[GTALUG] Federal agency warns critical Linux vulnerability being actively exploited
CAREY SCHUG
sqrfolkdnc at comcast.net
Tue Jun 4 11:03:42 EDT 2024
(n.b. I install updates pretty often, roughly every 25-50 days, as I get notices about snaps, and sometimes just closing and opening a program fails to update the snap, and the most common is my browser, of which I have 5-6 windows open, so if I have to close them all, I might as well close everything and check all updates, and reboot just for good measure)
see, they hide info from dummies like me.
I found on ubuntu website the fix is
PACKAGE RELEASE STATUS
linux
Launchpad, Ubuntu, Debian bionic Released (4.15.0-223.235)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
focal Released (5.4.0-174.193)
jammy Released (5.15.0-101.111)
mantic Released (6.5.0-26.26)
noble Pending (6.8.0-7.7)
trusty Not vulnerable (3.11.0-12.19)
upstream Released (6.8~rc2)
xenial Released (4.4.0-252.286)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
Patches:
Introduced by
e0abdadcc6e113ed2e22c85b350074487095875b
Fixed by f342de4e2f33e0e39165d8639387aa6c19dff660
what am I on?
>lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
how to I reconcile that with:
"jammy Released (5.15.0-101.111)"
those seem like completely different number sequences (it is long enough ago to have gone from 5.15 to 6.5, is it?)
also found this:
$ sudo apt list linux-headers-$(uname -r)
[sudo] password for careyschug:
Listing... Done
linux-headers-6.5.0-35-generic/jammy-updates,jammy-security,now 6.5.0-35.35~22.04.1 amd64 [installed,automatic]
also seems like a different sequence
<pre>--Carey</pre>
> On 06/04/2024 7:33 AM CDT D. Hugh Redelmeier via talk <talk at gtalug.org> wrote:
>
>
> | From: CAREY SCHUG via talk <talk at gtalug.org>
>
> | Maybe i missed it, but can somebody post the "for dummies" command to
> | tell if one has the fix installed?
> |
> | I realize a different command for each package manager, at least: Deb, pacman, rpm, gentoo, others?
>
> DON'T PANIC. For a Bad Guy to exploit this bug, they need to be able to
> run code of their choosing on your machine. I bet you don't let anyone
> dangerous log in to your machine. And I bet you don't run random shell
> scripts from the internet.
>
> The bug is pretty old so you are unlikely to have a kernel that
> predates the bug's introduction. So you need to have a kernel new enough
> to have the fix.
>
> Each distro probably released its own announcement some time after late
> January 2024. The bug's name is CVE-2024-1086. Googling that and your
> disto's name should get you to any announcement.
>
> Because distros don't want to let the cat out of the bag prematurely, they
> may be coy in the description of the update. The Good Guys want to
> release fixes before alerting Bad Guys of a vulnerability.
>
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
More information about the talk
mailing list