
(n.b. I install updates pretty often, roughly every 25-50 days, as I get notices about snaps, and sometimes just closing and opening a program fails to update the snap, and the most common is my browser, of which I have 5-6 windows open, so if I have to close them all, I might as well close everything and check all updates, and reboot just for good measure) see, they hide info from dummies like me. I found on ubuntu website the fix is PACKAGE RELEASE STATUS linux Launchpad, Ubuntu, Debian bionic Released (4.15.0-223.235) Available with Ubuntu Pro or Ubuntu Pro (Infra-only) focal Released (5.4.0-174.193) jammy Released (5.15.0-101.111) mantic Released (6.5.0-26.26) noble Pending (6.8.0-7.7) trusty Not vulnerable (3.11.0-12.19) upstream Released (6.8~rc2) xenial Released (4.4.0-252.286) Available with Ubuntu Pro or Ubuntu Pro (Infra-only) Patches: Introduced by e0abdadcc6e113ed2e22c85b350074487095875b Fixed by f342de4e2f33e0e39165d8639387aa6c19dff660 what am I on?
lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.4 LTS Release: 22.04 Codename: jammy
how to I reconcile that with: "jammy Released (5.15.0-101.111)" those seem like completely different number sequences (it is long enough ago to have gone from 5.15 to 6.5, is it?) also found this: $ sudo apt list linux-headers-$(uname -r) [sudo] password for careyschug: Listing... Done linux-headers-6.5.0-35-generic/jammy-updates,jammy-security,now 6.5.0-35.35~22.04.1 amd64 [installed,automatic] also seems like a different sequence <pre>--Carey</pre>
On 06/04/2024 7:33 AM CDT D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
| From: CAREY SCHUG via talk <talk@gtalug.org>
| Maybe i missed it, but can somebody post the "for dummies" command to | tell if one has the fix installed? | | I realize a different command for each package manager, at least: Deb, pacman, rpm, gentoo, others?
DON'T PANIC. For a Bad Guy to exploit this bug, they need to be able to run code of their choosing on your machine. I bet you don't let anyone dangerous log in to your machine. And I bet you don't run random shell scripts from the internet.
The bug is pretty old so you are unlikely to have a kernel that predates the bug's introduction. So you need to have a kernel new enough to have the fix.
Each distro probably released its own announcement some time after late January 2024. The bug's name is CVE-2024-1086. Googling that and your disto's name should get you to any announcement.
Because distros don't want to let the cat out of the bag prematurely, they may be coy in the description of the update. The Good Guys want to release fixes before alerting Bad Guys of a vulnerability.
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk