Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Mageia 7 & 8: MGASA-2021-0258 Moderate: Kernel Security Exploits Fixed

mageia
Calendar Grey June 13, 2021
Dist Mageia Esm H88
System-update-latest tackles critical vulnerabilities to bolster Fedora defense for end-users and networks.
This kernel-linus update is based on upstream 5.10.43 and fixes atleast the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WP...

Summary

This kernel-linus update is based on upstream 5.10.43 and fixes atleast the following security issues:
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data (CVE-2020-24586).
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (CVE-2020-24587).
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wire...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29107

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.42

- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.43

- https://xenbits.xen.org/xsa/advisory-374.html

- https://www.cve.org/CVERecord?id=CVE-2020-24586

- https://www.cve.org/CVERecord?id=CVE-2020-24587

- https://www.cve.org/CVERecord?id=CVE-2020-24588

- https://www.cve.org/CVERecord?id=CVE-2020-26139

- https://www.cve.org/CVERecord?id=CVE-2020-26141

- https://www.cve.org/CVERecord?id=CVE-2020-26145

- https://www.cve.org/CVERecord?id=CVE-2020-26147

- https://www.cve.org/CVERecord?id=CVE-2021-3564

- https://www.cve.org/CVERecord?id=CVE-2021-3573

- https://www.cve.org/CVERecord?id=CVE-2021-3587

- https://www.cve.org/CVERecord?id=CVE-2021-28691

Topics%20covered

Topics Covered

security advisory moderate kernel update Linux security malware risk network issue Mageia

Resolution

SRPMS

- 7/core/kernel-linus-5.10.43-1.mga7

- 8/core/kernel-linus-5.10.43-1.mga8

Publication date: 13 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0258.html
Type: security
CVE: CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-3564, CVE-2021-3573, CVE-2021-3587, CVE-2021-28691

Topics%20covered

Topics Covered

security advisory moderate kernel update Linux security malware risk network issue Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here