[Pkg-xen-devel] Recent Linux kernel CVEs related to Xen (CVE-2021-26930, CVE-2021-26931, CVE-2021-26932)
Hans van Kranenburg
hans at knorrie.org
Thu Mar 11 17:09:25 GMT 2021
Hi,
Correction...
On 3/7/21 10:05 PM, Hans van Kranenburg wrote:
> On 2/26/21 12:45 AM, Hans van Kranenburg wrote:
>> On 2/25/21 11:27 PM, Andy Smith wrote:
>>> Hi Debian Xen maintainers,
>>>
>>> The recent CVEs relating to Xen in the Linux kernel don't seem to
>>> have been fixed yet in Debian:
>>>
>>> https://security-tracker.debian.org/tracker/CVE-2021-26930
>>> https://security-tracker.debian.org/tracker/CVE-2021-26931
>>> https://security-tracker.debian.org/tracker/CVE-2021-26932
>>>
>>> Do you know if the kernel maintainers will automatically be picking
>>> up fixes for these at some point, or if something needs prodding
>>> somewhere in order to get a kernel update in stable?
>>
>> It's in 4.19.177, it's queued.
>
> I see the kernel team is doing a security update with 4.19.177-1.
I misread some information, it's not a security update, it's an
intermediary update which is waiting in stable-proposed-updates and will
probably be replaced by something newer again before the next point release.
However, the 4.19.177-1 with the fixes that you initially asked about
can be grabbed from stable-proposed-updates if you want.
> I have a TODO item for tomorrow to also prepare a buster-security update
> for Xen 4.11, so it can go along.
I'm postponing that one again until next kernel team package update.
>> https://salsa.debian.org/kernel-team/linux/-/commit/e141a276beb131fbaba3ac894984175f598c8f71
>>
>> For information about when kernel team decides to do an intermediary
>> extra security update before the next point release or not, please ask
>> the kernel team.
Hans
More information about the Pkg-xen-devel
mailing list