Hi folks,
can someone tell me which kernel actually version is coming with leap?
Would like to avoid “dirty pipe” and tumbleweed is susceptible unfortunately.
cheers
Hi folks,
can someone tell me which kernel actually version is coming with leap?
Would like to avoid “dirty pipe” and tumbleweed is susceptible unfortunately.
cheers
henk@boven:~> cat /etc/os-release
NAME="openSUSE Leap"
VERSION="15.3"
ID="opensuse-leap"
ID_LIKE="suse opensuse"
VERSION_ID="15.3"
PRETTY_NAME="openSUSE Leap 15.3"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:15.3"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
henk@boven:~>
henk@boven:~> uname -r
5.3.18-150300.59.49-default
henk@boven:~>
AFAIK it is fixed in kernel 5.6.11 which is in Tumbleweed as of this posting.
The above is not complete up-to-date because I only update once a week. In the update repo there is: 5.3.18-150300.59.54-default (with 5 security patches and a few non-security ones)…
The Dirty Pipe Vulnerability was publicly disclosed on 7th March - https://dirtypipe.cm4all.com/
The vulnerability was fixed in Linux Kernel 5.16.11, which was published in the 20220226 Tumbleweed snapshot on 27th February - https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/VNAE5YA22EGNX45POA336HVHDDDDK3I5/
To claim in your post on 13th March that “tumbleweed is susceptible unfortunately” is FUD - https://en.wikipedia.org/wiki/Fear,_uncertainty,_and_doubt
Maybe 5.16.11:
* Di Mär 08 2022 jslaby@suse.cz
- Update
patches.kernel.org/5.16.11-207-lib-iov_iter-initialize-flags-in-new-pipe_buf.patch
(bsc#1012628 bsc#1196584 CVE-2022-0847).
Or for Leap 15.3:
rpm -ql --changelog http://download.opensuse.org/update/leap/15.3/sle/x86_64/kernel-default-5.3.18-150300.59.54.1.x86_64.rpm | grep -iB 50 'CVE-2022-0847'
* Fr Mär 04 2022 tiwai@suse.de
- Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403)
Deleted:
patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch
- commit 0c68bb9
* Fr Mär 04 2022 tiwai@suse.de
- Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584)
So CVE-2022-0847 should be fixed in actual openSUSE kernel.
May I ask how did you get/retrieve this info?
which command is to run ?
rpm -ql --changelog kernel-default | grep -iB 50 'CVE-2022-0847'
-b 50 = show also 50 lines before the term because the log has often many changes in one kernel-version.
thanks a lot !