:: Re: [DNG] Kernel Vulnerabilities or…
Góra strony
Delete this message
Reply to this message
Autor: Ludovic Bellière
Data:  
Dla: Ken Dibble
CC: dng
Temat: Re: [DNG] Kernel Vulnerabilities or who understands this mess
Hello Ken.

Various things that people might find helpful:

1) BleepingComputer talks about CVE-2022-0847, not -0487 which is another
    unimportant issue.
2) If you want to be kept aware of security issues involving debian, you
    should subscribe to debian-security-announce@???
3) To take a gander at the state of the linux kernel shipped with the various
    version of debian, there is this tracker:
         https://security-tracker.debian.org/tracker/source-package/linux


You can see in the tracker that CVE-2022-0847 is resolved. See DSA-5092-1 and
    https://security-tracker.debian.org/tracker/CVE-2022-0847


As a rule of thumb, you should trust debian's various trackers to report the
effective state of each package.

Cheers,
                 Ludovic


On Mon, 07 Mar 2022, Ken Dibble wrote:

>Sorry for the noise, but the conflicting information, or possibly my
>misinterpretation of information,
>
>leaves me with some questions.  BleepingComputer is reporting in an
>article dated 3-7-2022 that CVE-2022-0847 is being exploited and Max
>Kellerman says that all 5.8 and later kernels are affected.
>
>The article goes on and says that it is fixed in 5.16.11, 5.15.25, and
>5.10.102.
>
>Debian says it is fixed in 5.10.92-2.
>
>There is no mention of the backported kernel branch 5.14 other than
>being "5.8 or later".
>
>Chimaera is still at 5.10.84-1.
>
>I have multiple machines running the 5.14.9-2~bpo11+1 kernel.
>
>Can someone help with a definitive answer on what kernels are and are
>not safe(fixed)?
>
>
>Thanks.
>
>Ken


--