Well, a consequence of this investigation was that I was forced to
double check some things.
The thing I found is that the default /etc/apt/sources.list has
chimaera-updates and chimaera-security commented out.
Is this really well thought out?
I would think that most people would want those enabled.
Again, sorry for the noise.
Ken
On 3/8/22 07:15, Ludovic Bellière wrote:
Hello Ken.
Various things that people might find helpful:
1) BleepingComputer talks about CVE-2022-0847, not -0487 which is another
unimportant issue.
2) If you want to be kept aware of security issues involving debian, you
should subscribe to debian-security-annou...@lists.debian.org
3) To take a gander at the state of the linux kernel shipped with the
various
version of debian, there is this tracker:
https://security-tracker.debian.org/tracker/source-package/linux
You can see in the tracker that CVE-2022-0847 is resolved. See
DSA-5092-1 and
https://security-tracker.debian.org/tracker/CVE-2022-0847
As a rule of thumb, you should trust debian's various trackers to
report the
effective state of each package.
Cheers,
Ludovic
On Mon, 07 Mar 2022, Ken Dibble wrote:
Sorry for the noise, but the conflicting information, or possibly my
misinterpretation of information,
leaves me with some questions. BleepingComputer is reporting in an
article dated 3-7-2022 that CVE-2022-0847 is being exploited and Max
Kellerman says that all 5.8 and later kernels are affected.
The article goes on and says that it is fixed in 5.16.11, 5.15.25,
and 5.10.102.
Debian says it is fixed in 5.10.92-2.
There is no mention of the backported kernel branch 5.14 other than
being "5.8 or later".
Chimaera is still at 5.10.84-1.
I have multiple machines running the 5.14.9-2~bpo11+1 kernel.
Can someone help with a definitive answer on what kernels are and are
not safe(fixed)?
Thanks.
Ken
--
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
