Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Mageia: 2021-0257 Moderate: Kernel Security Update And Network Exploits

mageia
Calendar Grey June 13, 2021
Dist Mageia Esm H88
The kernel patch MGASA-2021-0257 fixes several security flaws and vulnerabilities affecting Mageia versions 7 and 8.
This kernel update is based on upstream 5.10.43 and fixes atleast the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) an...

Summary

This kernel update is based on upstream 5.10.43 and fixes atleast the following security issues:
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data (CVE-2020-24586).
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (CVE-2020-24587).
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equi...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29106

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.42

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.43

- https://xenbits.xen.org/xsa/advisory-374.html

- https://www.cve.org/CVERecord?id=CVE-2020-24586

- https://www.cve.org/CVERecord?id=CVE-2020-24587

- https://www.cve.org/CVERecord?id=CVE-2020-24588

- https://www.cve.org/CVERecord?id=CVE-2020-26139

- https://www.cve.org/CVERecord?id=CVE-2020-26141

- https://www.cve.org/CVERecord?id=CVE-2020-26145

- https://www.cve.org/CVERecord?id=CVE-2020-26147

- https://www.cve.org/CVERecord?id=CVE-2021-3573

- https://www.cve.org/CVERecord?id=CVE-2021-3587

- https://www.cve.org/CVERecord?id=CVE-2021-28691

Topics%20covered

Topics Covered

security advisory security issue kernel update moderate severity network attack Wi-Fi security Mageia

Resolution

SRPMS

- 7/core/kernel-5.10.43-1.mga7

- 7/core/kmod-virtualbox-6.1.22-1.6.mga7

- 7/core/kmod-xtables-addons-3.13-28.mga7

- 8/core/kernel-5.10.43-1.mga8

- 8/core/kmod-virtualbox-6.1.22-1.6.mga8

- 8/core/kmod-xtables-addons-3.18-1.6.mga8

Publication date: 13 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0257.html
Type: security
CVE: CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-3573, CVE-2021-3587, CVE-2021-28691

Topics%20covered

Topics Covered

security advisory security issue kernel update moderate severity network attack Wi-Fi security Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here