Hello Ken. Various things that people might find helpful:
1) BleepingComputer talks about CVE-2022-0847, not -0487 which is another
unimportant issue.
2) If you want to be kept aware of security issues involving debian, you
should subscribe to [email protected]
3) To take a gander at the state of the linux kernel shipped with the various
version of debian, there is this tracker:
https://security-tracker.debian.org/tracker/source-package/linux
You can see in the tracker that CVE-2022-0847 is resolved. See DSA-5092-1 and
https://security-tracker.debian.org/tracker/CVE-2022-0847
As a rule of thumb, you should trust debian's various trackers to report the
effective state of each package.
Cheers,
Ludovic
On Mon, 07 Mar 2022, Ken Dibble wrote:
Sorry for the noise, but the conflicting information, or possibly my misinterpretation of information,leaves me with some questions. BleepingComputer is reporting in an article dated 3-7-2022 that CVE-2022-0847 is being exploited and Max Kellerman says that all 5.8 and later kernels are affected.The article goes on and says that it is fixed in 5.16.11, 5.15.25, and 5.10.102.Debian says it is fixed in 5.10.92-2.There is no mention of the backported kernel branch 5.14 other than being "5.8 or later".Chimaera is still at 5.10.84-1. I have multiple machines running the 5.14.9-2~bpo11+1 kernel.Can someone help with a definitive answer on what kernels are and are not safe(fixed)?Thanks. Ken
--
signature.asc
Description: PGP signature
_______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
