Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0398)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0398

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0398)

Resumen: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0398 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0398 advisory.

Vulnerability Insight:
This kernel-linus update is based on upstream 5.10.56 and fixes at least
the following security issues:

In the Linux kernel through 5.13.7, an unprivileged BPF program can
obtain sensitive information from kernel memory via a Speculative Store
Bypass side-channel attack because the protection mechanism neglects the
possibility of uninitialized memory locations on the BPF stack
(CVE-2021-34556).

In the Linux kernel through 5.13.7, an unprivileged BPF program can
obtain sensitive information from kernel memory via a Speculative Store
Bypass side-channel attack because a certain preempting store operation
does not necessarily occur before a store operation that has an
attacker-controlled value (CVE-2021-35477).

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel-linus' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-34556
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JKK6XNRZX5BT5QVYOKGVJ2BHFZAP5EX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4/
http://www.openwall.com/lists/oss-security/2021/08/01/3
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-35477
https://www.openwall.com/lists/oss-security/2021/08/01/3

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0398
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0398)
Resumen:	The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0398 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0398 advisory. Vulnerability Insight: This kernel-linus update is based on upstream 5.10.56 and fixes at least the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (CVE-2021-34556). In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value (CVE-2021-35477). For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel-linus' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-34556 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JKK6XNRZX5BT5QVYOKGVJ2BHFZAP5EX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4/ http://www.openwall.com/lists/oss-security/2021/08/01/3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2021-35477 https://www.openwall.com/lists/oss-security/2021/08/01/3
Copyright	Copyright (C) 2022 Greenbone AG