[GTALUG] Federal agency warns critical Linux vulnerability being actively exploited
CAREY SCHUG
sqrfolkdnc at comcast.net
Wed Jun 5 16:27:15 EDT 2024
sorry, does not seem to help.
:~/cts$ uname -r
6.5.0-35-generic
sounds closer to a mantic number than a jammy one, but other query said I was jammy.
is it really so long ago that jammy has advanced from
5.15.0-101.111
to
6.5.0-035-generic
which is a different format anyway.
if I can't find a query that gives me a number in the format
5.15.x-yyyy
I will not think I have found the correct number
I presume I need to query apt to ask for a specific fix number?
<pre>--Carey</pre>
> On 06/05/2024 9:49 AM CDT D. Hugh Redelmeier via talk <talk at gtalug.org> wrote:
>
>
> | From: CAREY SCHUG via talk <talk at gtalug.org>
>
> | (n.b. I install updates pretty often, roughly every 25-50 days, as I get
> | notices about snaps, and sometimes just closing and opening a program
> | fails to update the snap, and the most common is my browser, of which I
> | have 5-6 windows open, so if I have to close them all, I might as well
> | close everything and check all updates, and reboot just for good
> | measure)
>
> I tend to do updates once a week, but not like clockwork. The distro I
> use, Fedora, has a firehose of updates.
>
> You can quit Firefox and then start it up with the same Windows. You lose
> sessions so you may have to log into web sites again.
>
> | see, they hide info from dummies like me.
>
> My Sunday message included the link
> <https://ubuntu.com/security/CVE-2024-1086>
>
> | I found on ubuntu website the fix is
> |
> | PACKAGE RELEASE STATUS
> | linux
> | Launchpad, Ubuntu, Debian bionic Released (4.15.0-223.235)
> | Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
> | focal Released (5.4.0-174.193)
> | jammy Released (5.15.0-101.111)
> | mantic Released (6.5.0-26.26)
> | noble Pending (6.8.0-7.7)
> | trusty Not vulnerable (3.11.0-12.19)
> | upstream Released (6.8~rc2)
> | xenial Released (4.4.0-252.286)
> | Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
>
> I don't like this advertising. I think that it is misleading since the
> update is available without Ubuntu Pro. (I haven't checked, but it sure
> better be.)
>
> | Patches:
> | Introduced by
> | e0abdadcc6e113ed2e22c85b350074487095875b
> | Fixed by f342de4e2f33e0e39165d8639387aa6c19dff660
> |
> | what am I on?
> |
> | >lsb_release -a
> | No LSB modules are available.
> | Distributor ID: Ubuntu
> | Description: Ubuntu 22.04.4 LTS
> | Release: 22.04
> | Codename: jammy
> |
> |
> | how to I reconcile that with:
> |
> | "jammy Released (5.15.0-101.111)"
> |
> | those seem like completely different number sequences (it is long enough ago to have gone from 5.15 to 6.5, is it?)
>
> The patch is to the kernel. So you care about the kernel version. Just
> check what kernel package you are running.
> $ uname -r
> or
> $ cat /proc/version
> will tell you.
>
> Then match it with the numbers in the advisory notice.
> (Sorry: in a hurry so I didn't check exactly what you said about
> versions.)
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
More information about the talk
mailing list