On Fri, Jan 13, 2023 at 9:00 AM <patra...@gmail.com> wrote: > > Justin Forbes wrote: > > > On Wed, Jan 11, 2023 at 6:53 AM Miro Hrončok <mhroncok(a)redhat.com> wrote: > > > > This does seem a bug. The big question, is does 6.1 make it go away? > > kernel-6.1.4-200.fc37 is available in koji. The 6.0 series is end of > > support for Fedora, and I expect 6.1.5 to be available as an update > > this week. > > I believe that this bug might actually be a security vulnerability and > therefore might need to be treated as such, with the usual CVE dance. Look: > > https://utcc.utoronto.ca/~cks/space/blog/linux/KernelBindBugIn6016 > > As mentioned at that link, this could lead to a process unexpectedly > listening on 0.0.0.0 (and thus being reachable from outside) instead of > listening only on 127.0.0.1 or not listening at all.
CVE or not, we don't really wait around for a CVE to push updates. The 6.1.5 kernels are in updates-testing right now. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
