No security announcements since April 2018 / zombieload exploit

English Install/Boot/Login
#1

I’ve read in a July computer magazine about the zombieload(*) exploit and that, at that time, the patched kernel versions were 4.9.176, 4.14.119, 4.19.63, 5.0.16 and 5.1.2.

Leap 15.0 is running kernel version 4.12.14, so perhaps not patched.

To my surprise, the last security announcement in https://forums.opensuse.org/forumdisplay.php/666-Security-Announcements is from April 2018, more than a year ago.

How can I check if the current kernel is patched?

Thanks,

(*) The only reference to zombieload here is in a post from TSU: https://forums.opensuse.org/showthread.php/536072-FYI-3-security-vulnerabilities-publicized-last-week-and-a-bonus-to-scare-everyone?p=2903206#post2903206

#2

Checking my RSS reader, there are no recent security announcements. That probably means that they have changed the way that they are handling announcements and I haven’t updated my way off accessing them.

You could use Yast Software Management, search for the kernel, and click on the ChangeLog tab for a list of changes. Typically, security updates are back-patched into the kernel being used instead of going to a more recent kernel.