[GTALUG] Federal agency warns critical Linux vulnerability being actively exploited

CAREY SCHUG sqrfolkdnc at comcast.net
Wed Jun 5 16:27:15 EDT 2024 

sorry, does not seem to help.

:~/cts$ uname -r
6.5.0-35-generic

sounds closer to a mantic number than a jammy one, but other query said I was jammy.

is it really so long ago that jammy has advanced from 

5.15.0-101.111
to 
6.5.0-035-generic

which is a different format anyway.

if I can't find a query that gives me a number in the format 
5.15.x-yyyy
I will not think I have found the correct number

I presume I need to query apt to ask for a specific fix number?

<pre>--Carey</pre>

> On 06/05/2024 9:49 AM CDT D. Hugh Redelmeier via talk <talk at gtalug.org> wrote:
> 
>  
> | From: CAREY SCHUG via talk <talk at gtalug.org>
> 
> | (n.b. I install updates pretty often, roughly every 25-50 days, as I get 
> | notices about snaps, and sometimes just closing and opening a program 
> | fails to update the snap, and the most common is my browser, of which I 
> | have 5-6 windows open, so if I have to close them all, I might as well 
> | close everything and check all updates, and reboot just for good 
> | measure)
> 
> I tend to do updates once a week, but not like clockwork.  The distro I 
> use, Fedora, has a firehose of updates.
> 
> You can quit Firefox and then start it up with the same Windows.  You lose 
> sessions so you may have to log into web sites again.
> 
> | see, they hide info from dummies like me.
> 
> My Sunday message included the link 
> <https://ubuntu.com/security/CVE-2024-1086>
> 
> | I found on ubuntu website the fix is 
> | 
> | PACKAGE	RELEASE	STATUS
> | linux
> | Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-223.235)
> | Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
> | focal	Released (5.4.0-174.193)
> | jammy	Released (5.15.0-101.111)
> | mantic	Released (6.5.0-26.26)
> | noble	Pending (6.8.0-7.7)
> | trusty	Not vulnerable (3.11.0-12.19)
> | upstream	Released (6.8~rc2)
> | xenial	Released (4.4.0-252.286)
> | Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
> 
> I don't like this advertising.  I think that it is misleading since the 
> update is available without Ubuntu Pro.  (I haven't checked, but it sure 
> better be.)
> 
> | Patches:
> | Introduced by
> | e0abdadcc6e113ed2e22c85b350074487095875b
> | Fixed by f342de4e2f33e0e39165d8639387aa6c19dff660
> | 
> | what am I on?
> | 
> | >lsb_release -a
> | No LSB modules are available.
> | Distributor ID:	Ubuntu
> | Description:	Ubuntu 22.04.4 LTS
> | Release:	22.04
> | Codename:	jammy
> | 
> | 
> | how to I reconcile that with:
> | 
> | "jammy	Released (5.15.0-101.111)"
> | 
> | those seem like completely different number sequences (it is long enough ago to have gone from 5.15 to 6.5, is it?)
> 
> The patch is to the kernel.  So you care about the kernel version.  Just 
> check what kernel package you are running.
>   $ uname -r
> or
>   $ cat /proc/version
> will tell you.
> 
> Then match it with the numbers in the advisory notice.
> (Sorry: in a hurry so I didn't check exactly what you said about 
> versions.)
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

More information about the talk mailing list