Patches for CVE-2026-43284 are in https://www.cve.org/CVERecord?id=CVE-2026-43284. Probably makes sense to release fixes for it first, as current live mitigation blocks esp4/esp6 modules -- that would unblock xfrm/IPSec (which arguably more prominent than rxrpc). rxrpc CVE-2026-43500 got v3 patch https://lore.kernel.org/all/af2kdW2F1gJ9U-Gg@v4bel/, but not yet reviewed / included. -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2151831 Title: Dirty Frag LPE security vulnerability Status in kmod package in Ubuntu: Invalid Status in linux package in Ubuntu: Confirmed Bug description: The dirty frag vulnerability is like the copy.fail vulnerability. See: * https://www.openwall.com/lists/oss-security/2026/05/07/8 * https://github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md * https://askubuntu.com/q/1566558/1004020 kmod should mitigate this via `install ... /bin/false` like done for copy.fail. linux-* should receive a full patch once that's available. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kmod/+bug/2151831/+subscriptions
Комментариев нет:
Отправить комментарий