:: Re: [DNG] Kernel Vulnerabilities or…
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Ken Dibble
Fecha:  
A: dng
Asunto: Re: [DNG] Kernel Vulnerabilities or who understands this mess
Well, a consequence of this investigation was that I was forced to
double check some things.

The thing I found is that the default /etc/apt/sources.list has
chimaera-updates and chimaera-security commented out.
Is this really well thought out?
I would think that most people would want those enabled.
Again, sorry for the noise.

Ken

On 3/8/22 07:15, Ludovic Bellière wrote:
> Hello Ken.
>
> Various things that people might find helpful:
>
> 1) BleepingComputer talks about CVE-2022-0847, not -0487 which is another
>     unimportant issue.
> 2) If you want to be kept aware of security issues involving debian, you
>     should subscribe to debian-security-announce@???
> 3) To take a gander at the state of the linux kernel shipped with the
> various
>     version of debian, there is this tracker:
> https://security-tracker.debian.org/tracker/source-package/linux
>
> You can see in the tracker that CVE-2022-0847 is resolved. See
> DSA-5092-1 and
>     https://security-tracker.debian.org/tracker/CVE-2022-0847
>
> As a rule of thumb, you should trust debian's various trackers to
> report the
> effective state of each package.
>
> Cheers,
>                 Ludovic
>
> On Mon, 07 Mar 2022, Ken Dibble wrote:
>
>> Sorry for the noise, but the conflicting information, or possibly my
>> misinterpretation of information,
>>
>> leaves me with some questions.  BleepingComputer is reporting in an
>> article dated 3-7-2022 that CVE-2022-0847 is being exploited and Max
>> Kellerman says that all 5.8 and later kernels are affected.
>>
>> The article goes on and says that it is fixed in 5.16.11, 5.15.25,
>> and 5.10.102.
>>
>> Debian says it is fixed in 5.10.92-2.
>>
>> There is no mention of the backported kernel branch 5.14 other than
>> being "5.8 or later".
>>
>> Chimaera is still at 5.10.84-1.
>>
>> I have multiple machines running the 5.14.9-2~bpo11+1 kernel.
>>
>> Can someone help with a definitive answer on what kernels are and are
>> not safe(fixed)?
>>
>>
>> Thanks.
>>
>> Ken
>
> --