thr3ads.net - Pkg xen devel - [Pkg-xen-devel] Recent Linux kernel CVEs related to Xen (CVE-2021-26930, CVE-2021-26931, CVE-2021-26932) [Mar 2021]

If this information is useful, please help other people find it:
Share via:

Andy Smith

2021-Feb-25 22:27 UTC

[Pkg-xen-devel] Recent Linux kernel CVEs related to Xen (CVE-2021-26930, CVE-2021-26931, CVE-2021-26932)

Hi Debian Xen maintainers,

The recent CVEs relating to Xen in the Linux kernel don't seem to
have been fixed yet in Debian:

    https://security-tracker.debian.org/tracker/CVE-2021-26930
    https://security-tracker.debian.org/tracker/CVE-2021-26931
    https://security-tracker.debian.org/tracker/CVE-2021-26932

Do you know if the kernel maintainers will automatically be picking
up fixes for these at some point, or if something needs prodding
somewhere in order to get a kernel update in stable?

Thanks!
Andy

Hans van Kranenburg

2021-Feb-25 23:45 UTC

head link

[Pkg-xen-devel] Recent Linux kernel CVEs related to Xen (CVE-2021-26930, CVE-2021-26931, CVE-2021-26932)

On 2/25/21 11:27 PM, Andy Smith wrote:> Hi Debian Xen maintainers,
> 
> The recent CVEs relating to Xen in the Linux kernel don't seem to
> have been fixed yet in Debian:
> 
>     https://security-tracker.debian.org/tracker/CVE-2021-26930
>     https://security-tracker.debian.org/tracker/CVE-2021-26931
>     https://security-tracker.debian.org/tracker/CVE-2021-26932
> 
> Do you know if the kernel maintainers will automatically be picking
> up fixes for these at some point, or if something needs prodding
> somewhere in order to get a kernel update in stable?
It's in 4.19.177, it's queued.

https://salsa.debian.org/kernel-team/linux/-/commit/e141a276beb131fbaba3ac894984175f598c8f71

For information about when kernel team decides to do an intermediary
extra security update before the next point release or not, please ask
the kernel team.

Thanks,
Hans

Hans van Kranenburg

2021-Mar-07 21:05 UTC

head link

[Pkg-xen-devel] Recent Linux kernel CVEs related to Xen (CVE-2021-26930, CVE-2021-26931, CVE-2021-26932)

On 2/26/21 12:45 AM, Hans van Kranenburg wrote:> On 2/25/21 11:27 PM, Andy Smith wrote:
>> Hi Debian Xen maintainers,
>>
>> The recent CVEs relating to Xen in the Linux kernel don't seem to
>> have been fixed yet in Debian:
>>
>>     https://security-tracker.debian.org/tracker/CVE-2021-26930
>>     https://security-tracker.debian.org/tracker/CVE-2021-26931
>>     https://security-tracker.debian.org/tracker/CVE-2021-26932
>>
>> Do you know if the kernel maintainers will automatically be picking
>> up fixes for these at some point, or if something needs prodding
>> somewhere in order to get a kernel update in stable?
> 
> It's in 4.19.177, it's queued.
I see the kernel team is doing a security update with 4.19.177-1.

I have a TODO item for tomorrow to also prepare a buster-security update
for Xen 4.11, so it can go along.
>
https://salsa.debian.org/kernel-team/linux/-/commit/e141a276beb131fbaba3ac894984175f598c8f71
> 
> For information about when kernel team decides to do an intermediary
> extra security update before the next point release or not, please ask
> the kernel team.
Hans

Pkg xen devel - Mar 2021 - Recent Linux kernel CVEs related to Xen (CVE-2021-26930, CVE-2021-26931, CVE-2021-26932)

[Pkg-xen-devel] Recent Linux kernel CVEs related to Xen (CVE-2021-26930, CVE-2021-26931, CVE-2021-26932)

[Pkg-xen-devel] Recent Linux kernel CVEs related to Xen (CVE-2021-26930, CVE-2021-26931, CVE-2021-26932)

[Pkg-xen-devel] Recent Linux kernel CVEs related to Xen (CVE-2021-26930, CVE-2021-26931, CVE-2021-26932)