Hi All,
I found that the latest MX, last updated 3/30/21, also suffers from the netmask bug CVE-2021-28918 see: https://github.com/sickcodes/security/b ... 021-011.md
See: ping 0127.0127.0127.0127 results in 87.87.87.87
Are you aware of this....?
BTW: I am VERY HAPPY with MX !!!
Regards,
Rene
Patch for netmask CVE-2021-28918
Re: Patch for netmask CVE-2021-28918
https://security-tracker.debian.org/tra ... 2021-28918
Looks like unreported to dedian and various databases listed on the above page.
Currently redhat tracker has any info : https://bugzilla.redhat.com/show_bug.cg ... 2021-28918
EDIT: Wrongly posted different link. Someone should report to debian.
Looks like unreported to dedian and various databases listed on the above page.
Currently redhat tracker has any info : https://bugzilla.redhat.com/show_bug.cg ... 2021-28918
EDIT: Wrongly posted different link. Someone should report to debian.
Last edited by agnivo007 on Tue Mar 30, 2021 11:25 pm, edited 2 times in total.
- Roy, Kolkata, IN. "REDUCE-REUSE-RECYCLE-REPURPOSE"
MX-21-AHS-KDE on [ H110M-H : Modded BIOS | Core i3-9350K | 8GB DDR4 | SP A60 NVMe PCIe3x4 | Samsung Evo 870 SSD | WD Black Mobile HDD ]
MX-21-AHS-KDE on [ H110M-H : Modded BIOS | Core i3-9350K | 8GB DDR4 | SP A60 NVMe PCIe3x4 | Samsung Evo 870 SSD | WD Black Mobile HDD ]
Re: Patch for netmask CVE-2021-28918
So...no, as long as you're using the standard 4.19 MX 19 Debian buster kernel, the 5.10.24 AHS kernel. I've just backported the latest fixed Buster 4.19.181 kernel to MX 17/18, and will upload it, but then we'll have to update that choice in MX Package Installer and users have to manually update there.
Is there a button for "this really was not an issue?"
Is there a button for "this really was not an issue?"
Re: Patch for netmask CVE-2021-28918
Almost always by the time users see a problem mentioned in popular sources--it has already been fixed.Are you aware of this....?
Production: MX-23 Xfce, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 16 GB, SSD 120 GB, Data 1TB
Personal: Lenovo X1 Carbon with MX-23 Fluxbox
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin
Personal: Lenovo X1 Carbon with MX-23 Fluxbox
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin
Re: Patch for netmask CVE-2021-28918
I have updated the post, looks like no info on this on various distro bug trackers including debian (unreported) affecting the netmask npm package.
- Roy, Kolkata, IN. "REDUCE-REUSE-RECYCLE-REPURPOSE"
MX-21-AHS-KDE on [ H110M-H : Modded BIOS | Core i3-9350K | 8GB DDR4 | SP A60 NVMe PCIe3x4 | Samsung Evo 870 SSD | WD Black Mobile HDD ]
MX-21-AHS-KDE on [ H110M-H : Modded BIOS | Core i3-9350K | 8GB DDR4 | SP A60 NVMe PCIe3x4 | Samsung Evo 870 SSD | WD Black Mobile HDD ]
-
- Posts: 3602
- Joined: Tue Jun 14, 2016 2:02 pm
Re: Patch for netmask CVE-2021-28918
STEP 0 - Remain Calm
The darn thing was just announced "publicly", its been known by the people that need to know for 2 weeks, and everyone that needs to be working on it has and is.
Did anyone even look at the affected versions and what is actually installed on their systems? Probably not, but wouldn't it be funny if npm and the netmask module wasn't even installed OOTB on MX?
The interwebs is dark and full of terrors, it will be that way today, tomorrow, and the next, and the next.

The darn thing was just announced "publicly", its been known by the people that need to know for 2 weeks, and everyone that needs to be working on it has and is.
Did anyone even look at the affected versions and what is actually installed on their systems? Probably not, but wouldn't it be funny if npm and the netmask module wasn't even installed OOTB on MX?
The interwebs is dark and full of terrors, it will be that way today, tomorrow, and the next, and the next.

NEW USERS START HERE FAQS, MX Manual, and How to Break Your System - Don't use Ubuntu PPAs! Always post your Quick System Info (QSI) when asking for help.
Re: Patch for netmask CVE-2021-28918
Yea, quite true, it's not wise too be too paranoid; especially when one doesn't have the affected software on their system.
- Roy, Kolkata, IN. "REDUCE-REUSE-RECYCLE-REPURPOSE"
MX-21-AHS-KDE on [ H110M-H : Modded BIOS | Core i3-9350K | 8GB DDR4 | SP A60 NVMe PCIe3x4 | Samsung Evo 870 SSD | WD Black Mobile HDD ]
MX-21-AHS-KDE on [ H110M-H : Modded BIOS | Core i3-9350K | 8GB DDR4 | SP A60 NVMe PCIe3x4 | Samsung Evo 870 SSD | WD Black Mobile HDD ]