Hot fix for CVE-2021-33909 or manually patching?

Hey :slight_smile:,

Have found nothing in the forum about CVE-2021-33909 yet therefore the question: Is there soon a hot fix for Manjaro or should we patch the system “manually”, which is easy but wanted to ask Patch now: Linux file system security hole, dubbed Sequoia, can take over systems | ZDNet?

Thanks :slight_smile:

1 Like

The fix right now is in the testing branch.

If you want to get the fix now feel free to switch to the testing branch and help Manjaro test the packages!, otherwise it should be in testing soon :tm:

3 Likes

Most likely we might push it later today or by tomorrow to stable branch.

5 Likes

Thanks for the quick replies, just switched to the test branch and so far everything looks good :+1:.

Many thanks to you :slight_smile:

I have a question. Linux kernel 5.13.4 has been patched, but what about other Linux kernels 5.4 and 5.10? Have they been patched? And systemd too?

I read about it here:
https://www.bleepingcomputer.com/news/security/new-linux-kernel-bug-lets-you-get-root-on-most-modern-distros/

Thanks, Manjaro team!

Logic dictates that security-related patches will always be backported to LTS kernels; that’s what the LTS designation stands for ─ “long-term support”.

However, non-LTS kernels that are still in use will not get the patch.

3 Likes

If I read right, hot fix was done in Linux Kernel 5.10.52, 5.12.19 and 5.13.4:
https://security.archlinux.org/CVE-2021-33909

It was fixed in systemd 249.1:
https://security.archlinux.org/CVE-2021-33910

Unfortunately neither the kernels nor systemd are taken from arch but built by manjaro team themselves.
Those advisories you linked to don’t carry any relevance for manjaro unless those issues were fixed upstream and new manjaro packages built incorporating these fixes.

1 Like

Hello.

Did the patch drop with the latest stable update? Or does it take more time?

I don’t know whether the kernels got patched already, but Stable is still on systemd 248.5, so that particular fix has not arrived yet.

Yes, all Linux Kernels (5.4, 5.10 or newer) with LTS got the path in the stable branch. But systemd 248.5 not. systemd 249.1 or new was fixed in the testing branch.

1 Like