External check

2022-03-12 Thread Security Tracker 
CVE-2022-0853: TODO: check
CVE-2022-24464: TODO: check
CVE-2022-24512: TODO: check
CVE-2022-26353: RESERVED
CVE-2022-26354: RESERVED
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.

[SECURITY] [DSA 5100-1] nbd security update

2022-03-12 Thread Moritz Muehlenhoff 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-5100-1   secur...@debian.org
https://www.debian.org/security/   Moritz Muehlenhoff
March 12, 2022https://www.debian.org/security/faq
- -

Package: nbd
CVE ID : CVE-2022-26495 CVE-2022-26496
Debian Bug : 1003863 1006915

Two vulnerabilities were discovered in the server for the Network Block
Device (NBD), which could result in the execution of arbitrary code.

For the oldstable distribution (buster), these problems have been fixed
in version 1:3.19-3+deb10u1.

For the stable distribution (bullseye), these problems have been fixed in
version 1:3.21-1+deb11u1.

We recommend that you upgrade your nbd packages.

For the detailed security status of nbd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nbd

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmIsw1YACgkQEMKTtsN8
TjY8EQ//doPYe1GfwDQToibTBSS29D4T2nMX9NXLRgDEC6Vpg2NjlWqcL+B7os3c
wGPfIrZXjGN+CqwQdFNAWoSd1IyNIS5KrR4vK50PvQhpefa6ZVv4D2yiG/J0tIK2
T77Hp4CuGrjK2Ej5dGh4TnbLPVhGT2KV6kG1wnqfHe+M+gIVAe4sRm3OSArDGAfu
1wCPS8k+UbqPiRU4fHE1bxW6E9SoePCDUYGS8rbOImsRaEq5ZfDMRLBeDEBm8X7B
c3OaZDpYgLA4CdYjqz/WmlIE5pzKIfbJhnzA6EhAYxlP4r+L2gzEWXFkMNyJKmMd
aoYTD6RjKYhcGSysq4VsPAEVCo6n3/7ivAlv/b1YuH5RfTXPXuDSlKJwjXMtjPS7
V1U0G3ufP9wOgLY4JFIInNBAmCRcxza8P6sqzCiQznnKwB85nZRXAtz3Jd5R9pb+
0suLb+Qb/LyferCQEy/tl98A9qqJeyyNXidsQb7XNK2o7K1uMRq3TnI4AFIaBQSM
oEJnFXTfyiLPfqNTjImIz9R6/yX66HyJ/Z7dSRINj9UhKufe0rR0+VzIMTg9zDi8
UmKfjgX7UYOKhxmgvGLKN0iUt56A6QAVNWAkdB7rkHyRVaQLsNJz5jaZx6peEgY4
9C6XSg42QgmW25hrVCZbwUzwJ13cb/vNxoDBbeHU6lctJUELPqk=
=Z+vM
-END PGP SIGNATURE-

CVE-2017-5715

2022-03-12 Thread Georgi Naplatanov 
Hi,

I use Debian stable with kernel

5.10.103-1 (2022-03-07)

but

spectre-meltdown-checker script reports that my system is vulnerable to
CVE-2017-5715. My CPU is Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz

Is this normal?

In the past all checks from spectre-meltdown-checker were green (my
system was not vulnerable).

Kind regards
Georgi