7 : 5.10.102
Mageia 8 : 5.15.25
Cauldron : 5.16.11


or apply upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/lib/iov_iter.c?id=9d2231c5d74e13b2a0546fee6737ee4446017903
Comment 1 sturmvogel 2022-03-08 09:37:29 CET 
Duplicate og bug 30131

*** This bug has been marked as a duplicate of bug 30131 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED

Comment 2 sturmvogel 2022-03-08 09:51:45 CET 
MGA6 and MGA7 are EOL

MGA8 was fixed last night

Cauldron already has 5.16.12
Comment 3 Jan Smout 2022-03-08 10:13:48 CET 
Thanks. Because I thought someone else was probably working on it already I did do a search before submitting.

Looks like the bugzilla search function is not working properly? If you go through the main page and do a quick search "cve-2022-0847" nothing can be found. Same thing for the upper search bar.
It only works when you explicitly click 'start a new search', or edit the previous quick search and remove all strings from the 'custom Search' --> this is probably where the problem resides.
Comment 4 sturmvogel 2022-03-08 10:22:10 CET 
The search function works properly. You have to set the search parameter in quick search to Status: "ALL" instead of Status: "Open" to catch also already closed bugs.
Comment 5 sturmvogel 2022-03-08 10:23:37 CET 
This is also described here: https://bugs.mageia.org/page.cgi?id=quicksearch.html

(The ? next to the search box)
Comment 6 Jan Smout 2022-03-08 10:45:02 CET 
(In reply to sturmvogel from comment #4)
> The search function works properly. You have to set the search parameter in
> quick search to Status: "ALL" instead of Status: "Open" to catch also
> already closed bugs.

Except that with 'quick search' there is no such option 'ALL' when going through the main page https://bugs.mageia.org/
The search I was referring to are the 2 edit boxes with 'search' and 'Quick Search' button next to it.

The page you are referring to is https://bugs.mageia.org/query.cgi which becomes only visible after clicking first on the big Search button (with magnifying glass icon).

My point is that there are 3 ways of searching on the main page, but only one will return results. From an HMI perspective I am more inclined to click directly in an edit box when presented (it saves one click)
Comment 7 Jan Smout 2022-03-08 10:48:32 CET 
(In reply to sturmvogel from comment #5)
> This is also described here:
> https://bugs.mageia.org/page.cgi?id=quicksearch.html
> 
> (The ? next to the search box)

Yes, I have seen that now. Don't you think it is strange behaviour that the easiest search option doesn't return any result, and that you need 2 extra steps (click on magnifying glass + select ALL) to get to a result? Shouldn't the 'Quick Search' give as much results as possible?
Comment 8 sturmvogel 2022-03-08 10:51:08 CET 
Did you read the link which i provided you?

It's all documented. One only needs to read the provided documentation. Put following search string into the search field of https://bugs.mageia.org/ and you will get also the closed results:

ALL cve-2022-0847
Comment 9 sturmvogel 2022-03-08 11:00:25 CET 
And this is nothing special to Mageia. It's the same for all distributions wich use the bugzilla software from https://www.bugzilla.org/ 

It's the same for Opensuse
https://bugzilla.opensuse.org/page.cgi?id=quicksearch.html
and Fedora
https://bugzilla.redhat.com/page.cgi?id=quicksearch.html

and so on and on...
Comment 10 Jan Smout 2022-03-08 11:25:16 CET 
(In reply to sturmvogel from comment #8)
> Did you read the link which i provided you?
> 
Yes. And thanks for that. But I'm not discussing documentation quality. It's about the user interface.

> It's all documented. One only needs to read the provided documentation. Put
> following search string into the search field of https://bugs.mageia.org/
> and you will get also the closed results:
> 
> ALL cve-2022-0847

and this is why we disagree. In my view a 'quick search' means an unfiltered query - including closed reports. It is just too easy to conclude that nothing has been reported yet. People like me who report stuff only once in a while have to be treated as a 'dumb user'. I'm just trying to give you some feedback on user experience here...

ps: searching ALL status is described in the doc as an advanced shortcut. Why would a naive bug reporter be required to know and use advanced fields?
Comment 11 Jan Smout 2022-03-08 11:33:45 CET 
(In reply to sturmvogel from comment #9)
> And this is nothing special to Mageia. It's the same for all distributions
> wich use the bugzilla software from https://www.bugzilla.org/ 
> 
> It's the same for Opensuse
> https://bugzilla.opensuse.org/page.cgi?id=quicksearch.html
> and Fedora
> https://bugzilla.redhat.com/page.cgi?id=quicksearch.html
> 
> and so on and on...

Thanks. Maybe I should take my complaints elsewhere then ;-)

Btw: I tried both links. Maybe the ALL query is not default because the search becomes very slow on those sites
Comment 12 Dave Hodgins 2022-03-08 15:46:18 CET 
Just like to add, most people are only interested in open bugs, not all bugs,
hence closed bugs are excluded without the ALL.

CC: (none) => davidwhodgins
Note You need to log in before you can comment on or make changes to this bug.