Re: Cip-kernel-sec Updates for Week of 2021-01-28

Chen-Yu Tsai (Moxa) <wens@...>

On Thu, Jan 28, 2021 at 10:47 AM Chen-Yu Tsai <wens@...> wrote:

(Resent from correct email address)

Hi everyone,

One new issue this week:
- CVE-2020-35513 [nfsd: incorrect umask] - fixed in all branches

In addition, the fix for CVE-2021-3178 was backported to all stable kernels.
The security concerns for this issue are being disputed though.

Also, information for CVE-2020-27066 still hasn't been disclosed, and
the affected commit is still unclear.

Last, for CVE-2020-27825 the Fixes tag was incorrect; it is actually a
Depends-On [1].
The issue is known to affect at least in 4.14, 4.19 and 5.4. A sample
backport for 4.4+ [2]
was posted, but a proper backport is still pending [3].
Looks like there's an update:

I will update the tracker.



* All from the same mail thread

Join to automatically receive all group messages.