MGASA-2021-0058
- Source
- https://advisories.mageia.org/MGASA-2021-0058.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0058.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2021-0058
- Related
- Published
- 2021-01-29T19:05:33Z
- Modified
- 2022-02-17T18:21:47Z
- Summary
- Updated kernel-linus packages fix security vulnerabilities
- Details
-
This kernel-linus update is based on upstream 5.10.11 and fixes at least the following security issue:
SCSI âEXTENDED COPYâ (XCOPY) requests sent to a Linux SCSI target (LIO) allow an attacker to read or write anywhere on any LIO backstore configured on the host, provided the attacker has access to one LUN and knowledge of the victim backstoreâs vpdunitserial (AKA âwwnâ). This is possible regardless of the transport/HBA settings for the victim backstore (CVE-2020-28374).
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS (CVE-2021-3178).
It also adds the following fix: - fix up kernel-devel packages to not cause errors during dkms installs (mga#27080)
- References
-
- https://advisories.mageia.org/MGASA-2021-0058.html
- https://bugs.mageia.org/show_bug.cgi?id=28164
- https://bugs.mageia.org/show_bug.cgi?id=27080
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.7
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.8
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.9
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.10
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.11
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / kernel-linus
Package
- Name
- kernel-linus
- Purl
- pkg:rpm/mageia/kernel-linus?distro=mageia-7